Aggregator

A vulnerability was found in KoaJS Koa up to 3.0.0. It has been rated as problematic. This impacts the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. This vulnerability is listed as CVE-2025-8129. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, was found in Dunamu StockPlus App up to 7.62.10 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation results in improper export of android application components. This vulnerability is cataloged as CVE-2025-7890. The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in InstantBits Web Video Cast App up to 5.12.4 on Android and classified as problematic. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. This manipulation causes improper export of android application components. This vulnerability is registered as CVE-2025-7891. The attack needs to be launched locally. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Linux Kernel up to 5.15.161/6.1.94/6.6.34/6.9.5. Affected is the function xhci_invalidate_cancelled_tds. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-40927. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.220/5.15.161/6.1.94/6.6.34/6.9.5. It has been declared as problematic. This vulnerability affects the function n_ssids of the component iwlwifi. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2024-40929. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.9.6 and classified as critical. Affected by this issue is the function BMIPS_GET_CBR of the component mips. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2024-40963. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Portabilis i-Educar up to 2.10 and classified as critical. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. This vulnerability is registered as CVE-2025-9760. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […]

The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.

A vulnerability has been found in Linux Kernel up to 6.9.6 on LLVM and classified as problematic. The impacted element is the function plpar_hcall. This manipulation causes improper validation of array index. This vulnerability is tracked as CVE-2024-40974. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.9.6. Affected by this vulnerability is the function ath12k_qmi_msg_mem_request_cb. Such manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-40979. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.95/6.6.35/6.9.6/6.10-rc3/6.10-rc4. It has been rated as critical. This impacts the function rcu_dereference_protected of the component ipset. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2024-40993. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.9.6. The impacted element is the function qedi_dbg_do_not_recover_cmd_read. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-40978. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.94/6.6.34/6.9.5. It has been classified as problematic. Impacted is the function mlx5_lag_create_port_sel_table. Performing manipulation results in double free. This vulnerability was named CVE-2024-40940. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.9.5. It has been rated as problematic. The impacted element is the function ocfs2_remove_extent. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2024-40943. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Kong Insomnia Desktop Application up to 11.0.2. This affects an unknown function of the component Template Handler. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-1087. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.95/6.6.35/6.9.6. Impacted is the function kvm_vcpu_on_spin. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-40953. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.9.6. It has been declared as critical. Impacted is an unknown function of the component Octeon. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2024-40968. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.9.5. Affected by this issue is the function mesh_path_flush_pending. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-40942. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, NetRise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS) allows users to connect to their network by using an eight-digit pin instead of a password. “[A pixie dust attack] targets weaknesses in the Wi-Fi Protected Setup protocol, exploiting poor entropy in key generation,” the company … More →

The post Many networking devices are still vulnerable to pixie dust attack appeared first on Help Net Security.

本文链接


目录

背景介绍 Background Introduction 对抗路径分析 Adversarial Path Analysis 落地实践 Practical Implementation 总结展望 Summary and Outlook

这份演示文稿（PPT）的主题是“从被动响应到主动防御：基于对抗路径的数字化安全转型实践”。内容围绕如何从攻击者视角出发，通过分析和预测攻击路径，构建主动防御体系。

以下是该PPT的主要内容总结：

1. 背景介绍

• 严峻形势：当下的网络安全形势严峻，攻击手段多样化。文稿列举了2024年活跃的勒索软件组织，如 LockBit、Black Basta、ALPHV 等。
• 防御困境：传统的被动防御存在局限性，而攻击者总是在寻找“最优路径”来达成目标。

2. 对抗路径分析

这部分从攻击者视角出发，分析其攻击目的、手法和路径。 * 攻击目的：主要分为获取利益（如资金窃取、数据贩卖、勒索）、商业竞争（如窃取机密、损害声誉）、蓄意破坏（如员工报复、APT攻击） 和其它（如炫技）。 * 攻击手法：包括漏洞利用、恶意软件（如后门木马、勒索病毒）、社会工程学（如钓鱼邮件）、DDoS攻击 和供应链打击 等。 * 攻击路径（动态组合）：攻击通常分三阶段动态组合各种手法： 1. 外部突破：选择暴露面最大、防御最弱的入口（如钓鱼邮件、漏洞利用）。 2. 内部横移：寻找最短的权限继承路径（如命令执行、提权）。 3. 目标达成：避开检测，实现最大化收益（如数据窃取、勒索软件）。 * 防御范式转变：核心思想是从“被动响应”转变为“主动截杀”。这要求在攻击发生前就预判路径，锁定关键节点，并部署检测、阻断和欺骗措施。

3. 落地实践

这部分探讨了如何将对抗路径分析应用于实际防御。 * 攻击成功公式：文稿将攻击成功拆解为“数据资产缺陷被利用”+“手法绕过防护体系”。 * 两大应对方法： 1. 消除资产缺陷：通过“资产全生命周期管理”，在需求、研发、测试、发布、运维、回收等各个环节植入安全措施。 2. 阻断手法绕过：构建“纵深防御体系”，包括边界防御（WAF/IPS）、流量监测（NDR）、终端防护（EDR/HIDS） 和主动欺骗（蜜罐） 等。 * 核心技术：“对抗路径生成”。通过叠加“攻防图谱（技术视角）” 和“业务资产链路（业务视角）”，描绘出基于资产链路的对抗路径，从而实现对上游节点的精准隔离和对下游节点的重点防护。 * 能力验证：通过勒索演练等方式，验证边界、主机、内网等各环节的防护有效性。

4. 案例分析：“银狐”攻击链处置

文稿以“银狐”攻击为例，展示了在不同阶段的对抗策略： * 投递阶段：攻击方通过IM群发、网站挂马、钓鱼邮件等方式投递恶意文件。防御方通过攻击面收敛，阻止恶意文件落盘。 * 落盘+控制阶段：防御方通过阻断恶意文件执行、隔离恶意进程、监测并阻断反连（C2连接） 来对抗。 * 扩散阶段：通过横向监测 发现威胁，并立即对受害终端进行隔离，阻断其横向移动。

5. 总结与展望

• 技术迭代：网络安全技术正从传统的防火墙、杀毒软件，向终端检测与响应（EDR）、零信任架构、安全编排与自动化响应（SOAR） 等方向持续迭代。
• 未来趋势：未来安全运营的核心是“AI安全赋能”。AI将在异常检测、威胁狩猎、自动化响应 和钓鱼识别 等方面发挥关键作用。