Aggregator

攻击者通过上传伪装成图片的HTML文件并利用Dust平台的安全漏洞，成功获取管理员权限并控制整个工作区。该漏洞源于文件类型验证不足和同源托管问题，导致恶意脚本在管理员浏览器中执行。防范措施包括隔离用户内容、强制下载提示、验证文件真实类型及配置严格CSP策略。

Dust平台因文件上传功能中的存储型XSS漏洞被攻击者利用，导致工作区被完全接管。攻击者通过上传伪装成图片的HTML文件，并利用同源托管机制，在管理员点击链接后执行恶意脚本，提升自身权限并控制整个工作区。此事件凸显了用户生成内容隔离、严格验证文件类型及配置CSP等安全措施的重要性。

文章介绍了一次CTF挑战过程：通过端口扫描发现开放服务（FTP、SSH、HTTP），利用FTP上传反向Shell获取初始访问权限，分析网络捕获文件提取SSH凭证实现用户级访问，并通过修改脚本实现权限提升最终获得root权限。

Online shopping is convenient, saves time, and everything is just a click away. But how often do we stop to think about what happens to the data we leave behind, or the risks that might come with it? Where shopping data goes Retailers often store purchase histories, addresses, and account details for years, sometimes longer, unless legal requirements or customer requests mandate deletion. They may also share customer information with third-party companies for marketing or … More →

The post How to reclaim control over your online shopping data appeared first on Help Net Security.

知名云基SaaS（软件即服务）提供商Workiva已通知其客户，攻击者通过入侵第三方客户关系管理（CRM）系统

这款仿冒TradingView的应用是“Brokewell恶意软件的高级版本”，配备了“旨在监控、控制和窃取敏感信息的庞大工具库”。

2013年，在安达曼-尼科巴群岛的Garacharama市，P. Mariammal及其女儿Kumari R. Brinda和Shri S. Chinnaiah三人同一天失踪。三人均为泰米尔语使用者，年龄相近，均穿着蓝色衣物。通过研究发现，他们可能因家庭关系或社会背景相连。案件至今未解。

作者通过开发名为“RottenTomato”的端点检测与响应（EDR）工具，展示了从简单Windows驱动到功能齐全安全工具的构建过程。该工具利用内核回调机制监控系统事件，并结合静态分析和远程注入功能实现对可疑进程的检测与拦截。

A vulnerability described as problematic has been identified in kujirahand TkEasyGUI up to 1.0.21. This affects an unknown function. Executing manipulation can lead to uncontrolled search path. This vulnerability is handled as CVE-2025-55671. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

文章描述了一种通过利用DOM Clobbering技术，在允许的HTML标签中注入特定ID或NAME属性的元素，覆盖目标页面的全局JavaScript变量或方法，从而绕过严格的CSP策略，并执行恶意操作的方法。这种方法成功获得了漏洞赏金。

A vulnerability marked as problematic has been reported in LY Yahoo Shopping App up to 14.14.x on Android. The impacted element is an unknown function of the component Custom URL Scheme Handler. Performing manipulation results in improper authorization in handler for custom url scheme. This vulnerability is known as CVE-2025-41408. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

文章介绍了双因素认证（2FA）的概念及其三种认证方式，并展示了如何绕过这些安全措施，揭示了潜在的安全漏洞。

A vulnerability labeled as problematic has been found in RATOC RAID Monitoring Manager on Windows. The affected element is an unknown function. Such manipulation leads to unquoted search path. This vulnerability is traded as CVE-2025-58400. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in kujirahand TkEasyGUI up to 1.0.21. Impacted is an unknown function of the component Message Handler. This manipulation causes os command injection. This vulnerability appears as CVE-2025-55037. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in ZcashFoundation frost up to 2.1.x. This issue affects the function frost_core::keys::refresh. The manipulation results in missing cryptographic step. This vulnerability is reported as CVE-2025-58359. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Microsoft Azure Bot Service. It has been rated as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-55244. The attack can be initiated remotely. There is not any exploit available. This product is a managed service, indicating that users are not permitted to maintain vulnerability countermeasures themselves.

A vulnerability was found in Microsoft Entra ID. It has been declared as critical. This affects an unknown part. Executing manipulation can lead to improper authentication. This vulnerability is registered as CVE-2025-55241. It is possible to launch the attack remotely. No exploit is available. This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves.

A vulnerability was found in Microsoft Azure Networking. It has been classified as critical. Affected by this issue is some unknown functionality. Performing manipulation results in improper access controls. This vulnerability is cataloged as CVE-2025-54914. It is possible to initiate the attack remotely. There is no exploit available. This product operates as a managed service, which prevents users from maintaining vulnerability countermeasures themselves.

Django发现严重漏洞CVE-2025–57833，允许攻击者通过PostgreSQL实现远程代码执行及所有数据库SQL注入。漏洞源于使用`FilteredRelation`与`select_related`函数构造恶意SQL查询。攻击者可利用PostgreSQL的`COPY`和`PROGRAM`功能执行反向shell以获取控制权。