Aggregator

A vulnerability classified as problematic was found in Zitadel up to 2.47.3. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-28855. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OctoPrint up to 1.9.3/1.10.0rc2 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-28237. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Xbox Gaming Services and classified as critical. This issue affects some unknown processing. The manipulation leads to link following. The identification of this vulnerability is CVE-2024-28916. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zitadel up to 2.48.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login UI. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-29892. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Meta 取消第三方事实核查当地时间 1 月 7 日，美国社交媒体平台 Facebook 和 Instagram 的母公司 Meta 宣布，将终止其第三方事实核查计划。这一转变正值 Meta CEO

曝谷歌正招兵买马组建世界模型团队；陈震开 FSD 撞护栏，评价不如小鹏和华为；黄仁勋称量子计算机可能需要 20 年实现。

A vulnerability, which was classified as problematic, has been found in Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4. This issue affects some unknown processing of the component RAR Decompression. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-5310. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等进行检测或维护参考，未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直接或间接后果和损失，均由使用

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球对于轻量级阅读支持的不足，为用户读者提供更佳的阅读体验。如果您对阅读体验的需求比较高，那么

近期，网络安全从业人员间流传着一个引起广泛关注的事件：某提权工具被植入后门，导致工具使用者的身份信息和敏感数据遭到泄露。根据现有的信息，初步判断此次攻击背后可能是东南亚某APT组织——海莲花（Lotu

#恶意软件分析 #APT #海莲花APT组织 海莲花APT钓鱼样本分析-上 微步近日发的海莲花APT攻击样本，利用了一个vs的漏洞，然后在样本层和流量层都使用了相关的免杀手法。 研究了一下漏洞poc源代码，巧妙的利用了vs的一个反序列化加载机制漏洞，攻击活动从10-11月或者更早就开始了，poc是半年前放岀来的

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

近期，我们发现一个未知 Windows 在野提权 Nday 漏洞样本，该漏洞样最早被上传时只有6个查杀。经过分析确认该漏洞应该是在八月的微软补丁中被修复，是一个被修复的未知nday利用。本文对该漏洞及漏洞样本进行了详细分析。

综述该漏洞样本为前段时间奇安信威胁情报中心日常在野漏洞监控运营经发现，其最早被上传时只有6个查杀。经过分析确认该漏洞应该是在八月的微软补丁中被修复，是一个被修复的未知nday利用，运行的具体效果如下所

构建安全政务环境，满足政务外网“一机两用”要求。