Aggregator

An ISACA survey found that just 5% of organizations have a defined strategy to defend against quantum-enabled threats

ART底层源码逻辑大揭秘，打造安卓逆向高手

Storm-1977 黑客组织利用 AzureChecker CLI 工具，通过密码喷洒攻击教育领域云租户，劫持 200 多个容器用于加密货币挖矿。

近日，京东安全獬豸实验室携最新技术研究，在 Black Hat Asia 2025 上，与参会者进行了广泛而深入的交流。

看雪论坛作者ID：ngiokweng

Пока ты бездумно лайкаешь мемы, ИИ по кусочкам собирает на тебя досье — и делает это пугающе хорошо.

A vulnerability was found in Mozilla Thunderbird. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-40962. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-42932. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.5.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-45414. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox ESR up to 91.7 and classified as problematic. Affected by this issue is some unknown functionality of the component VR Process. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-1196. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.2. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to protection mechanism failure. The identification of this vulnerability is CVE-2022-40956. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Thunderbird up to 102.2. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-40957. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest researchers, who reported them to SAP. The software company confirmed that the attackers have been leveraging a new vulnerability; released an emergency patch on April 24; and urged organizations to upgrade to implement it and check whether … More →

The post Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) appeared first on Help Net Security.

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

从 MCP 攻防实操出发，开启深入理解 MCP 风险与防护思维的深度旅程。

从 MCP 攻防实操出发，开启深入理解 MCP 风险与防护思维的深度旅程。

A vulnerability classified as critical has been found in Oracle Application Server Web Cache 2.0.0.1. Affected is an unknown function of the component GET Request Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2001-0836. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.