Aggregator

A vulnerability, which was classified as problematic, was found in Red Hat JBoss Enterprise Application Platform and JBoss Enterprise Application Platform Expansion Pack. This affects an unknown part of the component Enterprise JavaBeans. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-2251. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in xmlsoft libxml2 up to 2.13.7/2.14.1. Affected by this issue is some unknown functionality of the component Python API. The manipulation leads to return of wrong status code. This vulnerability is handled as CVE-2025-32414. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

PB-CMS v2.0代码审计

攻击者通过构造特殊参数改变了SQL语句原本的逻辑，执行攻击者指定的操作。

使用电脑微信上的“菜单-迁移与备份-备份与恢复”功能可以将手机微信上的聊天记录存储到电脑，以后也可以恢复到手机。如果可以将这些备份的聊天记录直接提取出来就可以随心所欲地整理、保存了。

使用电脑微信上的“菜单-迁移与备份-备份与恢复”功能可以将手机微信上的聊天记录存储到电脑，以后也可以恢复到手机。如果可以将这些备份的聊天记录直接提取出来就可以随心所欲地整理、保存了。

A vulnerability classified as problematic has been found in HelpDeskZ up to 2.0.1. This affects an unknown part of the component Administration Panel. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-46226. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Pebble io.pebbletemplates:pebble and classified as problematic. This vulnerability affects unknown code of the component Include Tag Handler. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-1686. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in gnarf binlayerpress Plugin up to 1.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2076. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-2369. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Google Chrome. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Inspector. The manipulation leads to use after free. This vulnerability is known as CVE-2025-2136. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in spotipy-dev spotipy up to 2.25.0. Affected is the function CacheHandler. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-27154. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Google Chrome. This vulnerability affects unknown code of the component V8. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-2137. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 在微软的 Visual Studio Code 市场中有九个 VSCode 扩展伪装成合法开发工具，同时感染用户设备，植入 XMRig 加密货币矿工以挖掘以太坊和门罗币。 Microsoft VSCode 是一款流行的代码编辑器，允许用户安装扩展以扩展程序的功能。这些扩展可以从微软的 VSCode 市场下载，这是一个供开发者查找和安装插件的在线中心。 ExtensionTotal 研究员 Yuval Ronen 发现了九个于 2025 年 4 月 4 日在微软门户上发布的 VSCode 扩展。 扩展名称： Discord Rich Presence for VS Code（开发者：Mark H）- 18.9 万次安装 Rojo – Roblox Studio Sync（开发者：evaera）- 11.7 万次安装 Solidity Compiler（开发者：VSCode Developer）- 1300 次安装 Claude AI（开发者：Mark H） Golang Compiler（开发者：Mark H） ChatGPT Agent for VSCode（开发者：Mark H） HTML Obfuscator（开发者：Mark H） Python Obfuscator for VSCode（开发者：Mark H） Rust Compiler for VSCode（开发者：Mark H） 市场数据显示，这些扩展自 4 月 4 日以来已累计超过 30 万次安装。这些数字可能是人为虚高的，目的是让扩展显得更合法和更受欢迎，从而吸引更多用户安装。 ExtensionTotal 表示已向微软报告了这些恶意扩展，但截至本文撰写时，它们仍可在市场上找到。 VSCode 市场上的 Discord 主题扩展 来源：BleepingComputer PowerShell 脚本安装 XMRig 矿工 当安装并激活后，恶意扩展会从外部源 ‘https://asdf11[.]xyz/’ 获取 PowerShell 脚本并执行。完成后，它还会安装其伪装的合法扩展，以避免用户产生怀疑。 下载 PowerShell 脚本的代码 来源：BleepingComputer 恶意 PowerShell 脚本执行多种功能，包括禁用防御、建立持久性、提升权限，最终加载加密货币矿工。 首先，它创建一个伪装为“OnedriveStartup”的计划任务，并在 Windows 注册表中注入脚本，以确保恶意软件（Launcher.exe）在系统启动时运行。 接下来，它关闭关键的 Windows 服务（如 Windows Update 和 Update Medic），并将工作目录添加到 Windows Defender 的排除列表中，以逃避检测。 如果恶意软件未以管理员权限执行，它会模仿系统二进制文件（ComputerDefaults.exe），并通过恶意 MLANG.dll 进行 DLL 劫持以提升权限并执行 Launcher.exe 有效载荷。 可执行文件以 base64 编码形式提供，PowerShell 脚本对其进行解码，以连接到二级服务器 myaunet[.]su 下载并运行 XMRig，这是一种门罗币加密货币矿工。 BleepingComputer 发现，威胁行为者的远程服务器上还有一个 /npm/ 文件夹，可能表明该活动也在该软件包索引上进行。然而，我们尚未在 NPM 平台上找到恶意文件。 威胁行为者服务器上的 NPM 目录 来源：BleepingComputer 如果您安装了 ExtensionTotal 报告中提到的九个扩展中的任何一个，您应立即卸载它们，然后手动定位并删除加密货币矿工、计划任务、注册表键和恶意软件目录。   消息来源：Bleeping Computer；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

LLVM IR 在网络安全中的应用

​捕获2个0day漏洞,获得加分; 有效事件检测17个,为单位回血6630分; 申诉7个违规攻击行为被采纳,挽 […]

探索情报知识的深渊，洞悉世界的奥秘，尽在情报读书会知识星球。深度解析，每日更新相对情报读书会的情报成品分析报

前些日子，《大西洋月刊》主编杰弗里·戈德伯格透露，他被意外拉入了特朗普总统国家安全团队在 Signal 应用程