Aggregator

Иногда, чтобы нанести удар, нужно сначала просто раствориться в тени.

ClickHouse 数据库渗透测试指南

根据国家统计局上个月公布的数据，2025 年中国全国企业就业人员每周平均工时为 48.6 小时，在连续上涨 9 年后，终于小幅回落。国家统计局数据显示，中国劳工工时自 2016 年起不断上涨，在 2023 和 2024 年达新高，每周平均工时达 49 小时。2025 年除了 1 月其余 11 个月每周平均工时都低于 2024 年同期。中国人民大学中国就业研究所所长曾湘泉表示，2025 年企业就业人员每周平均工时下降，一方面可能是工时吸收经济压力的调节机制接近极限—工时不可能不断上涨；另一方面，官方“反内卷”和劳动者权益保障力度持续加强，也带来积极影响。曾湘泉表示，在网约车司机、外卖骑手等职业的劳动时长屡屡突破生理极限的同时，电力、燃气等垄断型行业的员工极少出现工时过长的情况。他还指出，如果将工资因素考虑在内，较长的工时可能反映了就业质量的低下；例如，许多低收入劳动者虽然每周工作高达 50—60 小时，但收入仍难以满足基本生活需求；这说明此类岗位普遍缺乏足够的劳动保护和福利支持，劳动者只能通过延长工作时间弥补工资的不足，也就是被迫“以时间换收入”。 

Как работает визуальный prompt injection: машины подчиняются любому тексту, попадающему в объектив камеры.

从零开启漏洞挖掘与利用学习，加油！

European Open Source Academy 的 2025 年开源卓越奖得主、cURL 维护者 Daniel Stenberg 宣布了 2026 年的开源卓越奖得主、稳定版 Linux 内核维护者 Greg Kroah-Hartman。他表示：很难夸大 Greg 在 Linux 上的工作的重要性。在软件领域，创新总能抢占头条，但稳定性却默默守护着生命和生计。每一部 Android 手机、每一台 Web 服务器、每一个运行 Linux 的关键系统，都依赖于 Greg 精益求精的工作。正因为他的努力，医院、银行、政府和个人在使用 Linux 时，才能安心无忧。他的工作代表着最高形式的服务：不求浮华，坚持不懈，却不可或缺。

漏洞介绍通过字符串格式化和异常处理，攻击者可以绕过 n8n 的 Python 任务执行器沙箱限制，在底层操作系统中运行任意的、不受限制的 Python 代码。该漏洞可通过“代码块”功能被拥有基本权限的已验证用户利用，并可能导致运行在“内部”执行模式下的 n8n 实例被完全接管。如果实例运行在“外部”执行模式下（例如，使用 n8n 的官方 Docker 镜像），任意代码执行将发生在一个 Sideca

Currently trending CVE - Hype Score: 6 - Windows Task Scheduler Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 6 - upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell ...

Currently trending CVE - Hype Score: 6 - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < ...

易语言写的银狐黑产组织最新攻击样本分析

Задумывался как подстраховка, а стал любимой лазейкой для взломщиков…

A vulnerability was found in Linux Kernel up to 6.12.19/6.13.7 and classified as critical. This vulnerability affects the function kexec_file_load. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-21977. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.19/6.13.7 and classified as critical. This affects the function bnxt_queue_mem_alloc. The manipulation leads to denial of service. This vulnerability is documented as CVE-2025-21974. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.19/6.13.7. It has been classified as critical. This issue affects some unknown processing of the file drivers/video/fbdev/core/fb_info.c of the component hyperv_fb. This manipulation causes buffer overflow. This vulnerability appears as CVE-2025-21976. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. This impacts the function mlx5_chains_create_table. The manipulation results in unchecked return value. This vulnerability was named CVE-2025-21975. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.19/6.13.7. The affected element is the function bnxt_get_queue_stats_rx/bnxt_get_queue_stats_tx of the component eth. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-21973. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.19/6.13.7. This affects the function frag_list. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-21972. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.83/6.12.19/6.13.7. Affected by this issue is the function l2cap_send_cmd of the component Bluetooth. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-21969. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. The impacted element is the function qdisc_tree_reduce_backlog of the component net_sched. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-21971. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.