Alibaba Nacos-spring-context XXE漏洞分析与利用场景
Nacos-spring-context 2.1.1及之前版本存在XXE漏洞,因DocumentBuilderFactory未禁用外部实体导致远程文件读取与SSRF。
Aggregator
CVE-2025-51482:Letta AI 组件代码注入导致远程命令执行漏洞详细分析
2 months ago
漏洞来源影响版本Letta 0.7.12漏洞描述letta-ai Letta 0.7.12 中的 letta.server.rest_api.routers.v1.tools.run_tool_from_source 存在远程代码执行漏洞,允许远程攻击者通过精心构造的有效载荷向 /v1/tools/run 端点执行任意 Python 代码和系统命令,从而绕过预期的沙箱限制。漏洞成因位于 /v1/t
黄道丽:网络犯罪防治的国际趋势与中国制度回应
2 months ago
当前,利用人工智能、区块链、深度伪造等新技术实施的电信网络诈骗、网络勒索、涉虚拟货币犯罪和跨境赌博等新型网络犯
石经海:以法治思维构建网络犯罪防治体系
2 months ago
网络犯罪的蔓延成为数字时代不可回避的治理难题。从跨境诈骗形成的“开发—引流—洗钱”全链条,到AI换脸技术催生的新型犯罪形态,传统治理模式已难以应对技术迭代带来的挑战。
《网络犯罪防治法(征求意见稿)》公开征求意见的公告
2 months ago
为有效遏制网络犯罪源头、整治网络犯罪生态,提升人民群众网络安全感和满意度,经充分调研论证,公安部起草了《网络犯
特工“慧眼”养成,情报员观察力训练技法
2 months ago
一名优秀特工,往往具备常人难以企及的敏锐观察力和洞察细节的能力。这种“慧眼”绝非天生,而是通过系统严格的训练磨炼而成。
OpenAI says you can trust ChatGPT answers, as it kicks off ads rollout preparation
2 months ago
OpenAI previously confirmed that it's testing ads in ChatGPT for free and $8 Go accounts, and now we're seeing early signs of that rollout, at least on Android. [...]
Mayank Parmar
AI 手机隐私数据出端风险分析
2 months ago
手机智能的代价是使用用户隐私数据?以苹果为例,看看在使用 Siri 时哪些隐私数据被不安全的传到云端
Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys
2 months ago
A critical vulnerability in Moltbook, the nascent AI agent social network launched late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for its registered entities amid hype over 1.5 million “users.” Researchers revealed an exposed database misconfiguration allowing unauthenticated access to agent profiles, enabling bulk data extraction. This […]
The post Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys appeared first on Cyber Security News.
Guru Baran
OpenAI is retiring famous GPT-4o model, says GPT 5.2 is good enough
2 months ago
OpenAI has confirmed that it's retiring ChatGPT's most popular model called GPT-4o and several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, GPT-4.1 mini, and o4-mini. [...]
Mayank Parmar
CVE-2025-5419
2 months ago
Currently trending CVE - Hype Score: 11 - Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
ATC Winter Vibes Community CTF 2.0
2 months ago
Name: ATC Winter Vibes Community CTF 2.0 (an ATC Winter Vibes Community CTF event.)
Date: Jan. 30, 2026, 2 p.m. — 31 Jan. 2026, 14:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://atcwintervibesctf.com/
Rating weight: 0.00
Event organizers: ATC CTF Team
Date: Jan. 30, 2026, 2 p.m. — 31 Jan. 2026, 14:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://atcwintervibesctf.com/
Rating weight: 0.00
Event organizers: ATC CTF Team
RCS CTF 26
2 months ago
Name: RCS CTF 26 (an Republic of Cyber Sentinals event.)
Date: Jan. 30, 2026, 7 p.m. — 31 Jan. 2026, 14:00 UTC [add to calendar]
Format: Jeopardy
On-site
Location: Lovely Professional University, Jalandhar
Offical URL: https://encryptedge.in/
Rating weight: 0.00
Event organizers: EN¢R¥PT_EDGE€
Date: Jan. 30, 2026, 7 p.m. — 31 Jan. 2026, 14:00 UTC [add to calendar]
Format: Jeopardy
On-site
Location: Lovely Professional University, Jalandhar
Offical URL: https://encryptedge.in/
Rating weight: 0.00
Event organizers: EN¢R¥PT_EDGE€
黄仁勋否认对 OpenAI 不满;SpaceX 申请部署 100万颗卫星;传 Waymo 进行新一轮融资,估值接近 1100 亿美元 | 极客早知道
2 months ago
苹果改进线上商店购机流程 Mac 订单全面改为「自选配置」模式;NASA 新一代超级计算机「雅典娜」宣布投用;苹果早期稀有藏品拍出逾 810 万美元「庆典」Apple‑1 原型板成最大赢家
学术前沿 | 安徽大学崔杰教授团队:元宇宙中去中心化的三因素身份认证方案
2 months ago
INC
2 months ago
You must login to view this content
cohenido
Qilin
2 months ago
You must login to view this content
cohenido
【资料】美国政府数据和研究报告显示有42%的家庭生活在“斩杀线”附近
2 months ago
美国低收入住房联盟发布基于2023年美国社区调查数据,在4560万租房家庭中,1090万属于极低收入群体。市场上仅有710万套住房在租金上对他们而言是可负担的,其中330万套已被较高收入家庭占据,导致仅有380万套真正“可负担且可用”,造成710万套的巨大缺口。
Blockchain Penetration Testing: Definition, Process, and Tools
2 months ago
Blockchain Penetration Testing simulates real-world cyberattacks on blockchain systems to identify vulnerabilities before attackers can exploit them. On September 14, 2021, the Solana blockchain network went offline for 17 hours during the Grape Protocol IDO (Initial DEX Offering) due to a Distributed Denial-of-Service (DDoS) attack. In distributed blockchain applications, penetration testing frameworks have demonstrated throughput […]
The post Blockchain Penetration Testing: Definition, Process, and Tools appeared first on Security Boulevard.
Harman Singh
CVE-2021-47865 | ProFTPD 1.3.7a allocation of resources (Exploit 49697 / EDB-49697)
2 months ago
A vulnerability categorized as problematic has been discovered in ProFTPD 1.3.7a. Impacted is an unknown function. Such manipulation leads to allocation of resources.
This vulnerability is uniquely identified as CVE-2021-47865. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com