Aggregator

作者：Marcell Szakály, Martin Strohmeier, Ivan Martinovic, Sebastian Köhler 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2601.15515v1 摘要 电动汽车（EV）的普及正迅速推进。为实现快速、安全的充电，车辆与充电站之间需要进行复杂的通信。在全球广泛使用的联合充电系统（C...

Фейковый Чемезов захватил соцсети на выходных.

随着 AI 助手工具逐渐嵌入日常工作，安全团队的关注点仍主要集中在保护 大模型本身。

Adversaries have pioneered a sophisticated method of weaponizing GitHub as a conduit for malware distribution, camouflaging their payloads

The post The “Fork” in the Road: How Hackers Subverted GitHub Desktop to Infect Dev Workstations appeared first on Penetration Testing Tools.

In late December 2025, the Polish power grid was besieged by a formidable cyberattack. This incursion, transpiring during

The post Winter of Resilience: How Poland’s Defenses Thwarted the “DynoWiper” Assault on Its Energy Grid appeared first on Penetration Testing Tools.

Threat actors persist in exploiting a critical vulnerability within VMware vCenter Server, notwithstanding the fact that the remediating

The post Virtual Kill Chain: Why Hackers Are Flocking to This “Critically Unpatched” VMware Flaw appeared first on Penetration Testing Tools.

Security researchers have documented a sophisticated, multi-stage phishing campaign targeting users within the Russian Federation. This offensive employs

The post The Trojan Double-Tap: How Amnesia RAT and Ransomware are Ghosting Through Russian Defenses appeared first on Penetration Testing Tools.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A profound vulnerability within the internet’s architectural framework, designated as BGP Vortex, has garnered significant academic scrutiny following

The post The BGP Vortex: A 30-Year-Old Flaw Could Theoretically “Unplug” 96% of the Global Internet appeared first on Penetration Testing Tools.

While it may appear that every emergent Trojan or infostealer is a unique narrative defined by its own

The post The “Communal Arsenal”: Splunk Uncovers the Standardized Playbook Shared by 18 Malware Families appeared first on Penetration Testing Tools.

Waltio, a French enterprise specializing in fiscal calculations for cryptocurrency holders, has been targeted by a blackmail campaign

The post Crypto Tax Alert: ShinyHunters Holds 50,000 Waltio Users Hostage in Bold Blackmail Plot appeared first on Penetration Testing Tools.

A sophisticated malicious instrument christened Stanley exemplifies a paradigm shift in the evolution of browser extension exploits. We

The post The $6,000 “Verified” Threat: How the Stanley Malware Kit Hijacks Your Browser From Inside the Chrome Store appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in eslint up to 9.25.x. This issue affects the function RuleTester.run in the library eslint/lib/shared/serialization.js. Executing a manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-50537. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

TikTok is contending with a profound resurgence of skepticism within the United States; following the announcement of its

The post From ByteDance to Big Brother? The Great American TikTok Exodus as Ownership Shifts appeared first on Penetration Testing Tools.

沙特准备大幅缩减其雄心勃勃的未来城市项目 Neom 的规模。Neom 意思是新未来城市，沙特原计划斥资 5000 亿美元建造。Neom 位于沙特西北部的 Tabuk，总面积 26500 平方公里，其核心组成部分是名叫 The Line 的线条城市，高 500 米，长 170 公里，能容纳 900 万居民，城市被封闭在两座距离约 200 米的平行高墙之内，表面覆盖镜子。The Line 有三层，地面一层供行人使用，地下两层一层为基础设施一层为地下交通。它还有一条高铁，时速能达到 512 公里，从线条城市的一头到另一头只需要 20 分钟。 但如今 The Line 准备彻底的重新设计，方案将更为精简，Neom 可能将变成数据中心枢纽，利用其沿海位置的海水冷却服务器。

Until recently, cyber offensives were synonymous with “exotic” malicious servers and conspicuously suspicious IP addresses. Today, that paradigm

The post The Invisible Predator: How “Scattered Spider” Weaponizes Familiarity to Vanish Inside Corporate Networks appeared first on Penetration Testing Tools.

Deciphering BIOS and UEFI updates is an endeavor typically conducted in obscurity. These files comprise a labyrinthine confluence

The post X-Ray for Your BIOS: Carnegie Mellon’s New Open-Source Tool Pulls Back the Curtain on UEFI appeared first on Penetration Testing Tools.

Основатель Telegram заявил об обнаружении уязвимостей в системе шифрования WhatsApp.

Descope has updated its Agentic Identity Hub to provide MCP developers and AI agent builders with standards-based identity infrastructure for their AI systems. Organizations can now use Descope to manage AI agents as first-class identities alongside human users, add OAuth 2.1 and tool-level scopes to their internal and external MCP servers, and govern agent access to MCP servers with enterprise-grade policy enforcement. Dedicated agentic identity management (Source: Descope) 2025 was the year AI agents began … More →

The post Descope introduces dedicated identity infrastructure for AI agents and MCP ecosystems appeared first on Help Net Security.

A vulnerability marked as critical has been reported in AI Engine Plugin up to 3.3.2 on WordPress. Impacted is the function get_audio of the component Setting Handler. The manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-0746. The attack can be initiated remotely. There is not any exploit available.