Aggregator

A vulnerability was found in Linux Kernel up to 6.17-rc4. It has been declared as critical. This affects an unknown part of the component scsi. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-39841. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in HP Universal Print Driver 7.1.x/7.2.x/7.3.x/7.4. It has been rated as critical. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-43025. Local access is required to approach this attack. No exploit exists.

The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.

本文系统剖析提示词注入攻击原理、实战案例及防御体系，覆盖从基础越狱到多模态新型威胁的全链条风险应对。

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.

Inter Partner Assistance Algeria Allegedly Hacked, Exposing Internal Systems, User Accounts, and Insurance Documents

Критическая уязвимость затронула сразу четыре поколения наушников Xiaomi.

A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for a zero-day flaw in the QuickJS Javascript interpreter. The results point to a significant shift […]

The post New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale appeared first on Cyber Security News.

2025年12月，国外安全厂商监测到一款此前从未被发现的Linux恶意软件。这款名为VoidLink的恶意程序（开发者内部代号），专门针对云服务器发起入侵攻击，全程采用Zig语言编写。 它能识别市面上主流的云平台环境，还能判断自身是否运行在Kubernetes或Docker容器当中，再针对性地调整攻击手段。 VoidLink会窃取云平台的登录凭证，以及Git这类常用代码版本管理工具的相关信息。这意味着软件工程师可能会成为攻击目标，遭遇信息窃取，甚至可能引发后续的供应链攻击。 这款恶意软件的功能配置极为完备，不仅具备类Rootkit的隐藏能力，支持LD_PRELOAD、LKM、eBPF三种技术手段，还搭载了一套内存插件扩展系统，以及智能隐蔽机制。 这套隐蔽机制可以根据检测到的安全防护软件，实时调整躲避策略；如果处在被监控的环境中，它会优先保证自身不被发现，哪怕牺牲运行性能也在所不惜。 同时，它支持多种远程控制渠道，涵盖HTTP/HTTPS、ICMP、DNS隧道等方式，还能让被感染的设备之间建立P2P网状网络，实现设备间的互相通信。 从目前捕获的最新样本来看，这款恶意软件的多数功能组件都已接近开发完成状态，配套的C2控制服务器和集成化仪表盘前端也已全部就位。 据推测，VoidLink的开发工作始于2025年11月下旬。开发者当时使用了一款名为TRAE SOLO的AI助手，这款工具内嵌在主打AI功能的集成开发环境TRAE中。 TRAE生成的相关文件，与恶意软件的源代码一同被上传至攻击者的服务器。后来因为开发者的操作失误，这台C2控制服务器的目录被直接暴露在外，导致里面的工程代码、开发提示词、相关文档全部泄露。 其中一份由TRAE生成的指导文件，还原了这款恶意软件的早期规划思路，以及项目启动时的核心需求，提供了极为珍贵的线索。 详细可见图片中关于现代Ai编程恶意软件的情况，以便我们更好的进行对抗，老实说利用Ai进行防御目前来看并没有什么突破性的进展，反倒是攻击思路愈来愈多。 详细报告分析可见: https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/ https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/

Madison, United States, 20th January 2026, CyberNewsWire

TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass […]

48 млн строк кода vs один JSON-файл.

Identity-based attacks are one of the primary paths attackers use to breach corporate networks. Tenfold shows how Identity Threat Detection helps spot suspicious account activity before real damage occurs. [...]

Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

全是干货，笔者在使用IDA的过程，总结了很多场景下的使用，以下内容来自笔者+互联网总结。有些文章我不记得从哪看了，但是感谢大佬的分享。

A vulnerability categorized as problematic has been discovered in koajs koa up to 0.21.1/1.7.0/2.15.3/3.0.0-alpha.2. This vulnerability affects unknown code of the component ES2017. Such manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2025-25200. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Samsung Galaxy Watch. The impacted element is an unknown function of the component SamsungAccount. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2025-20998. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Samsung Galaxy Watch. Affected is an unknown function of the component System UI. The manipulation results in improper access controls. This vulnerability is identified as CVE-2025-21004. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in HP Support Assistant. Affected by this issue is some unknown functionality. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2025-43019. The attack needs to be launched locally. No exploit is available.