Aggregator

一起探索安卓逆向的奥秘

AI催生高危Linux恶意软件新案例

看雪论坛作者ID：G0t1T

近日，绿盟科技CERT监测到GNU发布安全公告，修复了GNU InetUtils Telnetd远程身份验证绕过漏洞（CVE-2026-24061），CVSS评分9.8，目前漏洞细节与PoC已公开，请相关用户尽快采取措施进行防护。

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are

白俄罗斯业余无线电（HAM Radio）社区紧急呼吁外界关注，白俄罗斯政府对该社区实施了突袭行动，至少逮捕了七人，威胁对其中三人判处死刑，理由是他们窃取国家机密。面临死刑惩罚的三人属于一个有 50 多名成员的业余无线电爱好者网络，他们被控“间谍罪”和“叛国罪”。政府查获了 500 多件无线电设备，国家电视台称他们利用无线电监视政府飞机的行踪，但未提供证据。

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead

美国NASA利用区块链技术实现航空系统零信任网络安全

首个利用国产AI IDE开发的高级恶意软件曝光

腾讯云安全联手A*STAR共绘可信可控AI智能体发展蓝图

前言前面提到一些webshell的绕过手法，就是利用一些内置的函数去解析正常的业务逻辑，在正常的业务逻辑里面隐藏我们的恶意代码，再通过特定函数去进行解析提取业务逻辑里面的恶意代码，再进行拼接，从而达到绕过AI检测的效果但是比赛的要求是这样的：我们需要从外部获取参数来控制命令执行，一开始我以为很简单，毕竟我都绕过了命令执行了，那接收参数这个不是简简单单吗？但是我想错了遇到的困难比如说下面这段：利用分

Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud credentials, leak database files, and take control of enterprise AI environments without user interaction. Zafran Labs identified these flaws affecting internet-facing deployments across enterprises. Both vulnerabilities […]

The post Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments appeared first on Cyber Security News.

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management

JS逆向对抗——记一次渗透测试签名绕过

最近三年投入在威胁检测与杀毒能力建设方向，喜欢思考如何能解决最实际的网络安全问题，尽极大可能地提高检测系统的杀

Rho-alpha — это первая попытка ИИ выйти в офлайн, чтобы трогать, ронять и ощущать наш мир.

Blue Origin announced TerraWave, a satellite communications network designed to support enterprise, data center, and government users that rely on reliable connectivity for mission-critical operations. The network will provide symmetrical data speeds of up to 6 Tbps worldwide. The TerraWave architecture consists of 5,408 optically interconnected satellites in low Earth orbit (LEO) and medium Earth orbit (MEO), enabling ultra-high-throughput links between global hubs and multigigabit user connections in regions where diverse fiber paths are costly, … More →

The post TeraWave space-based network aims for 6 Tbps connectivity worldwide appeared first on Help Net Security.

A vulnerability was found in Hamastar MeetingHub. It has been rated as problematic. This impacts an unknown function. This manipulation causes absolute path traversal. This vulnerability is tracked as CVE-2026-1330. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Hamastar MeetingHub. It has been declared as critical. This affects an unknown function. The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-1331. The attack can be executed remotely. There is not any exploit available.