Вода переоценена? Образцы астероида возрастом 4,6 млрд лет показали, что жизнь может начинаться без капли влаги
Кирпичики всего живого собираются в ледяном аду под радиацией?
Aggregator
N1CTF Reverse题目全解
4 months 1 week ago
N1CTF Reverse题目全解
XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
4 months 1 week ago
XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Allegedly Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
Dark Web Informer
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
4 months 1 week ago
The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme.
"These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent
The Hacker News
Добываем литий на сверхзвуке: ракетный движок превратил забытый камень петалит в «новую нефть» для планеты
4 months 1 week ago
И как это спасет мир от дефицита аккумуляторов.
CVE-2025-20080 | Intel AMT/Standard Manageability null pointer dereference (intel-sa-01315)
4 months 1 week ago
A vulnerability identified as problematic has been detected in Intel AMT and Standard Manageability. Impacted is an unknown function. Performing a manipulation results in null pointer dereference.
This vulnerability is reported as CVE-2025-20080. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
SAP security advisory – February 2026 monthly rollup (AV26-107)
4 months 1 week ago
Canadian Centre for Cyber Security
【提示词注入】AI 安全护栏场景下的绕过实战
4 months 1 week ago
AI 安全护栏并非绝对安全,其本质仍是一个判别系统。在复杂真实场景中,攻击者可以通过构造特定输入或诱导输出,使模型行为偏离设计预期,从而形成潜在绕过风险。
AI 下红队安全工具开发及对接(大模型+MCP)实践
4 months 1 week ago
本文主要是讲 AI 时代下的红队安全工具的开发,以及如何把安全工具接到大语言模型里。涉及到 MCP 客户端的结合,分布式的 MSF 的命令的执行,如何独立的 session 管理,代码优化的思路及调试等内容。以红队安全工具开发的细节处理为初始点,让初学者也能玩转 MCP。
利用360驱动阻断EDR网络连接
4 months 1 week ago
闲来无事发个水文,记录一下特殊情况下分析360安全卫士过程中觉得可以公开的一个点。在对 `360netmon
[Control systems] Siemens security advisory (AV26-106)
4 months 1 week ago
Canadian Centre for Cyber Security
CVE-2023-45554 | ZZZCMS 2.1.9 imageext unrestricted upload (EUVD-2023-49846)
4 months 1 week ago
A vulnerability, which was classified as critical, was found in ZZZCMS 2.1.9. Affected by this issue is some unknown functionality. Such manipulation of the argument imageext leads to unrestricted upload.
This vulnerability is documented as CVE-2023-45554. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2023-45555 | ZZZCMS 2.1.9 zzz.php down_url unrestricted upload (EUVD-2023-49847)
4 months 1 week ago
A vulnerability was found in ZZZCMS 2.1.9. It has been classified as critical. This issue affects the function down_url of the file zzz.php. The manipulation leads to unrestricted upload.
This vulnerability is traded as CVE-2023-45555. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-45556 | MyBB 1.8.33 Theme Management Theme Name cross site scripting (GHSA-4xqm-3cm2-5xgf / EUVD-2023-49848)
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in MyBB 1.8.33. This affects an unknown function of the component Theme Management. Executing a manipulation of the argument Theme Name can lead to cross site scripting.
This vulnerability is tracked as CVE-2023-45556. The attack can be launched remotely. No exploit exists.
vuldb.com
FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands
4 months 1 week ago
Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unauthenticated attackers to execute arbitrary commands on affected systems. Dubbed an “Improper Neutralization of Input During Web Page Generation” issue (CWE-79), the flaw resides in the graphical user interface (GUI) component and scores a 7.9. At […]
The post FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands appeared first on Cyber Security News.
Guru Baran
Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
4 months 1 week ago
Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
Dark Web Informer
Паспортный стол в Discord. Геймеров заставят подтверждать личность под угрозой ограничений
4 months 1 week ago
Discord вводит принудительную верификацию возраста для всех.
Volvo Group North America customer data exposed in Conduent hack
4 months 1 week ago
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. [...]
Bill Toulas
Microsoft rolls out new Secure Boot certificates before June expiration
4 months 1 week ago
Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. [...]
Sergiu Gatlan
Nitrogen
4 months 1 week ago
You must login to view this content
cohenido