Aggregator

作者：dukpt 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/8_md#article 0 - 开场白 这篇文章最初是在四年前写的。嗯，大约80%的内容是那时候完成的。我一直没有抽出时间来完成它，所以它一直未被发表。当我辞去工作并开始新的尝试时，我终于找到了完成它的动力（或者时间）。我希望这段时间的等待没有削弱你对这篇文章的兴趣，并且...

作者：Thomas Rinsma 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/10_md#article 0 - 引言 这是一个关于打破可能并未被设计、但许多人认为存在的安全边界的完整故事。我们将以一种非预期的方式使用一些奇特的 JavaScript 特性，帮助我们从一个“沙箱”中逃脱，最终从一个隔离的 WebAssembly 模块中...

Thailand’s Cyber Police, in collaboration with the local telecom operator AIS, carried out a large-scale operation dubbed “KHAO SAN”, during which two young Thai nationals were arrested for executing tasks on behalf of a...

The post Bangkok’s “Phantom Cell Tower” Busted: Inside the Mobile Phishing Scam appeared first on Penetration Testing Tools.

这篇文章介绍了错误代码521的原因和解决方法。该错误通常由Cloudflare引发，表示服务器无法连接到原始服务器。常见原因包括服务器暂时不可用、网络问题或配置错误。解决方法包括检查服务器状态、确认防火墙设置正确以及联系网络管理员排查问题。

这篇文章介绍了错误代码521的原因及其对网络连接的影响，并提供了相应的解决措施。

文章描述了错误代码521的含义及其常见原因，并提供了相应的解决方法和预防措施。

作者：Orange Tsai 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/5_md#article 序言 我们一生都在扮演不同的角色。我很幸运早早发现了我的热情所在——更幸运的是，还能靠它谋生。在成为全职黑客之前，我也是一个制造麻烦的脚本小子，一个渴望更大刺激的年轻人，以及追逐更高赏金的漏洞猎人。而现在，我终于可以自豪地称自己为“黑客...

作者：mr_me 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/6_md#article 0. Journey 在对源代码进行多次长时间审计的过程中，一款安全设备引起了我的注意。它运行着一些过时的、糟糕的 PHP 代码，让我想起了那些……嗯，算了。 这款设备曾多次被审计，这吸引了我，因为我个人喜欢在复杂的网络环境中寻找漏洞的挑战。这意味...

作者：Saber, cyb0rg 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/7_md#article 0. 引言 本文分析了一个APT（高级持续性威胁）工作站的数据转储。特别是从一个积极针对韩国和台湾组织的威胁行为者的工作站中检索到的数据和源代码。 我们相信这是朝鲜“Kimsuky”组织的一名成员[#14]。 “Kimsuky是一...

Ex-developer jailed 4 years for sabotaging Ohio employer with kill-switch malware that locked employees out after his account was disabled. Ex-developer Davis Lu (55) was sentenced to 4 years for sabotaging Ohio employer with kill-switch malware that locked staff out after his account was disabled. The Chinese national was also sentenced to three years of […]

前开发人员因破坏雇主系统被判处四年监禁。他部署恶意软件，在账户被禁用时触发“kill switch”，导致数千名用户无法登录，并删除数据造成巨大损失。

Authorities in Africa have arrested 1,209 people in an Interpol-led crackdown on cybercrime that targeted nearly 88,000 victims. 11,432 malicious infrastructures were dismantled during Operation Serengeti 2025 (Source: Interpol) Operation Serengeti 2.0 The operation, which ran from June to August 2025, recovered $97.4 million and shut down 11,432 malicious online systems. Called Operation Serengeti 2.0, the effort brought together investigators from 18 African nations and the United Kingdom. It focused on serious cybercrimes such as … More →

The post Interpol operation seizes $97 million in African cybercrime sweep appeared first on Help Net Security.

Palo Alto Networks CEO Nikesh Arora has sounded the alarm over the dawn of a new wave of “browser wars.” Speaking during the company’s Q4 2025 earnings call, he observed that Microsoft, Google, OpenAI,...

The post A New “Browser War” Is Coming: How AI Agents Are Reshaping Cybersecurity appeared first on Penetration Testing Tools.

Hunt.io发现并分析了ERMAC的PHP命令与控制（C2）后端、React前端面板、基于Go语言的数据窃取服务器、Kotlin后门，以及用于生成定制化木马化APK的生成器面板。

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are evolving beyond conventional exploitation techniques to target scripting patterns and […]

The post New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor appeared first on Cyber Security News.

公益全体活动上线中秋献礼，感恩相伴！不只有中秋礼盒哦！

Microsoft has set out a roadmap to complete transition to PQC in all its products and services by 2033, with roll out beginning by 2029

腾讯云安全威胁情报团队在实战攻防演练常态化运营期间，发现一批伪装为名为“简历”，“错误视频”的多功能恶意软件通过钓鱼方式传播。经分析发现这批恶意软件为同一款软件框架。该软件框架主要使用 Golang 编写，兼具远控木马与勒索双重能力。

当前环境出现异常情况，需完成验证后方可继续访问。