Aggregator

新闻速览 •损失已达百亿美元，汽车行业网络安全形势日益严峻 •Oracle因云数据泄露事件面临集体诉讼，或影响 […]

新闻速览 •ATT隐私框架实施存歧视，苹果公司被法国竞争管理局罚款1.5亿欧元 •密码学专家王晓峰夫妇神秘消失 […]

想象一下，一个初级程序员敲下几行自然语言描述，几秒钟后，一个完整的OAuth2授权服务——约2000行精确无误 […]

A vulnerability, which was classified as critical, has been found in Piwigo. Affected by this issue is the function rate_picture. The manipulation of the argument rate leads to sql injection. This vulnerability is handled as CVE-2014-9115. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Sunder Windows rootkit modeled after Lazarus Group’s FudModule rootkit. Reference this version of Sunder for an example of the appid.sys driver exploit, which was utilized by Lazarus Group FudModule rootkit. Sunder’s vulnerable driver in this GitHub repository...

The post Sunder: Windows rootkit designed to work with BYOVD exploits appeared first on Penetration Testing Tools.

HFish It is a cross-platform honeypot platform developed based on golang, which has been meticulously built for enterprise security Multi-function： Not just support HTTP(S) Pot，It also supports SSH、SFTP、Redis、Mysql、FTP、Telnet、Deep etc. Expansibility： Provide API Interface，Users can expand honeypot module at...

The post HFish: cross platform honeypot platform appeared first on Penetration Testing Tools.

A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability was named CVE-2025-3326. The attack can be initiated remotely. Furthermore, there is an exploit available.

出海浪潮下的安全挑战 在全球化进程不断加速的当下，中国企业出海的步伐愈发坚定。无论是互联网科技企业拓展

协奏成章

出海浪潮下的安全挑战 在全球化进程不断加速的当下，中国企业出海的步伐愈发坚定。无论是互联网科技企业拓展

协奏成章

A vulnerability has been found in Springsignage Xibo 1.4.2 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument layout leads to cross site scripting. This vulnerability was named CVE-2013-4888. The attack can be initiated remotely. Furthermore, there is an exploit available.

AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate attack path for a given network and can be used to execute a simulated...

The post AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning appeared first on Penetration Testing Tools.

美媒：科技与金融界知名人士组团赴海湖庄园，欲就关税问题与特朗普「讨论常识」； Meta 新旗舰 AI 模型 Llama 4 Maverick 测试成绩遭质疑，被指针对性优化； 摩根士丹利预测：苹果手机价格或飙升，美关税政策重创苹果公司供应链

A vulnerability, which was classified as problematic, was found in Language Translate Widget Plugin up to 223 on WordPress. This affects an unknown part. The manipulation of the argument api_key leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-6811. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Leantime 3.0.6. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-27474. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Savignano SNotify up to 2.0.0. This affects an unknown part of the component User Profile Page. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-23734. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.