Aggregator

点击阅读原文，免费试用奇安信红雨滴云沙箱。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

大家好， 我们会在 7 天后统计问卷结果，整理好后分享给大家

<p>Welcome back to another round of "Hiding in Plain Sight," exploring weird places to stash data or payloads. In our last edition, we explored an easy method of encoding a payload into RGB values of a PNG file and hosting…</p>

本文聚焦 ByteHouse 在实时数仓、企业级中台OLAP 以及广告投放三个领域最佳实践，拆解高并发点查、OLAP 引擎技术、以及圈选投放等能力在实际业务场景中的实现逻辑和效果，分享新一代云数仓的三大最佳实践。

不要相信人性本善，要相信流程和制度对人性的制约。

6月榜单发布，恭喜获得荣耀个人白帽点亮6月新奖章！

还未获得补天避暑大礼包的小白帽们速来！惊喜任务返场

小米荣获“2023年度漏洞管理实践先进企业”！

小米荣获“2023年度漏洞管理实践先进企业”！

Parallels Desktop是macOS下的一个虚拟机软件，在其打包功能中存在一处安全性问题。本文通过利用 Parallels Desktop 对 macOS 安装程序的信任，进行本地权限提升。

撬开芯片的大门——故障注入实战（高级课程），欢迎报名！

撬开芯片的大门——故障注入实战（高级课程），欢迎报名！

在Evernote应用中发现的关键性漏洞，该漏洞可以通过嵌入恶意PDF文件到笔记中，利用PDF.js的字体注入进行JavaScript代码执行，进而通过ipcRenderer和BrokerBridge实现跨进程通信，最终达到远程代码执行

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Akamai researchers have observed numerous exploit attempts for the PHP vulnerability CVE-2024-4577 as early as one day after disclosure.

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.