Aggregator

文章介绍了一台名为BountyHunter的简单Linux机器，旨在帮助新手通过端口扫描和枚举技术获取用户和root权限。文中使用NMAP进行扫描，发现开放的SSH和HTTP服务，并进一步分析了Apache服务器上的Web应用。

文章描述了HackTheBox中一个Easy Linux机器的破解过程，利用Grafana漏洞获取初始权限，并通过SSH和cron作业实现提权至root。

一位网络安全专家通过逆向工程和漏洞利用分析IPTV盒子的工作原理。他从好奇开始，逐步解决技术难题：绕过沙盒环境、调整路由器端口、提取并反编译APK文件等。最终发现系统存在默认弱密码、可预测用户名及未加密流媒体链接等严重安全问题，并负责任地向ISP披露漏洞。文章强调了安全测试中细节的重要性及默认设置带来的风险。

2025年7月奖励公告2025年8月共有40位白帽师傅来到OSRC挖出有效漏洞具体名单如下：注：根据OSRC漏

慢雾将继续深耕 Web3 安全与合规领域。

美国太空网络安全公司正在开发防范“震网”病毒式网络攻击的AI工具

事件引发了大量中小供应商的财务危机

文章探讨了利益冲突对数字治理信任的影响，并强调不可兼任原则作为预防措施的重要性。通过“旋转门”现象、GDPR中的数据保护官独立性要求以及NIS 2指令中的治理架构，展示了如何通过法律手段确保决策的独立性和可信度。

俄罗斯航空Aeroflot遭遇重大网络攻击，7000个服务器被破坏，大量数据被盗。尽管系统老旧且安全措施不足，公司仅用48小时恢复运营。事件凸显技术脆弱性与文化韧性并存的矛盾。

CCS 2025成都网络安全技术交流活动开幕，聚焦AI与安全融合，推动产业智能迭代。

Godot开源游戏引擎发布v4.5版本，新增模板缓存、屏幕阅读器支持、着色器烘焙器等功能，并优化物理性能及WebAssembly性能。Linux版支持Wayland子窗口。

开源游戏引擎 Godot 释出了 v4.5 版本。主要新特性包括：模板缓存（stencil buffer），内置屏幕阅读器支持以改进可访问性，着色器烘焙器（shader baker）提供更好的着色器编译处理加速启动，改进物理功能等等。Linux 版 Godot 4.5 支持原生 Wayland 子窗口，基于 WebAssembly 的 Web 版本支持 SIMD 显著提升了性能。

A vulnerability identified as critical has been detected in Apple watchOS. The affected element is an unknown function of the component Web Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2025-43272. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apple macOS. The impacted element is an unknown function of the component Web Handler. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-43272. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Apple Safari. This issue affects some unknown processing of the component Address Bar Handler. This manipulation causes clickjacking. This vulnerability is registered as CVE-2025-43327. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code of the component Web Handler. The manipulation results in memory corruption. This vulnerability is reported as CVE-2025-43272. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari. It has been rated as critical. This issue affects some unknown processing of the component Web Handler. This manipulation causes memory corruption. This vulnerability appears as CVE-2025-43272. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Apple visionOS up to 18.4. Impacted is an unknown function of the component Web Handler. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-43272. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.