Aggregator

医院因暗网数据泄露赔付6500万美元，伦敦交通局确认信息被盗……

Утечка переписок раскрыла тайные планы главного помощника Джулиана Ассанжа.

A vulnerability was found in gnuedu. It has been rated as critical. This issue affects some unknown processing of the file scripts/weigh_keywords.php. The manipulation of the argument ETCDIR leads to code injection. The identification of this vulnerability is CVE-2007-2609. The attack may be initiated remotely. Furthermore, there is an exploit available.

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said. "In addition,

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to

Как простой подросток сумел обойти системы безопасности столицы Британии?

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who

BaseCTF week3&4 web详解

记一次实战中对fastjson waf的绕过

Sa-Token对url过滤不全存在的风险点

2024年“羊城杯”粤港澳大湾区网络安全大赛决赛靶标Writeup

Hikvision综合安防管理平台isecure center文件读取深度利用

探秘argv[0]：程序参数中的安全隐忧

基于flask常见trick——unicode&进制编码绕过

如何绕过Golang木马的HTTPS证书验证

.NET 通过Fsharp执行命令绕过安全防护

A vulnerability classified as critical was found in mobilesoft Morocco Weather 3.1. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6697. The attack can only be done within the local network. There is no exploit available.

Функция Safety Check автоматизирует борьбу с цифровыми опасностями.

A vulnerability classified as critical has been found in Candy Girl Party Makeover 1.0.0.0. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-6696. The attack needs to be approached within the local network. There is no exploit available.

云安全公司Aqua指出，这项活动特别针对甲骨文Weblogic服务器，旨在传播一种名为Hadooken的恶意软件。