Aggregator

文章探讨了通过渠道（如MSP、VAR、MSSP等）推动产品增长和持久性的方法。强调了产品设计需适应渠道需求（如多租户、简便部署）、利用超大规模云市场作为增长策略、与合作伙伴建立经济关系及提供支持的重要性，并提出了跟踪关键指标以优化渠道效果的建议。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Microsoft Urges Immediate Mitigation as State Actors Target SharePoint Flaw
Hackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons. Hackers were able to "exploit a recent Microsoft vulnerability," according to an internal email sent to members and staff.

Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky Data
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.

US Treasury Says Crypto Exchange Helped Launder $100 Million for Ransomware Gangs
The U.S. Department of Treasury sanctioned Thursday a Russian founder and co-owners of the Garantex cryptocurrency exchange in a bid to tighten methods criminal hackers use to launder extortion money and Kremlin sanctions busting. Regulators also sanctioned Garantex successor Grinex.

Report North Korean Hacking Group Adds Ransomware to Traditional Playbook
A ScarCruft subgroup dubbed "ChinopuNK" has launched a disruptive ransomware campaign across South Korea, using phishing lures, AutoIt loaders and microphone-capturing malware - marking a major change in the North Korean hacking group's traditionally espionage-focused cyber tactics.

tips：本场赛事需要自主报名哦

Viper简介Viper是一款图形化红队评估工具，将红队评估过程中常用的战术及技术进行模块化及武器化，VIP

当前环境出现异常,需完成验证后方可继续访问。页面提供"去验证"按钮供用户操作。

文章探讨了网络安全中的web hacking与system hacking的区别，并希望用实例说明。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

当前环境出现异常状态,需完成验证后才能继续访问。

当前环境出现异常,需完成验证后方可继续访问。

当前环境出现异常，需完成验证后方可继续访问。

全球首个人形机器人运动会在北京开幕；京东「新业务」单季亏损 147 亿；全球首款全景无人机正式亮相。

CSOP 2025·北京站 亮点前瞻

A vulnerability classified as critical has been found in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8928. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. This vulnerability was named CVE-2025-8929. The attack can be initiated remotely. Furthermore, there is an exploit available.