Aggregator

文章介绍了漏洞赏金计划及其相关工具和平台,帮助用户高效发现高影响力漏洞。

文章介绍了漏洞赏金计划及其参与方式，推荐了常用平台如HackerOne和Bugcrowd，并建议准备工具如Burp Suite、ZAP Proxy等以提高漏洞挖掘效率。

Security researchers have discovered alarming new firmware for the popular Flipper Zero device that can completely bypass the rolling code security systems protecting millions of modern vehicles. The breakthrough attack, demonstrated by YouTube channel Talking Sasquatch, represents a significant escalation in automotive cybersecurity threats, requiring only a single intercepted signal to compromise a vehicle’s entire […]

The post Flipper Zero Dark Web Firmware Cracks Rolling Code Security in Modern Cars appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ECScape是一种新发现的亚马逊ECS漏洞，允许恶意容器窃取同一EC2实例上其他容器的IAM凭证，从而实现权限提升或横向攻击。

在咖啡店连接“Guest_Network”后，黑客通过无线网络漏洞劫持了我的笔记本电脑，在3-6分钟内窃取了我的银行密码并转走资金。这一事件揭示了公共Wi-Fi的安全隐患及RC4加密算法的脆弱性。

作者展示了如何通过搜索和测试未认证容器仓库的漏洞，利用配置错误获取访问权限并详细说明了攻击步骤及其潜在影响。

作者分享了参与Bugcrowd BlackHat CTF 2025的经历，并介绍了如何通过攻击不同类别的靶机（如Web、密码学等）寻找隐藏的flag。文章还提到他将发布漏洞狩猎的详细报告，并建议新手阅读他的文章以了解CTF的基本概念和参与方式。

文章探讨如何利用存储型XSS漏洞绕过CSRF防御机制，执行未经授权的操作。通过PortSwigger实验室中的博客评论漏洞案例，展示了攻击者如何利用恶意脚本窃取用户会话或篡改账户信息。文章强调安全责任和道德使用的重要性。

文章探讨了如何利用存储型XSS漏洞绕过CSRF防御机制，执行未经授权的操作。通过PortSwigger实验室中的实际案例，展示了攻击者如何在博客评论区植入恶意代码，进而控制用户账户。文章强调技术仅用于教育和道德目的。

研究人员通过手动测试发现Cloudflare隐藏的SQL注入漏洞。输入单引号导致搜索结果消失且无错误提示，自动化工具未能检测到异常。HTTP响应显示SQL查询失败，揭示潜在漏洞。

一位安全研究人员通过手动测试发现了一个隐藏在Cloudflare严格WAF背后的SQL注入漏洞。在测试API端点时，输入单引号导致结果消失且无错误提示，进一步测试显示HTTP响应异常。这种静默失败表明潜在漏洞存在，而自动化工具可能无法检测到此类问题。

三个月前发现SaaS公司API中的低严重性SSRF漏洞,通过内部端口扫描逐步获取AWS访问权限,窃取凭证并获得1.5万美元云信用额度,详细披露攻击链及代码片段。

三个月前发现一个低严重性的SSRF漏洞，从内部端口扫描升级为全面AWS访问、窃取凭证及获取1.5万美元云积分。作者详细揭示了攻击链并提供代码示例。

In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the root causes of this trust gap, including poor visibility, inadequate governance, and the growing complexity introduced by AI. Guzzetti also shares practical guidance for building more resilient vendor relationships through tiered oversight, continuous … More →

The post Third-party partners or ticking time bombs? appeared first on Help Net Security.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02 on August 7, 2025, requiring federal agencies to immediately address a critical vulnerability in Microsoft Exchange hybrid configurations that could allow attackers to escalate from on-premises systems to cloud environments. Critical Security Vulnerability Discovered CISA has identified a post-authentication vulnerability designated CVE-2025-53786 affecting […]

The post CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have successfully demonstrated a sophisticated exploit of the Retbleed vulnerability, a critical CPU security flaw that allows attackers to read arbitrary memory from any process running on affected systems. The exploit, which builds upon research originally published by ETH Zürich in 2022, showcases how modern processor vulnerabilities continue to pose significant threats to system […]

The post Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Нам никуда не скрыться от невидимых сенсоров. Они повсюду.

CISA has issued an emergency advisory directing all Federal Civilian Executive Branch agencies to mitigate a newly disclosed Microsoft Exchange urgently hybrid-joined vulnerability, tracked as CVE-2025-53786, by 9:00 AM EDT on Monday, August 11, 2025. The flaw enables attackers who have already gained administrative access to an on‑premises Exchange server to laterally move into connected […]

The post CISA Releases Emergency Advisory Urges Feds to Patch Exchange Server Vulnerability by Monday appeared first on Cyber Security News.

Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to quietly move through environments before they’re caught. Data showing at what stage an incident was detected (Source: LevelBlue) In that short window, the number of customers affected by security incidents nearly tripled. The rate jumped from 6 percent in late 2024 to 17 percent in early 2025. More than … More →

The post From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends appeared first on Help Net Security.

OpenAI has officially launched ChatGPT-5, marking a significant leap forward in artificial intelligence technology with a revolutionary unified system that combines multiple specialized models to deliver unprecedented performance and versatility. The launch represents the most substantial advancement in conversational AI since the debut of its predecessors, introducing groundbreaking capabilities that promise to transform how users […]

The post ChatGPT-5 Launches – Discover What’s New in the Next-Gen AI Agent appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.