Aggregator

美国网络司令部列装首批“联合网络狩猎套件”

9.7亿元为网络攻击直接造成

本周，互联网网络安全态势整体评价为良。

在全保护开启的64位环境下，通过栈上格式化字符串漏洞实现一次性覆写返回地址，结合libc基址泄露与one_gadget构造ROP链。

非栈上+有限次+保护全开的思路

从单次 LLM Call 到 Learning Loop - AgentSmith-HUB 在安全运营的实践

Submit #749003 / VDB-354616

Практический разбор работы виртуального адреса, типовых ошибок и причин, по которым аварийное переключение ломается в реальной сети.

在传统娱乐盛典「造神」的时代落幕之后，小红书正试图用社区的逻辑重建一套影视综评价体系。但它真正面临的考验，不在台上，而在台下。

WSDL（Web Services Description Language，Web服务描述语言）是一种基于 XML 的语言，用于描述网络服务的具体功能。

Хотели настроить подсветку, а получили хакера в придачу.

A major software supply chain attack has struck the JavaScript ecosystem after threat actors slipped a malicious dependency into the widely used axios NPM package. The poisoned releases, axios 1.14.1 and 0.30.4, pulled in plain-crypto-js and quietly delivered the WAVESHAPER.V2 backdoor to Windows, macOS, and Linux systems during installation. The incident is serious because axios […]

The post North Korean Hackers Compromise Widely Used Axios Package to Infect Windows, macOS, and Linux Systems appeared first on Cyber Security News.

Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The […]

klint A Linux kernel integrity scanner that detects rootkits and kernel-level compromises. It works by cross-referencing multiple sources

The post The Kernel’s Ghost Hunter: Unmasking Stealth Rootkits with klint appeared first on Penetration Testing Tools.

A threat actor group known as TeamPCP has been caught backdooring the Telnyx Python SDK on PyPI — a popular cloud communications library with over 700,000 downloads in February alone. On March 27, 2026, two malicious versions of the package, 4.87.1 and 4.87.2, were quietly published to the Python Package Index without any matching commits […]

The post Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux appeared first on Cyber Security News.

The ubiquitous axios library, an indispensable cornerstone of contemporary web development, has abruptly found itself at the epicenter

The post Ninety Seconds to Compromise: The Viral Hijack of the Axios NPM Package appeared first on Penetration Testing Tools.

An imperceptible presence within a network remains the paramount trump card of digital malefactors, and a nascent discovery

The post The Spectral Proxy: How the RoadK1ll Malware Uses WebSockets to Vanish into Your Network appeared first on Penetration Testing Tools.