Aggregator

免杀基础-RDI

反编译PYC、多阶段shellcode、内存加载PE、DcRAT

Java WebCrypto

The conversation around quantum computing is shifting from theory to reality, especially when it’s centered on security and mounting threats against current encryption algorithms. The UK National Cyber Security Centre’s (NCSC) recent guidance on “PQC Migration Timelines” underscores the urgency for organizations to transition to post-quantum cryptography (PQC). Urgency is being driven by the rising […]

The post Navigating the Quantum Shift: A Practical Approach to Crypto-Agility with PQC-Enabled PKI appeared first on Security Boulevard.

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. [...]

Между нажатием кнопки и катастрофой проходит всего пара секунд.

A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor

A colossal 400GB trove containing data from 2.873 billion X (formerly Twitter) users has surfaced on hacker forums. The breach, allegedly dated January 2025, is now being deemed one of the largest data leaks in social media history. Breach Origin and Allegations The leak first came to light on March 28, 2025, when a data […]

The post Massive 400GB X (Twitter) Data Leaked – 2.8 Billion Records Exposed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A continuation of the North Korean nation-state threat's campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.

在二进制漏洞挖掘和利用（Pwn）领域，手动分析和利用漏洞往往耗时且复杂。为了提高效率，自动化工具应运而生。PwnPasi 是一款基于 Python 的自动化漏洞利用工具，旨在帮助安全研究人员快速识别和利用常见的二进制漏洞，如栈溢出、格式化字符串漏洞等。本文将详细介绍 PwnPasi 的技术实现，包括如何自动识别溢出边界大小、自动识别漏洞类型、自动识别格式化字符串漏洞以及自动绕过 Canary 防护

Na enkele honderden vluchten in Irak keren 3 Chinook-helikopters en een ruim 100-koppig luchtmachtdetachement terug naar Nederland. Vandaag was de laatste operationele vlucht. Daarmee zit de missie er voor de eenheid op.

If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable” cybersecurity controls around how you handle data breach notification and the data privacy of your customers. But these mandates don’t discuss how you can meet the standard of reasonableness in your cybersecurity efforts. More specifically, … More →

The post Building a reasonable cyber defense program appeared first on Help Net Security.

ExaGrid announced three new models: the EX20, EX81, and EX135 to its line of Tiered Backup Storage appliances, as well as the release of ExaGrid software version 7.2.0. ExaGrid tiered backup storage appliance models ExaGrid’s line of 2U appliances now include eight models: EX189, EX135, EX84, EX81, EX54, EX36, EX20, and EX10 models. Each appliance has processor, memory, networking, and storage so that the backup window stays fixed-length as data grows, eliminating expensive and disruptive … More →

The post ExaGrid announces three models and additional security features in software version update appeared first on Help Net Security.

Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts

A vulnerability classified as problematic was found in Lorna Timbah Accessibility Widget Plugin up to 2.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-32831. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Merative Merge DICOM Toolkit C++ up to 5.17.0 on Windows. Affected is the function MC_Open_Association of the component DICOM Association Handler. The manipulation leads to format string. This vulnerability is traded as CVE-2024-23914. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Amazon sagemaker-python-sdk up to 2.217.x. Affected is the function sagemaker.base_deserializers.NumpyDeserializer. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-34072. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in filips123 PWAsForFirefox up to 2.11.x and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability is handled as CVE-2024-32986. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Motorola GuideMe App. Affected is an unknown function. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2024-3109. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Motorola Framework and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Telephony Handler. The manipulation leads to use of implicit intent for sensitive communication. This vulnerability is known as CVE-2024-3480. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.