基于Linux的僵尸网络构建器,构建高级隐秘僵尸网络负载
基于Linux 的僵尸网络构建器,构建高级隐秘僵尸网络负载
Aggregator
8Base
9 months 1 week ago
cohenido
8Base
9 months 1 week ago
cohenido
朝鲜黑客克隆开源项目植入后门发动供应链攻击
9 months 1 week ago
SecurityScorecard 的研究人员披露了朝鲜黑客组织 Lazarus Group 发动的大规模供应链攻击。这一行动被称为 Phantom Circuit,攻击者通过克隆开源项目植入后门,将恶意版本托管在 Gitlab 等平台,诱骗加密货币等行业的开发者使用,然而入侵其机器窃取凭证。朝鲜黑客组织去年 11 月瞄准了欧洲科技行业的 181 名受害者,12 月受害者扩大到 1,225 人,其中印度 284 人,巴西 21 人。1 月受害者又增加了 233 人,其中印度 110 人。窃取的数据包括了凭证、身份验证令牌、密码等。被植入后门的项目包括了 Codementor、CoinProperty、Web3 E-Store,以及其它加密货币相关的软件包。研究人员报告,Lazarus Group 会使用多种混淆方法隐藏其来源,其中包括使用 Astrill VPN 路由流量,将窃取的数据上传到 Dropbox。
Arcus Media
9 months 1 week ago
cohenido
Lynx
9 months 1 week ago
cohenido
AI风险分析 | 攻击组织在多个AWS租户环境劫持LLM模型
9 months 1 week ago
随着AI技术的迅速发展,以人工智能即服务(AIaaS) 为代表的云化服务也开始被广泛使用,高价值算力集群的“诱惑”,让攻击者的“矛头”直指各类AIaaS服务。
AI风险分析 | 攻击组织在多个AWS租户环境劫持LLM模型
9 months 1 week ago
随着AI技术的迅速发展,以人工智能即服务(AIaaS) 为代表的云化服务也开始被广泛使用,高价值算力集群的“诱惑”,让攻击者的“矛头”直指各类AIaaS服务。
AI风险分析 | 攻击组织在多个AWS租户环境劫持LLM模型
9 months 1 week ago
随着AI技术的迅速发展,以人工智能即服务(AIaaS) 为代表的云化服务也开始被广泛使用,高价值算力集群的“诱惑”,让攻击者的“矛头”直指各类AIaaS服务。
新年新气象!想换工作看这里
9 months 1 week ago
文末投递简历
关于PAN-OS DoS(CVE-2024-3393)的研究
9 months 1 week ago
看雪论坛作者ID:pz1o
成为看雪讲师,开启技术分享的高光时刻
9 months 1 week ago
DeepSeek-R1展示了小模型也能成为推理专家
9 months 1 week ago
推理能力的极大普及
CVE-2015-1517 | Piwigo up to 2.7.2 Manager admin.php filter_level sql injection (ID 130440 / EDB-36125)
9 months 1 week ago
A vulnerability was found in Piwigo up to 2.7.2. It has been rated as critical. This issue affects some unknown processing of the file admin.php of the component Manager. The manipulation of the argument filter_level leads to sql injection.
The identification of this vulnerability is CVE-2015-1517. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
营销号别再传了!deepseek的安全攻防不是武侠修仙!
9 months 1 week ago
十几年安全老兵来告诉你,营销号说的deepseek的攻防到底是不是真的
营销号别再传了!deepseek的安全攻防不是武侠修仙!
9 months 1 week ago
十几年安全老兵来告诉你,营销号说的deepseek的攻防到底是不是真的
营销号别再传了!deepseek的安全攻防不是武侠修仙!
9 months 1 week ago
十几年安全老兵来告诉你,营销号说的deepseek的攻防到底是不是真的
营销号别再传了!deepseek的安全攻防不是武侠修仙!
9 months 1 week ago
十几年安全老兵来告诉你,营销号说的deepseek的攻防到底是不是真的
CVE-2016-6174 | Apple macOS up to 10.11 apache_mod_php memory corruption (HT207170 / EDB-40084)
9 months 1 week ago
A vulnerability has been found in Apple macOS up to 10.11 and classified as critical. Affected by this vulnerability is an unknown functionality of the component apache_mod_php. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2016-6174. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2011-5106 | Fractalia Flexible Custom Post Type up to 0.1.2 edit-post.php id cross site scripting (EDB-36317 / XFDB-71415)
9 months 1 week ago
A vulnerability was found in Fractalia Flexible Custom Post Type up to 0.1.2 and classified as problematic. Affected by this issue is some unknown functionality of the file edit-post.php. The manipulation of the argument id leads to cross site scripting.
This vulnerability is handled as CVE-2011-5106. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com