Aggregator

祝贺！墨菲安全以突出的安全检测能力荣获OpenHarmony开源社区奖项

「本文来源于知乎用户『洞源实验室』对热门提问的回答，更多干货内容可关注我们的知乎账号，第一时间获取最新回答！

如何对银狐最新攻击样本进行主动狩猎

可千万别嫌麻烦

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

ISC BIND 9には、namedに対する外部からのサービス不能（DoS）攻撃が可能となる脆弱性があります。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は、開発者が提供する情報を参照してください。

GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise discovered it with AI-powered tooling, and what defenders need to know.

助力企业高效开展个保合规审计工作。

小米集团公布财报，2025 年第一季度，集团收入及盈利均再次创下历史新高。一季度可灵 AI 的营业收入达到人民币 1.5 亿元。雷鸟今日推出了三款名侦探柯南联名 AR 眼镜。

A vulnerability, which was classified as critical, was found in oretnom23 Online Pet Shop We App 1.0. Affected is an unknown function of the file /pet_shop/classes/Master.php?f=delete_order. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2022-40933. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in oretnom23 Online Pet Shop We App 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pet_shop/classes/Master.php?f=delete_sub_category. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2022-40934. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in oretnom23 Online Pet Shop We App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pet_shop/classes/Master.php?f=delete_category. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2022-40935. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in OTFCC 617837b. Affected is an unknown function of the file /release-x64/otfccdump+0x6adb1e. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2022-35037. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in OTFCC 617837b and classified as critical. Affected by this vulnerability is an unknown functionality of the file /release-x64/otfccdump+0x6b064d. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2022-35038. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in OTFCC 617837b and classified as critical. Affected by this issue is some unknown functionality of the file /release-x64/otfccdump+0x6e20a0. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2022-35039. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Facebook WhatsApp on iOS/Android and classified as critical. This vulnerability affects unknown code of the component Video Call Handler. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2022-36934. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Acer Altos T110 F3, AP130 F2, Aspire 1600X, Aspire 1602M, Aspire 7600U, Aspire MC605, Aspire TC-105, Aspire TC-120, Aspire U5-620, Aspire X1935, Aspire X3475, Aspire X3995, Aspire XC100, Aspire XC600, Aspire Z3-615, Veriton E430G, Veriton B630_49, Veriton E430 and Veriton M2110G. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component UEFI DXE Driver. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2022-30426. Access to the local network is required for this attack. There is no exploit available.