Aggregator

近年来，一种隐蔽又危险的攻击手段——代码投毒，悄悄成了威胁开发者和用户安全的隐患。攻击者会在开源项目或代码库里植入有害代码，这些看似正常的代码，一旦被开发者无意中引入，就会在开发链条中蔓延，最终让用户也面临安全风险。

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

Despite significant investments in advanced technologies and employee training programs, credential

A vulnerability classified as problematic has been found in MailEnable. This affects an unknown part of the file MESMTPC.exe of the component SMTP Service. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2010-2580. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NullSoft WinAmp up to 5.580. It has been rated as very critical. Affected by this issue is some unknown functionality in the library in_nsv.dll. The manipulation leads to numeric error. This vulnerability is handled as CVE-2010-2586. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Shockwave Player up to 8.0.195 and classified as very critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2011-0556. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Shockwave Player up to 8.0.195 and classified as very critical. This issue affects some unknown processing. The manipulation leads to numeric error. The identification of this vulnerability is CVE-2011-0557. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Adobe Shockwave Player up to 8.0.195. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2011-0569. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

As cyberthreats grow in complexity and frequency, vulnerability management requires more than ju

Фиктивный криптопроект помог разоблачить главных игроков теневого рынка.

A vulnerability was found in Apple iOS up to 12.1 and classified as critical. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2018-4438. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IceWarp Mail Server up to 11.1. Affected is an unknown function of the file webmail/client/skins/default/css/css.php. The manipulation of the argument script/style with the input …/. leads to path traversal. This vulnerability is traded as CVE-2015-1503. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Новый способ удешевить космическую связь.

漏洞名称: totolink a810r 命令注入漏洞（CVE-2024-57036）

Palo Alto Expedition RCE 漏洞（CVE-2025-0107）

恶意PYPI包传播新型CIA勒索病毒

Linux数字取证工具与常用命令汇总