Aggregator

零基础学员必看！代码审计全链路实战

看雪论坛作者ID：G33k3r

当前环境出现异常，需完成验证后方可继续访问。

环境异常提示用户需完成验证后才能继续访问，并提供验证按钮。

MeetC2 是一个基于 Google Calendar API 的 C2 框架 PoC，用于模拟云滥用攻击，帮助团队测试检测、日志记录和响应能力。通过创建隐藏的通信通道，将命令嵌入日历事件中执行，并更新事件以返回输出。框架支持跨平台运行，并提供详细的设置和使用指南。

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams […]

The Markup是一家专注于通过数据驱动的新闻报道推动技术问责和隐私保护的非营利组织。

A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. Affected is the function dng_lossless_decoder::HuffDecode of the file dng_lossless_jpeg.cpp. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2025-0081. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in Google Android 12/12L/13/14/15. This affects the function main of the file main.cpp of the component SELinux. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-0078. The attack needs to be performed locally. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. This affects an unknown part of the component avdtp/avctp. Executing manipulation can lead to execution with unnecessary privileges. This vulnerability is tracked as CVE-2025-0079. The attack is restricted to local execution. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability identified as problematic has been detected in Google Android 15. This vulnerability affects unknown code. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is listed as CVE-2025-0080. The attack must be carried out locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as problematic, has been found in Qualcomm Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon MC and Snapdragon Mobile. The impacted element is an unknown function of the component UCI Command Handler. Performing manipulation results in integer overflow. This vulnerability was named CVE-2024-53025. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Google Android 15. Affected by this issue is the function process_service_attr_rsp of the file sdp_discovery.cc. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-0074. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, was found in Google Android 15. This issue affects the function process_service_search_attr_req of the file sdp_server.cc. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-0075. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. The affected element is an unknown function. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-53024. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WBC and Snapdragon Wearables. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Country IE Handler. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2024-53027. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WBC and Snapdragon Wearables. This vulnerability affects unknown code. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2024-53014. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Technology. Affected by this vulnerability is an unknown functionality of the component Video Analytics Engine. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2024-53011. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

Как обычная нейросеть обогнала природу.