Aggregator

该环境为多个域环境组成，涵盖多个域内知识点及利用过程。

使用相同技术原理，可实现篡改支付宝收款二维码、微信收款二维码的效果

Winos4控制平台、木马上线环节、木马控制环节、通信模型分析

Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle

Opus 4.6 показала лучший результат в тесте на выявление скрытых бэкдоров.

Discover the best enterprise SSO providers for EdTech and Education SaaS in 2026, comparing security, scalability, compliance, and integrations.

The post Best Enterprise SSO Providers for EdTech/Education SaaS in 2026 appeared first on Security Boulevard.

Landmark trials now underway allege Meta failed to protect children from sexual exploitation, grooming, and addiction-driven design.

The post Child exploitation, grooming, and social media addiction claims put Meta on trial appeared first on Security Boulevard.

CVE-2026-23873 & CVE-2026-24479 审计过程

VNCTF 2026 web方向部分解

记一次某管理服务器审计拿下CNVD高危证书过程

对DeepAudit的架构以及实现进行了分析

Лицо в мониторе ненастоящее. Голос тоже. А вот потеря денег — реальна.

Threat actors have begun leveraging Google’s Gemini API to dynamically generate C# code for multi-stage malware, evading traditional detection methods. The Google Threat Intelligence Group (GTIG) detailed this in its February 2026 AI Threat Tracker report, spotlighting the HONESTCUE framework first observed in September 2025. HONESTCUE operates as a downloader and launcher that queries Gemini’s […]

The post Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks appeared first on Cyber Security News.

A vulnerability was found in WaMate Confirm Plugin up to 2.0.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Phone Number Handler. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-1833. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WaMate Confirm Plugin up to 2.0.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Phone Number Handler. This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-1833. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in WPZOOM Addons for Elementor Plugin up to 1.3.2 on WordPress. Impacted is the function ajax_post_grid_load_more. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-2295. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in Videospirecore Theme Plugin up to 1.0.6 on WordPress. The affected element is an unknown function of the component Email Address Handler. Performing a manipulation results in authorization bypass. This vulnerability is reported as CVE-2025-15096. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Slideshow Wp Plugin up to 1.1 on WordPress. Affected by this vulnerability is the function sswp-slide of the component Shortcode Handler. Such manipulation of the argument sswpid leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1885. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in BuddyHolis ListSearch Plugin up to 1.1 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. Performing a manipulation of the argument placeholder results in cross site scripting. This vulnerability was named CVE-2026-1853. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Slideshow Wp Plugin up to 1.1 on WordPress. This affects the function sswp-slide of the component Shortcode Handler. Executing a manipulation of the argument sswpid can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1885. The attack may be launched remotely. There is no exploit available.