Aggregator

Submit #616911 / VDB-319240

当前环境出现异常，需完成验证后方可继续访问，提供验证链接。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

文章指出大型科技公司通过广告驱动、生态系统控制和不公平竞争等手段导致互联网环境恶化。它们已变得臃肿，不再创新，依赖现有模式。AI技术可能带来变革，重塑互联网未来。

In a new apartment in Tel Aviv, the lights suddenly switch off, smart blinds rise on their own, and the water heater powers up—without the tenants’ knowledge. This is not part of a “smart...

The post Your ‘Smart’ Home Is Not Safe: Gemini Attack Turns a Calendar Invite into a Physical Threat appeared first on Penetration Testing Tools.

A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-8742. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is known as CVE-2025-8741. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting the Go ecosystem through eleven malicious packages that employ advanced obfuscation techniques to deliver second-stage payloads. The campaign demonstrates a concerning evolution in supply chain attacks, leveraging the decentralized nature of Go’s module system to distribute malicious code that can compromise both Linux build servers and […]

The post Threat Actors Weaponize Malicious Gopackages to Deliver Obfuscated Remote Payloads appeared first on Cyber Security News.

文章介绍了Go语言中 goroutines 和 channels 的高效使用方法，并通过 worker pool 模式解决过多 goroutines 导致的性能问题。通过 QuickSort 算法的优化案例展示了如何平衡并发与性能，强调了合理控制并发的重要性。

Submit #623428 / VDB-319239

At the Black Hat USA conference in Las Vegas, Naor Haziz, a researcher at Sweet Security, unveiled an attack dubbed ECScape, capable of completely undermining the trust-based security model of Amazon ECS. The vulnerability...

The post Cloud Chaos: New ‘ECScape’ Attack Threatens Amazon’s Container Service appeared first on Penetration Testing Tools.

作者分享了自己创立CoLaunchly的经历：一个帮助开发者推广应用的工具。从开发到上线取得一定成绩后，因用户流失和营销不足逐渐停滞。过程中学到了营销的重要性、社区建设的难度及独自创业的挑战，并最终选择暂停项目以调整状态。

MariaDB Kubernetes Operator 25.08.0发布，新增物理备份功能（包括mariadb-backup集成和Kubernetes原生卷快照），提升灾难恢复效率；支持MariaDB 11.8及VECTOR数据类型；推出mariadb-cluster Helm图表简化部署；企业版提供增强安全性和Red Hat认证。

Почему кнопка «Оплатить» стала минным полем и как его разминировать.

Submit #623319 / VDB-319238

Submit #623318 / VDB-319237

Six years ago, researchers at PortSwigger first identified a fundamental flaw in the HTTP/1.1 protocol—one that enables HTTP Request Smuggling attacks. Despite being publicly known since 2019, the vulnerability remains unresolved and continues to...

The post HTTP/1.1 Must Die: Why This 6-Year-Old Vulnerability Is Still a Major Threat appeared first on Penetration Testing Tools.

Hackers have breached the electronic case management system of the U.S. federal courts, gaining access to confidential information, including the identities of protected witnesses. The incident, which affected multiple district courts across several states,...

The post Hackers Breach U.S. Federal Courts, Exposing Confidential Witness Identities appeared first on Penetration Testing Tools.

哥伦比亚大学遭遇网络攻击，约87万名学生和员工的敏感个人信息被盗。攻击者于5月入侵该校网络并窃取文件。学校于6月24日发现系统故障后报警，并于8月7日向受影响者发出通知函。泄露数据包括姓名、出生日期、社会安全号码等。学校未发现患者记录受影响，并将为受影响者提供两年免费信用监控服务。

Один щелчок в эфире стирает границы между владельцем и похитителем.