Arch Linux отравлен. CHAOS RAT прятался в AUR почти двое суток.
Пользователь разместил скрипты с трояном CHAOS RAT через AUR.
Aggregator
Alleged IDF Database Leak Advertised on Darknet Forum
2 months ago
You must login to view this content
cohenido
【安全圈】只需500 美元,远程操控美国火车。
2 months ago
关键词漏洞黑进美国一列高速行驶的火车,最低成本是多少?答案是 500 刀。
【安全圈】黑客正在利用 Wing FTP 服务器的关键 RCE 漏洞
2 months ago
关键词漏洞近期,黑客在技术细节曝光后的第一天就利用了 Wing FTP Server 中的一个严重远程代码执行
【安全圈】赶快升级!微信Windows端安全漏洞曝光 黑客可执行远程代码
2 months ago
关键词漏洞日前,火绒安全团队和360漏洞研究院曝光并成功复现微信Windows客户端漏洞,该漏洞可使攻击者执行
【安全圈】只需500 美元,远程操控美国火车。
2 months ago
当前环境异常,需完成验证后方可继续访问。
【安全圈】黑客正在利用 Wing FTP 服务器的关键 RCE 漏洞
2 months ago
当前环境出现异常,请完成验证后继续访问。
【安全圈】赶快升级!微信Windows端安全漏洞曝光 黑客可执行远程代码
2 months ago
当前环境出现异常情况,需完成验证后方可继续访问。
malloc源码调试(一)
2 months ago
从源码入手分析malloc函数的功能实现
某管家公章管理系统审计记录
2 months ago
某管家公章管理系统审计记录
Linux提权由浅入深
2 months ago
本文系统地介绍了在渗透测试与内网攻防中至关重要的 Linux 提权技术。先阐述了权限划分的基本原理,包括用户与用户组、文件权限、特殊权限(SUID、SGID、SBIT)等核心概念;然后通过自动化工具与手动命令详细说明了信息收集阶段的关键操作,如系统版本、用户信息、明文密码及 SSH 密钥的获取方式。文章重点介绍了几类常见提权手法,包括内核漏洞利用、/etc/passwd 伪造、Docker 容器逃
Вы кормите чужую криптоферму. Сами. Добровольно. Деньгами, железом и молчанием
2 months ago
Антивирус спокоен, SSL блестит. А в системе уже работает вредонос, сгенерированный ИИ.
你买的 Sandisk U 盘里,竟然免费赠送了文件加密软件:PrivateAccess
2 months ago
Sandisk U盘附带免费加密软件PrivateAccess,支持Windows和macOS双系统。用户可通过创建密码保护敏感文件或隐藏空间,并可预览和编辑加密文件。软件小巧便携,适合需要简单加密需求的用户。
Optimizing Machine Learning Models with Precise Gradient Management in TensorFlow
2 months ago
介绍了TensorFlow中的`tf.GradientTape` API的高级功能,包括控制梯度记录、自定义梯度、多带操作和高阶导数计算等,适用于复杂模型的优化和调试。
hacking an hd 10 screen driver and board info.
2 months ago
这是一个开放的黑客社区,旨在帮助新手成长为资深黑客。用户可以提问、解答并学习地下技术。社区提供Discord链接供进一步交流。
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers
2 months ago
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign.
The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was addressed by the tech giant as
The Hacker News
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
2 months ago
微软SharePoint Server存在严重零日漏洞(CVE-2025-53770),CVSS评分9.8,允许攻击者远程执行代码。该漏洞被用于大规模网络攻击,微软正在开发修复补丁,并建议用户启用反恶意软件扫描接口(AMSI)以缓解风险。
Shiro注入反序列化内存马流程
2 months ago
非工具一键获取,详细分析其流程,并提供Tomcat回显链新实现
CVE-2025-54314 | Rails Thor up to 1.3.x Shell Command os command injection
2 months ago
A vulnerability was found in Rails Thor up to 1.3.x. It has been declared as critical. This vulnerability affects unknown code of the component Shell Command Handler. The manipulation leads to os command injection.
This vulnerability was named CVE-2025-54314. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack
2 months ago
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.
The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.
The list of affected
The Hacker News