Aggregator

作者自称好奇心强，近期因缺乏专注目标而感到无聊，但对YouTube上的网络安全案例深感兴趣。

OpenAI推出ChatGPT智能体功能，整合Operator和深度研究能力，通过虚拟机和浏览器帮助用户完成复杂任务如购物、制作演示文稿等。该功能目前仅限于付费订阅用户使用，其中Plus订阅每月可使用50次。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan's most important industrial sector.

OpenAI推出ChatGPT Agent，具备多步骤任务处理能力；Wacom发布高分辨率便携绘图平板MovinkPad；AMD推出锐龙AI 5 330处理器；Google将于8月20日发布Pixel 10系列等新品；索尼结束PlayStation Stars忠诚计划；苹果或在iPhone 17 Pro中应用新型抗反射涂层。

Amid the accelerating tide of digital transformation, Windows Hello for Business (WHfB) continues to be championed by Microsoft as a modern, passwordless solution for enterprise authentication. Yet, beneath this progressive façade lies an architectural...

The post Windows Hello for Business Flaw: Biometric Bypass Exposes Enterprise Authentication appeared first on Penetration Testing Tools.

In an era defined by the rapid evolution of generative AI systems, the notion of security has transcended traditional vulnerabilities. A recent precedent demonstrated that remote code execution can be achieved without relying on...

The post Beyond Bugs: How Generative AI Ecosystems Can Be Hacked Without Exploits appeared first on Penetration Testing Tools.

前言安服累，渗透狂，一入网安破大防，莫说勤奋自然强；挤地铁，上HW，渗透工位坐机房，意淫桃谷伴身旁；电脑背，

当前环境出现异常状态，需完成验证后方可继续访问相关服务或网站。

攻击者通过将恶意代码注入WordPress数据库中的wp_options和wp_posts表，利用Google Tag Manager（GTM）加载远程JavaScript脚本，导致网站在4-5秒后重定向至spam域名spelletjes[.]nl。该攻击隐蔽性强，难以通过文件扫描检测，并对网站信任度、SEO及转化率造成严重影响。修复需移除可疑GTM标签并进行全面扫描。

Air Serbia has fallen victim to a cyberattack that has significantly disrupted the company’s internal operations. The digital crisis began in the early days of July 2025 and persists to this day. One of...

The post Air Serbia Hit by Major Cyberattack: Internal Systems Disrupted, Active Directory Compromised appeared first on Penetration Testing Tools.

银狐最新攻击样本行为特征与威胁情报

当前环境出现异常，需完成验证后才能继续访问。

Uber 投资 3 亿美元，计划明年推出 Robotaxi；Anthropic 估值超千亿美元；马斯克预告 Grok 将推出「AI 男友」。

Currently trending CVE - Hype Score: 7 - LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. ...

《文明6：白金版》限时免费领取，包含6个DLC和2个资料片。这款经典回合制策略游戏让玩家创建并发展文明，跨越历史进程，在外交与战争中扩张势力。丰富的玩法和极高的耐玩性使其成为策略爱好者的必玩之作。

hoaxshell is a Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell, based on the following concept: This c2 concept (which could be implemented by...

The post hoaxshell: A Windows reverse shell payload generator and handler appeared first on Penetration Testing Tools.