Aggregator
【安全圈】法国警方抓获BreachForum五大黑客 重创全球盗数据黑市
2 months 2 weeks ago
关键词网络攻击法国警方近日突袭抓获了运营全球最大盗数据交易平台之一 BreachForum 的五名黑客。
【安全圈】Realtek 蓝牙协议漏洞允许攻击者通过配对过程发起拒绝服务攻击
2 months 2 weeks ago
【安全圈】#同花顺崩了# #抖音崩了# #淘宝崩了#
2 months 2 weeks ago
关键词软件最近这是怎么了?“炒股,短视频,购物”三大平台相继“崩溃”,先是同花顺APP崩了;隔天就是抖音,淘宝相继也挂了,首页打不开、搜索无响应,登上微博热搜。
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
2 months 2 weeks ago
SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace
SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience.
It doesn’t.
These platforms weren’t built with full-scale data
The Hacker News
Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains
2 months 2 weeks ago
Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm. Linked to the IRGC Intelligence Organization, this group has intensified its operations amid growing Iran-Israel tensions, targeting high-value individuals with meticulously crafted attacks. The campaign, which has seen […]
The post Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
ClickFix Attacks Surge 517% in 2025
2 months 2 weeks ago
The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research
The Cyber Risk-Business Alignment Imperative: Insights from the 2025 State of Cyber Risk Management Report
2 months 2 weeks ago
文章探讨了网络风险管理的重要性,指出成熟策略结合自动化和AI能有效降低风险,并强调数据整合和跨部门沟通对提升组织韧性的作用。
CISA和FBI联合发布关于减少现代软件开发中内存安全漏洞的指南
2 months 2 weeks ago
内存安全漏洞被视作当前最持久也最危险的软件漏洞类型。
思杰紧急修复已遭利用的NetScaler ADC严重漏洞
2 months 2 weeks ago
速修复
Миллион европейцев проснулись без Microsoft. Спасибо, Windows
2 months 2 weeks ago
Город принял участие в европейском флешмобе и выкинул Microsoft в мусорку истории.
How to Exploit Account Takeover via Password Reset Flaw
2 months 2 weeks ago
Elisa公司密码重置系统因使用不安全的ECB模式AES加密出现漏洞,允许黑客通过预测和修改密钥接管用户账户,包括重要员工账户。该漏洞被发现后获得2000美元赏金。
How to Exploit Account Takeover via Password Reset Flaw
2 months 2 weeks ago
Elisa公司密码重置系统因使用ECB模式AES加密生成令牌存在漏洞,被bucen发现并获得2000美元赏金。
Exploiting Android Components in Seconds
2 months 2 weeks ago
文章介绍了Android安全测试中时间的重要性,并指出传统方法耗时较长。APK Components Inspector工具可将原本需数天的工作缩短至数秒,极大提升了安全研究人员的效率。
Who Needs Admin When You Have GraphQL? Abusing Queries for Fun and Data
2 months 2 weeks ago
凌晨3点12分,作者熬夜工作,在咖啡因的作用下发现了一个未受保护的GraphQL端点。通过使用subfinder、httpx和katana等工具进行信息收集和枚举,最终找到了这个暴露的API端点。
Who Needs Admin When You Have GraphQL? Abusing Queries for Fun and Data
2 months 2 weeks ago
凌晨3点,作者通过GraphQL端点发现未受保护的接口,利用技术手段成功获取管理员权限。
OTP bypassed by using luck infused logical thinking bug report
2 months 2 weeks ago
作者通过测试一个6位OTP验证系统,发现当OTP字段为空时仍能成功登录。他利用Burp Suite拦截请求并修改payload,最终绕过安全验证。然而,在尝试提交漏洞时得知该问题已被其他研究者报告。
Part 5: How to Become a Pentester in 2025: Certifications, Career Roadmap & Growth
2 months 2 weeks ago
文章介绍了2025年成为渗透测试员的最佳认证路径,推荐从Hack The Box的CPTS开始打牢基础,再逐步挑战Offensive Security的OSCP、OSEP和OSWE等高阶认证。强调实践技能与理论知识结合的重要性,并指出这些认证不仅提升技术能力,还能为职业发展带来显著优势。
Rate Limit? I Barely Know Her: How I Brute-Forced OTPs Like a Gentleman
2 months 2 weeks ago
深夜测试OTP系统时发现漏洞,通过暴力破解获取其他用户OTP并接管账户,最终负责任地报告漏洞并获得赏金。
Rate Limit? I Barely Know Her: How I Brute-Forced OTPs Like a Gentleman
2 months 2 weeks ago
深夜测试无限发送OTP的系统漏洞,利用Python和耐心穷举攻击,几乎成功劫持账户,最终负责任地报告漏洞。