Aggregator

OneTrust SDK 6.33.0 存在原型污染漏洞，攻击者可利用 `Object.setPrototypeOf` 和 `Object.assign` 注入恶意属性，导致全局对象污染、应用逻辑错误或拒绝服务（DoS）。建议升级至修复版本并加强输入过滤以防止类似问题。

文章描述了PX4军事无人机自动驾驶仪1.12.3版本中的一个堆栈溢出漏洞（CVE-2025-5640），该漏洞由处理畸形的MAVLink TRAJECTORY_REPRESENTATION_WAYPOINTS消息触发。攻击者可利用此漏洞通过UDP发送定制数据包使自动驾驶仪崩溃。文章附带了一个Python工具用于测试连接或发起DoS攻击。

这篇文章介绍了Pterodactyl Panel 1.11.11中的远程代码执行漏洞（CVE-2025-49132），允许攻击者通过特定请求获取数据库配置信息，并提供了检测脚本。

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

OneTrust SDK 6.33.0 - Denial Of Service (DoS)

Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)

freeSSHd 1.0.9 - Denial of Service (DoS)

Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)

国际权威认证！

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...]

When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares
and her wireless operator sent out a distress call. The RMS Carpathia
responded, but by the time she arrived, the Titanic had already sunk: only
those who had made it to the lifeboats could be saved. Some 1,500 people
died.

Another ship was closer and could potentially have responded faster—perhaps
even fast enough that more lives could have been saved. Yet despite seeing
the flares, she did nothing.

The post Lessons from the Titanic: when you don’t respond to a crisis appeared first on Security Boulevard.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Organizations are moving away from the public cloud and embracing a more hybrid approach due to big changes over the past five years.

A home lab is an engineer’s paradise – offering a safe space to experiment, troubleshoot, and master new technologies at their own pace. VMware by Broadcom supports this method of hands-on learning, and now, with VMUG Advantage, membership benefits now include access to the VMware vDefend license. This new benefit allows Advantage members who pass … Continued

The post vDefend is now a part of VMUG Advantage appeared first on VMware Security Blog.

Currently trending CVE - Hype Score: 10 - Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with ...

Currently trending CVE - Hype Score: 9 - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some ...

难度为简单的windows靶机

The decision to adopt a purpose-built container operating system (OS) versus maintaining a standard OS across legacy and cloud-native systems depends on your organization’s risk tolerance, compliance requirements, and visibility needs. Below is a structured approach you can take to evaluate the trade-offs and select the right strategy.

The post Is Container OS Insecurity Making Your K8s Infrastructure Less Secure? appeared first on Security Boulevard.

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's  Authenticode signature. [...]

Though rudimentary and largely non-functional, the wryly named "Skynet" binary could be a harbinger of things to come on the malware front.