Aggregator

A vulnerability labeled as critical has been found in EDK2. Impacted is an unknown function. Such manipulation of the argument BootPerformanceTable leads to assignment of a fixed address to a pointer. This vulnerability is listed as CVE-2021-28216. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability described as critical has been identified in Icinga up to 2.11.10/2.12.5/2.13.0. Impacted is an unknown function of the component Certificate Authority Handler. Executing manipulation can lead to improper certificate validation. This vulnerability is handled as CVE-2021-37698. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Microsoft Windows up to Server 2022. This vulnerability affects unknown code of the component Libarchive. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2021-36976. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability was found in Apple iOS and iPadOS up to 15.3.1. It has been classified as critical. Impacted is an unknown function of the component libarchive. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2021-36976. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Apple watchOS up to 8.4.2. It has been declared as critical. Affected by this issue is some unknown functionality of the component libarchive. Executing manipulation can lead to memory corruption. This vulnerability appears as CVE-2021-36976. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Apple macOS. This affects an unknown function of the component libarchive. The manipulation results in memory corruption. This vulnerability is known as CVE-2021-36976. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in SQLite 3.36.0. The affected element is the function idxGetTableInfo of the component SQL Query Handler. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2021-36690. The attack can only be done within the local network. There is not any exploit available. There is ongoing doubt regarding the real existence of this vulnerability.

A vulnerability was found in Apple macOS. It has been rated as critical. This vulnerability affects unknown code of the component SQLite. This manipulation causes denial of service. The identification of this vulnerability is CVE-2021-36690. It is possible to initiate the attack remotely. There is no exploit available. It is still unclear if this vulnerability genuinely exists. Upgrading the affected component is advised.

In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” that keeps growing, according to Veracode’s 2025 State of Software Security report. Researchers analyzed data from more than 1.3 million applications and 126 million security findings. Financial institutions perform better than average at preventing severe vulnerabilities, but they are slower to fix them and carry more long-term … More →

The post Financial services can’t shake security debt appeared first on Help Net Security.

操作PEB（进程环境块）和EAT（导出地址表），我们可以实现隐蔽和API绕过

在社会工程学（社工）钓鱼攻击中，通过视觉欺骗“伪造”文件名称后缀是一种常见的手法，其主要目的是误导受害者，让他们误以为文件是安全无害的，从而点击打开或执行该文件。这种技术利用了人们对文件类型和扩展名的信任，以及对特定格式文件的熟悉度来掩盖恶意内容的真实性质。

2025年第三届陇剑杯网络安全大赛 RHG决赛wp

Polar2025秋季个人挑战赛web

项目地址 https://github.com/DERE-ad2001/Frida-Labs

流量样本涉及到webshell流量、CS流量的识别、解密及分析，感觉跟实战很接近，和各位师傅分享下分析思路。

前言书接上文，高级进程注入之利用线程名和APC实现进程注入（上）：https://xz.aliyun.com/news/18877上文中已经介绍了相关的API，本文会讲述利用线程名注入的实现细节，相比较传统的进程注入需要创建线程，这是一个不需要创建线程的新技术介绍通常，向一个进程的内存写入内容，需要我们在打开进程句柄时带有写权限，PROCESS_VM_WRITE，但这可能被AV/EDR视为可疑指标

由于国内大部分src厂商不收取内容安全漏洞，所以分享一次某大厂自研大模型的一次实战通过提示词注入导致弹xss弹cookie。

N1CTF Junior re pyramid

本文介绍了一种通过动态获取SSN和系统调用地址实现间接系统调用的方法，利用汇编跳转绕过API Hook，提升对抗EDR/AV的能力。

COS提权与利用解密脚本下面 xor 后的三个结果分别是 ak，sk，session token，配置下 secretid 和 secretkey（开了几次环境，所以下面ak和sk可能会有变化）token 需要手动去配置下后续发现很多命令有问题，还是用 aws 吧先看下当前用户，这里报错是因为腾讯云 STS API 不是 S3 协议兼容的，而是走的 TC3-HMAC-SHA256 签名体系可以用