【在野利用】Citrix NetScaler 内存溢出漏洞(CVE-2025-7775)安全风险通告
致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。
Aggregator
从零开始学PWN学03:jarvisoj_level2
3 months 3 weeks ago
跳转地址的选择与参数传递的思考
从零开始学PWN学03:jarvisoj_level2
3 months 3 weeks ago
当前环境异常,需完成验证后继续访问,并提供验证选项。
將Obsidian Bases的第一個內嵌圖片當做筆記封面(縮圖)
3 months 3 weeks ago
文章介紹了在Obsidian Bases中設置屬性以自動提取筆記中的第一張本地圖片作為縮圖的方法,適用於卡片和表格檢視。
Anthropic 与图书作者就侵犯版权达成和解
3 months 3 weeks ago
Anthropic 与图书作者就版权侵犯集体诉讼达成和解,避免了潜在可能高达数十亿美元的侵权赔偿。今年 6 月美国联邦法官裁决 Anthropic 使用书籍训练 AI 是合理使用,但使用盗版书籍训练并不是。法庭文件显示,Anthropic 从盗版电子书库 LibGen 和 PiLiMi 下载了多达 700 万电子书,在 2021 年和 2022 年创建了一个巨大的书库,加州地区法官 William Alsup 允许遭到侵权的作家代表全美作家提起集体诉讼。双方于 8 月 25 日签署了一份具有约束力的和解协议。
Azure Service Command and Control HTTP traffic forwarding part 5
3 months 3 weeks ago
这篇文章展示了如何利用Azure容器应用创建一个C2环境,包括创建基础资源、配置容器应用,并通过HTTPS将流量从感染主机路由到内部C2 VM。
打造「个人数据中心」第一步:OMV 从上手到文件共享配置
3 months 3 weeks ago
本文详细介绍了如何配置OpenMediaVault(OMV)作为NAS操作系统,包括安装镜像制作、系统安装、网络配置、文件系统挂载以及SMB/CIFS文件共享的设置过程,并分享了作者在实际操作中积累的经验和技巧。
慧荣发布声明称使用慧荣芯片的SSD不受Windows 11更新故障影响 没收到故障报告
3 months 3 weeks ago
Windows 11 更新引发部分固态硬盘掉盘或无法识别问题,主控芯片制造商慧荣科技确认其产品不受影响。故障主要与群联控制器相关,微软正调查中。问题多发于连续写入大量数据的场景,对视频创作者和游戏玩家影响较大。
Citrix NetScaler Devices Yet Again Under Attack
3 months 3 weeks ago
Citrix Publishes Patches After Attackers Exploit Memory Overflow Vulnerability
NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.
NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.
Okta to Purchase Axiom Security to Bolster Privileged Access
3 months 3 weeks ago
Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A
By acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.
By acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.
Whistleblower: DOGE Made Live Copy of Social Security Data
3 months 3 weeks ago
Department of Government Efficiency Staffers Created 'Live Replica' of SSA Data
The Social Security Administration's chief data officer is warning in a whistleblower complaint that DOGE created a cloud replica of the Social Security database without proper authorization or oversight, potentially exposing the personal data of 300 million Americans.
The Social Security Administration's chief data officer is warning in a whistleblower complaint that DOGE created a cloud replica of the Social Security database without proper authorization or oversight, potentially exposing the personal data of 300 million Americans.
Transparent Tribe Deploys Malicious Files Against India Govt
3 months 3 weeks ago
Pakistan-Linked Threat Actor Targets Indian Linux Operation System
Pakistan-linked hackers are targeting an Indian Linux-based operating system by tricking government employees into clicking malicious files that look like PDFs. When opened, the files install spyware, giving attackers long-term access to sensitive government systems.
Pakistan-linked hackers are targeting an Indian Linux-based operating system by tricking government employees into clicking malicious files that look like PDFs. When opened, the files install spyware, giving attackers long-term access to sensitive government systems.
JVN: ScanSnap Managerのインストーラにおける権限昇格につながる脆弱性
3 months 3 weeks ago
株式会社PFUが提供するScanSnap Managerのインストーラには、権限昇格につながる脆弱性が存在します。
无印良品在华商标诉讼败诉
3 months 3 weeks ago
因中国企业率先在本国注册了无印良品商标,经营“无印良品”的日本株式会社良品计划在中国提起商标无效诉讼,今年 6 月最高法院驳回了再审请求,良品计划败诉。中国公司注册的无印良品商标针对的是毛巾、床罩等被称为“24类”的商品,因此良品计划对此类商品只能使用 MUJI 商标,非 24 类商品可以使用“无印良品”商标。良品计划是在 2020 年提起诉讼,它于 2005 年在中国开设了第一家门店,至今拥有逾 400 家门店。
苹果内部讨论收购Perplexity AI和Mistral AI 但管理层在收购方面存在分歧
3 months 3 weeks ago
苹果考虑收购Perplexity AI和Mistral AI以加强AI能力,但内部存在分歧。高管埃迪·库伊支持收购,而软件工程高级副总裁克雷格则认为苹果可自行解决AI短板。此外,谷歌搜索垄断问题可能影响苹果收入,促使苹果寻求开发或收购搜索引擎以竞争。
CVE-2025-7776
3 months 3 weeks ago
Citrix NetScaler 存在内存损坏漏洞,攻击者可通过 /broker/xml 端点引发服务崩溃并造成拒绝服务攻击。建议更新至官方修复版本以缓解风险。
404星链计划 | 项目版本更新
3 months 3 weeks ago
知道创宇404实验室星链计划项目更新情况。
桔子数科多岗位诚聘安全工程师,职等你来!
3 months 3 weeks ago
文章介绍了桔子数科的三个高级安全工程师岗位(基础安全、应用安全、办公安全),包括工作职责、任职要求及薪资待遇(30k-40k),并简要介绍了公司背景。
[下载] 微软发布Windows 10 22H2 KB5063842预览更新 修复输入法等多个BUG
3 months 3 weeks ago
微软为Windows 10 22H2发布KB5063842预览更新,修复包括微软拼音输入法显示异常等问题。该更新为测试版本,建议游戏玩家和办公用户暂缓安装。新功能包括企业备份工具等。可通过Windows更新或手动下载安装包获取。
谷歌将验证所有 Android 开发人员,以阻止 Google Play 上的恶意软件
3 months 3 weeks ago
云flare错误代码521表示服务器无法连接到目标服务器,常见于配置错误、过载或网络问题导致服务不可用。