Aggregator

A vulnerability described as critical has been identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. This vulnerability is documented as CVE-2026-1105. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. This vulnerability appears as CVE-2026-1107. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. This vulnerability is reported as CVE-2026-1106. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Linux SUID提权：从内核原理到实战利用

A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack leverages legitimate ad click tracking domains to disguise malicious URLs, making them appear as trustworthy advertising traffic. This technique effectively bypasses email security filters and reduces user suspicion during the […]

The post New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware appeared first on Cyber Security News.

В Испании обнаружена столица великого халифата.

Staatssecretaris Gijs Tuinman was in Zuid-Korea en Japan om ervaringen uit te wisselen, onder meer op het gebied van digitalisering. Ook werd gesproken over materieel, onderzoek en ontwikkeling. Daarnaast is verkend waar beide landen elkaar kunnen versterken. Het bezoek van vorige week was een stap naar mogelijke verdere samenwerking.

Nicholas Moore, a 24-year-old Tennessee man, pleaded guilty to using stolen credentials of authorized users to hack into computer systems of the Supreme Court, VA, and AmeriCorps, obtaining sensitive information and then posting it online to his Instagram account.

The post Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems appeared first on Security Boulevard.

如果目标主机缺少 curl（或其他下载器），如何通过 msf 反弹shell

A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The Automatic Certificate Management […]

The post Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections appeared first on Cyber Security News.

New malware PDFSIDER enables covert, long-term access to compromised systems via advanced techniques

A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court's electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. [...]

Ученые нашли лучший способ хранить информацию спустя 70 лет поисков.

Session 9B: DNN Attack Surfaces

Authors, Creators & Presenters: Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

PAPER
BitShield: Defending Against Bit-Flip Attacks on DNN Executables

Recent research has demonstrated the severity and prevalence of bit-flip attacks (BFAs; e.g., with Rowhammer techniques) on deep neural networks (DNNs). BFAs can manipulate DNN prediction and completely deplete DNN intelligence, and can be launched against both DNNs running on deep learning (DL) frameworks like PyTorch, as well as those compiled into standalone executables by DL compilers. While BFA defenses have been proposed for models on DL frameworks, we find them incapable of protecting DNN executables due to the new attack vectors on these executables. This paper proposes the first defense against BFA for DNN executables. We first present a motivating study to demonstrate the fragility and unique attack surfaces of DNN executables. Specifically, attackers can flip bits in the section to alter the computation logic of DNN executables and consequently manipulate DNN predictions; previous defenses guarding model weights can also be easily evaded when implemented in DNN executables. Subsequently, we propose BitShield, a full-fledged defense that detects BFAs targeting both data and sections in DNN executables. We novelly model BFA on DNN executables as a process to corrupt their semantics, and base BitShield on semantic integrity checks. Moreover, by deliberately fusing code checksum routines into a DNN's semantics, we make BitShield highly resilient against BFAs targeting itself. BitShield is integrated in a popular DL compiler (Amazon TVM) and is compatible with all existing compilation and optimization passes. Unlike prior defenses, BitShield is designed to protect more vulnerable full-precision DNNs and does not assume specific attack methods, exhibiting high generality. BitShield also proactively detects ongoing BFA attempts instead of passively hardening DNNs. Evaluations show that BitShield provides strong protection against BFAs (average mitigation rate 97.51%) with low performance overhead (2.47% on average) even when faced with fully white-box, powerful attackers.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – BitShield: Defending Against Bit-Flip Attacks On DNN Executables appeared first on Security Boulevard.

今日暂未更新资讯~
更多最新文章，请访问SecWiki