Aggregator

一共有九道题目，v8和shellcode没时间做了，主要在准备纳新

Critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, could allow attackers to inject UI inputs and cause denial-of-service conditions on affected systems. The SUSE researchers tracked as CVE-2025-66005 and CVE-2025-14338, which affect InputPlumber versions before v0.69.0 and stem from inadequate D-Bus authorization mechanisms. InputPlumber combines Linux input devices into virtual input devices and runs […]

The post Critical InputPlumber Vulnerabilities Allows UI Input Injection and Denial-of-Service appeared first on Cyber Security News.

Everest hacking group has allegedly claimed a major breach of Nissan Motor Co., Ltd., raising fresh concerns about data security at large automotive manufacturers. According to early reports, the cybercrime group says it exfiltrated around 900 GB of sensitive data from the Japanese carmaker, a volume that suggests broad access to internal systems and repositories. […]

The post Everest Hacking Group Allegedly Claims Breach of Nissan Motors appeared first on Cyber Security News.

A severe global buffer overflow vulnerability has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.​ The security flaw resides in the TGZfname() function of the untgz utility, where an unbounded strcpy() call processes user-supplied archive names without any length […]

The post Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz appeared first on Cyber Security News.

Группировка MuddyWater освоила Rust и теперь прикидывается консультантом по кибербезопасности.

Кажется, назревает крупная космическая перепалка…

X has suspended the iconic @twitter handle on its platform, replacing its profile with a standard notice stating the account violates rules. Screenshots of the suspension screen began circulating widely late last week, igniting discussions about the platform’s rebranding efforts. The @twitter account had remained inactive since before Elon Musk’s 2022 acquisition of the platform, […]

The post X Suspended Twitter Account for Violation of Rules appeared first on Cyber Security News.

Firewalls, VPN access, and traffic rules need steady attention, often with limited budgets and staff. In that context, the open source pfSense Community Edition (CE) continues to show up in production environments, supported by a long-standing user community. pfSense CE is the free, open-source version of the pfSense firewall and routing platform. The software runs on standard x86 hardware, virtual machines, and some embedded systems, which keeps deployment flexible for small teams and labs. What … More →

The post pfSense: Open-source firewall and routing platform appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated ...

Currently trending CVE - Hype Score: 13 - A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.

Один необдуманный шаг — и все ваши сбережения окажутся в чужих руках.

该工具宣称攻击转化率最高可达60%，并能识别目标设备的系统类型，投放与之兼容的恶意载荷。

这一漏洞可被滥用于泄露存储在实例中的密钥、将敏感文件注入工作流、伪造会话Cookie以绕过身份验证，甚至执行任意命令。

因为 X 平台的聊天机器人 Grok 能未经女性和儿童同意制作性暴露的类 deepfake 图像，马来西亚和印尼宣布屏蔽 Grok。马来西亚通信监管机构 Communications and Multimedia Commission 周日表示它向 X 发去通知要求加强对 Grok 的管理，但 X 未能在回复中解决问题。 印尼也要求 X 对 Grok 使用做出说明，认为 Grok 生成露骨色情内容侵犯了人权、尊严和网络安全。英国的通信监管机构 Ofcom 也将对如何处理 Grok 做出决定。

Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that same torrent activity through an open source intelligence lens and asks how much signal security teams can extract from data that is already public. Data pipeline design Turning torrent metadata into intelligence Torrent files contain … More →

The post What security teams can learn from torrent metadata appeared first on Help Net Security.

A CVSS score 4.4 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2026-01-12, 72 days ago. The vendor is given until 2026-05-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-01-12, 72 days ago. The vendor is given until 2026-05-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

学校只有我一个pwn手，完全做不完当时，做这四个是极限了，剩下以后有空再去复现，stack那个是dockerfile有问题，泄露出来栈就基本差不多了。

Как превратить проблемный AlScN в идеальный материал для электроники?

Cybersecurity debates around surveillance usually stay inside screens. A new academic study argues that this boundary no longer holds when communication laws extend into robots that speak, listen, and move among people. Researchers Neziha Akalin and Alberto Giaretta examine the European Union’s proposed Chat Control regulation and its unintended impact on human robot interaction. The continuum of surveillance, from watching public spaces, to listening in private communications, to acting within embodied environments. A brief look … More →

The post EU’s Chat Control could put government monitoring inside robots appeared first on Help Net Security.