Aggregator

A vulnerability has been found in Oracle Hospitality Reporting and Analytics 9.1.0 and classified as critical. This vulnerability affects unknown code of the component Reporting. This manipulation causes deserialization. This vulnerability appears as CVE-2019-10086. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Oracle Blockchain Platform. The affected element is an unknown function of the component BCS Console. Performing a manipulation results in deserialization. This vulnerability is cataloged as CVE-2019-10086. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle Communications Network Integrity 7.3.6. This impacts an unknown function of the component User Interface. Performing a manipulation results in deserialization. This vulnerability is known as CVE-2019-10086. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Продажи рухнули на дикие 64%, потому что машины застряли между хакерами и пошлинами.

Alleged PayPal Credential Leak: 104K Email and Password Combinations Exposed

元旦之后一直比较忙，今天偷闲在手机上打下这段文字正式向2025说声再见。

Птицам такое даже не снилось.

Meta знала, но считала это «не проблемой приватности».

——李某制作、贩卖、传播淫秽物品牟利案

旧文新发,很详细的一篇内存取证文章。学习！！！

Authors, Creators & Presenters: Wenhao Li (Shandong University), Jiahao Wang (Shandong University), Guoming Zhang (Shandong University), Yanni Yang (Shandong University), Riccardo Spolaor (Shandong University), Xiuzhen Cheng (Shandong University), Pengfei Hu (Shandong University)

PAPER
EMIRIS: Eavesdropping On Iris Information Via Electromagnetic Side Channel

Iris recognition is one of the most secure biometric methods due to the uniqueness and stability of iris patterns, as well as their resistance to forgery. Consequently, it is frequently used in high-security authentication scenarios. However, systems using Near-Infrared (NIR) sensors may expose the iris information of users, leading to significant privacy risks. Our research found that the electromagnetic (EM) emissions generated during data transmission of NIR sensors are closely related to iris data. Based on this observation, we propose EMIRIS, a method for reconstructing the iris information using EM side channels. By deconstructing the digital signal transmission format of the NIR sensors and the mapping mechanism of the iris data matrix, we can reconstruct iris information from EM signals and convert it into iris images. To improve the quality of the reconstructed iris, we model the denoising and restoration of iris texture details as a linear inverse problem and tailor a diffusion model to solve it. Extensive experimental evaluations show that EMIRIS can effectively reconstruct iris information from commercial iris recognition devices, achieving an average SSIM of 0.511 and an average FID of 7.25. Even more concerning, these reconstructed irises can effectively spoof the classical iris recognition model with an average success rate of 53.47% on more than 3,000 iris samples from 50 different users.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – EMIRIS: Eavesdropping On Iris Information Via Electromagnetic Side Channel appeared first on Security Boulevard.

基于大语言模型的全流量安全智能体研究与实践 by ourren

十五五无人机反制方向分析 by ourren

网安领域论文被拒原因分析 by ourren

TREC：通过少样本溯源子图学习进行APT战术/技术识别 by ourren

JBShield: 通过激活概念分析与操控防御大语言模型免受越狱攻击 by ourren

2025中国通信学会科学技术奖授奖名单（网络空间安全领域） by ourren

更多最新文章，请访问SecWiki

CAI（Cybersecurity AI） 是一个开源的网络安全人工智能框架，专为构建和部署AI驱动的攻防自动化系统而设计。它被描述为一个开放的、可参与漏洞赏金计划的网络安全人工智能，完全匹配其核心定位：开源、模块化，并准备好用于真实世界的漏洞赏金（Bug Bounty）活动。 机器狗是典型的具身智能平台，具有移动性、传感器（摄像头、LiDAR、IMU）和通信模块（WiFi、蓝牙、4G/5G）。将CAI部署到机器狗上，实现“具身AI代理”（Embodied Agent），可将纯虚拟的网络渗透扩展到物理近距离（近源）渗透。 想象一下，某一天，几百个机器狗围在你的公司周围开始暴力破解你的公司wifi进行近源渗透。 使用CAI代理评估机器人自身漏洞（如UniPwn蓝牙漏洞），或将机器狗作为攻击载体，最新论文显示CAI驱动的代理能在机器人上自主发现并利用API漏洞、触发未授权控制。 结合方式： 硬件集成：CAI轻量级（Python基底），可直接运行在机器狗的边缘计算单元上，无需云端依赖（隐私设计）。 传感器+AI融合：机器狗的传感器数据（视觉、距离、热成像）喂给CAI代理，实现环境感知驱动的渗透决策。 移动优势：机器狗可自主导航到目标区域（室内/室外），克服传统渗透的距离限制。 CAI+机器狗的结合开创了具身网络安全代理新范式，将虚拟渗透延伸到物理世界，尤其适合近源场景（如工业控制、关键基础设施）。 框架核心是CAI的模块化代理+机器狗的移动/感知能力，形成闭环自主系统。2025-2026年，这一方向快速发展，已有开源实现和论文验证。 未来趋势为更强具身AI（多模态LLM驱动导航）+群智协作（多机器狗协同渗透）。 CAI其他特点： 完全开源（GitHub 仓库：https://github.com/aliasrobotics/cai），采用 Python 实现，易于安装和扩展。 Agent-centric 设计：基于AI代理（Agent）架构，用户可以构建专用的AI代理，执行侦察、漏洞扫描、利用、提权、横向移动、缓解等任务。 支持多种AI模型：兼容 300+ 种模型，包括 OpenAI、Anthropic、DeepSeek、Ollama 等本地模型。 内置安全工具：集成常见进攻/防御工具，支持自定义工具扩展。 Human-in-the-Loop：强调可观测性和人工监督，确保安全可控。 支持同时运行进攻（Red Team）和防御（Blue Team）代理，进行攻防对抗测试。 Bug Bounty 就绪：专为漏洞赏金流程优化，能自动化侦察、验证和报告漏洞，已在真实平台（如 HackerOne、HackTheBox）上验证有效。

ИБ-шники в шоке, хакеры и противники в восторге.

The California Privacy Protection Agency (CalPrivacy) has taken action against the  Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker. [...]

某项目App渗透测试，主要针对于数据包签名进行逆向分析以及App其本身的配置错误导致的漏洞，当然还有最基础的与web一样的渗透测试，不过只能通过App运行的方式才能进行抓包看数据啥的，其实相对来说比较简单，并没有涉及太多的代码混淆解密，hook逆向以及其他比较复杂的技术，笔者本篇文章所涉及的基本上就是一般App的测试流程，稍微复杂一点的可能就要进行App脱壳和代码混淆解密啥的，这里不做深入讲解。

Today marks Aaron Swartz ’s death anniversary. His fight for open knowledge and digital rights continues as the forces he opposed grow stronger. Today marks the anniversary of the death of Aaron Swartz (Chicago, November 8, 1986 – New York, January 11, 2013), a figure whose life, work, and ideals continue to shape the internet, […]

一个比肩ret2all，但是更加容易利用的利用手法，来自hellor申

A vulnerability marked as critical has been reported in Oracle Retail Financial Integration 14.1.3/15.0.3/16.0.3. The impacted element is an unknown function of the component PeopleSoft Integration. Performing a manipulation results in deserialization. This vulnerability is reported as CVE-2019-10086. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.