Larva-24005黑客组织针对日本与韩国发动钓鱼邮件攻击活动——每周威胁情报动态第214期 (02.28-03.06)
APT组织Lazarus 在Rootkit(获取内核权限)攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;
Aggregator
TPCTF 2025|倒计时1天!
1 year 3 months ago
Larva-24005黑客组织针对日本与韩国发动钓鱼邮件攻击活动——每周威胁情报动态第214期 (02.28-03.06)
1 year 3 months ago
APT组织Lazarus 在Rootkit(获取内核权限)攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;
TPCTF 2025|倒计时1天!
1 year 3 months ago
Who is the DOGE and X Technician Branden Spikes?
1 year 3 months ago
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
BrianKrebs
英伟达一夜跌去 1600 亿美元;郭明錤:折叠 iPhone 明年推出;阿里开源低成本推理模型 QwQ-32B | 极客早知道
1 year 3 months ago
6000 元以上手机开启政府补贴;Manus AI 回应邀请码机制;《艾尔登法环》有望改编手游
利用 3000 条大字典 MachineKeys 爆破 ViewState 反序列化漏洞
1 year 3 months ago
国内最专业、最全面的 [ .NET 代码审计 ] 体系化学习交流社区
1 year 3 months ago
.NET 任务计划隐藏与权限维持:注册表与 Wow64 文件系统重定向的结合应用
1 year 3 months ago
CVE-2025-1919 | Google Chrome up to 133.0.6943.126 Media out-of-bounds (ID 392375 / Nessus ID 232098)
1 year 3 months ago
A vulnerability has been found in Google Chrome and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Media. The manipulation leads to out-of-bounds read.
This vulnerability is known as CVE-2025-1919. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1923 | Google Chrome up to 133.0.6943.126 Permission Prompts ui layer (ID 382540 / Nessus ID 232101)
1 year 3 months ago
A vulnerability was found in Google Chrome. It has been declared as problematic. This vulnerability affects unknown code of the component Permission Prompts. The manipulation leads to improper restriction of rendered ui layers.
This vulnerability was named CVE-2025-1923. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-27110 | OWASP ModSecurity 3.0.13 LibModSecurity encoding error (ID 3340 / Nessus ID 232099)
1 year 3 months ago
A vulnerability classified as critical was found in OWASP ModSecurity 3.0.13. This vulnerability affects unknown code of the component LibModSecurity. The manipulation leads to encoding error.
This vulnerability was named CVE-2025-27110. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-38855 | libxlsv 1.6.2 XLS File xlstool.c get_string buffer overflow (Issue 124 / Nessus ID 232105)
1 year 3 months ago
A vulnerability has been found in libxlsv 1.6.2 and classified as critical. Affected by this vulnerability is the function get_string of the file xlstool.c of the component XLS File Handler. The manipulation leads to buffer overflow.
This vulnerability is known as CVE-2023-38855. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-1933 | Mozilla Firefox up to 135 on 64-bit JIT return value (Nessus ID 232196)
1 year 3 months ago
A vulnerability was found in Mozilla Firefox up to 135 on 64-bit. It has been declared as problematic. This vulnerability affects unknown code of the component JIT. The manipulation leads to unchecked return value.
This vulnerability was named CVE-2025-1933. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1935 | Mozilla Firefox up to 135 URL Protocol clickjacking (Nessus ID 232196)
1 year 3 months ago
A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 135. Affected by this issue is some unknown functionality of the component URL Protocol Handler. The manipulation leads to clickjacking.
This vulnerability is handled as CVE-2025-1935. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-40762 | SonicWALL SonicOS SSL VPN weak prng (SNWLID-2025-0003 / Nessus ID 232198)
1 year 3 months ago
A vulnerability has been found in SonicWALL SonicOS and classified as problematic. This vulnerability affects unknown code of the component SSL VPN. The manipulation leads to cryptographically weak prng.
This vulnerability was named CVE-2024-40762. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-53705 | SonicWALL SonicOS SSH Management server-side request forgery (SNWLID-2025-0003 / Nessus ID 232199)
1 year 3 months ago
A vulnerability was found in SonicWALL SonicOS. It has been classified as critical. Affected is an unknown function of the component SSH Management. The manipulation leads to server-side request forgery.
This vulnerability is traded as CVE-2024-53705. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-53706 | SonicWALL SonicOS Cloud NSv SSH Config privileges management (SNWLID-2025-0003 / Nessus ID 232200)
1 year 3 months ago
A vulnerability was found in SonicWALL SonicOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Cloud NSv SSH Config. The manipulation leads to improper privilege management.
This vulnerability is known as CVE-2024-53706. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
2024 年开源供应链恶意软件态势
1 year 3 months ago
供应链安全又将走向何方?
2024 年开源供应链恶意软件态势
1 year 3 months ago
供应链安全又将走向何方?