Aggregator

基于ICSim模拟can总线来学习车辆网安全，学习伪造攻击和重放攻击基础

Хотели настроить подсветку, а получили хакера в придачу.

A major software supply chain attack has struck the JavaScript ecosystem after threat actors slipped a malicious dependency into the widely used axios NPM package. The poisoned releases, axios 1.14.1 and 0.30.4, pulled in plain-crypto-js and quietly delivered the WAVESHAPER.V2 backdoor to Windows, macOS, and Linux systems during installation. The incident is serious because axios […]

The post North Korean Hackers Compromise Widely Used Axios Package to Infect Windows, macOS, and Linux Systems appeared first on Cyber Security News.

Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The […]

klint A Linux kernel integrity scanner that detects rootkits and kernel-level compromises. It works by cross-referencing multiple sources

The post The Kernel’s Ghost Hunter: Unmasking Stealth Rootkits with klint appeared first on Penetration Testing Tools.

CVE-2026-31975：Cloud CLI WebSocket Shell OS命令注入漏洞分析

A threat actor group known as TeamPCP has been caught backdooring the Telnyx Python SDK on PyPI — a popular cloud communications library with over 700,000 downloads in February alone. On March 27, 2026, two malicious versions of the package, 4.87.1 and 4.87.2, were quietly published to the Python Package Index without any matching commits […]

The post Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux appeared first on Cyber Security News.

The ubiquitous axios library, an indispensable cornerstone of contemporary web development, has abruptly found itself at the epicenter

The post Ninety Seconds to Compromise: The Viral Hijack of the Axios NPM Package appeared first on Penetration Testing Tools.

An imperceptible presence within a network remains the paramount trump card of digital malefactors, and a nascent discovery

The post The Spectral Proxy: How the RoadK1ll Malware Uses WebSockets to Vanish into Your Network appeared first on Penetration Testing Tools.

Within the United States, the exhaustive inquisition into the sensational subjugation of the cryptocurrency exchange Uranium Finance—which precipitously

The post From Tornado Cash to Caesar’s Coins: The $53 Million Fall of the Uranium Finance Hacker appeared first on Penetration Testing Tools.

Apple has surreptitiously fortified the defensive architecture of macOS, introducing a mechanism poised to rescue patrons from one

The post The Invisible Shield: How macOS Tahoe 26.4 is Quietly Killing “ClickFix” Scams appeared first on Penetration Testing Tools.

只靠吃药就能消除时差反应的未来或将到来？日本大阪大学等研究团队在美国科学杂志上发布研究成果称，通过实验发现了能加快生物钟的化合物。该团队确认，对处于时差犯困状态的实验鼠投入该化合物后，会比通常情况更早恢复，该团队称“也有望发展为药物”。时差反应的起因是调控人体内生物钟的时钟基因发生偏差。人类的生物钟周期为 25 小时，会因日光刺激而重置。研究团队发现的名为“Mic-628”的化合物仅对时钟基因产生作用。该化合物能同时激活脑中枢中控制全身的基因和位于肺等末端器官中的基因。实验中发现，与向实验鼠投药时间无关，无论何时都能将生物钟提前 2 小时。将溶有该化合物的液体给予有 6 小时时差反应的实验鼠后，通常恢复需要约 7 天的天数缩短至 4 天。

Unearthing a vulnerability within an Application Programming Interface is frequently a more labyrinthine endeavor than it initially appears.

The post Beyond the Scanner: How Hadrian Unmasks the Hidden Flaws in API Authorization appeared first on Penetration Testing Tools.

The clandestine update of an antiquated Visual Studio Code extension has precipitously metamorphosed into a targeted siege upon

The post The 8-Year Sleeper: How IoliteLabs’ Solidity Extensions Became a Web3 Nightmare appeared first on Penetration Testing Tools.

Windows 11 получила обновление, которое пришлось лечить новым обновлением.

2026年Django爆出的SQL注入漏洞CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation 看描述有点意思，似乎是解决了我一直无法bypass的一个点，于是进行深入分析下

本文对帆软FineReport的项目结构，路由映射和历史漏洞进行详细分析，旨在为想要审计帆软报表的读者提供详尽的入门指南。

慢雾将持续推动 AI + Web3 安全创新，为智能体构建内生防护能力，保障生态安全与可持续发展。