Aggregator

HTTP/1.1协议存在致命漏洞，数千万网站面临恶意接管风险。攻击者利用去同步化技术构造恶意请求，导致反向代理与后端服务器解析分歧，引发数据泄露、代码注入等严重后果。升级至HTTP/2是唯一解决方案，但主流厂商尚未支持HTTP/2上游连接，网站仍暴露风险中。

当前环境出现异常,需完成验证后方可继续访问。

特朗普与苹果公司将宣布新增 1000 亿美元美国投资；理想 i8 碰撞测试事件三方联合声明；全新小鹏 P7 预售 6 分 37 秒，小订突破 10000 台

当前环境出现异常，需完成验证后方可继续访问。

“钓鱼”网站的“潮汐”规律

文章指出当前环境异常，需完成验证后才能继续访问。

2025年9月5日，CSOP 深圳站议程公开！

ProtectMyTooling A script that wraps around a multitude of packers, protectors, obfuscators, shellcode loaders, encoders, and generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark...

The post ProtectMyTooling: Multi-Packer wrapper letting us daisy-chain various packers, obfuscators appeared first on Penetration Testing Tools.

在三个月的数据收集期间，DShield传感器发现巴拿马来源占总攻击流量的65%以上。进一步分析显示这些攻击来自NForce Entertainment B.V.的/24子网及ASN 43350。该ISP常出租IP给高风险VPN和代理服务，并与钓鱼、恶意软件活动相关联。建议网络防御者采取措施包括标记特定流量、阻止远程桌面协议、监控SSH活动及部署Web应用防火墙以应对威胁。

大疆发布ROMO扫拖机器人，售价4399元起；OpenAI推出开源GPT模型；Anthropic升级Claude Opus 4.1；CHERRY推出三款KW系列键盘。

A vulnerability was found in Moodle up to 4.1.15/4.3.9/4.4.5/4.5.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-26531. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Couchbase Sync Gateway up to 3.2.5. Affected by this issue is some unknown functionality of the file sgcollect_info_options.log. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2025-52490. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Bacula-web up to 9.7.0. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-45346. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Aver PTC310UV2 0.1.0000.59. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-45620. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in PrestaShop 8.2.0. This affects the function _getHeaders of the component HTTP POST Request Handler. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-25692. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Rocket Zena 4.4.1.26 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument filter leads to sql injection. This vulnerability was named CVE-2024-45955. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in PrestaShop 8.2.0 and classified as critical. This issue affects some unknown processing of the file /themes/import of the component HTTP POST Request Handler. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2025-25691. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Dell SmartFabric OS10 Software 10.5.3/10.5.4/10.5.5/10.5.6/10.6.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2025-36608. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell SmartFabric OS10 Software 10.5.3/10.5.4/10.5.5/10.5.6/10.6.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to files or directories accessible. This vulnerability is known as CVE-2025-30103. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell SmartFabric OS10 Software 10.5.3/10.5.4/10.5.5/10.5.6/10.6.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. This vulnerability is handled as CVE-2025-36609. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.