Aggregator

【2025春节】解题领红包活动 最终排行榜 活动已结束，论坛已被大牛们的解题分享贴屠版，欢迎分享解题思路，相互学习逆向经验，目前题目还可以试炼，系统依然支持提交验证答案，但已无大额奖励，活动系统延时到2月20日0点下线。 题目已打包放到爱盘供大家下载学习： https://down.52pojie.cn/Challenge/Happy_New_Year_2025_Challenge.rar

Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is not aware of any malicious exploitation of this issue,” the company says. Fixed PAN-OS vulnerabilities (and unexpected reboots) CVE-2025-0108 was discovered by Assetnote researchers aftey they decided to analyze the patches for CVE-2024-0012 and CVE-2024-9474, which have been exploited by attackers … More →

The post PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) appeared first on Help Net Security.

首先需要分析加密函数，找到加密函数里边加密前的明文字符串变量。

AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security

Serious security vulnerabilities have been uncovered in the popular social media and content-sharing app, RedNote, compromising the privacy and security of millions of users globally. Researchers revealed critical flaws allowing attackers to intercept sensitive user data, access device files, and exploit insecure encryption mechanisms on iOS and Android platforms. The app’s use of inadequate cryptographic […]

The post RedNote App Security Flaw Exposes User Files on iOS and Android Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Mozilla Firefox up to 133 on iOS and classified as problematic. This issue affects some unknown processing. The manipulation leads to improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2025-23108. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Contact Form Master Plugin up to 1.0.7 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12587. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Arista Edge Threat Management up to 17.1.1. Affected by this issue is some unknown functionality. The manipulation leads to exposure of sensitive information through metadata. This vulnerability is handled as CVE-2024-47517. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Arista Edge Threat Management up to 17.1.1 and classified as very critical. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-9188. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Mozilla Firefox up to 133 on iOS and classified as problematic. This issue affects some unknown processing of the component Hostname Handler. The manipulation leads to improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2025-23109. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HCL DRYiCE MyXalytics 6.3. It has been classified as critical. Affected is an unknown function of the component URL Handler. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2024-42171. It is possible to launch the attack remotely. There is no exploit available.

洞悉行业进化的核心命题