Aggregator

A vulnerability was found in Oracle Siebel UI Framework up to 21.2. It has been classified as critical. Affected is an unknown function of the component UIF Open UI. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk," Google's Mandiant team said in an extensive

Cyber Attack / RansomwareThe notorious cybercrime group known as Scattered Spider is targeting VMw

A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.sdmagic.number. The manipulation leads to improper export of android application components. This vulnerability is handled as CVE-2025-8258. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in ssrfcheck up to 1.1.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-8267. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

快速浏览！2025.7.21—7.27安全动态周回顾。

国内首个！开源见微大模型基础护栏。

8月22日||北京民航国际会议中心 感受未来·沉浸AI

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

当前环境异常，需完成验证后方可继续访问。

文章讲述了一位网络安全学习者通过参加OffSec举办的报告写作比赛赢得PEN-200课程及认证考试的机会，并分享了其在准备OSCP考试过程中的学习方法、环境搭建、报告撰写技巧以及最终成功通过考试的经验。

Yamini Yadav推出新系列《The Auth Apocalypse》，探讨认证与会话管理漏洞。首集讲述“如何一个Cookie就能危及一切”，揭示会话固定攻击的危险性。

文章揭示了通过持久连接和弱主机验证绕过安全防护的漏洞。攻击者利用前端服务器仅在首次请求中验证Host头的特点，在后续请求中注入恶意内容，从而突破防护机制，威胁内部系统安全。

SSH（Secure Shell）是一种用于安全远程控制计算机的技术。通过加密通信确保数据私密性，并利用公钥验证身份。用户输入命令后，客户端与服务器进行身份验证并建立加密连接，实现安全的远程操作。

这篇文章介绍了系统设计的基础知识，包括代理（正向和反向）、延迟、API类型（REST和GraphQL）、数据库设计（SQL与NoSQL）、水平扩展、负载均衡、缓存机制和内容分发网络（CDN）等概念。这些内容为理解现代Web应用程序的架构奠定了基础。

Hi there! If you’re wondering who I am, I go by @iamaangx028 on the internet — you can call me Aang

深夜网络侦察中发现暴露的开发工具，利用多种工具扫描后意外获取公司HR文件等敏感信息，揭示企业安全漏洞。