Aggregator

文章描述了HackTheBox中一个Easy Linux机器的破解过程，利用Grafana漏洞获取初始权限，并通过SSH和cron作业实现提权至root。

一位网络安全专家通过逆向工程和漏洞利用分析IPTV盒子的工作原理。他从好奇开始，逐步解决技术难题：绕过沙盒环境、调整路由器端口、提取并反编译APK文件等。最终发现系统存在默认弱密码、可预测用户名及未加密流媒体链接等严重安全问题，并负责任地向ISP披露漏洞。文章强调了安全测试中细节的重要性及默认设置带来的风险。

2025年7月奖励公告2025年8月共有40位白帽师傅来到OSRC挖出有效漏洞具体名单如下：注：根据OSRC漏

慢雾将继续深耕 Web3 安全与合规领域。

美国太空网络安全公司正在开发防范“震网”病毒式网络攻击的AI工具

事件引发了大量中小供应商的财务危机

文章探讨了利益冲突对数字治理信任的影响，并强调不可兼任原则作为预防措施的重要性。通过“旋转门”现象、GDPR中的数据保护官独立性要求以及NIS 2指令中的治理架构，展示了如何通过法律手段确保决策的独立性和可信度。

俄罗斯航空Aeroflot遭遇重大网络攻击，7000个服务器被破坏，大量数据被盗。尽管系统老旧且安全措施不足，公司仅用48小时恢复运营。事件凸显技术脆弱性与文化韧性并存的矛盾。

CCS 2025成都网络安全技术交流活动开幕，聚焦AI与安全融合，推动产业智能迭代。

Godot开源游戏引擎发布v4.5版本，新增模板缓存、屏幕阅读器支持、着色器烘焙器等功能，并优化物理性能及WebAssembly性能。Linux版支持Wayland子窗口。

开源游戏引擎 Godot 释出了 v4.5 版本。主要新特性包括：模板缓存（stencil buffer），内置屏幕阅读器支持以改进可访问性，着色器烘焙器（shader baker）提供更好的着色器编译处理加速启动，改进物理功能等等。Linux 版 Godot 4.5 支持原生 Wayland 子窗口，基于 WebAssembly 的 Web 版本支持 SIMD 显著提升了性能。

A vulnerability identified as critical has been detected in Apple watchOS. The affected element is an unknown function of the component Web Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2025-43272. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apple macOS. The impacted element is an unknown function of the component Web Handler. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-43272. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Apple Safari. This issue affects some unknown processing of the component Address Bar Handler. This manipulation causes clickjacking. This vulnerability is registered as CVE-2025-43327. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

2025年国家网络安全宣传周成都系列活动开幕，以“网络安全为人民”为主题，由多部门联合举办，包括开幕式、交流体验活动、成果展等。CCS2025技术交流活动启动，聚焦AI与网络安全融合创新，并设港澳蓉交流板块。虚拟领航员“小智”升级主持，青少年网络安全素养教育创新升级，《教育大纲》发布并试点。三大展区展示成都“十四五”成果及前沿应用。

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS. This impacts an unknown function of the component Web Handler. This manipulation causes open redirect. This vulnerability is tracked as CVE-2025-31254. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple Safari. Affected is an unknown function of the component Web Handler. Such manipulation leads to open redirect. This vulnerability is listed as CVE-2025-31254. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Apple Xcode. This vulnerability affects unknown code. This manipulation causes sandbox issue. The identification of this vulnerability is CVE-2025-43371. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.