Aggregator

Новая уязвимость в Windows позволяет стать полноправным хозяином чужого компьютера.

抢先加入AI时代顶尖安全团队！阿里云2027届实习生招聘来了！

A serious security flaw has been found in Exim, one of the most widely deployed mail transfer agents on the internet today. The vulnerability, tracked as EXIM-Security-2026-05-01.1, allows a remote attacker to corrupt server memory and potentially execute malicious code without needing any special privileges or credentials. It was publicly disclosed on May 12, 2026, […]

The post New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks appeared first on Cyber Security News.

AI洪流下的防守对抗新范式

本文简略的梳理了Windows DumpHash的流程，并通过系统白程序Reg.exe的拓展应用，巧妙的绕过了杀软的拦截点，实现了绕过EDR从而DumpHash的目的，同时根据实际测试，该方法针对Windows系列系统具有有效性，操作难度不大，具有实战价值。

``0解鸿蒙逆向题`` 对于一个没有系统接触过鸿蒙逆向的小白，在线下比赛中做出来确实比较困难，这篇文章从鸿蒙小白的角度 探讨 鸿蒙hap包逆向的完整流程及重点难点 随着HarmonyOS NEXT在2024年底正式商用，纯鸿蒙应用的数量在过去一年多迅速增长，安全研究领域对鸿蒙逆向的需求也随之而来。与Android生态成熟的逆向工具链相比，鸿蒙逆向目前仍处于早期阶段，公开的分析资

Hunt Forward Lab #005 — Threat Hunting for Registry Run Keys, Scheduled Tasks & Startup Folders | MI

How We Turned LangChain’s Tracer Into an Unauthenticated Remote Credential Exfiltration GadgetBy Dew

简单讲讲chat_template。

io_uring是Linux 5.1引入的高性能异步I/O框架，通过共享内存环形缓冲区实现用户态与内核态的零拷贝通信。

AI For Security：AI在云产品安全建设中能做什么？

How It Works, What It Steals & How to Stay SafePress enter or click to view image in full sizeSummar

Threat Intelligence Report | Operation DragonRxPress enter or click to view image in full sizeClassi

一种全新的AI Agent攻击方式（或许也不那么新）

php8 首个 bypass disable function漏洞，已武器化为蚁剑插件

Unidentified adversaries have subverted the Checkmarx plugin for Jenkins, embedding deleterious code designed for credential exfiltration. This incursion

The post Checkmarx Fails Again: TeamPCP Hijacks Jenkins Plugin to Harvest Developer Credentials appeared first on Penetration Testing Tools.

该漏洞允许攻击者通过 REST API 提供了一个 /v1/tools/run端点，利用任意 payload 在目标服务器上执行任意 Python 代码或系统命令。