Aggregator

译者：知道创宇404实验室翻译组 原文链接：A Chrome/Edge RCE via V8 WASM Type Confusion 1 介绍 本文介绍了 V8 JavaScript 和 WebAssembly 引擎中的一个漏洞，该漏洞允许在“渲染器”进程中执行任意的 shellcode。尽管代码执行仍受基于进程隔离的浏览器沙箱限制（除非浏览器使用 --no-sandbox 标志运行），...

勒索攻击损失加剧，但攻击成本在进一步降低。

奇安信威胁情报中心和猎鹰运营团队在运营过程中观察到在2024年6月份时多个境外友商发布与GrimResource新型攻击技术有关的在野攻击活动，第一时间对该技术进行了研究并持续进行监控，于2024年7月中旬在政企终端中发现第一例攻击事件。

在当今时代，我们正在目睹自动驾驶汽车的兴起，它们仅需最少的人工介入即可运行。尽管它们存在挑战和限制，但它们无疑减少了对人工劳动的需求，并展示了AI的卓越能力。

These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity

经过一段时间的筹备，《电子数据取证与网络犯罪调查》专刊（第七辑）合作伙伴已确定，首先向这16家合作伙伴致谢！

《电子数据取证与网络犯罪调查》专刊（第七辑）合作伙伴已确定！感谢一路同行的大家！

Today, we’re sitting down with Aaron Fillmore, president and co-founder of Cyber Info, a nonprofit dedicated to making cybersecurity education accessible to all. We’ll talk about what Cyber Info is, where the platform is so far, and how Aaron plans to use it to empower the next generation of cybersecurity professionals. A few words about […]

The post Expert Q&A: Aaron Fillmore on his Cybersec Nonprofit — Cyber Info appeared first on ANY.RUN's Cybersecurity Blog.

原文地址如下:https://research.securitum.com/art-of-bug-bounty-a-way-from-js-file-analysis-to-xss/ 在19年我写了一篇文章，是基于postMessageXss漏洞的入门教学:https://www.cnblogs.c

写了20年文章，我对这方面比较擅长。

感谢大家一直以来对菜鸟SRC的关注与支持。

课程设置标准？面试考察点？成长资源空间？

近日，2024全球数字经济大会——数字安全生态建设专题论坛（以下简称“论坛”）在京成功举办。由全球数字经济大会 […]

近日，由全球数字经济大会组委会主办，中国信息通信研究院和公安部第三研究所共同承办的数字安全生态建设专题论坛在北 […]

近日，专注推动网络与安全融合的全球网络安全领导者 Fortinet®（NASDAQ：FTNT）荣幸宣布，在备受 […]

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-07-16, 58 days ago. The vendor is given until 2024-11-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.6 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H severity vulnerability discovered by 'Nitesh Surana (@_niteshsurana) of Trend Micro Research' was reported to the affected vendor on: 2024-07-16, 38 days ago. The vendor is given until 2024-11-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'bananabr' was reported to the affected vendor on: 2024-07-16, 16 days ago. The vendor is given until 2024-11-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sunflower@Knownsec 404 Team' was reported to the affected vendor on: 2024-07-16, 59 days ago. The vendor is given until 2024-11-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-07-16, 59 days ago. The vendor is given until 2024-11-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.