Aggregator

报告将从历史硬件类后门入手深入分析硬件后门的技术实现机制，回顾历史上的重大芯片后门事件，并探讨英伟达H20芯片可能采用的后门技术路径，为理解当前事件提供技术视角。

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

网络世界的边界不断扩展，安全威胁的形态也日益复杂。从深藏于企业核心的内网纵深，到引领变革浪潮的AI大模型前沿，攻防的战场从未如此广阔且充满挑战。

最新演出预告！！

超多活动！超丰富礼品！一起庆祝7周年！

Признайтесь: вы ведь тоже пересмотрели эти видео несколько раз?

云计算具备速度、可伸缩性和创新等优点，但对它的日益依赖已改变了威胁格局并产生了大量漏洞。

Experts argue that password managers are still useful despite Microsoft Authenticator ditching its capabilities

报告将从历史硬件类后门入手深入分析硬件后门的技术实现机制，回顾历史上的重大芯片后门事件，并探讨英伟达H20芯片可能采用的后门技术路径，为理解当前事件提供技术视角。

作者：知道创宇404实验室 一、什么是银狐木马 银狐木马作为国内流行的一类远控木马，近期攻击态势持续升温。腾讯安全威胁情报中心发布报告《银狐情报共享第2期｜银狐武器库更新，加装RootKit实现多重隐身》[1] ，揭示了银狐通过伪装成办公软件安装包进行水坑攻击的策略。 本文以报告中提及的一个钓鱼网站为起点，借助 ZoomEye[2] 平台开展恶意基础设施的拓线分析，旨在还原攻击者的行为习...

Злоумышленнику достаточно попасть в ядро, чтобы потом спокойно поселиться в вашем железе.

A vulnerability, which was classified as problematic, has been found in Alfasado PowerCMS. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-41391. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Alfasado PowerCMS. Affected by this vulnerability is an unknown functionality of the component Backup File Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-46359. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Alfasado PowerCMS. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-41396. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Alfasado PowerCMS. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-36563. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Alfasado PowerCMS. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-54757. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Alfasado PowerCMS. It has been classified as critical. This affects an unknown part. The manipulation leads to csv injection. This vulnerability is uniquely identified as CVE-2025-54752. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android TV and classified as problematic. Affected by this issue is the function TvSettings of the file AppRestrictionsFragment.java. The manipulation leads to time-of-check time-of-use. This vulnerability is handled as CVE-2025-8192. Attacking locally is a requirement. There is no exploit available.