Aggregator

Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects

「代码审计」知识星球中@1ue 发表了一篇有趣的文章《探索Java反序列化绕WAF新姿势》，深入研究了一下其中的原理，我发现这是一个对我来说很“新”，但实际上年纪已经很大的Trick。

0x01 UTF-8编码原理

UTF-8是现在最流行的编码方式，它可以将unicode码表里的所有字符，用某种计算方式转换成长度是1到4位字节的字符。

参考这个表格，我们就可以很轻松地将unicode码转换成...

As cyber threats evolve, boards must remain vigilant in cyber security governance.

深蓝洞察年度安全报告第四篇

Last November, while testing Google Bard (now called Gemini) for vulnerabilities, I had a couple of interesting observations when it comes to automatic tool invocation. Confused Deputy - Automatic Tool Invocation First, what do I mean by this… “automatic tool invocation”… Consider the following scenario: An attacker sends a malicious email to a user containing instructions to call an external tool. Google named these tools Extensions. When the user analyzes the email with an LLM, it interprets the instructions and calls the external tool, leading to a kind of request forgery or maybe better called automatic tool invocation.

Summary At approximately 0330 eastern time in the United States, over 70 thousand AT&T users reported interruptions in their mobile, internet, and home phone services. There outage is not currently being attributed any any cyber attacks. Threat Type Critical Infrastructure Outage Overview AT&T is currently investigating a network outage affecting over 70 thousand of their customers. The outage reportedly began at about 0330 eastern time. Initial reports claimed that this outage also affected T-Mobile and

一篇文章了解珂兰寺

Unsuspecting users beware, IP grabbers do not ask for your permission.

Spring Boot的开源渗透框架，主要用作扫描Spring Boot的敏感信息泄露端点，并可以直接测试Spring的相关高危漏洞。

这种技巧我这辈子都用不上，是不是在一些不太合法的需求中用得着啊

深蓝洞察年度安全报告第三篇

近期，我们捕获到了SideWinder针对不丹、缅甸、尼泊尔的攻击样本，这类样本主要是通过宏文档释放Nim语言编译的攻击载荷，这类载荷在响尾蛇历史攻击者中很少见。鉴于此情况，本文重点披露响尾蛇组织使用的这类组件。