Aggregator

本文记录了作者在练习 pwnedlabs 云安全靶场过程中的实战步骤与思路，涵盖多个场景，包括 公共S3枚举、EBS快照利用、RDS快照还原、S3访问控制绕过 及 Lambda + SQS 注入漏洞分析 等内容。

Currently trending CVE - Hype Score: 2

本文探讨了IPv6安全问题，分析了被动NDP嗅探、RA欺骗、RDNSS欺骗和DHCPv6嗅探等攻击手段，并介绍了相应的防护方法。

蓝点网新增系统镜像下载索引贴，整合Windows 10/11、LTSC 2021/2024、Server 2025等官方ISO镜像，并提供集成每月更新版本。索引贴置于PC版导航栏左上角，标签为“系统镜像”，方便用户快速访问和下载所需系统镜像。

1.pop之我又双叒叕重生了 简单的反序列化创建A4实例（最终目标是执行它的fun()方法）创建A3实例，将其$a3属性设为A4实例创建A2实例，将其$a2属性设为A3实例创建A1实例，将其$a1属性设为A2实例当这个对象链被反序列化时：A1的__wakeup()调用A2的get_flag()A2的get_flag()尝试将$a2(A3对象)与字符串拼接这会触发A3的__toString()，调用

Radiology Associates of Richmond遭遇数据泄露，超140万人的个人及健康信息受影响。攻击者于2024年4月2日至6日入侵系统，调查确认于2025年5月2日泄露。公司迅速封锁网络并展开调查。目前无证据显示数据被滥用，已通知受影响者并提供信用监控服务。

A data breach at Radiology Associates of Richmond has exposed the personal and health information of over 1.4 million individuals. Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of over 1.4 million individuals. Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based […]

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s … More →

The post Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb appeared first on Help Net Security.

微软在 Windows 11 测试版中新增了数据迁移功能，在 OOBE 阶段允许用户从其他 PC 同步部分数据到新设备。该功能基于 OneDrive 实现，可传输用户文件夹和系统设置，但不支持 Win32 软件和数据迁移。

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component SSDP Service. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2025-47975. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2022/Server 2022 23H2/Server 2025. This issue affects some unknown processing of the component Kerberos. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-47978. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

最近在研究内存马，但是根据网上公开的资料和文章以及常见的JNDIExploit开源项目，在vulhub的fastjson 1.2.24靶场均无法复现成功，于是在深入了解jndi内存马注入的原理和流程之后，解决Tomcat8.5和Tomcat9高版本无法注入成功的问题。

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component Virtual Hard Disk. The manipulation leads to buffer over-read. This vulnerability is handled as CVE-2025-47973. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as very critical. Affected by this vulnerability is an unknown functionality of the component SPNEGO Extended Negotiation. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-47981. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. Affected by this issue is some unknown functionality of the component Storage VSP Driver. The manipulation leads to untrusted pointer dereference. This vulnerability is handled as CVE-2025-47982. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to

CrushFTP 存在严重漏洞（CVE-2025-54309），CVSS 评分 9.0 分。该漏洞允许远程攻击者通过 HTTPS 获取管理员权限。攻击者利用 AS2 验证问题，在未使用 DMZ 代理功能时发起攻击。CrushFTP 已发布检测指标和缓解措施。该软件广泛用于政府、医疗和企业环境，管理敏感文件传输。过去一年中多次成为高级威胁活动目标。

当前环境异常，需完成验证后继续访问。

当前环境出现异常状态，需完成验证后方可继续访问系统或服务。

当前环境出现异常，需完成验证后方可继续访问。