Aggregator

CVE-2025-54424 证书校验失效+命令注入=攻击者直取root权限

伪造HR账号投毒.exe文件，远程操控+内部社工=精准收割

EncryptHub利用微软Windows漏洞CVE-2025-26633结合社会工程学传播恶意软件,伪装成IT部门发送请求,诱导用户运行恶意MSC文件,并借助Brave Support等平台分发工具如SilentCrystal,实施多阶段攻击,最终部署窃取器等恶意负载。

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息，帮助他们从大量数据中提取关键内容。

A vulnerability categorized as critical has been discovered in Oracle MySQL Server up to 8.0.41/8.4.4/9.2.0. This issue affects some unknown processing of the component InnoDB. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-30703. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Oracle MySQL Server up to 8.0.41/8.4.4/9.2.0. Affected is an unknown function of the component Stored Procedure. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-30699. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Oracle MySQL Server up to 8.0.41/8.4.4/9.2.0. Affected by this vulnerability is an unknown functionality of the component Components Service. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-30704. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.