Aggregator

Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

双领域专家联袂授课，从模型训练到安全防护的一站式通关

文末投递简历

27亿条包含Wi-Fi密码等敏感信息的物联网数据被曝光

看雪论坛ID：moshuiD

ИИ и биткоин по $100000 создали идеальную бурю воровства криптовалюты.

Уверенность в своей защите не означает полную безопасность.

英国芯片设计公司 Arm 将不再只是自己设计芯片，它将自己制造芯片，第一个大客户是社交巨头 Meta。该芯片是大型数据中心使用的服务器 CPU，能为不同客户进行定制，其生产外包给代工厂。Arm 的首款自制芯片最早将在今年夏天公布。此举将代表着该公司的战略性变化，此前其业务主要是授权芯片设计，自己制造芯片意味着它的现有客户将成为其竞争对手。

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called Storm-2372, has been active since August 2024 and targets a wide range of industries and governments globally. The campaign uses a phishing technique that tricks […]

The post New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens appeared first on Cyber Security News.

A vulnerability was found in nlemsieh HurryTimer Plugin up to 2.11.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13735. The attack can be launched remotely. There is no exploit available.

绿盟科技将DeepSeek-R1的深度推理能力引入渗透测试多智能体PTest Agent中，通过Web渗透测试任务上的实战验证，发现深度推理具有重要性和可行性，后续将重点投入更为深入的探索与研究。

绿盟科技将DeepSeek-R1的深度推理能力引入渗透测试多智能体PTest Agent中，通过Web渗透测试任务上的实战验证，发现深度推理具有重要性和可行性，后续将重点投入更为深入的探索与研究。

Info 目标 QEMU 版本为 5.2.0/5.2.50，主要分析 user mode 下的插件加载。 编译方法 在编译阶段，用户可以使用 --enable-plugins 参数启用插件功能。 添加该参数会向 Makefile 添加参数 CONFIG_PLUGIN=y。 在开启该参数时还会添加 ld_dynamic_list 或 ld_exported_symbols_list 参数。 如果添加了 ld_dynamic_list 参数，则将 plugins/qemu-plugins.symbols 复制到 build/qemu-plugins-ld.symbols； 如果添加了 ld_ex...

A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The identification of this vulnerability is CVE-2025-0348. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Responsive FlipBook Plugin up to 2.5.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11929. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Node.js up to 20.15.0/22.4.0. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2024-37372. The attack may be launched remotely. There is no exploit available.

10分钟速通YAK-JWT靶场教程

10分钟速通YAK-JWT靶场教程

10分钟速通YAK-JWT靶场教程