Aggregator

A vulnerability classified as problematic was found in Xlinesoft PHPRunner 10.1. The impacted element is an unknown function. Such manipulation of the argument dashboard name leads to improper handling of overlap between protected memory ranges. This vulnerability is documented as CVE-2019-25592. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability classified as critical has been found in UltraVNC Viewer 1.2.2.4. The affected element is an unknown function. This manipulation of the argument VNC Server causes out-of-bounds write. This vulnerability is registered as CVE-2019-25600. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-4597. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #775635 / VDB-352435

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CISA added the three […]

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. [...]

通过pipe布局与off-by-null漏洞实现页级UAF，结合二级UAF构造任意地址读写，最终提权。

Это может быть ключ к комнатной сверхпроводимости.

Настраиваем родительский контроль правильно.

PSWA 是 Windows Server 2012 中引入的一个 Windows Server 功能，作为一个网关，提供基于网页的 PowerShell 控制台。它允许管理员从未运行Windows操作系统或未安装PowerShell的设备，在远程计算机上执行关键管理任务，但也有可能被滥用。

本文将大部分沙箱的内容做了小结，针对不同沙箱类型对绕过手法进行了分类，内容较多敬请谅解

某企业MES泄露源码审计

某堡垒机js逆向

用AI做代码安全审计：claude-code-security-skills 项目解析

re的进阶的知识，补充常见的理论以及新出现的wasm类型

笔者最近一直在关注银狐的攻击，发现有一类的银狐变化特别快，而且还特别活跃。相信各位师傅看过这样子的银狐钓鱼:**2026年第一季度违规内职人员名单信息公告.exe**，这个团伙现在的加载器已经是多次迭代的，近期主要在混淆方面进行迭代，增加了混淆后，又不好分析，ida还容易崩，单步调试好一会，找到关键函数却眼前一黑，密密麻麻的基本块糊在一起，文章会着重分析如何减轻垃圾代码的影响。

Неужели секрет эволюции скрыт в банальной упругости тканей?

谁在偷窥你的键盘？揭秘潜伏在系统进程背后的“银狐”

视觉小说数据库（Visual Novel Database，简称 VNDB）创始人 Yoran Heling 于 3 月 17 日去世。2007 年网名 Yorhel 的 Yoran Heling 在游玩了《时空轮回》之后，惊讶于网络上没有一个供玩家交流视觉小说、寻找视觉小说的地方，故花费了三个星期的时间创立了 VNDB，作为玩家集中讨论、收集视觉小说的场所。在创立后的一年内，视觉小说数据库便已收录 1000 部视觉小说。目前 VNDB 收录了 61125 部视觉小说。网站背景图中的角色是《AS～天使小夜曲》的女主角“菈司蒂·珐姒”。

15 сек тишины, 0 сохраненных файлов и 100% контроля. Новый загрузчик показал мастер-класс по обходу защиты.