Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

本文将大部分沙箱的内容做了小结，针对不同沙箱类型对绕过手法进行了分类，内容较多敬请谅解

skill介绍、skill使用、开发属于自己的skill。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]

本文收集了软件安全赛2026线上初赛全部题的wp

本文对帆软FineReport的项目结构，路由映射和历史漏洞进行详细分析，旨在为想要审计帆软报表的读者提供详尽的入门指南。

PyTorch torch.export.load 隐藏的反序列化 RCE 漏洞

2026白帽大会 - 破局与重构：多模态AI Agent的红蓝对抗效率革命

2026阿里白帽大会 - Kaminsky重现：重新思考DNS辖区原则实现的安全性

src漏洞挖掘分享，人生中第一个src漏洞

本文是一篇探讨如何将AI（尤其是大语言模型）与Web3智能合约安全审计深度结合的技术实践与方法论文章。基于实际工作经验，提出在AI时代，真正高效的自动化代码审计不应依赖简单的指令或具体的漏洞案例，而应回归“提示词编写（Prompt Engineering）”的基本功。

本文基于一套经过实战验证的安全审计 Skill 体系的设计与重构经验，系统讲解如何编写高质量的代码审计 Skill。

目前通过我们人脑进行设计越狱提示词是存在瓶颈以及空档期，为了更好更全面的实现大模型越狱测试，用AI生成Prompt来实现大模型越狱是个更好的方向

分享一下最近挖的两个0Day的思路

智慧校园代码审计

A vulnerability was found in Canonical Juju up to 3.6.18. It has been classified as critical. This issue affects some unknown processing of the component Vault Secrets Back-End. Performing a manipulation results in improper authorization. This vulnerability is identified as CVE-2026-32692. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in OpenText ZENworks Service Desk 25.2/25.3. It has been rated as problematic. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-3278. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in MuraCMS up to 10.1.10. It has been rated as problematic. This impacts an unknown function of the component Update Address. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2025-55045. The attack is possible to be carried out remotely. No exploit exists.