Aggregator

Homeland Security Secretary Says Trump Budget Strengthens Cybersecurity
Senate Democrats Tuesday pushed Homeland Security Secretary Kristi Noem on the Trump administration's cuts to the cybersecurity component of the U.S. federal department she leads. Noem told senators the U.S. Cybersecurity and Infrastructure Agency will "continue to fulfill" its statutory obligations.

Scattered Spider Stole Tata Consulting Services Employee Login Details for Hack
British retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Georgia Court Allows Claims of Fraud, Trespass Over Falcon Software Update
Delta can proceed with its lawsuit against CrowdStrike over a July 2024 update that allegedly bypassed Microsoft safeguards and crashed thousands of systems. The judge found that Delta sufficiently alleged fraud, computer trespass and gross negligence, allowing key claims to move forward.

境外黑客组织针对我国关键领域的网络攻击频率激增！

一次恶意挖矿样本分析到捕获矿池地址

从很早以前就一直很好奇 VirtualApp 的相关技术，但是一直抽不出时间。正巧最近想试着自己照猫画虎开发一个类似的容器化应用，并做一些定制化的需求，因此抽空把整个项目过了一遍，也正好帮我整理一遍过去一直对整个 Android 系统较为模糊的认知。

越来越多的恶意软件使用正常的数字签名，近日笔者又跟踪到一例使用正常数字签名的后门样本，该攻击样本将相关的函数保存在文件名或INI文件当中，然后读取文件名或INI文件获取到相关函数执行恶意操作。

击者可能仅通过模型的API查询接口（即“黑盒”访问），就能推断出某条数据是否被用于训练（成员推断攻击），甚至直接提取训练数据中的具体内容（数据提取攻击）。这些攻击技术的快速发展揭示了一个严峻的事实：大模型的强大功能与其隐私风险之间存在深刻的矛盾

DarkCloud Stealer是一款由vc6编写信息窃取程序，本文对其一个样本进行分析后发现，攻击者通过多重内存反射加载试图绕过杀软。

工具脚本、批量探测

mobileISCC mobile 邦布出击安装apk点击右下角的按钮，进入图鉴界面，百度各种邦布的种类，一个一个试，可以得到三段base64加密的文本邦布图鉴 - 绝区零WIKI_BWIKI_哔哩哔哩然后将三段base64拼接起来，循环解码三次base64得到一串明文尝试打开解压得到的db文件，提示非数据库文件，经查询是经过sqlcipher加密，那么此前得到的明文应该就是解密的keyflag是

分析高版本Fastjson组件getter调用过程中的限制成因，以及一步步尝试探索通过动态代理技术代理安全接口，规避Fastjson对危险类的黑名单检查，使反序列化时通过代理接口转发调用到恶意类的getter方法（如TemplatesImpl的getOutputProperties），从而绕过黑名单限制触发漏洞。

先知社区Q&A

2025ISCCpwn合集

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been classified as critical. Affected is the function __scm_smc_call. The manipulation of the argument __scm leads to null pointer dereference. This vulnerability is traded as CVE-2024-57985. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.10.234/6.6.82/6.12.17/6.13.5. Affected is the function early_memmap of the file mm/early_ioremap.c. The manipulation leads to excessive iteration. This vulnerability is traded as CVE-2025-21872. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects the function cpu_stop_signal_done of the component hrtimers. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-21816. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been classified as problematic. Affected is an unknown function of the component io_uring. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-21863. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.17/6.13.5. This affects an unknown part of the component bnxt_re. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-21885. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3 and classified as critical. This issue affects the function bpf_local_storage_map_free. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-58088. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.