Aggregator

第二个零解题确实做不出来，8字节任意地址写没有泄露的ioctl支持解决不了

自动化越狱提示词的生成

记得以前做渗透，信息收集要开一堆工具，漏洞利用要自己找 POC，报告写完一天没了。 最近写了一个 CLI 工具 VulnClaw，把这个流程串起来了： 自然语言输入 → AI 理解意图 → MCP 工具链 → 全自动渗透 → 自动出报告。 GitHub 开源，MIT 协议，欢迎试用。

从initramfs到系统恢复

A ransomware group is claiming to have collected data allegedly belonging to Mecanizados y Montajes Aeronáuticos, a Spanish aerospace manufacturing company serving major Tier 1 and OEM programs.

A threat actor on an underground forum is claiming to leak databases allegedly belonging to Avea Vacances, a French organization offering holiday camps and educational stays for children and teenagers.

A threat actor on an underground forum is claiming to have leaked a database allegedly belonging to Optic 2000, a French optical retail and eyewear brand.

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

A threat actor on an underground forum is claiming to have compromised VIPER, an integrated management platform allegedly used by Chilean fire departments.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A threat actor on an underground forum is claiming to auction a customer database allegedly belonging to WisERP, a smart ERP solutions provider for modern businesses.

A threat actor on an underground forum is claiming to share database entries allegedly tied to multiple Pakistani government agencies.

Currently trending CVE - Hype Score: 30 - In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. ...

Currently trending CVE - Hype Score: 5 - Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 30 - In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then-decrement pattern (atomic_read followed by separate atomic_dec) to manipulate ...

Currently trending CVE - Hype Score: 30 - io_uring UAF, Unix SCM garbage collection

Currently trending CVE - Hype Score: 31 - Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."