Sinobi New Threat Actor
You must login to view this content
Aggregator
记一次对某博客系统登录认证缺陷的代码审计
10 hours 59 minutes ago
针对某博客系统登录认证缺陷的代码审计
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle
11 hours ago
Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has become a sophisticated delivery mechanism for information-stealing malware campaigns that target browser credentials […]
The post Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle appeared first on Cyber Security News.
Tushar Subhra Dutta
虚拟化逃逸与 Windows 内核提权深度教学
11 hours 2 minutes ago
虚拟化逃逸 Windows 内核提权
我,其实还想进步
11 hours 2 minutes ago
前记者褚朝新2020年11月出过一本书,《我,其实还想进步》,人民日报出版社出的。
我,其实还想进步
11 hours 2 minutes ago
当前网络环境出现异常,需完成验证后方可继续访问。
Akira
11 hours 5 minutes ago
You must login to view this content
cohenido
Akira
11 hours 5 minutes ago
You must login to view this content
cohenido
Sinobi
11 hours 6 minutes ago
You must login to view this content
cohenido
FakeArray 的新构造 + 劫持 Wasm LazyCompile 实现通用控制流劫持
11 hours 10 minutes ago
本文主要探讨已经能够通过漏洞实现addrOf()、fakeObject()这样的原语后,如何最终实现程序流完整控制的通用手法。从提出新型Fakearray构造方式以绕过JSArray.elements结构校验,又介绍了WASM函数完整调用流程以及LazyCompile,从而提出一种基于覆盖Instance对象的jump_start_table的控制程序流方法
Apache Kafka Client 任意文件读取与SSRF 漏洞(CVE-2025-27817)分析
11 hours 10 minutes ago
此漏洞原因为kafka clients进行OAuth 2.0 认证时对token获取来源未作校验
NCorr-FP基于邻域的数据库指纹水印方案分析
11 hours 10 minutes ago
解读NCorr-FP论文分析NCorr-FP方案的实现
so加载详细流程解析
11 hours 11 minutes ago
通过源码分析以及各种API来讲解so的加载过程
记一次AMD漏洞挖掘:从文件权限配置错误到驱动权限提升
11 hours 12 minutes ago
AMD漏洞挖掘-从文件权限配置错误到驱动权限提升
记录burp插件autoDecoder的一次数据解密实战
11 hours 12 minutes ago
在一次日常渗透过程中,遇到了传输过程进行加密的网站,利用bp插件autoDecoder还原了加解密过程。由于对插件以及js代码分析还不太熟练,折腾了好久,记录了实操过程中遇到的关键点
Ejpt exam vouchar Info
11 hours 12 minutes ago
r/netsecstudents是一个Reddit社区,旨在帮助网络安全部门的学生分享资源、提问和互相学习。用户询问如何获取埃及的考试折扣券。
CVE-2025-7076 | BlackVue Dashcam 590X up to 20250624 Configuration /upload.cgi access control
11 hours 19 minutes ago
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls.
This vulnerability is handled as CVE-2025-7076. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-7075 | BlackVue Dashcam 590X up to 20250624 HTTP Endpoint /upload.cgi unrestricted upload
11 hours 19 minutes ago
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload.
This vulnerability is known as CVE-2025-7075. The attack needs to be done within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #603305: BlackVue Dashcam 590X Improper Access Controls [Accepted]
11 hours 24 minutes ago
Submit #603305 / VDB-314990
geochen
Submit #603301: BlackVue Dashcam 590X Improper Access Controls [Accepted]
11 hours 24 minutes ago
Submit #603301 / VDB-314989
geochen