Aggregator

该文章描述了一个关于逆向工程的Reddit社区，用户可以在该社区讨论和分享与逆向工程相关的内容和资源。

トレンドマイクロ株式会社が提供する企業向けエンドポイントセキュリティ製品には、複数のOSコマンドインジェクションの脆弱性があります。同社は、一部の脆弱性を悪用する攻撃をすでに確認しているとのことです。この問題に対する一時的な緩和策として、製品へのFixtoolの適用が推奨されています。なお、トレンドマイクロ株式会社は、2025年8月中旬に本脆弱性の恒久対策として、Critical Patchのリリースを予定しています。詳細は、開発者が提供する情報を参照してください。

Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies.

DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once.

Langfuse 是一个开源的 LLM 工程平台，提供全链路追踪与可视化功能，帮助开发者优化大语言模型应用。支持多种模型、框架及模态，具备提示词版本管理、评估分析及成本监控能力。用户可通过仪表盘实时查看请求数据与指标，加速问题定位与迭代优化。

丰富流域建设经验，满足等保、关保合规要求。

本期周报简介：1、SFTP对接合作方时，是否应优先采用证书认证？如何结合白名单、端口策略与漏洞管理，构建合理的文件传输方案？ 话题二：满足信创要求时，UKey应仅支持国密还是兼容国际算法？双因子认证如何实现，短信验证码是否符合等保要求？

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative. [...]

A vulnerability classified as problematic was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. This vulnerability was named CVE-2025-9017. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. This vulnerability is uniquely identified as CVE-2025-9016. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #629562 / VDB-320068

Submit #629590 / VDB-255194

A vulnerability was found in NoMachine. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2025-8614. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sysax Multi Server up to 5.54. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSH Service. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2012-10060. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in KuWFi GC111 3.0_20191211. It has been classified as critical. Affected is an unknown function of the component Telnet Service. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-43986. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in SA-MP GTA San Andreas Multiplayer Server 0.3.1.1 and classified as critical. This issue affects some unknown processing of the file samp-server.exe of the component server.cfg Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2011-10014. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #624900 / VDB-320067

A vulnerability has been found in Lattice Semiconductor ispVM System 18.0.2 and classified as critical. This vulnerability affects unknown code of the component xcf Project File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2012-10057. The attack can be initiated remotely. Furthermore, there is an exploit available.