Qilin
You must login to view this content
Aggregator
Qilin
3 days 3 hours ago
You must login to view this content
cohenido
Qilin
3 days 3 hours ago
You must login to view this content
cohenido
Qilin
3 days 3 hours ago
You must login to view this content
cohenido
Qilin
3 days 3 hours ago
You must login to view this content
cohenido
Qilin
3 days 3 hours ago
You must login to view this content
cohenido
长城杯 2026 决赛 Shop 题 GLIBC 2.43 Heap 利用与 Tcache 劫持
3 days 3 hours ago
本文复现了长城杯 2026 决赛 Shop 题目的解题过程,重点分析了 GLIBC 2.43 版本下堆结构体的逆向还原方法。文章详细阐述了通过伪造 Unsortedbin 泄露基址、利用 Tcache Perthread Struct 偏移缺陷劫持堆块指针以及栈迁移执行 ORW 的技术细节。该案例展
【漏洞复现】cPanel&WHM认证绕过漏洞(CVE-2026-41940)分析
3 days 4 hours ago
本文详细分析了 cPanel & WHM 认证绕过漏洞(CVE-2026-41940)的原理与复现过程,该漏洞源于系统会话机制未严格过滤换行符(CRLF),未授权攻击者可利用此缺陷,在预认证阶段将伪造的 root 权限标识注入至底层 Session 文件中。随后通过触发缓存提升机制使恶意数据生效,从而直接绕过登录校验,获取WHM 管理员权限。
Path traversal flaw in AI dev platform Langflow exploited in attacks
3 days 4 hours ago
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]
Bill Toulas
CISA Rewrites Federal Patching Requirements for AI Threat Era
3 days 4 hours ago
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
Jai Vijayan
The Gentleman
3 days 4 hours ago
You must login to view this content
cohenido
The Gentleman
3 days 4 hours ago
You must login to view this content
cohenido
The Gentleman
3 days 4 hours ago
You must login to view this content
cohenido
ISCC2026 web WP
3 days 4 hours ago
iscc2026web方向wp
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
3 days 4 hours ago
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information.
Waqas
The ‘Miasma’ worm source code briefly leaked on GitHub
3 days 5 hours ago
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
Bill Toulas
OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers
3 days 5 hours ago
The company says there’s little evidence it influenced any real policy discussion.
The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers appeared first on CyberScoop.
djohnson
Hessian 二次反序列化新链从零到一挖掘
3 days 5 hours ago
记录一条新的hessian二次反序列化链的完整分析过程
Bug Bounty Research Triggers ServiceNow Security Alert
3 days 5 hours ago
Security research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
Alexander Culafi
LLM 能帮一个安全工程师干些什么
3 days 5 hours ago
LLM 能帮一个安全工程师干些什么