AFL源码审计-Fuzz学习
afl源码审计之路
Aggregator
Машины больше не одиноки: OpenMind создаёт коллективный разум для роботов
1 month 1 week ago
FABRIC: теперь они в разы умнее вместе, чем порознь…
CVE-2021-2399 | Oracle MySQL Server up to 8.0.25 DDL denial of service (Nessus ID 243635)
1 month 1 week ago
A vulnerability was found in Oracle MySQL Server up to 8.0.25. It has been rated as critical. This issue affects some unknown processing of the component DDL. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2021-2399. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-38269 | Linux Kernel up to 6.12.33/6.15.2 btrfs btrfs_convert_extent_bit null pointer dereference (Nessus ID 243634)
1 month 1 week ago
A vulnerability was found in Linux Kernel up to 6.12.33/6.15.2. It has been classified as critical. Affected is the function btrfs_convert_extent_bit of the component btrfs. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2025-38269. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-4771 | Mozilla Firefox up to 125 use after free (Nessus ID 243640)
1 month 1 week ago
A vulnerability classified as critical was found in Mozilla Firefox up to 125. This vulnerability affects unknown code. The manipulation leads to use after free.
This vulnerability was named CVE-2024-4771. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-26839 | Linux Kernel up to 6.7.6 init_credit_return memory leak (Nessus ID 243641)
1 month 1 week ago
A vulnerability was found in Linux Kernel up to 6.7.6. It has been classified as critical. Affected is the function init_credit_return. The manipulation leads to memory leak.
This vulnerability is traded as CVE-2024-26839. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Anthropic Claude Opus 4.1模型发布 多文件代码重构方面的能力获得显著提升
1 month 1 week ago
Anthropic发布Claude 4.1系列模型,Claude Opus 4.1在编程开发领域性能提升显著,可直接替代Opus 4且价格不变。GitHub已集成该模型至Copilot服务中。旧版本Opus 4将在15天后弃用。
间谍软件制造商 Candiru 的活跃基础设施关联匈牙利与沙特阿拉伯
1 month 1 week ago
文章描述了一个网络错误代码521的情况,解释了该错误的原因及其对用户的影响,并提供了解决建议以帮助用户恢复正常访问。
间谍软件制造商 Candiru 的活跃基础设施关联匈牙利与沙特阿拉伯
1 month 1 week ago
HackerNews 编译,转载请注明出处: 研究人员发现,间谍软件制造商Candiru据信利用新基础设施,通过Windows恶意软件攻击计算机。 Recorded Future公司Insikt研究小组周一发布的研究报告揭示了与该间谍软件(“DevilsTongue”)相关的八个不同的操作集群。报告称,其中五个集群高度活跃,包括与匈牙利和沙特阿拉伯相关的集群。 报告指出,“此基础设施既包括可能用于部署和控制Candiru‘DevilsTongue’间谍软件的面向受害者组件,也包括间谍软件操作者使用的高层基础设施。”研究人员表示,“虽然有些集群直接管理其面向受害者的基础设施,但其他集群通过中间基础设施层或Tor网络(允许使用暗网)进行管理。” 除与匈牙利和沙特阿拉伯相关的活跃集群外,研究人员还发现另一个与印度尼西亚相关的集群,其活跃状态似乎持续至2024年11月。报告称,研究人员无法确定与阿塞拜疆相关的另外两个集群是否仍处于活跃状态。 “DevilsTongue”是微软为该Windows间谍软件命名的。研究报告作者、Recorded Future高级威胁研究员朱利安-费迪南德·沃格勒(Julian-Ferdinand Vögele)表示,关于其全部部署方法的公开报道有限。不过,沃格勒称,泄露的材料显示它“理论上”可以通过恶意链接、武器化文件、中间人攻击以及对Windows设备的物理访问进行传播。 沃格勒表示,“DevilsTongue”既通过攻击者控制的URL(例如在鱼叉式网络钓鱼邮件中发现的链接)部署,也通过名为“水坑攻击”的战略性网站入侵(通常利用网络浏览器中的漏洞)进行部署。 Insikt研究小组还在Candiru的公司网络内发现了一个新实体,该实体似乎是在Candiru资产被美国投资公司“诚信伙伴基金”(Integrity Partners)收购时成立的。报告将该新实体确定为“一家名为Integrity Labs Ltd的以色列私营公司”。研究人员认为,时间点表明这家独立公司可能参与了收购过程。 科技新闻媒体CTech于今年4月报道称,诚信伙伴基金以3000万美元收购了Candiru的资产。CTech报道称,诚信伙伴基金随后将Candiru的资产和员工转移至一个新实体,从而规避了美国政府的制裁。 诚信伙伴基金在其网站上未列出媒体联系人信息或任何电子邮件地址。该公司的一位合伙人未立即回复通过LinkedIn发送的消息。 美国商务部于2021年将Candiru列入其实体清单。被列入该清单意味着该公司被认为构成国家安全风险,并对其出口和其他交易施加重大限制。 根据公民实验室(Citizen Lab)2022年的一份报告揭示西班牙政府实施的大规模监控行动,西班牙加泰罗尼亚独立运动成员曾成为Candiru间谍软件的目标。 消息来源:therecord; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
CVE-2021-47337 | Linux Kernel up to 5.13.3 SCSI scsi_host_alloc null pointer dereference (WID-SEC-2024-1197)
1 month 1 week ago
A vulnerability has been found in Linux Kernel up to 5.13.3 and classified as critical. Affected by this vulnerability is the function scsi_host_alloc of the component SCSI. The manipulation leads to null pointer dereference.
This vulnerability is known as CVE-2021-47337. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-47304 | Linux Kernel up to 5.10.52/5.13.4 TCP tcp_init_transfer initialization (ad4ba3404931/fe77b85828ca/be5d1b61a2ad / WID-SEC-2024-1197)
1 month 1 week ago
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.52/5.13.4. Affected is the function tcp_init_transfer of the component TCP Handler. The manipulation leads to improper initialization.
This vulnerability is traded as CVE-2021-47304. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-47335 | Linux Kernel up to 5.10.50/5.12.17/5.13.2 f2fs fsync_entry_slab use after free (WID-SEC-2024-1197)
1 month 1 week ago
A vulnerability classified as problematic was found in Linux Kernel up to 5.10.50/5.12.17/5.13.2. Affected by this vulnerability is the function fsync_entry_slab of the component f2fs. The manipulation leads to use after free.
This vulnerability is known as CVE-2021-47335. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)
1 month 1 week ago
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems.
BackgroundTenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding two recently disclosed vulnerabilities in Cursor IDE.
FAQWhat is Cursor?
Cursor is an AI-assisted integrated development environment (IDE), or AI code editor, developed by Anysphere. It was first released in March 2023.
Who uses Cursor?
In January 2025, Cursor had over 1 million users, according to a Bloomberg report. The company states that Cursor is used by over half of the Fortune 500, naming NVIDIA, Uber and Adobe among its customers.
What is CurXecute and MCPoison?
CurXecute and MCPoison are the names given to two separate vulnerabilities in Cursor.
What are the vulnerabilities associated with CurXecute and MCPoison?
The following are the CVEs assigned for both CurXecute and MCPoison:
CVEDescriptionCVSSv3CVE-2025-54135Cursor Arbitrary Code Execution Vulnerability (“CurXecute”)8.5CVE-2025-54136Cursor Remote Code Execution via Unverified Configuration Modification Vulnerability (“MCPoison”)7.2When were these vulnerabilities first disclosed?
CurXecute (CVE-2025-54135) was disclosed on August 1 by researchers at AIM Security while MCPoison (CVE-2025-54136) was disclosed on August 5 by researchers at Check Point Research.
Were any of these vulnerabilities exploited as a zero-day?
No, these vulnerabilities were disclosed to Cursor by the respective researchers through coordinated disclosure on July 7 (CurXecute) and July 16 (MCPoison).
Are there any proofs-of-concept (PoCs) available for CurXecute and MCPoison?
Yes, the researchers have published PoC details on their respective blog posts, explaining how attackers could potentially exploit these flaws.
How severe are CurXecute and MCPoison?
Both vulnerabilities have the potential to be severe, but it is context dependent. The common thread between the two flaws is how Cursor handles interaction with MCP servers.
For a primer on MCP, read the blog Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications. Additionally, Tenable Research has published investigations into MCP security, including MCP prompt injection and our discovery of a critical flaw in Anthropic MCP Inspector.
In the example outlined by AIM Security for CurXecute, an attacker could leverage prompt injection by targeting an MCP connected to a Slack instance, sending a crafted message that would be processed by the Slack MCP Server and read by Cursor to modify the underlying global mcp.json configuration settings even before the user has a chance to reject the suggested edits by AI. Crucially, Cursor would execute the command added to the modified MCP configuration immediately.
In the example outlined by Check Point Research for MCPoison, the flaw stems from the approval of an MCP server that contains a project-specific configuration (mcp.json). Once this MCP server has been approved by the target, any changes to the underlying configuration are considered trusted because it is bound by the MCP name not its contents. This would allow an attacker to modify the configuration to include malicious commands that would be executed silently and without requiring re-approval.
AI-assisted code editors help with the development of software but they introduce a new layer of risk. Whether through enabling MCP servers that could be vulnerable to prompt injection (CurXecute) or leveraging a seemingly harmless open-source project that is then compromised by a malicious contributor (MCPoison).
Are patches or mitigations available for CurXecute and MCPoison?
Yes, Cursor has released updated versions of its IDE to address both CurXecute and MCPoison.
CVEAffected ProductAffected VersionsFixed VersionCVE-2025-54135Cursor1.21 and below1.3.9CVE-2025-54136Cursor1.2.4 and below1.3Has Tenable released any product coverage for these vulnerabilities?
A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages as they’re released:
This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.
Customers can also use our MCP Server Detected plugin to identify MCP server usage.
Get more information- When Public Prompts Turn Into Local Shells: ‘CurXecute’ – RCE in Cursor via MCP Auto‑Start
- MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass
Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Satnam Narang
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)
1 month 1 week ago
文章披露了Cursor代码编辑器的两个漏洞CurXecute和MCPoison,影响其对MCP服务器的处理。这些漏洞可能导致代码执行,并被广泛使用的Fortune 500公司等用户所影响。Cursor已发布更新修复这些问题。
沙场秋点兵!RayScan 新锐引擎利刃出鞘,开启漏洞“全方位检阅”
1 month 1 week ago
盛邦安全发布全新升级的RayScan漏洞评估系统,通过AI智能检测引擎优化算法,提升性能与易用性。支持多场景扫描、可视化风险地图及智能化工具,助力用户高效管理网络安全风险。
沙场秋点兵!RayScan 新锐引擎利刃出鞘,开启漏洞“全方位检阅”
1 month 1 week ago
网络空间风云诡谲,漏洞威胁如暗雷潜伏。盛邦安全一体化漏洞评估系统(RayScan)全新升级,依托AI智能检测引擎优化核心算法,性能翻倍、易用性飙升,帮助用户筑高安全基线。
【第一方队:扫描能力全域进化 多场景全面覆盖】
1、多场景适应
实现对云计算平台、IoT设备、容器镜像、国产化软件等多种新型攻击面的深入扫描,确保对数字资产的全面覆盖。
2、闪电战
漏洞评估无上限,上万级资产普查无压力,高频巡检效率碾压传统工具。
【第二方队漏洞态势一屏掌控 风险地图尽收眼底】
1、可视化呈现
全新漏洞-资产关联大屏,以资产风险分布视图、风险分布视图实时展示漏洞变化趋势、风险类别趋势。
2、智能作战沙盘
穿透式定位关键系统风险,直观呈现同一漏洞影响资产范围、同一风险类别影响资产范围、同一资产关联风险、同一端口关联风险,同一资产责任人/资产组关联风险等。
3、高效汇报
多维视图报告自动生成,灵活自定义报表满足不同角色需求,支持多种格式输出。
【第三方队:化繁为简 人人可打胜仗】
1、精准研判
利用自然语言处理和语义理解技术,对漏洞描述、修复建议进行智能精炼与关联分析,降低技术门槛,提升判断效率。
2、智能装备
一键式漏洞工具,支持漏洞验证、自定义poc能力。
3、作战留痕
扫描日志实时监测,实时查看任务执行过程的日志信息,监控任务状态,满足等保2.0审计追溯要求。
4、向导式作战
提供快速上线向导,首次登录时能在快速向导指引下逐步完成部署配置。内置多种扫描策略,支持两高一弱、攻防演练、高危应急等多场景快速自检。
每一寸数字疆土,皆在RayScan锐眼之下!
盛邦安全
Reverse Engineer as a freelance jobs
1 month 1 week ago
一位自由职业者在寻找逆向工程客户时遇到困难,尤其在Upwork上难以找到适合自己的项目(如APK逆向和Java开发),并寻求建议以找到合适的客户。
Trump’s Allies Propose New “Cyber Force” Military Branch to Combat Digital Threats
1 month 1 week ago
As the Pentagon grapples with the consequences of funding shortfalls and high turnover in the field of cybersecurity, Donald Trump’s inner circle is floating a bold proposal: the creation of a new combat branch—Cyber...
The post Trump’s Allies Propose New “Cyber Force” Military Branch to Combat Digital Threats appeared first on Penetration Testing Tools.
ddos
The WAF Deception: 70% of Firewalls Bypassed by HTTP Parameter Pollution and JS Injection
1 month 1 week ago
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...
The post The WAF Deception: 70% of Firewalls Bypassed by HTTP Parameter Pollution and JS Injection appeared first on Penetration Testing Tools.
ddos
The Dark Side of Crypto ATMs: Treasury Warns of Rising Fraud and Scams as Losses Near $250M
1 month 1 week ago
Amid the rapid proliferation of cryptocurrency ATMs across the United States, the Department of the Treasury has issued a warning about the growing risk of their exploitation for illicit purposes. In a recently published...
The post The Dark Side of Crypto ATMs: Treasury Warns of Rising Fraud and Scams as Losses Near $250M appeared first on Penetration Testing Tools.
ddos