SolarWinds Serv-U 多个严重漏洞可用于提供服务器root权限
速修复
Aggregator
合勤:注意影响十几款路由器的严重RCE漏洞
2 months ago
速修复
Tomcat Valve/Executor/Upgrade/Adapter内存马分析与思考
2 months ago
关于四种Tomcat内存马的一些学习与思考
New York sues Valve for promoting illegal gambling via game loot boxes
2 months ago
New York Attorney General Letitia James sued video game developer and publisher Valve Corporation for using game loot boxes to facilitate illegal gambling activities among children and teenagers. [...]
Sergiu Gatlan
AgentSmith-HUB v0.1.8 更新说明
2 months ago
AgentSmith-HUB v0.1.8 更新说明
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
2 months ago
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending […]
Pierluigi Paganini
Связи не будет. Британия испытала систему, которая лишает ПВО «глаз» и «ушей»
2 months ago
BAE Systems планирует сделать радиоэлектронную борьбу массовой.
Сначала бэкапы, потом 1С. Как шифровальщик C77L лишает российский бизнес шансов на восстановление
2 months ago
История успеха (и вреда) нового шифровальщика, который заменил закрытый Phobos.
【安全圈】黑客将 Pulsar RAT 藏进 PNG 图片:NPM 再现供应链投毒
2 months ago
关键词网络病毒安全研究人员发现,一起新的 NPM 供应链攻击利用“图片藏毒”技术传播远控木马。
【安全圈】全球零售巨头电商遭植入支付窃取器:PrestaShop 商城被“二次下单”攻击
2 months ago
关键词网络攻击安全公司 Sansec 披露,一家全球前十的大型连锁超市电商网站被植入数字支付窃取器(payme
【安全圈】黑客利用 Facebook 广告投放假 Windows 11 更新窃取信息
2 months ago
关键词安全公司 Malwarebytes 报告发现,一起针对社交媒体用户的新型攻击正通过 Facebook 广
【安全圈】大疆扫地机被曝安全漏洞,6700台设备可被远程控制
2 months ago
关键词安全漏洞近日,西班牙一名 DIY 爱好者阿兹杜法尔(Sammy Azdoufal)在尝试用 PS5 手柄
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
2 months ago
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines.
"The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code
The Hacker News
Два фотона для квантовой запутанности — успех 50%. Один фотон — почти 100%. Идеальный рецепт квантового интернета найден?
2 months ago
Просто поставили зеркало - и подняли точность связи до идеала.
车联网安全之渗透实战 —— CAN 总线及协议:能读懂车内语言
2 months ago
本文仅用于安全研究与防御加固目的。演示内容全部基于虚拟 CAN 总线与实验数据,帮助理解 CAN/ISO-TP/诊断通信与固件安全审计思路;不提供面向真实车辆的操控复现与攻击指令
评论 | 莫让“数字泔水”淹没了思想的清泉
2 months ago
2025年底,“数字泔水(slop)”被韦氏词典出版商评选为年度热词,并将其定义为“通常由人工智能批量生成的低质量数字内容”。这个本义为“剩饭菜”的词汇,在网络环境中日渐突出。
关注 | 社会救助法草案二审稿提请审议 进一步加强个人隐私和个人信息保护
2 months ago
2月25日,社会救助法草案二次审议稿提请十四届全国人大常委会第二十一次会议审议。
关注 | 最高人民法院举行新闻发布会,从严惩处电信网络诈骗犯罪!
2 months ago
2026年2月26日,最高人民法院召开“迎两会·守公正·启新程”第十场新闻发布会,主题是“人民法院依法惩治电信网络诈骗、侵财犯罪工作情况”。最高人民法院刑三庭庭长汪斌、刑四庭副庭长司明灯、刑三庭副庭长王鲁出席发布会,并回答记者提问。
网览九州 | 复杂网络威胁下城市级网络安全防护体系的建设——以广东省佛山市城市分布式网络安全防护体系为例
2 months ago
推动城市级网络安全治理范式从传统的“分散自治”向现代的“协同共治”转型,已成为破题的关键。佛山市探索构建的“1+N+X”城市分布式网络安全防护体系的实践,正是对这一战略转型的系统性回应。
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
2 months ago
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector.
The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named
The Hacker News