Aggregator

阅读： 6通告编号 NS-2026-00152026-05-14TAG：Nginx、ngx_http_rewrite_

云 AccessKey 利用工具集投毒

阅读： 1通告编号 NS-2026-00142026-05-14TAG：Linux、kernel、CVE-2026-46300漏洞危害：

Copy Fail (CVE-2026-31431) 是 Linux 内核身份验证加密模块中的一个逻辑错误。它允许**非特权用户向任意可读文件的页缓存中写入 4 字节的任意数据，并且支持多次写入**

AMSI对抗技术

在野银狐样本分析

Java 反序列化、ObjectInputFilter、JEP 415、Gadget Chain、JDK 21、绕过技术、SignedObject

简单讲讲chat_template。

通过Attach API动态注入Agent，利用ASM在字节码层面改写目标类的方法体，实现认证逻辑的运行时绕过、业务逻辑的精确篡改，以及Agent自身的无痕持久化。

In the mercenary realm of commercial surveillance, judicial injunctions rarely deter those who have engineered lucrative empires upon human vulnerabilities. Recently, Meta disclosed audacious new attempts by the notorious NSO Group to compromise WhatsApp...

The post NSO Group WhatsApp Attack: Meta Exposes New Spyware Exploits appeared first on Information Security News.

一个越狱调参实验

在 Markdown、公式渲染等富内容处理场景下，由于第三方组件与浏览器底层（HTML、URL、JS 解析器）在实体解码、协议提取和规范化处理上存在机制差异，极易引发解析层面的语义错位，导致了XSS防御体系的 Bypass

A single day of delayed patching could transform a corporate security gateway into a highly convenient ingress point for malicious actors. Shadowserver experts recently reported massive exploitation attempts targeting a critical Ivanti Sentry vulnerability....

The post Critical Ivanti Sentry Exploit Endangers Corporate Gateways appeared first on Information Security News.

分析最近 Gemini App 的两个间接提示词注入漏洞，总结间接提示词注入实战攻击手法

Apple wants to make life easier for developers who write code on a Mac but deploy their finished applications to Linux. At WWDC, the company introduced container machines. These are persistent Linux virtual machines...

The post Apple Container Machines Bring Linux to Mac appeared first on Information Security News.

Occasionally, the simplest method to conceal malicious software relies not upon intricate camouflage, but rather upon excessive digital weight. GoFlateLoader utilizes this precise technique. It is a Golang loader designed to deliver infostealers like...

The post GoFlateLoader Malware Loader: Golang Infostealer Threat appeared first on Information Security News.

Google will commence archiving a broader spectrum of user search data. Consequently, this new policy encompasses images from Google Lens and voice queries. Furthermore, it includes recordings from the Search Live function and spoken...

The post Google Search Data Policy: AI Training and User Privacy appeared first on Information Security News.

2026年6月15日 10:20软件资讯00.78K

Google recently filed a lawsuit against a suspected Chinese cybercriminal network. The corporation refers to this massive syndicate as Outsider Enterprise. Allegedly, this group sold sophisticated phishing kits to other fraudsters. Furthermore, they facilitated...

The post Google Sues Outsider Enterprise Over AI Phishing Scams appeared first on Information Security News.