Aggregator

复试的钟声就要敲响，与其焦虑迷茫不知去向，不如马上加入我们！

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

活动时间：2025.03.24-04.03

01.NET漏洞背景微软的.NET技术广泛应用于全球企业级产品，包括其知名的Exchange、SharePoi

A vulnerability was found in Xmlsoft libxslt up to 1.1.42 and classified as critical. This issue affects the function xsltNumberFormatGetValue/xsltEvalXPathPredicate/xsltEvalXPathStringNs/xsltComputeSortResultInternal of the file numbers.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-24855. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Xmlsoft libxslt up to 1.1.42. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-55549. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

It’s a modern and stealthy process injection technique was discovered by Outflank that involves injecting and executing code in the early stages of process creation before loading EDRs for their user mode detection measures. EarlyCascade technique...

The post EarlyCascade: A PoC for Early Cascade process injection technique appeared first on Penetration Testing Tools.

Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example...

The post Arjun: HTTP parameter discovery suite appeared first on Penetration Testing Tools.

TamaGo – bare metal Go for ARM SoCs TamaGo is a project that aims to provide compilation and execution of unencumbered Go applications for bare metal ARM System-on-Chip (SoC) components. The projects spawns from...

The post tamago: provide compilation and execution of unencumbered Go applications appeared first on Penetration Testing Tools.

今天咱们来聊聊一个在美国情报界上的人物——约翰·拉特克利夫，一个从小镇律师到中央情报局局长的故事！小镇走出的

2025年3月，美国国家档案馆发布了最后一批肯尼迪遇刺案相关的解密文件，共计2,182份档案（约63,400页

Welcome to this week's edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond.

NHS Scotland Confirms Cyberattack Disruption

On 20 March 2025, NHS Scotland reported a major cyber incident that caused network outages across multiple health boards. The cyberattack disrupted clinical systems and led to delayed patient care, with staff reverting to paper-based processes. The incident has been linked to a suspected ransomware group, although official attribution is still pending. Investigations are ongoing with support from the National Cyber Security Centre (NCSC).

Further coverage from The Register confirmed that some systems were taken offline to prevent further spread, while emergency care remained operational. The affected regions included NHS Dumfries and Galloway, which issued a statement urging patients to only attend if absolutely necessary. (Read more on The Register)

NCSC Weekly Threat Report – 22 March 2025

The NCSC's latest threat report highlights ongoing exploitation of known vulnerabilities in Progress Telerik UI by state-aligned threat actors. The report urges UK organisations to patch vulnerable systems immediately, as attackers continue to target unpatched web servers.

Additionally, the NCSC notes an increase in malicious QR code campaigns—so-called "quishing"—where attackers embed phishing URLs into QR codes used in emails, posters, or even receipts. Organisations are advised to educate staff and implement QR code scanning policies.

Cyber Threats on the Rise as UK Eyes General Election

As the UK gears up for a general election later this year, the NCSC has raised concerns over potential interference campaigns and disinformation efforts by hostile states. Security services are reportedly on high alert, coordinating with political parties to bolster cyber resilience. While no major incidents have been reported yet, the threat landscape is being closely monitored.

Quick Bytes

• New phishing campaign mimics HMRC emails demanding urgent tax repayment. Be vigilant and double-check all official correspondence.
• UK universities warned of increased targeting by espionage-motivated groups, particularly in the fields of AI and quantum computing.
• ICO fines a London-based telemarketing firm £130,000 for unlawful data use and non-compliance with GDPR.

That’s all for this week! Stay tuned for more updates, and follow best practices to keep your systems secure.

➡️ Previous Post: UK Cybersecurity Weekly News Roundup - 17 March 2025

The post UK Cybersecurity Weekly News Roundup – 23 March 2025 appeared first on Security Boulevard.

medusa MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications. Some of the framework’s features are the following: Tracing and instrumentation of API calls...

The post medusa: automates processes and techniques practised appeared first on Penetration Testing Tools.