Aggregator

漏洞描述GNU InetUtils telnetd 是 GNU InetUtils 套件中的远程登录服务守护进程，2026年1月互联网披露 GNU InetUtils telnetd 远程认证绕过漏洞，该漏洞允许远程攻击者绕过 telnetd 的身份验证机制，直接获取root权限，可导致服务器失陷。受影响版本：1.9.3 <= GNU InetUtils telnetd <= 2.7评

Alleged Sale of Unauthorized Root Access to 1,500+ Linux Systems at Stevens Sales Company (SSCO)

Джентльменские соглашения в интернете официально аннулированы.

A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.

Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. [...]

PLY（Python Lex-Yacc）库3.11中存在一个未记录的且不安全的功能，允许通过`yacc()`函数中的`picklefile`参数进行远程代码执行（RCE）。该参数接受一个`.pkl`文件，并使用`pickle.load()`进行反序列化，而不进行任何验证。由于`pickle`允许通过`__reduce__()`执行嵌入的代码，因此攻击者可以通过传递恶意pickle文件来实现代码执行

文章包含完整的环境搭建、漏洞分析、漏洞复现（超详细版）

Всё о новых правилах жизни для голландских школьников в 2026 году.

A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts files for monetary gain, DynoWiper operates with a single […]

The post DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data appeared first on Cyber Security News.

Red Canary's monthly roundup of upcoming security conferences and calls for papers (CFP) submission deadlines

On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and snowstorms threatened the nation’s energy stability. All operations had purely destructive intentions, designed to damage […]

The post 30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks appeared first on Cyber Security News.

Дуров нашел компромат на Цукерберга двадцатилетней давности.

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to

A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Cardinal, The White Pulse, Russian Partizan, and Inteid, publicly announced its formation on January 27, 2026, marking a significant escalation in state-aligned hacktivist operations targeting Western nations. […]

The post Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack appeared first on Cyber Security News.

介绍fastcms内置一套完整的CMS建站系统，同时也支持博客，论坛，商城等功能fastcms完全融入微信生态，是一切微信营销插件的基石fastcms可以基于jar, zip包动态热插拔fastcms基于SpringBoot进行插件式开发，具有极强的扩展性，让你彻底从臃肿的项目中解脱出来源码：https://gitee.com/xjd2020/fastcms/tree/v0.1.5-release

从冰蝎架构误配、web.config覆盖到LSASS dump致认证瘫痪，剖析三次实战崩溃根源及防御绕过教训。