Aggregator

几乎通过 Docker 构建中的一个漏洞，差点触发史上规模最大的 AI 供应链攻击活动之一。

筑牢“安全+AI”人才底座

目前公开领域损失最高的网络安全事件

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control.

Currently trending CVE - Hype Score: 20 - astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When ...

话说你真的了解jsp webshell吗？他能变成java你敢信？jsp实际解析的过程是一个变成java文件的过程，在整个过程中有很多的小点让webshell有了可乘之机

文剖析AI越狱的五类组合攻击技术，结合历史与政治敏感场景，揭示生成式AI安全机制的脆弱性及防御挑战。

万字长文：Linux 内核中/proc/self/maps 的实现与匿名空间释放机制探究

The China-linked operation has grown from a phishing kit marketplace into an active and growing community supporting a decentralized large-scale phishing ecosystem.

The post Researchers track surge in high-level Smishing Triad activity appeared first on CyberScoop.

The Continuous Diagnostics and Mitigation program is oft-praised, but there are areas where it doesn’t yet excel, as a recent CISA emergency directive shows.

The post F5 vulnerability highlights weak points in DHS’s CDM program appeared first on CyberScoop.

Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025

Стив Возняк и Ричард Брэнсон присоединились к требованию о запрете неконтролируемого ИИ.

红蓝对抗的第二阶段实战已经打响，烽火正式点燃！我们也正式迎来了第二次“考试”！攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

最大的云服务商亚马逊 AWS 周一凌晨发生持续了数小时的宕机事故，影响了无数网站和服务，其中包括智能床垫 Eight Sleep。使用联网床垫的客户报告，他们被床的故障惊醒：床被锁定在垂直斜面，温度变得难以忍受，灯光闪烁，甚至发出闹钟声。Eight Sleep CEO Matteo Franceschetti 为此向客户道歉，称这不是他们想要向客户提供的体验，表示工程师正加紧开发防故障模式以应对未来可能的类似问题。Franceschetti 称到周一晚间，所有床垫均已恢复正常，但部分床垫仍存在“数据处理延迟”。Eight Sleep 的联网床垫允许将床的温度调到 13 到 48 摄氏度之间，将身体抬高到不同位置，激活沉浸式“音景”和振动警报。最先进的套装零售价逾 5,000 美元，此外还需要每年支付 199 至 399 美元的订阅费去启用温度控制功能。

Welcome to the third and final day of Pwn2Own Ireland 2025. So far, we’ve awarded $792,750 for 56 unique 0-day bugs, and we still have 17 attempts to go! We’ll be updating this blog with live results as we have them, so refresh often.

That’s all folks! Pwn2Own Ireland has come to a close. In total, we awarded $1,024,750 for 73 unique 0-day bugs. We’ve seen some amazing research over the last few day, and we can’t thank our competitors enough for bringing their hard work and innovation to the contest. We also thanks all of the vendors who participated and special thanks to our partner Meta and co-sponsors Synology and QNAP. Their support has been invaluable in the success of the event. And of course - we have to congratulate the Summoning Team for winning Master of Pwn. They had some great bugs in multiple categories, and winning Master of Pwn shows their hard work preparing for the contest paid off. Here are the final Master of Pwn standings:

Our next event will be in Tokyo on January 21-23, 2026.. Join us for Pwn2Own Automotive then. See you in Japan!

WITHDRAW - CyCraft Technology has withdrawn their attempt against the Amazon Smart Plug.

FAILURE - Unfortunately, Daniel Frederic and Julien Cohen-Scali of Fuzzinglabs could not get their exploit of the QNAP TS-453E working within the time allotted.

SUCCESS/COLLISION - Xilokar (@Xilokar) used four bugs - including a auth bypass and an underflow - to exploit the Phillips Hue Bridge, but one of the bugs collided with a previous entry. He still earns $17,500 and 3.5 Master of Pwn points.

SUCCESS - Chris Anastasio of Team Cluck used a single type confusion bug to exploit the Lexmark CX532adwe printer. He earns himself $20,000 and 2 Master of Pwn points.

SUCCESS - Ben R. And Georgi G. of Interrupt Labs used an improper input validation bug to take over the Samsung Galaxy S25 - enabling the camera and location tracking in the process. They earn $50,000 and 5 Master of Pwn points.

SUCCESS/COLLISION - Yannik Marchand (kinnay) used three bugs - including an Incorrect Implementation of Authentication Algorithm - to exploit the Phillips Hue Bridge, but the other two bugs collided with bugs seen previously in the contest. He still earns $13,500 and 2.75 Master of Pwn points.

SUCCESS - David Berard of Synacktiv used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (including a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a hard-coded cred and an injection to take over the QNAP TS-453E. These unique bugs earn him $20,000 and 4 Master of Pwn points.

SUCCESS/COLLISION - Team Viettel used two bugs to exploit the Lexmark CX532adwe. While their heap based buffer over was unique, the other bug has been seen earlier in the contest. They still earn $7,500 and 1.5 Master of Pwn points. #Pwn2Own

SUCCESS - Team @Neodyme used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own

SUCCESS - Interrupt Labs combined a path traversal and an untrusted search path bug to exploit the Lexmark CX532adwe. They got a reverse shell and loaded Doom on the LCD. We couldn't play it though. Still awesome to see. They earn themselves $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - The Thalium team from Thales Group (@thalium_team) needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points.

COLLISION - Evan Grant used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own

SUCCESS - namnp of Viettel Cyber Security used a crypto bypass and a heap overflow to exploit the Phillips Hue Bridge. They earn $20,000 and 4 Master of Pwn points, which catapults them in the Top 5 in Master of Pwn standings.

WITHDRAW - Team Z3 has withdrawn their WhatsApp entry.

COLLISION - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS used a single bug to exploit the QNAP TS-453E, but the bug has been previously seen in the contest. Their work still earns them $10,000 and 2 Master of Pwn points.

FAILURE - Unfortunately, Frisk and Opcode from the Inequation Group ctf team could not get their exploit of the Meta Quest 3S working within the time time allotted. They were able to cause a DoS, but did not achieve code execution.

Vimo Rebinder 是一款适用于 Windows 和 macOS 的效率工具，提供可视化快捷键管理、统一不同软件的操作方式，并支持跨平台使用相同快捷键。用户可通过预设或自定义设置快捷键，提升操作效率。

Cбой AWS превратил «умные» кровати в орудия пыток.

探讨从顶层设计到实践，寻求面对未知风险的应对之道。