第十八届CISCN决赛CTF Hard php题解
该CTF题目通过笛卡尔积注入绕过SQL过滤获取管理员密码,随后通过环境变量注入进行RCE,全网首发wp。
Aggregator
Daily Dose of Dark Web Informer - 2nd of September 2025
3 months 2 weeks ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer
Grade School Crypto Videos
3 months 2 weeks ago
This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis. Full disclosure: I produced these videos over a decade ago. Now they are hosted directly on this web site. The technical details in the videos […]
The post Grade School Crypto Videos appeared first on Security Boulevard.
Rick
Cyberattack Disrupts Jaguar Land Rover Assembly Line
3 months 2 weeks ago
Company Says No Evidence of Customer Data Exfiltration
British carmaker Jaguar Land Rover shut down its Liverpool assembly line Tuesday following a cyberattack. "At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted," the company said.
British carmaker Jaguar Land Rover shut down its Liverpool assembly line Tuesday following a cyberattack. "At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted," the company said.
Varonis Acquires SlashNext to Combat Phishing, Email Attacks
3 months 2 weeks ago
Acquisition Targets Business Email Compromise, Impersonation and Spear-Phishing
Varonis has acquired SlashNext to strengthen detection of phishing and social engineering attacks. The integration will help prevent identity compromises via email, SMS and collaboration tools while enhancing Miami-based Varonis’ AI-driven data protection.
Varonis has acquired SlashNext to strengthen detection of phishing and social engineering attacks. The integration will help prevent identity compromises via email, SMS and collaboration tools while enhancing Miami-based Varonis’ AI-driven data protection.
Hacks on Specialty Health Entities Affect Nearly 900,000
3 months 2 weeks ago
Orthopedic Group, Medical Imaging Centers, Home Healthcare Provider Report Breaches
Specialty healthcare providers know what they're about when it comes to an irregular heartbeat or a wheezing lung. Cybersecurity, not so much. Hacks on specialty medical entities easily result in tens of thousands, if not hundreds of thousands, or even millions, of patient records being compromised.
Specialty healthcare providers know what they're about when it comes to an irregular heartbeat or a wheezing lung. Cybersecurity, not so much. Hacks on specialty medical entities easily result in tens of thousands, if not hundreds of thousands, or even millions, of patient records being compromised.
Silver Fox APT Abuses Windows Driver in Active Campaign
3 months 2 weeks ago
Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected
A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.
A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.
Hackers breach fintech firm in attempted $130M bank heist
3 months 2 weeks ago
Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix). [...]
Bill Toulas
Threat Attack Daily - 2nd of September 2025
3 months 2 weeks ago
Threat Attack Daily - 2nd of September 2025
Dark Web Informer
Missed jury duty? Scammers hope you think so
3 months 2 weeks ago
Avast Blog
Ransomware Attack Update for the 2nd of September 2025
3 months 2 weeks ago
Ransomware Attack Update for the 2nd of September 2025
Dark Web Informer
CVE-2018-13374
3 months 2 weeks ago
Currently trending CVE - Hype Score: 11 - A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server ...
CVE-2020-3259
3 months 2 weeks ago
Currently trending CVE - Hype Score: 11 - A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the ...
SDL 88/100问:源代码扫描,是做仓库的全量扫描还是增量扫?
3 months 2 weeks ago
说起源代码扫描,主要安全活动是SCA和SAST,前者是扫描开源组件已知的漏洞、后门及开源许可证,后者主要是对自研代码漏洞做扫描。
关于增量or全量?这对SAST的结果影响比较大,因为当前主流SAST工具的检测核心逻辑:仍然依赖数据流污点追踪技术,而代码完整性的缺失,会直接导致漏洞检出率下降。
不过在SAST检出的漏洞类型中,也有不影响检出率的情况,比如硬编码密码等敏感信息泄露的检测。从效果来看,还是建议做扫描全量,与此同时则要解决扫描速度和性能的问题。
------------更多内容,请访问-------------
1、SDL 100问
SDL100问:我与SDL的故事
SAST误报太高,如何解决?
SDL需要哪些人参与?
大家都有哪些SDL运营指标?
业务系统是否可以带漏洞上线?
日常的漏洞运营,也应该是SDL团队来做吗?
关于开发安全BP,对开展SDL有哪些帮助?
上传图片的API,除了常见web漏洞外,是否还会有风险?
SDL 84/100问:国内是否有做安全基线的厂商或这个方向的专家?
SDL 85/100问:在推进SDL时,一般选择什么类型的员工作为对接人?
SDL 86/100问:水平越权属于STRIDE中的哪一种?
SDL 87/100问:哪个厂商做SDL咨询服务和建设比较强?
2、SDL创新实践
首发!“ 研发安全运营 ” 架构研究与实践
DevSecOps实施关键:研发安全团队
DevSecOps实施关键:研发安全流程
DevSecOps实施关键:研发安全规范
DevSecOps实施关键:研发安全工具
从安全视角,看研发安全
数字化转型下研发安全痛点
一个思考:安全测试驱动产品安全?
3、SDL最初实践
【SDL最初实践】开篇
【SDL最初实践】安全培训
【SDL最初实践】安全需求
【SDL最初实践】安全设计
【SDL最初实践】安全开发
【SDL最初实践】安全测试
【SDL最初实践】安全审核
【SDL最初实践】安全响应
4、安全运营实践
基于实践的安全事件简述
安全事件运营SOP:钓鱼邮件
安全事件运营SOP:网络攻击
安全事件运营SOP:蜜罐告警
安全事件运营SOP:webshell事件
安全事件运营SOP:接收漏洞事件
应急能力提升:实战应急困境与突破
应急能力提升:挖矿权限维持攻击模拟
Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift
3 months 2 weeks ago
Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems…
Waqas
Top 10 Best API Penetration Companies In 2025
3 months 2 weeks ago
Securing APIs is a critical cybersecurity challenge in 2025 as they are the backbone of modern applications and a prime target for attackers. API penetration testing is no longer an optional check; it’s a necessity for finding business logic flaws, authorization bypasses, and other complex vulnerabilities that automated tools can’t detect. The best companies in […]
The post Top 10 Best API Penetration Companies In 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
Nick Andersen appointed to CISA leadership role
3 months 2 weeks ago
The Cybersecurity and Infrastructure Security Agency announced that Nicholas Andersen has taken over as the executive assistant director for cybersecurity.
Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust
3 months 2 weeks ago
Bolting a chatbot onto a legacy SOAR tool doesn’t make it intelligent. Here’s what real autonomous security operations look like — and why they matter.
The post Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust appeared first on D3 Security.
The post Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust appeared first on Security Boulevard.
Alex MacLachlan
Disney agrees to $10 million settlement for collecting data from children
3 months 2 weeks ago
The Federal Trade Commission (FTC) announced Disney has agreed to pay $10 million to settle allegations that it collected personal data from children watching YouTube videos without parental notification or consent.
Qilin
3 months 2 weeks ago
You must login to view this content
cohenido