【安全圈】自学黑客技术入侵系统,00后“炫技”付出沉重代价
关键词自学黑客“00后”小伙自学计算机技术后,为炫技侵入他人计算机信息系统获刑。8月26日,从成都青羊区法院获悉这起案件。
Aggregator
Prompt hacks guide
3 months 3 weeks ago
本文链接
《Prompt Hacks:终极指南》系统梳理了生成式 AI 面临的提示注入、越狱等攻击手法,并给出10类威胁模型与对应防御方案。文件揭示了 LLM 无法区分系统指令与用户输入的根本原因,展示攻击者如何通过角色扮演、故事编造、编码混淆、令牌注入等方式窃取数据或输出有害内容;同时提供红队演练、语义防火墙、实时观测、合规审计等落地策略,帮助企业守护品牌、资金与运营安全。NeuralTrust 的 AI Gateway、自动化红队、可观测平台三大工具贯穿始终,为零信任架构下的 AI 部署提供一站式解决方案。
Weekly Update 467
3 months 3 weeks ago
Using AI to analyse photos and send alerts if I've forgotten to take the bins out isn't going to revolutionise my life, no more so than using it to describe who's at the mailbox when a letter arrives and at the front door when
Troy Hunt
中国电竞,已经是 Next Level
3 months 3 weeks ago
「小孩」零血反杀对手,拿下《街霸 6》冠军,再一次让中国电竞迎来高光。
中国选手在国际的优秀表现,和国内电竞产业越来越强,氛围越来越好密不可分。
在 2025 iQOO 杯王者荣耀电竞赛中,参赛人数达到了 69057 人,覆盖全国 265 城,门店和高校赛点数量达 1693 个,创下了 iQOO 杯三年以来的纪录。规格上也有大幅提升,2025 iQOO 杯全国总决赛上除了顶尖主播的助阵,还有来自 KPL 的职业解说、主持人与明星选手。更有跨界明星助阵总决赛,见证总冠军的诞生。
甚至,iQOO 杯也受到了专业赛事认可,今年 iQOO 杯冠军战队将晋级到王者荣耀主播联赛(老王杯),胜出者更有机会进入王者荣耀挑战者杯,为大众玩家创造参与职业赛事的宝贵机会。
但其实,iQOO 杯并非仅仅是一个大型电竞赛事,对于主办方 iQOO 来说,它更是一个和玩家、极客一起打造的电竞文化标志。而正是在三年的赛事中,参赛玩家在享受激烈的比赛过程中,培养起了深厚的友谊,这才是 iQOO 杯电竞赛真正的意义。
正如 iQOO 产品副总裁罗锋所说:「我们相信,游戏最高的配置是朋友,电竞最难忘的时刻是并肩。」
每一个在 iQOO 杯赛事上共享游戏乐趣的玩家,也为了这份「一起共赢」的精神,助力中国电竞达到 Next Level。
『议题征集』倒计时15天!第九届安全开发者峰会(SDC 2025)
3 months 3 weeks ago
议题火热征集中,欢迎投稿
通过URL参数传递所引发的SQL注入漏洞
3 months 3 weeks ago
Эффект Элизы, версия 2.0 и самая опасная ловушка ИИ. Как мы попадаемся на трюк с несуществующей личностью
3 months 3 weeks ago
Почему нам кажется, что с нами разговаривает разум, хотя это лишь алгоритм.
.NET 本地提权,通过系统进程令牌模拟实现权限提升
3 months 3 weeks ago
.NET 安全攻防知识交流社区
3 months 3 weeks ago
再回答一个 .NET 反序列化问题,看看有没有你想要知道的?
3 months 3 weeks ago
Salt Typhoon: What Security Action Should Governments Take Now?
3 months 3 weeks ago
The FBI just announced that the Salt Typhoon cyber attacks against U.S. telecoms uncovered last year were much worse and more widespread than previously disclosed. What’s next?
The post Salt Typhoon: What Security Action Should Governments Take Now? appeared first on Security Boulevard.
Lohrmann on Cybersecurity
CVE-2025-9716 | O2OA up to 10.0-410 Personal Profile Page form name/alias/description cross site scripting (Issue 182 / EUVD-2025-26285)
3 months 3 weeks ago
A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting.
This vulnerability appears as CVE-2025-9716. The attack may be initiated remotely. In addition, an exploit is available.
The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
vuldb.com
CVE-2025-9717 | O2OA up to 10.0-410 Personal Profile Page unit cross site scripting (Issue 183 / EUVD-2025-26284)
3 months 3 weeks ago
A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting.
This vulnerability is traded as CVE-2025-9717. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9718 | O2OA up to 10.0-410 Personal Profile Page process name/alias cross site scripting (Issue 184 / EUVD-2025-26286)
3 months 3 weeks ago
A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.
This vulnerability is known as CVE-2025-9718. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
vuldb.com
CVE-2025-9719 | O2OA up to 10.0-410 Personal Profile Page script name/alias/description/applicationName cross site scripting (Issue 185)
3 months 3 weeks ago
A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting.
This vulnerability is handled as CVE-2025-9719. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
CVE-2025-5083 | Marco Milesi Amministrazione Trasparente Plugin up to 9.0 on WordPress Setting print_r cross site scripting
3 months 3 weeks ago
A vulnerability has been found in Marco Milesi Amministrazione Trasparente Plugin up to 9.0 on WordPress and classified as problematic. This impacts the function print_r of the component Setting Handler. This manipulation causes cross site scripting.
This vulnerability is registered as CVE-2025-5083. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-9405 | Open5GS up to 2.7.5 src/amf/gmm-sm.c gmm_state_exception assertion (Issue 3947 / EUVD-2025-25719)
3 months 3 weeks ago
A vulnerability labeled as problematic has been found in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion.
This vulnerability is known as CVE-2025-9405. It is possible to launch the attack remotely. Furthermore, an exploit is available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2025-9755 | Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24 /index.php msg cross site scripting (EUVD-2025-26318)
3 months 3 weeks ago
A vulnerability classified as problematic has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting.
This vulnerability is referenced as CVE-2025-9755. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
vuldb.com
CVE-2025-9754 | Campcodes Online Hospital Management System 1.0 Edit Profile Page /edit-profile.php Username cross site scripting
3 months 3 weeks ago
A vulnerability described as problematic has been identified in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting.
The identification of this vulnerability is CVE-2025-9754. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9753 | Campcodes Online Hospital Management System 1.0 Patient Search patient-search.php Search by Name Mobile No cross site scripting (EUVD-2025-26316)
3 months 3 weeks ago
A vulnerability marked as problematic has been reported in Campcodes Online Hospital Management System 1.0. The affected element is an unknown function of the file /admin/patient-search.php of the component Patient Search Module. Performing manipulation of the argument Search by Name Mobile No results in cross site scripting.
This vulnerability was named CVE-2025-9753. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com