Aggregator

Как ежедневные переписки с ИИ превращают пользователей в неисправимых нарциссов.

通过nmap扫描发现目标为Windows域控制器。利用LDAP枚举获取默认密码，并进行密码喷射攻击获取用户访问权。使用evil-winrm foothold后，利用SeBackupPrivilege提取系统文件并解密管理员哈希，最终获取root flag。

近期网络安全事件频发：网络犯罪分子针对幼儿园上传儿童照片勒索赎金并声称删除数据；Meta将利用用户与AI互动投放广告；老年Facebook用户被引导下载恶意应用；Google Gemini AI存在漏洞；Life360追踪器存安全隐患。

作者从盲目复制脚本开始，经历了失败与困惑，在意识到自身不足后主动转变思维方式，通过深入学习和实践最终掌握了真正的技术能力。

CERT-AGID检测到102起恶意活动，其中62起针对意大利。银行和支付系统受攻击最严重，涉及Remcos等恶意软件及钓鱼攻击。大学和政府机构也成目标。所有攻击均通过电子邮件传播，ZIP文件为主要载体。

本文介绍了如何在Web应用中寻找和实施高级SQL注入技术，并通过TryHackMe平台的SQHell房间进行实践。文章详细讲解了登录页面、查看帖子、注册表单、管理员用户ID参数及X-Forwarded-For头等多个注入点的利用方法，并通过枚举数据库、表和列最终提取flag。

本文详细介绍了如何在Web应用中寻找和实施高级SQL注入技术，并通过TryHackMe平台上的‘SQHell’CTF房间展示了具体实践方法。

文章介绍了前端开发中API调用的关键技术，包括使用Fetch和Axios进行网络请求、Promise与async/await的异步处理机制、错误处理方法以及相关安全注意事项。

本文介绍了API调用与异步流程的核心技术，包括Fetch API与Axios库的使用方法、Promise模型及其与async/await的结合方式，并探讨了错误处理的最佳实践及JavaScript代码中潜在的安全漏洞。

Google Dorking 是一种使用特殊搜索命令的技术，帮助用户精准查找隐藏信息、文档或数据。通过 site:、filetype: 等操作符，可限制搜索范围或类型。该技术适用于研究和公开信息查找，但也可能被滥用以获取敏感内容。

本文描述了一次网络安全技能测试，使用nmap、telnet和hydra工具进行端口扫描、服务检测和密码破解。通过扫描发现多个开放端口（如22、80、139、445、8080和10021），并提取隐藏在SSH和HTTP服务器中的旗帜。最终通过FTP获取了隐藏的旗帜THM{321452667098}。

文章介绍了一种利用Brave浏览器Sync功能进行数据窃取和传输的技术。通过生成Sync链和种子短语实现设备间数据同步，并使用Base64编码将文件嵌入URL查询参数中添加到浏览器历史记录中。该方法可实现跨设备的数据传输和提取。

ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a comprehensive analysis of the evolving threat landscape in Europe. The report analyzes the events that occurred between July 2024 and June 2025, including nearly 4,900 verified incidents. This year’s […]

ENISA 2025报告指出，欧洲网络威胁包括勒索软件、AI钓鱼攻击和国家支持的间谍活动，这些威胁相互交织，导致持续且复杂的攻击环境。建议加强合作和防御措施以应对挑战。

A vulnerability labeled as problematic has been found in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. This vulnerability is identified as CVE-2025-11360. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

QNAP has released a security advisory detailing a vulnerability in its NetBak Replicator utility that could allow local attackers to execute unauthorized code. The flaw, identified as CVE-2025-57714, has been rated as “Important” and affects specific versions of the backup and restore software. The company has already issued a patch and is urging users to […]

The post QNAP NetBak Replicator Vulnerability Let Attackers Execute Unauthorized Code appeared first on Cyber Security News.

A vulnerability identified as critical has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-11359. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-11358. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Simple Banking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. This vulnerability was named CVE-2025-11357. The attack may be initiated remotely. In addition, an exploit is available.

A critical security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine. The vulnerability, tracked as CVE-2025-49844, affects all versions of Redis that support Lua scripting functionality. Critical Memory Corruption Flaw Discovered Security researchers from Wiz, including Benny […]

The post Redis Server Use-After-Free Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.