Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.9.8. This affects an unknown function of the component lima. The manipulation results in denial of service. This vulnerability is reported as CVE-2024-42127. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

Microsoft is investigating a bug that causes Copilot issues when multiple Office apps are running simultaneously on the same system. [...]

本文通过逆向分析某App，解析x-bili-trace-id、Authorization及key等核心请求参数的生成机制，结合Jadx静态分析与Frida动态Hook技术，揭示其加密逻辑。

A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. [...]

Brazilian WhatsApp users should be aware of malware that hijacks contact lists to spread itself and potentially serve as a gateway for other malicious code that targets financial information, researchers said.

OpenAI's ChatGPT Pulse, which is a tool that gives you personalised updates based on usage patterns, is coming to the web. [...]

在日常的渗透测试中，我们常会遇到一片空白的页面，让许多师傅感到无从下手。其实，这种“空白”往往只是表象，背后可能隐藏着未被发现的管理后台、API接口甚至是安全漏洞。本文总结了几种实用的思路，旨在将“空白页”变为突破口，打开渗透测试的新视角。

本文涵盖了二进制安全从入门到精通的完整知识体系，建议读者结合实际环境进行练习，在实践中不断深化理解。如有疑问，欢迎交流讨论。

大型语言模型安全；对抗性机器学习

分享阿里AI安全挑战赛三赛道实战经验，深入剖析大模型推理攻防、业务漏洞挖掘与安全产品绕过技术。

edu系统一直是安全测试的热门目标，系统多、漏洞类型丰富，而且开发者通常更关注功能实现，安全防护相对薄弱。本文分享三个真实的漏洞案例

随着Rust语言在系统编程和安全关键应用中的广泛采用，针对Rust项目的安全测试需求日益增长。传统的AFL、libFuzzer和honggfuzz主要支持C/C++语言开发的项目，无法直接应用于Rust生态。基于传统模糊测试思想，Rust社区逐步构建了专用的模糊测试工具链。 本文系统介绍三种主流Rust模糊测试工具的完整使用方法：cargo-fuzz作为官方推荐的libFuzzer封装工具，提供

Go语言作为云原生时代的主流编程语言，其应用范围已覆盖容器编排、微服务架构、区块链平台等关键基础设施。随着Go项目在生产环境中的广泛部署，针对Go代码的安全测试需求愈发迫切。传统的AFL、libFuzzer等模糊测试工具主要针对C/C++项目设计，无法直接应用于Go语言生态。 本文系统分析Go语言模糊测试的技术演进路径，从第三方工具go-fuzz到官方工具链go test -fuzz的完整技术方

SunshineCTF 2025 Web 题解

在这次HVV的时候发现了一些表达式漏洞，但是发现都有 waf，waf 啊 waf，一绕就是一下午，真的燃尽了，下面是绕过的详细记录，这次看的案列是 EL 表达式，下面记录自己当时从0到1 的一个绕过过程和复盘记录

A vulnerability labeled as critical has been found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component WebGPU. Executing manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-11205. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in ImageMagick up to 6.9.13-27/7.1.2-1. This affects the function InterpretImageFilename. Such manipulation leads to write-what-where condition. This vulnerability is traded as CVE-2025-55298. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in ImageMagick up to 6.9.13-27/7.1.2-1 on 32-bit. This vulnerability affects the function bytes_per_line. Executing manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2025-57803. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as critical has been found in OpenPrinting CUPS up to 2.4.12. The impacted element is an unknown function. Executing manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2025-58060. The attack can only be executed locally. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in OpenPrinting CUPS up to 2.4.12. Affected by this issue is some unknown functionality. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-58364. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.