Aggregator

Netcraft报告指出大型语言模型在识别登录网站时不可靠,易导致钓鱼攻击风险增加,并举例说明其结果可能被恶意利用。

A report published this week by Netcraft, a provider of a platform for combating phishing attacks, finds that large language models (LLMs) might not be a reliable source when it comes to identifying where to log in to various websites.

The post Report Finds LLMs Are Prone to Be Exploited by Phishing Campaigns appeared first on Security Boulevard.

该文章揭示了Vite框架中`@fs`机制存在的本地文件包含（LFI）漏洞（CVE-2025-30208），攻击者可通过构造特定查询参数读取服务器上的任意文件。该漏洞等级为高危至严重，并提供了详细的PoC代码和利用方法。

这篇文章介绍了一个Python脚本，用于演示CVE-2025-47170漏洞的利用。该脚本生成一个包含VBA宏的恶意Word文档（.docm），当用户启用宏时，会从HTTP服务器下载并执行VBScript payload（salaries.vbs），导致系统重启。该方法通过动态下载payload和隐藏执行步骤来绕过Windows Defender检测。

Moodle 4.4.0 存在认证远程代码执行漏洞（CVE-2024-43425），允许攻击者通过上传特定计算题触发系统命令执行。该漏洞影响多个版本（如4.1至4.4系列），需登录后利用。

该漏洞利用Windows .URL文件行为，在Windows 10/11中通过WebDAV或SMB路径远程执行代码。攻击者生成恶意.URL文件诱导受害者打开，系统自动连接远程路径执行任意代码。

该漏洞存在于Java-springboot-codebase 1.1版本中，允许攻击者通过未认证的API接口读取服务器上的任意文件。攻击者可构造特定请求路径访问敏感文件。

User claims to sell stolen Verizon and T-Mobile data for millions of users (online Verizon says data is old T-Mobile denies any breach and links to it.

2018年发现的CPU推测执行攻击曾引发广泛关注和修复措施，但这些修复显著降低了性能。近期Ubuntu禁用部分保护机制以提升20%性能。英特尔与Canonical团队达成共识，认为Spectre攻击在GPU层面的缓解不再必要，因已在内核中解决。权衡后认为此类攻击难度高且数据窃取不易，更简单的方式攻击系统更现实。

关键词网络攻击在伊朗与以色列冲突不断升级的背景下，黑客行动主义（Hacktivism）活动骤然激增。

关键词Google谷歌正为其 Android 版 Chrome 浏览器测试一项颇具颠覆性的 AI 新功能——A

关键词海康威视据加拿大政府消息，加方日前以所谓“国家安全风险”为由，正式下令中国视频监控企业海康威视（Hikv

关键词Windows微软近日宣布，将彻底替换已使用数十年的蓝屏死机（Blue Screen of Death，

The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France

随着网络威胁模仿合法行为增多，传统安全措施如防火墙和EDR效果有限。现代安全运营中心（SOC）采用多层检测策略，结合网络数据和行为分析技术（如NDR），提升威胁识别能力。

DARPA的AI网络挑战赛决赛启动，参赛队伍利用自主AI系统Buttercup寻找并修复软件漏洞。比赛为期十天，涉及30个真实世界开源程序的漏洞。获胜者将获得400万美元奖金。赛后，Buttercup团队将开源其系统并分享技术细节。

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to

Статистика закончилась, началась нелегальщина.

Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said that all of its systems remain secure and its operations haven’t been affected. What is known about the cyber incident? Qantas does not say which call center was affected, but the Australian Frequent Flyer reports … More →

The post Qantas data breach could affect 6 million customers appeared first on Help Net Security.

作者对当前工作感到厌倦，寻求新的挑战。转向网络安全领域，包括红蓝队、道德黑客等深入学习与实践。具备扎实的技术背景（编程、DSA、Web开发），愿意投入时间和精力学习复杂内容，并寻找全面的学习路线图和高质量课程推荐及实践平台建议。