Aggregator

本文深入解析ret2dlresolve攻击原理，结合源码剖析延迟绑定机制及利用条件，并通过实例演示如何伪造link_map实现RCE。

本文以QWB CTF题目为例，详解内核栈溢出漏洞利用，涵盖canary泄露、ROP链构造及权限提升技术。

A vulnerability classified as problematic has been found in Paramiko up to 2.10.0. The impacted element is the function write_private_key_file. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2022-24302. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

为了防止忘掉，特意花时间重新写了一遍

漏洞描述Apache Tika 的 tika-core (1.13-3.2.1)、tika-pdf-module (2.0.0-3.2.1) 和 tika-parsers (1.13-1.28.5) 模块在所有平台上存在严重 XXE 漏洞，攻击者可利用此漏洞通过在 PDF 文件中嵌入精心构造的 XFA 文件来实施 XML 外部实体注入。此 CVE 漏洞与 CVE-2025-54988 漏洞相同。然

漏洞描述CVE-2025-55182 是 Next.js 中因 React Flight 反序列化机制未校验对象属性访问路径（如 __proto__、constructor）导致的高危 RCE 漏洞：攻击者可通过构造恶意 multipart 表单，利用 $B 引用结合可控的 _response._prefix 和被劫持为 Function 的 _formData.get，动态生成包含任意系统命令的

本文对Xiaozhi ESP32 Java服务端进行代码审计，发现存在鉴权绕过、未授权访问、JWT密钥硬编码及任意文件上传等高危漏洞。

BugTrace-AI is a comprehensive web vulnerability analysis suite that leverages the power of Generative AI to assist developers,

The post BugTrace-AI: The Comprehensive AI-Powered Suite for SAST, DAST, and Vulnerability Research appeared first on Penetration Testing Tools.

Roothub项目的一次初审计——任意文件上传，多出sql注入

前言本文深入剖析 Fastjson2 ≤2.0.26 的序列化触发机制，并重点揭秘在 ≥2.0.27 版本下如何巧妙利用 Spring AOP 代理（JdkDynamicAopProxy） 与 ObjectFactoryDelegatingInvocationHandler 双重动态代理链，绕过黑名单限制，实现稳定 RCE 环境搭建Fastjson2<=2.0.26在tostring打个断点

The Unit 42 team at Palo Alto Networks has documented a prolonged and low-visibility campaign targeting government bodies

The post Ashen Lepus (WIRTE) Targets Middle East Governments with Stealthy AshTag Malware Toolkit appeared first on Penetration Testing Tools.

In the autumn of 2025, files began circulating in the public domain that are attributed to the Iranian

The post Deep Leak: APT35 Hackers’ Payroll, Kashef Surveillance System, and 2004 Nuclear Spy Document Exposed appeared first on Penetration Testing Tools.

A tool has been released into the public domain that enables covert monitoring of user activity on WhatsApp

The post Invisible Surveillance: Tool Exploits WhatsApp/Signal Network Latency to Track User Activity appeared first on Penetration Testing Tools.

分享一次护网中通过测试从而造成大量信息泄露案例,针对有价值入口点可以多深度利用一下往往会有意想不到的惊喜

​地平线开放高阶智驾「灵魂代码」：自动驾驶迎来「安卓时刻」。

Apple has released out-of-band patches addressing two zero-day vulnerabilities that were already being exploited in real-world attacks. The

The post Apple Emergency Patch: Two WebKit Zero-Days Actively Exploited in Targeted iOS Attacks appeared first on Penetration Testing Tools.

Ningbo is a major port city on China’s eastern seaboard, a key industrial hub of Zhejiang Province and

The post Geely Launches World’s Largest Safety Center in Ningbo, Targeting Zero Fatalities & Zero Data Leaks appeared first on Penetration Testing Tools.

If it already felt as though smartphone security advice had devolved into an endless catalogue of prohibitions, here

The post New Security Default: CERT-FR Urges Users to Fully Disable Wi-Fi When Not Active appeared first on Penetration Testing Tools.

该研究针对大语言模型（LLM）在代码漏洞检测中容易产生误报的"幻觉"问题，提出了一种新的去伪技术：通过让LLM生成数据流路径并将其分解为基本属性进行验证，从而筛除虚假漏洞报告。实验显示该方法在合成基准上达到91%精确率和74%召回率，相比未处理提升22%精确率，在真实Android恶意软件检测中也优于工业级分析器。

MangaGamer has issued a warning about a potential supply-chain attack: in the latest print run of the physical

The post Supply Chain Alert: MangaGamer Higurashi USB Installers Compromised with Possible Floxif Malware appeared first on Penetration Testing Tools.