Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.  [...]

当下快速发展的个人 AI Agent 生态，正沦为恶意软件的全新传播渠道。

Хакеры используют популярные франшизы Ubisoft для распространения стилеров паролей через торренты.

A vulnerability has been found in D-Link DCS-933L up to 1.14.11 and classified as critical. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-2218. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #753247 / VDB-344936

Submit #753246 / VDB-321651

Submit #752898 / VDB-316246

A vulnerability, which was classified as critical, was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2217. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #752829 / VDB-344935

Вещество, из которого состоит панцирь крабов, буквально взломало код вечности.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD […]

本文中引入了MAGIC，这是一种新颖而灵活的自监督的APT检测方法，能够在不同级别的监督下执行多粒度检测。

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to […]

Currently trending CVE - Hype Score: 6 - TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this ...

Currently trending CVE - Hype Score: 1 - SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be ...

Currently trending CVE - Hype Score: 1 - Diagnostics command injection vulnerability

Ученые из Университета Гёте сравнили эффективность MV2 и MV3 в Google Chrome.

Name: BITSCTF 2026 [Postponed] (an BITSCTF event.)
Date: Feb. 6, 2026, 5:30 a.m. — 08 Feb. 2026, 05:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.bitskrieg.in/
Rating weight: 25.54
Event organizers: BITSkrieg