Aggregator

A vulnerability was found in Apple macOS. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-42867. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Safari up to 16.1. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to use after free. This vulnerability is known as CVE-2022-42867. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Beijing Zed-3 VoIP Simpliclty ASG 8.5.0.17807. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to weak password requirements. This vulnerability is handled as CVE-2022-44236. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Beijing Zed-3 VoIP Simpliclty ASG 8.5.0.17807 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-44235. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Expense Tracker 1.0. It has been classified as problematic. This affects an unknown part of the component Chat Text Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-45033. It is possible to initiate the attack remotely. There is no exploit available.

作者：Hcamael@知道创宇404实验室 日期：2025年4月18日 1. Cline的实现原理 1.1 Cline的基础使用指南 Cline是Visual Studio Code的MCP插件，所以想要在VSCode上使用Cline，我们首先要安装该插件，安装完成后，在侧边栏可以看到Cline的图标，点击该图标，就能进入到Cline的界面中，如下图所示： 在使用前，需要根据自身情况对大模...

A vulnerability was found in PHP up to 4.0.0. It has been declared as critical. This vulnerability affects the function mb_parse_str. The manipulation leads to memory corruption. This vulnerability was named CVE-2007-1583. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员披露，与俄罗斯防弹主机服务商Proton66关联的IP地址近期出现“大规模扫描、凭证暴力破解及漏洞利用尝试”激增现象。根据Trustwave SpiderLabs上周发布的两阶段分析报告，自2025年1月8日以来检测到该活动针对全球组织机构。 安全研究人员Pawel Knapczyk与Dawid Nesterowicz指出：“IP段45.135.232.0/24和45.140.17.0/24在大规模扫描与暴力破解方面表现尤为活跃。部分涉事IP地址此前未参与过恶意活动或已休眠超过两年。” 经评估，俄罗斯自治系统Proton66与另一个名为PROSPERO的自治系统存在关联。法国安全公司Intrinsec去年详细披露了这两个系统与俄语网络犯罪论坛中以Securehost和BEARHOST名义销售的防弹服务的联系。包括GootLoader和SpyNote在内的多个恶意软件家族已在Proton66上托管其命令与控制（C2）服务器和钓鱼页面。今年2月初，安全记者Brian Krebs揭露PROSPERO已开始通过俄罗斯杀毒软件厂商卡巴斯基实验室（莫斯科）运营的网络进行路由。 然而，卡巴斯基否认与PROSPERO存在合作，并表示“通过卡巴斯基运营网络进行路由并不默认意味着提供该公司服务，因为卡巴斯基的自治系统（AS）路径可能作为技术前缀出现在与其合作并提供DDoS服务的电信供应商网络中。” Trustwave最新分析显示，2025年2月从Proton66某个IP段（193.143.1[.]65）发起的恶意请求试图利用多个最新高危漏洞： CVE-2025-0108：Palo Alto Networks PAN-OS软件的认证绕过漏洞 CVE-2024-41713：Mitel MiCollab中NuPoint统一消息组件（NPM）的输入验证不足漏洞 CVE-2024-10914：D-Link NAS的命令注入漏洞 CVE-2024-55591与CVE-2025-24472：Fortinet FortiOS的认证绕过漏洞 值得注意的是，Fortinet FortiOS两个漏洞的利用行为已被归因于某初始访问中间商Mora_001，该实体被发现投放名为SuperBlack的新型勒索软件。 该网络安全公司表示还观察到多个与Proton66关联的恶意软件活动，旨在传播XWorm、StrelaStealer及名为WeaXor的勒索软件等家族。 另一项显著活动涉及利用与Proton66关联IP地址“91.212.166[.]21”的遭入侵WordPress网站，将安卓设备用户重定向至仿冒Google Play应用列表的钓鱼页面，诱骗用户下载恶意APK文件。这些重定向通过托管在Proton66 IP地址的恶意JavaScript实现。对虚假应用商店域名的分析表明，该活动专门针对法语、西班牙语和希腊语用户。 研究人员解释称：“重定向脚本经过混淆处理，并对受害者实施多项检查，例如排除爬虫程序与VPN/代理用户。通过ipify.org查询获取用户IP地址，随后通过ipinfo.io验证VPN或代理的存在。最终仅在检测到安卓浏览器时实施重定向。” 在某个Proton66 IP地址中还托管着可部署XWorm恶意软件的ZIP压缩包，专门通过社会工程手段针对韩语聊天室用户。攻击第一阶段为Windows快捷方式（LNK）文件，执行PowerShell命令后运行Visual Basic脚本，进而从同一IP地址下载Base64编码的.NET DLL文件。该DLL继续下载并加载XWorm二进制程序。 Proton66关联基础设施还被用于实施针对德语用户的钓鱼邮件活动，传播可与C2服务器（193.143.1[.]205）通信的信息窃取软件StrelaStealer。最后，WeaXor勒索软件（Mallox的修订版本）的组件被发现与Proton66网络中的C2服务器（“193.143.1[.]139”）通信。 建议各组织封锁所有与Proton66及疑似关联的香港服务商Chang Way Technologies相关的无类别域间路由（CIDR）范围，以消除潜在威胁。     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

Security First Framework Approach Focuses on Isolating Untrusted Inputs
Chatbots' popularity has been tempered from the start by the prospect of prompt injection attacks. Google DeepMind's CaMeL aims to address the issue by reframing the problem, and applying proven security engineering patterns to isolate and track untrusted data.

Model Context Protocol's Adopters Include OpenAI, Google
Artificial intelligence developers including OpenAI, Google and Microsoft are adopting rival Anthropic's open standard to speed up the capabilities of their chatbots by allowing them to access daily-use software. Dubbed "Model Context Protocol," the open standard aims to make chatbots more useful.

In Other Cybercrime Market Drama, BreachForums Marketplace Reboot Branded a Fake
Just three months after being disrupted by an intelligence law enforcement operation, the notorious online cybercrime marketplace called Cracked appears to have patched itself up and restarted operations. The recently disrupted BreachForums also claims to be back - although experts remain skeptical.

Top Democrat Sounds Alarm Over Whistleblower Report of DOGE's Master Database
A top Democrat on the House Oversight Committee sounded the alarm after a whistleblower provided information to Congress warning that staffers for the Department of Government Efficiency violated federal data laws while building a "master database" of sensitive information across federal agencies.

844 万美金追回，警示安全防护应覆盖项目全生命周期！

844 万美金追回，警示安全防护应覆盖项目全生命周期！

A vulnerability, which was classified as critical, has been found in Adobe Illustrator up to 25.4.5/26.0.2. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2022-30642. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.