全球最富 500 人两天损失 5360 亿美元,马斯克最惨;小米 15 周年,雷军重发微博;清明国内短程自驾游是主流|极客早知道
美媒:科技与金融界知名人士组团赴海湖庄园,欲就关税问题与特朗普「讨论常识」;
Meta 新旗舰 AI 模型 Llama 4 Maverick 测试成绩遭质疑,被指针对性优化;
摩根士丹利预测:苹果手机价格或飙升,美关税政策重创苹果公司供应链
Aggregator
CVE-2023-6811 | Language Translate Widget Plugin up to 223 on WordPress api_key cross site scripting
10 months ago
A vulnerability, which was classified as problematic, was found in Language Translate Widget Plugin up to 223 on WordPress. This affects an unknown part. The manipulation of the argument api_key leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2023-6811. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-27474 | Leantime 3.0.6 cross-site request forgery
10 months ago
A vulnerability, which was classified as problematic, was found in Leantime 3.0.6. Affected is an unknown function. The manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-27474. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-23734 | Savignano SNotify up to 2.0.0 User Profile Page cross-site request forgery
10 months ago
A vulnerability, which was classified as problematic, was found in Savignano SNotify up to 2.0.0. This affects an unknown part of the component User Profile Page. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2024-23734. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Patchwork APT组织最新Spyder后门样本分析
10 months ago
Patchwork APT组织最新Spyder后门样本分析
谛听 工控安全月报 | 3月
10 months ago
3月│月报 谛听工控安全月报上线了,工信部的最新政策,3月发生的多起工控安全事件,谛听团队收集的最新攻击教据......更多安全资讯,请关注“谛听ditecting",每月更新!
谛听 工控安全月报 | 3月
10 months ago
3月│月报 谛听工控安全月报上线了,工信部的最新政策,3月发生的多起工控安全事件,谛听团队收集的最新攻击教据......更多安全资讯,请关注“谛听ditecting",每月更新!
PlaidCTF 2025
10 months ago
Name: PlaidCTF 2025 (an PlaidCTF event.)
Date: April 4, 2025, 9 p.m. — 06 April 2025, 21:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://plaidctf.com/
Rating weight: 100.00
Event organizers: Plaid Parliament of Pwning
Date: April 4, 2025, 9 p.m. — 06 April 2025, 21:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://plaidctf.com/
Rating weight: 100.00
Event organizers: Plaid Parliament of Pwning
GTC 2025: AI, Security & The New Blueprint
10 months ago
From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations.
Shannon Murphy
GreyNoise Observes 3X Surge in Exploitation Attempts Against TVT DVRs — Likely Mirai
10 months ago
GreyNoise has observed a significant spike in exploitation attempts against TVT NVMS9000 DVRs. This information disclosure vulnerability can be used to gain administrative control over affected systems.
[webapps] Apache Tomcat 11.0.3 - Remote Code Execution
10 months ago
Apache Tomcat 11.0.3 - Remote Code Execution
[webapps] YesWiki 4.5.1 - Unauthenticated Path Traversal
10 months ago
YesWiki 4.5.1 - Unauthenticated Path Traversal
[webapps] XWiki Platform 15.10.10 - Remote Code Execution
10 months ago
XWiki Platform 15.10.10 - Remote Code Execution
云化时代,超融合构建“智改数转”坚实计算底座
10 months ago
基于云计算技术理念的超融合系统,帮助制造企业实现提质增效。
我的父亲滕代远
10 months ago
原红三军团政委,红一方面军副总政委,中央军委参谋长,八路军前方总部参谋长,铁道部部长,全国政协副主席
我的父亲滕代远
10 months ago
原红三军团政委,红一方面军副总政委,中央军委参谋长,八路军前方总部参谋长,铁道部部长,全国政协副主席
Lockbit
10 months ago
cohenido
初级开发者过度依赖AI的风险
10 months ago
AI代码生成器正让初级开发者丧失批判思维,埋下安全合规隐患。
安全主管们的平台疲劳症:当工具泛滥成为安全团队的噩梦
10 months ago
"安全工具泛滥反成隐患!CISO深陷平台疲劳,整合才是出路。"
什么是Oblivious Transfer协议
10 months ago
OT(Oblivious Transfer)是一种在密码学协议中广泛应用的技术,确保信息的选择性传输而不暴露选择意图。在 CTF 竞赛中,OT 机制常用于密码学攻击,尤其是基于 RSA 的变体(OTRSA),本文将对OT的原理展开详细的解释并应用于CTF解题中