Aggregator
Facing Modern Ransomware Threats and Tackling Multi-Extortion Tactics
2 weeks ago
SANS Digital Forensics and Incident Response
Keynote | Adapting Tradecraft: Examining Ransomware Attacks in 2024 - Insights from The DFIR Report
2 weeks ago
SANS Digital Forensics and Incident Response
Teams, Scams, and Ransomware: BlackBasta’s Social Engineering Hustle
2 weeks ago
SANS Digital Forensics and Incident Response
Ransomware TTX | Seven scenarios to include in your next TTX
2 weeks ago
SANS Digital Forensics and Incident Response
帕德博恩大学 | 传输层混淆:在TLS层规避SNI审查
2 weeks ago
本文分析了多种绕过中国与伊朗中间盒审查的TLS层规避策略
16 байт в HTTP POST запросе — и вся критическая инфраструктура в руках врага
2 weeks ago
Fortinet разобрал скрипт, который управляет заражёнными IIS-серверами через зашифрованные POST-запросы.
Не Америка и не Россия. КНР строит энергетическое оружие нового поколения
2 weeks ago
CFR-1000 — один реактор, миллион домов, бесконечное топливо.
一次从0到1的逻辑漏洞挖掘之旅
2 weeks ago
Operese — утилита, которая знает, как выжить после Windows 10
2 weeks ago
Возможно, ваш старый ноутбук отлично справится с Linux.
【安全圈】数字猎手揭开印度假币帝国:人脸识别与GPS技术如何摧毁2亿美元的黑色产业链
2 weeks ago
关键词网络犯罪2025年夏,孟买郊外一家数码印刷厂内,工业级喷墨打印机昼夜不停地吞吐着特殊纸张。
【安全圈】电竞外设惊现"傀儡鼠标":黑客借官方驱动植入Xred病毒入侵百万玩家
2 weeks ago
关键词网络病毒2025年夏,电竞圈爆发一场隐秘的数字瘟疫。
【安全圈】千万保单背后的暗战:全美人寿1.4亿客户数据遭"少年黑客团"攻陷始末
2 weeks ago
关键词数据泄露2025年7月16日凌晨,明尼阿波利斯市的全美人寿(Allianz Life)数据中心警报骤响。
【安全圈】微软365全球管理后台"停摆危机":企业数字化命脉的72小时断流警报
2 weeks ago
关键词Microsoft2025年7月24日晨间,当纽约证券交易所的科技股分析师们打开电脑时,一场悄无声息的数
Весь интернет держится на вере в нерешаемую задачку. Решат — и мы снова в каменном веке
2 weeks ago
Спасти нас могут… только кубиты?
CVE-2025-8266 | yanyutao0402 ChanCMS up to 3.1.2 collect.js getArticle targetUrl deserialization (ICLP61)
2 weeks ago
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization.
This vulnerability is known as CVE-2025-8266. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Iranian-Linked Cyber Group The Returnees Claims Major Attack on Israeli Defense Contractor
2 weeks ago
You must login to view this content
cohenido
CVE-2025-54597 | LinuxServer.io Heimdall up to 2.7.2 q cross site scripting (EUVD-2025-22806)
2 weeks ago
A vulnerability, which was classified as problematic, was found in LinuxServer.io Heimdall up to 2.7.2. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting.
This vulnerability is traded as CVE-2025-54597. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-6241 | Lakeside SyStrack prior 10.10.0.42 Environment Variable LsiAgent.exe SYSTEM PATH uncontrolled search path (EUVD-2025-22805)
2 weeks ago
A vulnerability, which was classified as problematic, has been found in Lakeside SyStrack. This issue affects some unknown processing of the file LsiAgent.exe of the component Environment Variable Handler. The manipulation of the argument SYSTEM PATH leads to uncontrolled search path.
The identification of this vulnerability is CVE-2025-6241. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Submit #622170: yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution [Accepted]
2 weeks ago
Submit #622170 / VDB-317857
ZAST.AI