Aggregator

靶标介绍： Brute4Road是一套难度为中等的靶场环境，完成该挑战可以帮助玩家了解内网渗透中的代理转发、内网扫描、信息收集、特权提升以及横向移动技术方法，加强对域环境核心认证机制的理解，以及掌握域环境渗透中一些有趣的技术要点。该靶场共有4个flag，分布于不同的靶机。

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, […]

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

reverse

在契约锁电子签章系统的安全审计中，通过分析官方补丁包发现一处逻辑漏洞：短信验证码校验可被绕过，导致任意用户注册。尽管登录环节设置了短信验证码及多项参数校验，但由于短信发送条件判断存在歧义，且注册与登录流程过度耦合，形成了一条完整的攻击路径。

Slopsquatting——由 slop（对 AI 低质量输出的俗称）和 squatting（域名/包名抢注）组合而成。大语言模型（LLM）在生成代码时会「幻觉」出实际不存在的第三方包名，而攻击者只需提前在 PyPI、npm 等公共包仓库中注册这些幻觉名称，植入恶意载荷，然后静待开发者按照 AI 的建议执行 pip install。

New StorybyAssemblyAIbyAssemblyAI@assemblyaiAssemblyAI builds advanced speech language models that

本文深度分析分析以太坊高级竞猜蜜罐合约。攻击者以看似白给的链上明文答案引诱受害者，实则利用隐蔽的内部交易暗中修改答案哈希。结合管理员Mempool抢跑篡改答案与提取资金，及强制EOA调用阻断合约防御等高危手段，精心构筑出受害者必败的高级“局中局”骗局。

New StorybyAssemblyAIbyAssemblyAI@assemblyaiAssemblyAI builds advanced speech language models that

Apache ActiveMQ CVE-2026-34197 Jolokia 远程代码执行漏洞分析

文章详细分析了钓鱼样本执行从上线到维权，最后拿到CS的shellcode，文末有彩蛋

Spring AI SpEL 注入 RCE

当我们在终端里工作时，大量操作本质上是多轮交互的过程——SSH 登录服务器需要先输入密码，再执行命令；Python REPL 中逐行调试代码，每一步都依赖上一步的结果；交互式安装程序不时弹出 [Y/n] 提示等待回应。这些场景对人类来说稀松平常，但对于 AI Agent 而言却是一道难题：它们原生只能执行一次性命令，运行完毕立刻返回结果，无法在多个对话轮次中持续地读写同一个进程。 intera

A vulnerability was found in Open5GS up to 2.7.7 and classified as problematic. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2026-7585. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

New StorybySpeechmaticsbySpeechmatics@speechmaticsSpeechmatics builds world-leading speech technolo

记得以前做渗透，信息收集要开一堆工具，漏洞利用要自己找 POC，报告写完一天没了。 最近写了一个 CLI 工具 VulnClaw，把这个流程串起来了： 自然语言输入 → AI 理解意图 → MCP 工具链 → 全自动渗透 → 自动出报告。 GitHub 开源，MIT 协议，欢迎试用。

A vulnerability has been found in JS8Call-improved up to 2.3.1 and classified as critical. The affected element is the function grid2deg of the file APRSISClient.cpp. Performing a manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-42996. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Zurich Instruments LabOne Q up to 26.1.1/26.4.0b5. Impacted is an unknown function of the component File Handler. Such manipulation leads to deserialization. This vulnerability is referenced as CVE-2026-7584. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

New StorybyBlockchain WirebyBlockchain Wire@blockchainwireThe #1 Press Release Wire Service for Blo