Aggregator

各位好，这里是少数派，我是侧脸君。从「狂热的 3G 传道者」到「高效工作，品质生活」，时间一转 12 年过去了，我又回到了少数派的怀抱了。距离我上一次离开少数派，已经过去了整整 10 年了。人生又

A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Key Takeaways1. Attackers use […]

The post Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections appeared first on Cyber Security News.

这段代码主要实现了数据库的连接测试操作，并且其中有一些过滤以及限制，首先其接收jdbcUrl参数，并且要求其以jdbc:h2开头，然后会在结尾加上;FORBID_CREATION=TRUE这一字符串，这段字符主要作用是禁止创建数据库，这里是需要绕过的，看p神的文章中是因为只要将分号使用反斜线转义，分号就会变成一个普通字符串。 然后会进行一个黑名单的过滤操作，要求不能使用黑名单中的字符，这里主要就是

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

巴西计划释放携带沃尔巴克氏体细菌的蚊子以阻止登革热传播，目标在未来十年内保护40个城市中的1.4亿居民。此前在尼特罗伊市测试显示登革热病例下降约90%，基孔肯雅热和寨卡病例也大幅减少。该细菌可阻止病毒在蚊子体内复制。

为阻止蚊子传播登革热病毒，巴西将释放数百万只实验室培育的蚊子，这些蚊子携带了沃尔巴克氏体细菌（Wolbachia bacteria），通过传播沃尔巴克氏体细菌阻止蚊子携带登革热病毒。该项目旨在未来十年内保护 40 个城市的 1.4 亿居民。巴西此前已在尼特罗伊（Niteroi）市测试了释放携带沃尔巴克氏体细菌的蚊子，效果显著，登革热病例下降了约 90%。现在该市几乎所有蚊子都携带沃尔巴克氏体细菌，Chikungunya(基孔肯雅热)病例和寨卡（Zika）病例也分别下降超过 96% 和 99%。沃尔巴克氏细菌天然存在于约半数的昆虫物种中，它让登革热病毒无法在蚊子体内复制，从而有效遏制登革热病毒传播。

Система госконтрактов превратила талантливых программистов в армию цифровых диверсантов.

当前环境出现异常，需完成验证后才能继续访问。

如果 Auto-Color 无法连接到其硬编码的命令和控制 (C2) 服务器，它会抑制其大部分恶意行为。这适用于沙盒和与互联网物理隔离的环境，在这些环境中，恶意软件对分析人员来说会显得 benign。

A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety consequences, and threat actors know the damage they can cause. Water utilities have been moving away from isolated OT and toward more digitally connected systems that integrate with IT. This shift helps them get more accurate, real-time data. While these technologies improve efficiency and performance, they … More →

The post It’s time to sound the alarm on water sector cybersecurity appeared first on Help Net Security.

Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial incentives for security researchers. The updated program now offers maximum rewards of USD 40,000 for critical vulnerabilities affecting .NET and ASP.NET Core frameworks, including Blazor and Aspire components. These changes represent Microsoft’s continued commitment to […]

The post Microsoft Upgrades .NET Bounty Program, Offers Rewards Up to $40,000 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Почему мир всё чаще отворачивается от западных спутников.

Cybersecurity researchers have uncovered a concerning new attack vector where threat actors are exploiting free trials of endpoint detection and response (EDR) software to disable existing security protections on targeted systems. This technique, dubbed “BYOEDR” (Bring Your Own EDR), represents a sophisticated method for attackers to bypass enterprise security measures using legitimate tools. Discovery and […]

The post Hackers Abuse EDR Free Trials to Bypass Endpoint Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security video, Tom Cross, Head of Threat Research at GetReal Security, explores how generative AI is empowering threat actors. He breaks down three key areas: how GenAI lowers the technical barrier for attackers, enables highly convincing deepfake-driven social engineering, and allows threat actors to operate. Cross also raises important concerns about AI models becoming a new security surface, and how organizations can begin to assess and mitigate this emerging risk.

The post What attackers know about your company thanks to AI appeared first on Help Net Security.

Learn Linux basics with Bandit Level 0→1! Explore SSH, ls,

The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionize malware analysis and digital forensics operations. This announcement marks a major milestone in democratizing advanced cybersecurity tools for organizations worldwide. Partnership with Sandia National Laboratories CISA, in partnership […]

The post CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and dubbed “ToolShell” by security researchers, has already compromised hundreds of organizations across government, healthcare, finance, […]

The post Over 17,000 SharePoint Servers Found Exposed Online — 840 Vulnerable to Active 0-Day Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aiarty Video Enhancer是一款基于AI的视频增强软件，能将低画质、模糊视频提升至高清甚至4K，并修复画质问题。操作简便，处理速度快，支持智能插帧和音频降噪等功能。目前有首发限时授权注册码活动。