Aggregator

伏魔webshell挑战赛分享 by ourren

2025年大语言模型进展报告 by ourren

《DDoS攻击威胁报告》（2026版） by ourren

更多最新文章，请访问SecWiki

继续介绍几种数据投毒的方式以及对抗方法

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed

A vulnerability was found in NAI PGP 5.0 Linux/5.0i/6.5 Linux. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /dev/random of the component pgpk. The manipulation results in missing encryption of sensitive data. This vulnerability was named CVE-2000-0445. The attack needs to be approached locally. In addition, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in IBM AIX up to 4.3.2. This affects an unknown function of the component Filesystem. Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-2000-0441. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Microsoft Windows NT 4.0. This issue affects some unknown processing of the component CIFS Computer Browser. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2000-0403. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Microsoft Windows 95/98/NT 4.0/2000. Impacted is an unknown function of the component CIFS Computer Browser. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2000-0404. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability described as problematic has been identified in Darren Reed IPFilter 3.3.15/3.4.3. The impacted element is an unknown function of the component Rules Handler. The manipulation results in race condition. This vulnerability is cataloged as CVE-2000-0553. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Netscape Communicator up to 4.73. The affected element is an unknown function of the component SSL Certificate Handler. The manipulation leads to authentication bypass by spoofing. This vulnerability is listed as CVE-2000-0517. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in NetBSD 1.4.1/1.4.2. This impacts an unknown function. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2000-0456. The attack needs to be performed locally. Additionally, an exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in NetBSD 1.4.2. Affected is the function chroot of the file /etc/ftpchroot of the component FTPD. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2000-0462. The attack requires a local approach. Moreover, an exploit is present. It is advisable to upgrade the affected component.

A vulnerability has been found in David Bagley Xlock 4.16 and classified as problematic. Affected by this issue is some unknown functionality of the component Xlockmore. The manipulation of the argument -mode leads to memory corruption. This vulnerability is traded as CVE-2000-0455. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in FreeBSD, NetBSD and OpenBSD and classified as problematic. This affects the function semconfig of the component Semaphore Handler. The manipulation results in denial of service. This vulnerability is known as CVE-2000-0461. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Mirabilis ICQ 0.99b 1.1.1.1 up to 99a 2.21build1800. It has been classified as problematic. This vulnerability affects unknown code of the component Guestbook. This manipulation as part of Long URL causes denial of service. This vulnerability is handled as CVE-2000-0564. The attack can be initiated remotely. Additionally, an exploit exists. This vulnerability has a historic impact because of its background and how it was received. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Cisco TACACS+ 4.0.2/4.0.3. The affected element is an unknown function of the component Packet Handler. Executing a manipulation of the argument length can lead to memory corruption. The identification of this vulnerability is CVE-2000-0486. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

SOC maturity comes down to the quality of decisions. Yet in many teams, those decisions are still made based on fragmented intelligence and outdated indicators. This is where progress stalls: threat data remains external to the workflow.  Mature SOCs take a different approach by embedding threat intelligence directly into their operations. That’s how it becomes more than a reference […]

The post Where Most SOCs Stall: Building SOC Maturity with Threat Intelligence Feeds  appeared first on Cyber Security News.

Азиатские финансовые регуляторы усилили меры безопасности из-за новой нейросети Mythos.

The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.

伊朗事件揭示了美国通信设备作为"特洛伊木马"的潜在威胁。中国虽在新增市场实现了较高程度的国产替代，但金融、运营商骨干网等领域对美系设备的存量依赖仍构成显著战略风险。这些设备的维保依赖和长期运行，为潜在的供应链攻击提供了攻击面，亟需改变。