ivanti CVE-2025-0282漏洞复现
对ivanti CVE-2025-0282进行漏洞复现包含详细的漏洞利用过程和exp
Aggregator
记录一次php代码审计
3 weeks 5 days ago
记录一次php代码审计
ciscn及长城杯半决赛回顾
3 weeks 5 days ago
ciscn-web-isw
2026-SUCTF-JDBC-Master:鉴权绕过与JDBC任意代码执行
3 weeks 5 days ago
本文分析了SUCTF题目SU_jdbc-master的完整攻击链。利用Unicode字符ſ转大写为S的特性,绕过仅做小写匹配的Spring MVC鉴权拦截器;随后通过Jackson反序列化覆盖默认JDBC驱动为存在漏洞的Kingbase8,结合临时文件写入与文件描述符爆破,触发恶意Spring XML配置加载,最终实现命令执行回显。
中国电信大可实验室2026年校园招聘正式启动!
3 weeks 5 days ago
中国电信大可实验室是中国电信集团直属分支机构,现开启校园招聘
CISCN&长城杯 2026分区赛区AWDP-Web
3 weeks 5 days ago
CISCN&CCB 2026分区赛AWDP-Web部分的题目复现
Morpheus
3 weeks 5 days ago
You must login to view this content
cohenido
Проверьте свои админки: Иранские вайперы превращают тысячи устройств в бесполезное железо
3 weeks 5 days ago
За кибератаками на израильские компании стоит единая экосистема под управлением Тегерана.
Cloud platform Vercel says company breached through third-party AI tool
3 weeks 5 days ago
Vercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.
Спасибо, ChatGPT: ИИ превратил жизнь главного разработчика cURL в ежедневный ад
3 weeks 5 days ago
Разработчики открытого кода столкнулись с рекордным ростом числа жалоб на ошибки из-за нейросетей.
CISA Warns of Cisco Catalyst SD-WAN Manager Vulnerabilities Exploited in Attacks
3 weeks 5 days ago
CISA has added three critical Cisco Catalyst SD-WAN Manager vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and organizations to act immediately. All three flaws were added on April 20, 2026, with a tight remediation deadline of April 23, 2026. The three vulnerabilities affect Cisco Catalyst SD-WAN Manager, a widely used platform […]
The post CISA Warns of Cisco Catalyst SD-WAN Manager Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.
Abinaya
From Packets to Insight: How Curated Network Data Powers AI
3 weeks 5 days ago
In modern telecommunications networks, especially those built on 3rd Generation Partnership Project (3GPP) standards, operators face the challenge of managing immense volumes of data generated by radio-access and core infrastructure. Some networks are already producing as many as 1 million transactions per second...
Jennifer Steele
Securing the Hybrid Workplace in the Age of AI-Driven Threats
3 weeks 5 days ago
Maritime Cybersecurity Rules Make Waves
3 weeks 5 days ago
New Rules Will Jolt Maritime Cybersecurity Market Amid Geopolitical Anxiety
A Coast Guard rule imposing standards on operational technology systems in ports and larger U.S.-flagged commercial vessels is poised to supercharge the maritime cybersecurity market - a boon granted by concern that shipping is a weak target for a world roiled by mounting geopolitical tensions.
A Coast Guard rule imposing standards on operational technology systems in ports and larger U.S.-flagged commercial vessels is poised to supercharge the maritime cybersecurity market - a boon granted by concern that shipping is a weak target for a world roiled by mounting geopolitical tensions.
Health AI Firm Faces Lawsuits Over DNA Data Use, Disclosure
3 weeks 5 days ago
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.
A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say.
A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say.
What Enterprise 'AI Leaders' Are Doing Right
3 weeks 5 days ago
KPMG Survey Finds Organizations Must Transform Ops to Scale AI
A new KPMG survey shows that while most enterprises have an AI strategy, only a small fraction are seeing real ROI. Enterprises getting it right are embedding AI into operations, governance and workforce development from the start.
A new KPMG survey shows that while most enterprises have an AI strategy, only a small fraction are seeing real ROI. Enterprises getting it right are embedding AI into operations, governance and workforce development from the start.
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
3 weeks 5 days ago
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
3 weeks 5 days ago
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.
The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists
The Hacker News
Moving past bots vs. humans
3 weeks 5 days ago
As AI assistants and privacy proxies challenge the capabilities of traditional bot detection, the Web needs new models for accountability. We believe that control should remain with the client, and that an open ecosystem of anonymous credentials is key to preserving user privacy while protecting origins from abuse.
Thibault Meunier
CVE-2026-25799 | ImageMagick up to 6.9.13-39/7.1.2-14 Image Parser divide by zero (GHSA-543g-8grm-9cw6 / Nessus ID 299969)
3 weeks 5 days ago
A vulnerability was found in ImageMagick up to 6.9.13-39/7.1.2-14. It has been rated as problematic. This affects an unknown function of the component Image Parser. Performing a manipulation results in divide by zero.
This vulnerability is reported as CVE-2026-25799. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com