Tenda AC15栈溢出漏洞复习(CVE-2018-18708)
最近开始学习复现Tenda的漏洞,发现很多洞都是一系列的栈溢出漏洞,这些洞的固态仿真都是一样的,函数调用流程是不一样的,但对于pwn手来说,个人感觉最难的还是固态仿真和调试,这些都一样的话,函数流程逐个分析都可以拿下
Aggregator
【CVE-2025-6058】WPBookit 插件任意文件上传漏洞
8 months 3 weeks ago
WPBookit 是用于 WordPress 的插件,功能包括在线预订和预约管理。该插件中存在缺陷,在 image_upload_handle() 函数缺少文件类型验证,使得在所有版本至 1.0.4 包括 1.0.4 的版本中,攻击者可以通过添加新的预订类型的路由(add_booking_type)上传任意文件。这种情况下,攻击者能够在受影响网站的服务器上上传任意文件,并可能进行远程代码执行。
2025L3HCTF-tellmewhy详解
8 months 3 weeks ago
2025L3HCTF-tellmewhy详解以及多种入口
2025-08-20: SmartApeSG CAPTCHA page to ClickFix script to NetSupport RAT to StealCv2
8 months 3 weeks ago
Microsoft Lays Out Its Quantum-Safe Plans
8 months 3 weeks ago
The goal of the Quantum-Safe Program is to ensure that by 2033 all Microsoft products and services are safe by default against quantum-based attacks.
Jeffrey Schwartz
Daily Dose of Dark Web Informer - 20th of August 2025
8 months 3 weeks ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer
Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin
8 months 3 weeks ago
The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions. The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities. The U.K. imposed new sanctions on Kyrgyzstan’s Capital Bank and director Kantemir Chalbayev, accused […]
Pierluigi Paganini
Threat Attack Daily - 20th of August 2025
8 months 3 weeks ago
Threat Attack Daily - 20th of August 2025
Dark Web Informer
AI website builder Lovable increasingly abused for malicious activity
8 months 3 weeks ago
Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]
Bill Toulas
Ransomware Attack Update for the 20th of August 2025
8 months 3 weeks ago
Ransomware Attack Update for the 20th of August 2025
Dark Web Informer
Fake Employees Pose Real Security Risks
8 months 3 weeks ago
The dangers are particularly severe when they secure IT positions with privileged access and administrative permissions.
Mercedes Cardona
Critical SAP Vulns Under Exploitation in 'One-Two Punch' Attack
8 months 3 weeks ago
The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."
Kristina Beek
Play
8 months 3 weeks ago
You must login to view this content
cohenido
Play
8 months 3 weeks ago
You must login to view this content
cohenido
RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions
8 months 3 weeks ago
A new malware campaign dubbed RingReaper has emerged, targeting servers with advanced post-exploitation capabilities that exploit the kernel’s io_uring asynchronous I/O interface to bypass Endpoint Detection and Response (EDR) systems. This sophisticated agent minimizes reliance on traditional system calls like read, write, recv, send, or connect, instead using io_uring primitives such as io_uring_prep_* for stealthy […]
The post RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2024-57155 | radar 1.0.8 API access control (Issue 100 / EUVD-2024-54896)
8 months 3 weeks ago
A vulnerability described as critical has been identified in radar 1.0.8. This affects an unknown function of the component API. Executing manipulation can lead to improper access controls.
This vulnerability appears as CVE-2024-57155. The attack may be performed from a remote location. There is no available exploit.
vuldb.com
How Warlock Ransomware Targets Vulnerable SharePoint Servers
8 months 3 weeks ago
Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances.
Alexander Culafi
CVE-2025-8895 | WP Webhooks Plugin up to 3.3.5 on WordPress path traversal
8 months 3 weeks ago
A vulnerability marked as critical has been reported in WP Webhooks Plugin up to 3.3.5 on WordPress. The impacted element is an unknown function. Performing manipulation results in path traversal.
This vulnerability is reported as CVE-2025-8895. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites
8 months 3 weeks ago
Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, effective websites in minutes.
Rob Wright
The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development
8 months 3 weeks ago
For years, the challenge in software security and governance hasn't been knowing what to do, but instead scaling that knowledge across fast-moving teams. At Sonatype, we invested heavily in solving that through contextual policy. Not just rules, but rules that understood intent. Rules that prioritized based on usage, risk, and relevance, and turned raw security data into actionable, in-context decisions.
The post The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development appeared first on Security Boulevard.
Brian Fox