Aggregator

学到这个 trick 的时候只能说，php 是最好的语言，还没有落幕，每次看到 php 的新 trick 都不得不为之震惊，如何没有 php 代码做到代码执行，实战价值很大，看下面分析 Deadsec 团队这次每一道题是真有东西

The Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with network access to seize full administrative privileges. This critical security oversight undermines fundamental defensive measures and places deployments at risk of unauthorized configuration changes, data interception, and network compromise. The […]

The post Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Enables Admin Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. This vulnerability is cataloged as CVE-2025-10216. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft this time around are: CVE-2025-54918, a remotely exploitable Windows NTLM elevation of privilege vulnerability. “The attack complexity is Low because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with … More →

The post Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday appeared first on Help Net Security.

Millions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for Windows promises secure and seamless syncing of files between local folders and the cloud. Yet a serious flaw in Google Drive Desktop for Windows breaks these promises. Any user on […]

The post Google Drive Desktop for Windows Flaw Lets Users Gain Full Access to Others’ Drives appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Reddit上的ReverseEngineering社区是一个经过审核的平台，专注于反向工程领域的讨论与资源分享，提供工具和技术指导，帮助用户学习和实践逆向分析。

Submit #640784 / VDB-323485

Ночное видение, дополненная реальность и ИИ в одном устройстве.

9月10日，2025 Inclusion·外滩大会科技智能创新赛在上海圆满落幕。

为深入了解当前数据安全产业在金融行业的应用与研究生态、助力金融业数据安全建设，金标院联合《中国信息安全》杂志即日起启动《2025数据安全产业金融应用生态全景图》调研工作。

近期，国家网信办持续加强互联网新闻信息服务管理，规范网上新闻传播秩序，督促网站平台强化新闻信息内容管理，处置一批违法违规账号。

近日，个别公司及企业在互联网上公开宣传并开展国家信息安全漏洞库CNNVD证书获取服务，针对此情况，我中心严正声明如下……

当前环境异常，请完成验证后继续访问。

当前环境出现异常，需完成验证后方可继续访问，并提供验证入口。

当前环境出现异常，请完成验证后继续访问。

当前环境出现异常,需完成验证后方可继续访问。

Sophos found that average ransom demands and payments fell substantially in the education sector in 2025, as recovery time and costs fell

任天堂和 The Pokémon Company 从 USPTO 获得了一项美国专利，专利号 12,403,397，该专利与召唤物并让召唤物为玩家战斗的游戏机制有关。这项专利可能会对游戏行业产生巨大影响，因为类似的游戏机制早就存在了几十年，被游戏开发商广泛使用，如 1990 年代的《暗黑破坏神》以及早期的《最终幻想》游戏系列都存在玩家使用技能或符咒召唤一个角色让其为玩家战斗的机制。任天堂以及 The Pokémon Company 正在与《幻兽帕鲁（Palworld）》开发商 Pocketpair 打侵权诉讼，《幻兽帕鲁》被指模仿了宝可梦系列的游戏机制。

任天堂和The Pokémon Company获得了一项关于召唤物战斗机制的美国专利（12,403,397），可能对游戏行业产生重大影响，并指控《幻兽帕鲁》侵权。

Lookout introduces Smishing AI, an AI-powered solution designed to protect enterprises from the growing threat of SMS phishing (smishing) attacks. SMS phishing, commonly called “smishing,” is a cyberattack where fraudsters send misleading text messages to trick people into giving up personal information. These messages often pretend to be trusted sources, like banks, delivery services, or government agencies, and may warn of unpaid bills, delivery issues, or fake prizes. The aim is to steal sensitive data, … More →

The post Lookout’s AI-powered solution combats SMS phishing attacks appeared first on Help Net Security.