Aggregator

原理复盘 + 靶场复现 + 插件实战，极简完成幽灵位漏洞渗透测试

A vulnerability described as critical has been identified in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. This vulnerability is known as CVE-2026-7397. Attacking locally is a requirement. Furthermore, an exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-7396. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Juniper Junos OS on PTX. This impacts an unknown function of the component MAC Address Validator. Such manipulation leads to origin validation error. This vulnerability is documented as CVE-2023-44190. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Juniper Junos OS up to 23.2R1-S2. It has been rated as critical. Affected by this issue is some unknown functionality of the component pkid. Performing a manipulation results in improper check for unusual conditions. This vulnerability is reported as CVE-2024-30397. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Juniper Networks Junos OS up to 23.4R2 on SRX. This affects an unknown part of the component pem Command Handler. Performing a manipulation results in handling of exceptional conditions. This vulnerability is known as CVE-2025-21596. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Juniper Junos OS and Junos OS Evolved and classified as problematic. Impacted is an unknown function of the component User Interface. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-30654. The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Juniper Junos OS and Junos OS Evolved and classified as problematic. The affected element is an unknown function of the component Routing Protocol Daemon. The manipulation results in handling of exceptional conditions. This vulnerability is identified as CVE-2025-30652. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

The Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible – even for the attackers

Submit #803270 / VDB-360121

Submit #803269 / VDB-360120

Владельцев GitHub Enterprise призвали срочно обновить систему.

近日，微步顺利通过中国网络安全审查技术与认证中心（CCRC）严格测评审核，成功拿下三项信息安全服务最高等级资质

2026年3月，微步正式获评国家信息安全漏洞库（CNNVD）2026-2027年度一级技术支撑单位。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. [...]

A vulnerability described as problematic has been identified in Juniper Networks Junos OS up to 23.4R1 on SRX. This affects an unknown part of the component Command-Line Interface. Executing a manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2025-21592. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Juniper Junos OS up to 24.2R1. This impacts an unknown function of the component Flexible PIC Concentrator. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2025-30644. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Juniper Junos OS up to 24.4R1-S3 and classified as critical. This vulnerability affects unknown code of the component User Interface. This manipulation causes improper access controls. This vulnerability is registered as CVE-2025-52963. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

一份报告发现，逾三分之二两岁以下婴儿使用屏幕，少数婴儿每天最多花 8 小时在屏幕上。近三分之一新生儿每天看屏幕的时间超过三小时，4-11 个月大的婴儿近 20% 每天使用屏幕逾一小时。已有证据表明，屏幕时间与儿童肥胖、近视、睡眠和行为问题风险，以及长大后社交问题等负面影响相关联。新生儿父母允许婴儿使用屏幕的一大理由是分散他们注意力，让自己有时间做其它家务活或工作。

在前两天的BlacksetHat Asia 2026上，@浅蓝和@1ua分享一个非常有趣的议题，Java中的GhostBits漏洞