Security News
全球顶尖安全社区实时聚合,追踪最新漏洞、攻防技术与行业动态。
来源:先知社区 · Seebug · The Hacker News 等权威平台 | 每日自动更新
基于ptrace与/proc/mem的Linux无文件进程注入:攻击实现与内存取证检测
如何在不向磁盘写入任何文件的前提下,将payload注入到一个已有的合法进程中长期驻留? 这不是一个新问题。Windows平台上的进程注入技术(CreateRemoteThread、APC Injection、Process Hollowing)已经被研究得相当充分,MITRE ATT&CK的T10 ...
致远V7.0SP3历史漏洞分析
致远V7.0SP3基于seeyonreport(帆软报表v9)的历史漏洞分析
House of storm学习
遇到一个只有这个手法才能解决的题目,结合源码理解一下这个题目,顺便总结一下堆所学的知识
2026ciscn半决赛
赛场时候的做题
红队基础设施建设--重定向器
红队基础设施建设--重定向器
2026数字中国pwn
第二个零解题确实做不出来,8字节任意地址写没有泄露的ioctl支持解决不了
Langflow 1.8.3 CodeParser eval() —RCE漏洞分析+POC
小0day;CodeParser.parse_callable_details() 方法在解析函数的返回类型注解时,将注解字符串通过 ast.unparse() 提取后直接传递给 eval() 执行。
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel sys ...
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human ...
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blam ...
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devi ...
Friday Squid Blogging: New Giant Squid Video
Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories ...
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
Every Old Vulnerability Is Now an AI Vulnerability
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in com ...
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security ro ...
Mythos and Cybersecurity
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that ...
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it bl ...
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVE ...
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-serv ...
Here's What Agentic AI Can Do With Have I Been Pwned's APIs
I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencers, disinformati ...
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
'Harmless' Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be exclud ...
Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barri ...
Human Trust of AI Agents
Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models (LLMs) int ...
Defense in Depth, Medieval Style
This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined d ...
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, includ ...
合法终端管理软件遭滥用:疑似银狐攻击事件分析与溯源
作者:知道创宇高级威胁情报团队 一、事件概述 近期,我们在客户现场应急响应中排查到一起新型攻击事件。攻击者伪造常用工具安装包诱导执行,随即部署一款带有合法数字签名的终端管理软件。经技术溯源确认,该程序具备主机信息收集、远程控制等完整恶意能力,其 C2 基础设施与 “银狐” 高度关联。由于合法数字签名 ...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026 ...
How Hackers Are Thinking About AI
Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion ...
Weekly Update 499
I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't just about auto-responding to t ...
On Anthropic’s Mythos Preview and Project Glasswing
The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is ...
AI Chatbots and Trust
All the leading AI chatbots are sycophantic, and that's a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. ...
SkillTrojan:针对基于技能的智能体系统的后门攻击
作者:Yunhao Feng, Yifan Ding, Yingshui Tan等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2604.06811v1/https://arxiv.org/html/2604.06811v1 摘要 基于技能的智能体系统通 ...
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Micr ...
Weekly Update 498
This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a customer (who, for n ...
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities ...
GUARD‑SLM:面向小语言模型、基于令牌激活的越狱攻击防御方法
作者:Md. Jueal Mia1, Joaquin Molto1, Yanzhao Wu1, M. Hadi Amini 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.28817v1/https://arxiv.org/html/2603.28 ...
Weekly Update 497
Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and ...
HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API
For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hun ...
Weekly Update 496
Watching OpenClaw do its thing must be like watching the first plane take flight. It's a bit rickety and stuck together with a lot of sticky tape, but ...
静默颠覆:通过卫星系统供应链植入物实施的传感器欺骗攻击
作者:Jack Vanlyssel, Gruia-Catalin Roman, Afsah Anwar 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.10388v1/https://arxiv.org/html/2603.10388v1 摘要 欺 ...
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly ...
增强网络入侵检测系统:一种抵御对抗攻击的多层集成方法
作者:Nasim Soltani, Shayan Nejadshamsi等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.10413v1/https://arxiv.org/html/2603.10413v1 摘要 对抗样本会对机器学习(ML)算 ...
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets th ...
Weekly Update 495
In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers ...
CUDA Agent:面向高性能 CUDA 内核生成的大规模智能体强化学习
作者:Weinan Dai, Hanlin Wu, Qiying Yu等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.24286v1/https://arxiv.org/html/2602.24286v1 摘要 GPU内核优化是现代深度学习的基 ...
Unmasking SilverFox’s New Trends: Decoding Evasion Tactics, Domain Impersonation, and Mass-Generated Fake Software
Author: Knownsec 404 Advanced Threat Intelligence Team I. Introduction SilverFox has become one of the most active cyber threats in recent years, targ ...
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te ...
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre ...
基于图像的提示注入:通过视觉嵌入的对抗性指令劫持多模态大语言模型
作者:Neha Nagaraja, Lan Zhang, Zhilong Wang 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.03637v1/https://arxiv.org/html/2603.03637v1 摘要:多模态大语言模型(ML ...
Weekly Update 494
Since starting HIBP a dozen and a bit years ago, I've loaded an average of one breach every 4.7 days. That's 959 of them to date, but last week it was ...
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...
幽灵依赖:Agentic Coding 范式下的新型供应链安全威胁
Author: Tianchu Chen of Tencent Xuanwu Lab 0x00 简介随着 LLM(大语言模型)能力的跃升,AI 软件开发模式正从“人写代码,AI 补全”的 Copilot 模式,向“AI 主导决策,自动执行”的 Agentic Coding 模式演进。在 Agenti ...
AI网络爬虫安全白皮书
Author: Guancheng Li and Zheng Wang of Tencent Xuanwu Lab 本文是腾讯玄武实验室发布的《AI网络爬虫安全白皮书》。我们系统分析了 AI 时代服务端浏览器 / 爬虫在真实业务中的典型使用方式,以及由此带来的新的攻击面与风险。 在这篇白皮书中,我们 ...
ComfyUI-Manager 远程代码执行风险通告
近期腾讯玄武实验室发现可视化 AI 工作流工具 ComfyUI 的官方扩展组件 ComfyUI-Manager 中存在一个高危漏洞(CVE-2025-67303)。利用该漏洞可在无需任何账号的情况下远程入侵安装 ComfyUI 的系统。玄武实验室在发现漏洞后向 ComfyUI 官方进行了报告,目前该 ...
量子计算机距离攻破 RSA-2048 还有多远
Author: Guancheng Li of Tencent Xuanwu Lab 在当今数字世界中,RSA‑2048 与 ECC 等经典公钥密码是最广泛应用的加密标准,支撑着网络安全、金融交易和隐私保护的底层信任。然而,这一基石正面临量子计算的潜在威胁。理论上,量子计算机能够以远快于经典计算机的 ...
我们的AI发现了一个零知识证明库的漏洞,Sam Altman的项目也用了这个库
Author: Guancheng Li, Xiaolin Zhang and Yang Yu of Tencent Xuanwu Lab 2025 年 8 月,腾讯玄武实验室的阿图因自动化漏洞挖掘引擎在零知识证明库 gnark 中发现了一个高危漏洞(CVE-2025-57801,CVSS 8.6) ...