Security News
全球顶尖安全社区实时聚合,追踪最新漏洞、攻防技术与行业动态。
来源:先知社区 · Seebug · The Hacker News 等权威平台 | 每日自动更新
2026desctf-部分wp
array和mqtt题目讲解
CVE-2026-30860:腾讯开源 AI 框架 WeKnora SQL 注入绕过导致远程代码执行
漏洞来源一个评分十分的漏洞漏洞描述WeKnora 是一个基于 LLM 的框架,旨在实现深度文档理解和语义检索。在 0.2.12 版本之前,该应用程序的数据库查询功能存在远程代码执行 (RCE) 漏洞。验证系统未能递归检查 PostgreSQL 数组表达式和行表达式中的子节点,这使得攻击者能够绕过 S ...
WIndows x64 ShellCode开发 第三章 反向Shell编写
本篇作为WIndows x64 ShellCode开发 第三章,经过前两章x64汇编语法与相关约束、动态API调用等的练习,这一章就到了我们写反向shell并转成ShellCode与目标机建立连接最终目的,先从Extern外部调用开始学习API结构和调用逻辑,然后纯汇编编写,代码很多耐心观看
深入探究 Windows 底层执行流劫持与 EDR 规避技术
在现代高级威胁防护(EDR)体系下,传统的安全规避手段正逐渐失效。防守方的监控重点已从单纯的静态文件特征提取,向内存状态分析、线程调用栈回溯以及内核级遥测转移。本文将从底层原理出发,详细剖析基于 DLL 搜索机制的执行流劫持,并深入探讨利用动态解析与系统调用(Syscalls)绕过用户层监控的现代加 ...
某思oa代码审计记录
老代码审计
某公交系统漏洞分析
HisModules ERP 系统存在的严重安全缺陷
AI Agent技能(Skill)详解:结构、使用与开发指南
skill介绍、skill使用、开发属于自己的skill。
自动化解密 .NET XORStringsNet 混淆器
针对在 Agent Tesla 等知名 .NET 恶意软件中泛滥的 XORStringsNet 混淆器,本文详细记录了分析师如何抛弃繁琐的传统手动逆向分析,开发出一款高效、全自动的 Python 批量解密工具的实战全过程。
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iranian APTs have long pretended to be cybercriminal groups. Now they're working with actual cybercriminal groups.
Commercial Spyware Opponents Fear US Policy Shifting
Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.
iPhones and iPads Approved for NATO Classified Data
Apple announcement: …iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations ...
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant depa ...
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a finan ...
Why Stryker's Outage Is a Disaster Recovery Wake-Up Call
The Iranian cyberattack on Stryker is the kind of stress test that business continuity and disaster recovery programs often do not plan for.
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns ...
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits ...
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phi ...
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of th ...
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices ...
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vuln ...
INC Ransomware Group Holds Healthcare Hostage in Oceania
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
Xygeni GitHub Action Compromised Via Tag Poison
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te ...
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical ...
Canada Needs Nationalized, Public AI
Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Soverei ...
Middle East Conflict Highlights Cloud Resilience Gaps
Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.
基于图像的提示注入:通过视觉嵌入的对抗性指令劫持多模态大语言模型
作者:Neha Nagaraja, Lan Zhang, Zhilong Wang 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.03637v1 摘要:多模态大语言模型(MLLMs)融合视觉与文本能力赋能各类应用,但这种融合也引入了新的安全漏洞。 ...
Microsoft Patches 83 CVEs in March Update
For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre ...
Jailbreaking the F-35 Fighter Jet
Countries around the world are becoming increasingly concerned about their dependencies on the US. If you've purchase US-made F-35 fighter jets, you a ...
虚假 OpenClaw 安装程序如何传播 GhostSocks 恶意软件
作者:Jai Minton, Ryan Dowd 原文链接:https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer 摘要 信息窃取型恶意软件是针对面向公众系统发起严重攻击的初始访问途径,例如 2024 年的 Snowf ...
Weekly Update 494
Since starting HIBP a dozen and a bit years ago, I've loaded an average of one breach every 4.7 days. That's 959 of them to date, but last week it was ...
New Attack Against Wi-Fi
It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a cli ...
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...
Friday Squid Blogging: Squid in Byzantine Monk Cooking
This is a very weird story about how squid stayed on the menu of Byzantine monks by falling between the cracks of dietary rules. At Constantinople's M ...
Anthropic and the Pentagon
OpenAI is in and Anthropic is out as a supplier of AI technology for the US defense department. This news caps a week of bluster by the highest offici ...
Claude Used to Hack Mexican Government
An unknown hacker used Anthropic's LLM to hack the Mexican government: The unknown Claude user wrote Spanish-language prompts for the chatbot to act a ...
当 AI Agent 拥有系统权限:OpenClaw 安全风险全景分析
作者:知道创宇积极防御实验室 完整的 OpenClaw 安全实践 Skill、自动化审计工具已在 GitHub 开源。项目地址:https://github.com/knownsec/openclaw-security 一、背景说明 随着 AI Agent 技术的快速演进,具备自动化决策与自主执行能 ...
ZeroDayBench:评估大语言模型智能体在未知零日漏洞上的网络防御能力
作者:Nancy Lau1, Louis Sloot2, Jyoutir Raj等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2603.02297v1 摘要 大语言模型(LLMs)正越来越多地作为软件工程智能体部署,自主为代码仓库贡献内容。这类智能体的 ...
Israel Hacked Traffic Cameras in Iran
Multiple news outlets are reporting on Israel's hacking of Iranian traffic cameras and how they assisted with the killing of that country's leadership ...
MulCovFuzz:面向 5G 协议测试的多组件覆盖率引导灰盒模糊测试工具
作者:Yu Wang, Yang Xiang, Chandra Thapa, Hajime Suzuki 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.21794v1 摘要 随着移动网络向5G基础设施演进,其复杂的架构和扩大的攻击面让保障安全的重 ...
Weekly Update 493
The Odido breach leaks were towards the beginning during this week's update. I recorded it the day after the second dump of data had hit, with a third ...
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's lar ...
评估大型语言模型在心理健康支持中的风险:自动化临床人工智能红队评估框架
作者:Ian Steenstra, Paola Pedrelli, Weiyan Shi 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/pdf/2602.19948 摘要 大型语言模型(LLMs)正越来越多地应用于心理健康支持领域,然而当前的安全基准往往无法检测到治 ...
幽灵依赖:Agentic Coding 范式下的新型供应链安全威胁
Author: Tianchu Chen of Tencent Xuanwu Lab 0x00 简介随着 LLM(大语言模型)能力的跃升,AI 软件开发模式正从“人写代码,AI 补全”的 Copilot 模式,向“AI 主导决策,自动执行”的 Agentic Coding 模式演进。在 Agenti ...
基于 TCF 的安卓应用的自动隐私分析与法律合规性
作者:Victor Morel, Cristiana Santos, Pontus Carlsson等 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.20222v1 摘要 由欧洲互动广告局(IAB Europe)开发的透明化与同意框架(TCF), ...
Weekly Update 492
The recurring theme this week seems to be around the gap between breaches happening and individual victims finding out about them. It's tempting to bl ...
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by ant ...
Weekly Update 491
Well, the ESP32 Bluetooth bridge experiment was a complete failure. Not the radios themselves, they're actually pretty cool, but there's just no way I ...
MUZZLE:针对间接提示注入攻击的网络智能体自适应智能红队测试
作者:Georgios Syros, Evan Rose, Brian Grinstead 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2602.09222v1 摘要 基于大语言模型(LLM)的网络智能体正被广泛部署,通过直接与网站交互并代表用户执行操作 ...
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a dece ...
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopp ...
Weekly Update 490
A big "thank you" to everyone who helped me troubleshoot the problem with my "Print Screen" button on the new PC. Try as we all might, none of us coul ...
Weekly Update 489
This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a li ...
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from vic ...
AI网络爬虫安全白皮书
Author: Guancheng Li and Zheng Wang of Tencent Xuanwu Lab 本文是腾讯玄武实验室发布的《AI网络爬虫安全白皮书》。我们系统分析了 AI 时代服务端浏览器 / 爬虫在真实业务中的典型使用方式,以及由此带来的新的攻击面与风险。 在这篇白皮书中,我们 ...
Weekly Update 488
It's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most not ...
Weekly Update 487
I thought Scott would cop it first when he posted about what his solar system really cost him last year. "You're so gonna get that stupid AI-slop resp ...
ComfyUI-Manager 远程代码执行风险通告
近期腾讯玄武实验室发现可视化 AI 工作流工具 ComfyUI 的官方扩展组件 ComfyUI-Manager 中存在一个高危漏洞(CVE-2025-67303)。利用该漏洞可在无需任何账号的情况下远程入侵安装 ComfyUI 的系统。玄武实验室在发现漏洞后向 ComfyUI 官方进行了报告,目前该 ...
量子计算机距离攻破 RSA-2048 还有多远
Author: Guancheng Li of Tencent Xuanwu Lab 在当今数字世界中,RSA‑2048 与 ECC 等经典公钥密码是最广泛应用的加密标准,支撑着网络安全、金融交易和隐私保护的底层信任。然而,这一基石正面临量子计算的潜在威胁。理论上,量子计算机能够以远快于经典计算机的 ...