chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-07-03 #581

Closed chainreactorbot closed 3 months ago

chainreactorbot commented 4 months ago

每日安全资讯（2024-07-03）

SecWiki News
- [ ] SecWiki News 2024-07-02 Review
Trustwave Blog
- [ ] 5 Reasons Employees Hate Cybersecurity Training and 6 Tips to Turn Them Around
Private Feed for M09Ic
- [ ] zema1 starred gmh5225/awesome-llvm-security
- [ ] wudicainiao started following M09Ic
- [ ] mitre forked mitre/beta-redhat-enterprise-linux-8-stig-baseline from mitre/sample-rhel8-overlay
- [ ] kpcyrd starred f0rb1dd3n/Reptile
- [ ] RicterZ starred chainreactors/spray
- [ ] yqcs released 棱镜 X 1.2.5 发布 at yqcs/prismx
- [ ] gh0stkey starred mathialo/bython
- [ ] ZeddYu starred localsend/localsend
- [ ] Ascotbe starred Ascotbe/Kernelhub
- [ ] Fplyth0ner-Combie started following paranoidninja
- [ ] gh0stkey starred kvcache-ai/Mooncake
- [ ] gh0stkey started following shuanx
- [ ] gh0stkey starred shuanx/BurpAPIFinder
- [ ] gh0stkey starred andytango/mupdf-js
- [ ] gh0stkey starred ozgrozer/chatgpt-artifacts
- [ ] gh0stkey starred FlechazoPh/QLDependency
- [ ] 4ra1n starred orangetw/My-Presentation-Slides
- [ ] 4ra1n starred chainreactors/gogo
- [ ] zer0yu started following tomato42
- [ ] ManassehZhou forked ManassehZhou/cve-2024-6387-poc from zgzhang/cve-2024-6387-poc
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] OpenSSH Server regreSSHion Remote Code Execution
- [ ] Xhibiter NFT Marketplace 1.10.2 SQL Injection
- [ ] Customer Support System 1.0 Stored XSS
- [ ] WordPress WPCode Lite 2.1.14 Cross Site Scripting
- [ ] WordPress FooGallery 2.4.16 Cross Site Scripting
- [ ] WordPress Gallery 2.3.6 Cross Site Scripting
安全客-有思想的安全新媒体
- [ ] 新的 OpenSSH 漏洞可能导致 Linux 系统以 Root 身份进行 RCE
- [ ] CocoaPods 中的严重缺陷导致 iOS 和 macOS 应用程序遭受供应链攻击
- [ ] LockBit 宣布攻击克罗地亚最大的医院 KBC-Zagreb
- [ ] Evolve Bank 黑客攻击导致 Affirm 付款客户受损
- [ ] 人工智能时代确保你的职业生涯未来的五大技能
- [ ] CDK Global 网络攻击导致美国汽车销售陷入瘫痪：数周后才能恢复正常
- [ ] 日本视频分享网站Niconico 确认遭受网络攻击
- [ ] CocoaPods 漏洞可能影响苹果、微软、Facebook、TikTok、Snap 等
- [ ] 澳大利亚国民银行对主要银行面临的网络威胁发出警告
Files ≈ Packet Storm
- [ ] Gentoo Linux Security Advisory 202407-09
- [ ] WordPress FooGallery 2.4.16 Cross Site Scripting
- [ ] WordPress Gallery 2.3.6 Cross Site Scripting
- [ ] Ubuntu Security Notice USN-6851-2
- [ ] Ubuntu Security Notice USN-6844-2
- [ ] Red Hat Security Advisory 2024-4212-03
- [ ] Red Hat Security Advisory 2024-4211-03
- [ ] Red Hat Security Advisory 2024-4210-03
- [ ] Red Hat Security Advisory 2024-4209-03
- [ ] PowerVR Driver Missing Sanitization
Doonsec's feed
- [ ] UIUCTF 2024 Writeup
- [ ] 秦安：驻法卢大使发出信号，国防部警告赖清德与美日，真要下地狱
- [ ] 牟林：震惊之余，建议反腐技术突破，我们更应该有解放台湾的信心
- [ ] 《诗词游记》第339期：三十三年弹指间
- [ ] 用AI复活专辑封面被惊艳到了
- [ ] 原来是个“废物”漏洞，我以为是多牛逼的漏洞
- [ ] WAVE SUMMIT产业论坛圆满落地，安全护航大模型产业平稳健康发展
- [ ] GLCC 2024 | Apache HugeGragh高校活动任务等你来挑战！
- [ ] 实战登录框漏洞测试
- [ ] 反制取证典范with思路
- [ ] OpenSSH RCE (CVE-2024-6387) | 附poc
- [ ] 国家数据局局长刘烈宏：今年将印发数据产权、数据流通等8项制度文件
- [ ] 江苏省商用密码产业协会组织开展“迎七一话密码·党建引领商密高质量发展”主题座谈活动
- [ ] 发布 | 工信部等四部门联合印发《国家人工智能产业综合标准化体系建设指南（2024版）》（附全文）
- [ ] 印尼国家数据中心遭受重大网络攻击，主管部长面临辞职压力
- [ ] 长沙市某培训学校不履行网络安全保护义务被罚款
- [ ] 广东省通信管理局等十七部门联合印发《广东省工业互联网标识解析体系“千标通粤”贯通行动计划（2024-2026年）》
- [ ] 一图读懂丨广东省工业互联网标识解析体系“千标通粤”贯通行动计划
- [ ] 学术前沿 | 方滨兴院士团队：重构网络空间安全防御模型——SARPPR
- [ ] 网安周报 | 国务院审议通过《中华人民共和国保守国家秘密法实施条例（修订草案）》
- [ ] 逆向学习汇编篇 -- 目标进程进行代码注入
- [ ] 逆向学习汇编篇 -- API Hook应用实例
- [ ] 网络安全学习资料 -- 安全加固
- [ ] LLM jailbreak的对抗
- [ ] Ti云-开启你的数字之旅
- [ ] 为啥取证厂商扎堆突破安卓12/13提权？来看看CVE-2024-0044高严重性漏洞
- [ ] 再谈威胁建模
- [ ] 进群围观棉花糖道歉信
- [ ] 护网在即，助力安服仔漏洞扫描~
- [ ] 快手Vision Pro版实测体验！沉浸模式，刷视频绝了！
- [ ] 【论文速读】|FuzzAug：探索模糊测试作为神经网络测试生成的数据增强
- [ ] 2024年中关村仿生机器人大赛正式拉开帷幕
- [ ] 信息产品研发能力评估工作组正式启动筹备
- [ ] 赛迪检测DCMM贯标评估服务再获官方好评
- [ ] 圆满闭幕！2024“三品”行河北——首届数字“三品”创新发展大赛闭幕式在邢台宁晋召开
- [ ] 【漏洞预警】GeoServer property 表达式注入代码执行漏洞（CVE-2024-36401）
- [ ] 【漏洞预警】Apache HTTP Server 信息泄露漏洞
- [ ] 打工人，格局真不能小！
- [ ] 【已复现】Geoserver表达式注入致远程代码执行漏洞（CVE-2024-36401）
- [ ] Windows 修复漏洞遭利用，推送恶意脚本
- [ ] PoC已出！高危漏洞CVE-2024-6387强势来袭
- [ ] 招聘|深圳|初级安服工程师|7K-10K
- [ ] 棉花糖因传播BRC4公开给破解者道歉！对不起侵犯了您的版权！
- [ ] ctftools-all-in-one V3.0
- [ ] 全球数字经济大会Day1亮点：盛邦安全卫星互联网安全技术，引安哥拉驻华大使馆参赞驻足关注
- [ ] OpenSSH漏洞预警：无需用户交互，可提权至 root
- [ ] 澳大利亚男子炮制虚假航空公司WIFI骗取乘客账户凭证
- [ ] 强对抗的SquidLoader针对中国企业发起攻击
- [ ] APKDeepLens：一款针对Android应用程序的安全扫描工具
- [ ] 丰台警方破获信用卡诈骗案 | 玛曲警方破获航班改签诈骗案——涉网犯罪每日情报
- [ ] 齐向东出席2024全球数字经济大会：AI驱动网络安全“质”“效”双提升
- [ ] 气象数据关乎国家安全，某省气象局“自检”发现5类数据安全隐患
- [ ] InForSec2024夏令营报名倒计时，席位有限，欲报从速！
- [ ] 【漏洞复现】GeoServer开源地理服务 wfs 远程命令执行(CVE-2024-36401)
- [ ] 安全团队指南：如何创建网络安全的 \"谷歌地图\"
- [ ] 慢雾：2024 Q2 MistTrack 被盗表单分析
- [ ] 第一期圆满结束|“浦江护航”2024年上海市电信和互联网行业数据安全专项行动公益培训
- [ ] 启明星辰安全运营助手@盘小古，就是很City啊~
- [ ] 送福利啦！《中国信息安全》杂志随刊赠送案例集
- [ ] 关注 | 联大通过中国提出的加强人工智能能力建设国际合作决议
- [ ] 关注 | 中央网信办召开全国重点商业网站平台管理工作会议
- [ ] 关注 | 工信部网安局组织召开网络安全保险服务试点工作推进会
- [ ] 关注 | “清朗·优化营商网络环境－整治涉企侵权信息乱象”专项行动公开曝光第二批典型案例
- [ ] 算力云，亚信安全首发信舱ForCloud算力云安全方案
- [ ] 高危！OpenSSH远程代码执行漏洞风险通告
- [ ] 6月Web3生态黑客攻击、钓鱼诈骗等造成的总损失金额达1.83亿美元
- [ ] 现金奖励 | GROW计划漏洞挖掘实战第二期
- [ ] 《渡难关》
- [ ] OSPFv3与OSPFv2有啥不同，有哪些大的改进？
- [ ] docx 转 markdown
- [ ] 一文了解Base64编码
- [ ] Android Native内存泄漏检测方案详解
Security Boulevard
- [ ] USENIX Security ’23 – Efficient 3PC for Binary Circuits with Application to Maliciously-Secure DNN Inference
- [ ] Upcoming Book on AI and Democracy
- [ ] Latest OpenSSH Vulnerability Might Impact 14M Linux Systems
- [ ] Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #295 – Agile Consultant Ambitions
- [ ] ‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
- [ ] Secrets Exposed: The Rise of GitHub as an Attack Vector
- [ ] We’re Asking the Wrong Questions About regreSSHion
- [ ] Weaponizing API discovery metadata
- [ ] Stormy Skies: Weathering the Threat of Ransomware in the Cloud
- [ ] The Importance of an Up-to-Date Information Security Plan for Automotive OEMs and Dealerships
Recent Commits to cve:main
- [ ] Update Tue Jul 2 22:27:53 UTC 2024
- [ ] Update Tue Jul 2 14:33:15 UTC 2024
- [ ] Update Tue Jul 2 06:29:02 UTC 2024
obaby@mars
- [ ] 青岛的雨🌧️
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 竹云位居首位 | 沙利文《2024年全球及中国IAM中间件市场报告》正式发布
- [ ] “游蛇”黑产团伙利用恶意文档进行钓鱼攻击活动分析
- [ ] 漏洞预警丨OpenSSH 远程代码执行漏洞（CVE-2024-6387）
- [ ] 微步OneSEC通过VB100认证加入全球顶级反病毒俱乐部
- [ ] 东半球网络安全顶赛闭幕矩阵杯创下多项“行业第一”
- [ ] 博智安全深度参与2024年能源网络安全大赛暨能源网络安全和信息化大会，亮点纷呈
- [ ] 警惕使用 Word 文件缩短 URL 来安装 Remcos RAT
- [ ] 焕新启航众行致远丨2024年盛邦安全渠道大会南京首站盛大启幕
Cerbero Blog
- [ ] DEX Decompiler Package
NVISO Labs
- [ ] The End of Passwords? Embrace the Future with Passkeys.
Reverse Engineering
- [ ] CVE-2024-29510 - Exploiting Ghostscript using format strings
- [ ] Tcache exploitation tutorial in details
Malwarebytes
- [ ] Prudential Financial data breach impacts 2.5 million people, not 36,000 as first thought
PortSwigger Research
- [ ] A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA
CCC Event Blog
- [ ] MRMCD24: Call for Participation
Security Blog | Praetorian
- [ ] Secrets Exposed: The Rise of GitHub as an Attack Vector
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | OpenSSH 遭遇新威胁；日本动漫游戏巨头 Kadokawa 承认数据泄露
- [ ] 可获root权限，思科NX-OS 零日漏洞修复已发布
- [ ] OpenSSH漏洞预警：无需用户交互，可提权至 root
- [ ] 澳大利亚男子炮制虚假航空公司WIFI骗取乘客账户凭证
- [ ] 网络安全&密码学—python中的各种加密算法
安全牛
- [ ] 2024年上半年典型网络攻击事件盘点
- [ ] 我国牵头提出的国际标准《网络安全物联网安全与隐私家庭物联网指南》正式发布
bishopfox.com
- [ ] Product Security Review Methodology for Traeger Grill Hack
奇客Solidot–传递最新科技情报
- [ ] 科学家被控伪造数据以获取 1600 万美元的研究拨款
- [ ] Windows 11 中国政府版没有 Edge 等微软预装应用
- [ ] Google Chrome 不再信任 Entrust 签发的证书
- [ ] 蝴蝶不停的飞行了 2600 英里
- [ ] 10 岁阿根廷男孩成为最年轻国际象棋大师
- [ ] 研究称间歇性禁食有助于改善认知
- [ ] 法国监管机构准备指控英伟达反竞争
Dhole Moments
- [ ] My Furry Blog is NOT an Opportunity to Develop Your Brand
奇安信 CERT
- [ ] 【POC公开】OpenSSH 远程代码执行漏洞(CVE-2024-6387)安全风险通告第二次更新
看雪学苑
- [ ] 资深专家vector带你玩转调试神器：x64dbg
- [ ] Windows主机入侵检测与防御内核技术深入解析
- [ ] 日本动漫媒体巨头角川遭黑客攻击勒索，1.5TB敏感数据泄露
腾讯玄武实验室
- [ ] 每日安全动态推送(7-2)
HackerNews
- [ ] 可获 root 权限，思科 NX-OS 零日漏洞修复已发布
- [ ] Windows 修复漏洞遭利用，推送恶意脚本
- [ ] 澳大利亚男子炮制虚假航空公司 WIFI 骗取乘客账户凭证
- [ ] 数百万 OpenSSH 服务器可能遭受远程 regreSSHion 攻击（CVE-2024-6387）
农夫安全团队
- [ ] 关于今年HW的⼀些思考
绿盟科技研究通讯
- [ ] GPU机密计算——以NVIDIA H100为例
代码卫士
- [ ] 堪比 Log4Shell：数百万台 OpenSSH 服务器易受 regreSSHion 远程攻击
- [ ] CocoaPods 严重漏洞导致 iOS 和 macOS 应用易受供应链攻击
- [ ] 谷歌推出新的KVM漏洞奖励计划，最高赏金25万美元
微步在线研究响应中心
- [ ] 关于OpenSSH RCE（CVE-2024-6387）高频关注的FAQ
长亭安全应急响应中心
- [ ] 【已复现】Geoserver表达式注入致远程代码执行漏洞（CVE-2024-36401）
天御攻防实验室
- [ ] 防御任意SSH远程代码执行漏洞
知道创宇404实验室
- [ ] 【知道创宇404实验室】建议关注 Apache 2.4.60 更新修复多个安全漏洞
吾爱破解论坛
- [ ] 【Android 原创】某短视频虚拟机分析和还原
阿里云应急响应
- [ ] OpenSSH Server 远程代码执行漏洞（CVE-2024-6387）
黑奇士
- [ ] 太原老葛暴打妇女后，收到上亿礼物
慢雾科技
- [ ] 慢雾：2024 Q2 MistTrack 被盗表单分析
关键基础设施安全应急响应中心
- [ ] 网络法治的中国智慧与中国方案
- [ ] 谷歌拟允许独立Web应用访问敏感的USB设备
- [ ] Windows 修复漏洞遭利用，推送恶意脚本
安全内参
- [ ] 国家数据中心遭受重大网络攻击，该国主管部长面临辞职压力
- [ ] 长沙一培训学校不履行网络安全保护义务被罚1万元
中国信息安全
- [ ] 启明星辰安全运营助手@盘小古，就是很City啊~
- [ ] 送福利啦！《中国信息安全》杂志随刊赠送案例集
- [ ] 关注 | 联大通过中国提出的加强人工智能能力建设国际合作决议
- [ ] 发布 | 工信部等四部门联合印发《国家人工智能产业综合标准化体系建设指南（2024版）》（附全文）
- [ ] 关注 | 中央网信办召开全国重点商业网站平台管理工作会议
- [ ] 关注 | 工信部网安局组织召开网络安全保险服务试点工作推进会
- [ ] 关注 | “清朗·优化营商网络环境－整治涉企侵权信息乱象”专项行动公开曝光第二批典型案例
安全圈
- [ ] 【安全圈】B站、小红书崩了冲上热搜，阿里云回应
- [ ] 【安全圈】澳大利亚男子炮制虚假航空公司WIFI骗取乘客账户凭证
- [ ] 【安全圈】数百万 OpenSSH 服务器可能遭受远程 regreSSHion 攻击（CVE-2024-6387）
- [ ] 【安全圈】影响超六百万人！美国一企业遭 LockBit 勒索软件攻击
DataCon大数据安全分析竞赛
- [ ] 转发抽奖！InForSec2024夏令营报名倒计时，席位有限，欲报从速！
360漏洞云
- [ ] 360BugCloud助阵矩阵杯，合力共建漏洞安全新生态
数世咨询
- [ ] 《数据泄露态势月度报告》(2024年6月) | 附下载地址
- [ ] 【十佳案例】JMC江铃集团多品牌全车型态势感知 + 入侵检测防御系统案例
- [ ] 博智安全深度参与2024年能源网络安全大赛
默安科技
- [ ] 中标中国移动集采项目，共谱高效安全运营新篇
CNCERT国家工程研究中心
- [ ] 著名远控软件TeamViewer IT系统遭APT攻陷，安全专家建议暂时删除
- [ ] Juniper Networks曝最严重的「身份验证」漏洞，影响大量路由器
- [ ] PoC已出！高危漏洞CVE-2024-6387强势来袭
山石网科安全技术研究院
- [ ] 2024首届“山石·蒙山杯”网络安全大赛WriteUp
字节跳动技术团队
- [ ] 字节图数据库架构论文入选数据库顶会SIGMOD 2024
Security Café
- [ ] Red Team Finds A Way – Exploiting The Human Factor
国家互联网应急中心CNCERT
- [ ] CNVD漏洞周报2024年第26期
- [ ] 上周关注度较高的产品安全漏洞(20240624-20240630)
情报分析师
- [ ] 幽灵行动：FBI抓捕美国境内的俄罗斯间谍网
- [ ] 上合组织信息梳理（附下载）
虎符智库
- [ ] 安全团队指南：如何创建网络安全的 "谷歌地图"
极客公园
- [ ] 「遥遥领先」的华为智驾，最大的风险是什么？
- [ ] 互联网巨头，如何合法地「偷」你的数据训练 AI？
- [ ] 苹果 AI 部分功能或需付费订阅；Altman 称 GPT-5 有「巨大飞跃」；马斯克大赞黄仁勋扫厕所：绝对正确 | 极客早知道
KCon 黑客大会
- [ ] 大众评选开启 | KCon大会议题大PK！速来选出你的心仪议题
嘶吼专业版
- [ ] 警惕使用 Word 文件缩短 URL 来安装 Remcos RAT
- [ ] 博智安全深度参与2024年能源网络安全大赛暨能源网络安全和信息化大会，亮点纷呈
火线Zone
- [ ] 火线安全Q2精英榜：致敬网络安全守护者
- [ ] 火线Zone 24年第二季度优秀内容公示
迪哥讲事
- [ ] 实战登录框漏洞测试
深信服千里目安全技术中心
- [ ] 【漏洞通告】OpenSSH 远程代码执行漏洞(CVE-2024-6387)
京东安全应急响应中心
- [ ] 巅峰之夜，星光闪耀！第二届京麒CTF总决赛战队巡礼第一篇章！
网安国际
- [ ] 安全和可靠的大型语言模型（LLMs）全球挑战赛拉开帷幕，等你来战！
Over Security - Cybersecurity news aggregator
- [ ] Newsletter writer covering Evolve Bank’s data breach says the bank sent him a cease and desist letter
- [ ] ‘RegreSSHion’ bug raises alarms but experts question chances of widespread exploitation
- [ ] Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
- [ ] Xbox is down worldwide with users unable to login, play games
- [ ] Supreme Court to take up Texas law requiring adults verify age to watch porn
- [ ] Yieldstreet says some of its customers were affected by the Evolve Bank data breach
- [ ] Google now pays $250,000 for KVM zero-day vulnerabilities
- [ ] Patelco shuts down banking systems following ransomware attack
- [ ] Fintech company Affirm says Evolve Bank attack exposed customer info
- [ ] LockBit claims cyberattack on Croatia’s largest hospital
- [ ] Affirm says cardholders impacted by Evolve Bank data breach
- [ ] Stolen credentials could unmask thousands of darknet child abuse website users
- [ ] Google Pixel 6 series phones bricked after factory reset
- [ ] UN urges Russia to ‘immediately’ cease interference in European satellites
- [ ] Analysis of user password strength
- [ ] Le imprese migliorano le difese per accedere alle cyberassicurazioni
- [ ] March 2024 Cyber Attacks Statistics
- [ ] Uncover Bluetooth Vulnerabilities with BlueToolkit
- [ ] Exposing FakeBat loader: distribution methods and adversary infrastructure
- [ ] L’attività dei cybercriminali su Telegram è in preoccupante aumento
- [ ] SAML Raider Release 2.0.0
威胁猎人Threat Hunter
- [ ] 2024年上半年，恶意IPv6已在部分风险场景中占比超过IPv4
TrustedSec
- [ ] The Dangers of Transition Mode
Securityinfo.it
- [ ] Le imprese migliorano le difese per accedere alle cyberassicurazioni
- [ ] L’attività dei cybercriminali su Telegram è in preoccupante aumento
ICT Security Magazine
- [ ] Email Security: Social Engineering e Threat Intelligence
Beacon Tower Lab
- [ ] 漏洞预警丨OpenSSH 远程代码执行漏洞（CVE-2024-6387）
HACKMAGEDDON
- [ ] March 2024 Cyber Attacks Statistics
Yoroi Warning Archive Feed
- [ ] Warning: Vulnerabilità regreSSHion in OpenSSH server
天融信阿尔法实验室
- [ ] 【风险提示】天融信关于OpenSSH远程代码执行漏洞(CVE-2024-6387)的风险提示
Schneier on Security
- [ ] Upcoming Book on AI and Democracy
- [ ] Public Surveillance of Bars
The Hacker News
- [ ] How MFA Failures are Fueling a 500% Surge in Ransomware Losses
- [ ] New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
- [ ] Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny
- [ ] Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
- [ ] Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
Posts By SpecterOps Team Members - Medium
- [ ] Like Shooting Phish in a Barrel
The Register - Security
- [ ] Affirm fears customer info pilfered during ransomware raid at Evolve Bank
- [ ] 'Almost every Apple device' vulnerable to CocoaPods supply chain attack
- [ ] Baddies hijack Korean ERP vendor's update systems to spew malware
补天平台
- [ ] 现金奖励 | GROW计划漏洞挖掘实战第二期
Deeplinks
- [ ] Careful with your marshmallows 🔥
- [ ] Podcast Episode: Fighting Enshittification
Technical Information Security Content & Discussion
- [ ] Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
- [ ] Kirin: Hitting the Internet with Distributed BGP Announcements
- [ ] BlueToolkit - automated and portable Bluetooth vulnerability testing framework against 43 exploits
- [ ] Race Conditions Found in Open-source IAM Solution Keycloak
- [ ] Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery (CSPT2CSRF)
Blackhat Library: Hacking techniques and research
- [ ] Is botting Spotify streams still a thing?
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] UniXSS - Generate UniCode Normalized Payloads for XSS Attacks
- [ ] Evolution of Wi-Fi Security - From WEP to WPA3
Computer Forensics
- [ ] Apple Watch series 6
- [ ] Any good tool for file listing of 7zip/zip archives?
- [ ] Tools to Take an Image
- [ ] CLBX and TheBinaryHick's sample image files
Deep Web
- [ ] Darkweb browsing
Your Open Hacker Community
- [ ] Vulnerability
- [ ] Remove emails from a list of passwords in hashcat?
- [ ] Can "netstat" command be used to pull IPs?
Social Engineering
- [ ] Project 2025: the biggest political social engineering document/movement of modern history?
- [ ] What are some social engineering techniques that are used on pets that can be used on humans?
Security Affairs
- [ ] Evolve Bank data breach impacted fintech firms Wise and Affirm
- [ ] Prudential Financial data breach impacted over 2.5 million individuals
- [ ] Australian man charged for Evil Twin Wi-Fi attacks on domestic flights
- [ ] China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware
NetSPI
- [ ] Impact Analysis: regreSSHion OpenSSH Vulnerability (CVE-2024-6387)
TorrentFreak
- [ ] LaLiga Demands €450 After ISPs Log Subscribers’ Visits to Pirate Servers
- [ ] Pirate Streaming Giant FMovies Hasn’t Updated in a Week
Information Security
- [ ] CVE-2024-6387 :: Check if you have any Linux/glibc based 32-bit systems internet-exposed. If yes, then consider patching it NOW!!
- [ ] Securing AI for SAP
Security Weekly Podcast Network (Audio)
- [ ] How To Avoid Being Phished - SWN Vault