Aggregator

A well-known Iran-linked hacking group has been caught running a far-reaching espionage campaign that touched at least nine organizations across nine countries and four continents in early 2026. The attackers used a clever trick to hide inside targeted networks: they abused legitimate, signed software to secretly load malicious code, making their activity look like normal […]

The post Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading appeared first on Cyber Security News.

Frankfurt am Main, Germany, 27th May 2026, CyberNewswire

第一次做数据库类型的heap，和常规的heap从利用和调试上都差距很多，网上都是打heap，这里通过连续伪造打的stack

Tomcat Tribes 分布式通信节点反序列化分析

本文聚焦于深度神经网络的全生命周期安全，系统性地剖析了人工智能模型在推理、训练及隐私保护三大环节面临的威胁。文章首先从理论层面定义了攻击面，随后结合经典例题，深入阐述了对抗样本的扰动生成机理、数据投毒的后门植入逻辑以及梯度泄露的隐私复原数学原理

io_uring是Linux 5.1引入的高性能异步I/O框架，通过共享内存环形缓冲区实现用户态与内核态的零拷贝通信。

https://b01lersc.tf/challenges

Django 框架在使用 PostGIS 查询地理栅格（raster）数据时，若将未经验证的用户输入直接作为 band index（波段索引）参数，会引发 SQL 注入

结合简单模型实验，直指漏洞利用

该文章介绍了一道 Node.js CTF 题目的解题思路：攻击者首先利用 /changepassword 接口的 merge() 函数原型链污染漏洞，注入 isAdmin: true 提权为管理员；随后通过 CVE-2026-22709 绕过 vm2 沙箱执行任意命令；最后利用 root 权限的 /backup.sh 定时脚本，将 /flag 内容写入静态目录实现读取。核心链：原型污染提权 → v

2026软件安全赛半决赛PWN Robo_admin WP fix&break

这个题目考了花指令，魔改rc4，protobuf，纯字符shellcode，考的很多，这里借此简单的总结一下各个部分

一个自定义的序列化的题目

Ваш банк думает, что проверяет живого человека, а на самом деле дипфейк с паспортом из Telegram.

The cybersecurity industry of 2006 barely resembled today's billion-dollar behemoth. As part of Dark Reading's 20th anniversary celebration, we trace the industry's evolution through a technology lens.

New guidance explains how to design Zero Trust Network Access architectures aligned with zero trust principles and not built on old trust assumptions.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability
• CVE-2026-45321 TanStack Unspecified Vulnerability
• CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]

Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan built on the Deno JavaScript runtime, according to Malwarebytes. Compromised YouTube channels push victims toward the malicious repositories. The videos promoting the fake tools have accumulated more than 50,000 views. The attackers rotate through GitHub … More →

The post Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware appeared first on Help Net Security.

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since at least early 2025, GlassWorm operators have systematically targeted software developers, a