Aggregator
tt x-gorgon分析
SDC2025 精彩议题预告 | SCPGA:自认同CoT渐进式泛化攻击
Russian Coldriver Hackers Deploy New 'NoRobot' Malware
Ваш диалог с ChatGPT теперь — улика. OpenAI впервые "сдала" пользователя властям
会前温馨提示|第22届中国信息和通信安全学术会议即将召开
Slopsquatting Attacks: How AI Phantom Dependencies Create Security Risks
AI coding assistants can hallucinate package names, creating phantom dependencies that don't exist in official repositories. Attackers exploit this predictable behavior through slopsquatting, which involves registering malicious packages with names that AI models commonly suggest. This emerging supply chain attack requires new detection approaches focused on behavioral analysis to complement existing security tools.
The post Slopsquatting Attacks: How AI Phantom Dependencies Create Security Risks appeared first on Security Boulevard.
【漏洞通告】Windows Server Update Service(WSUS) 远程代码执行漏洞
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to […]
The post LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
【1021】重保演习每日情报汇总
AWS Resolves Major Outage After Nearly 24 Hours of Service Disruption
Amazon Web Services experienced a significant service disruption in its US-EAST-1 region that lasted nearly 24 hours, affecting over 140 services and causing widespread issues for customers worldwide. The outage began late on October 19, 2025, and was fully resolved by the afternoon of October 20. Root Cause Identified as DNS Resolution Issue The incident […]
The post AWS Resolves Major Outage After Nearly 24 Hours of Service Disruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
网络攻击应急三大核心要素
HScan — решение для компаний, которым важно управлять уязвимостями системно
«Пауки» в галстуках и «забой свиней»: киберпреступность стала корпорацией с IPO на $27 млрд и «пропиской» в крипте
被切断大脑区域的脑电图与深度睡眠脑电图相似
Pwn2Own Ireland 2025: Day One Results
Welcome to Day One of Pwn2Own Ireland 2025! We have 17 attempts today with some exciting research on display. We’ll be posting results here as we have them, and follow us on Twitter, Mastodon, and Bluesky.
Day One has come to a close and we haven’t had a single failure! We awarded $522,500 for 34 unique bugs on the first day of the contest. Here’s how the Master of Pwn leader board currently sits:
Of course, there’s plenty of time left with some big exploits still to come. Stay tuned for the results from Day Two and Three!
SUCCESS - Team Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 and 2 Master of Pwn points.
Daniel Kilimnik of Team Neodyme shows off his successful exploitation
SUCCESS - Nguyen Hoang Thach (@hi_im_d4rkn3ss), Tan Ze Jian, Lin Ze Wei, Cherie-Anne Lee, Gerrard Tai of STARLabs (@starlabs_sg) used a heap based buffer overflow to exploit the @CanonUSA imageCLASS MF654Cdw. They earn themselves $20,000 and 2 Master of Pwn points.
A successful attempt against the Canon printer
SUCCESS - @Tek_7987 & @_Anyfun (@Synacktiv) used a stack overflow to achieve rootlevel code execution on the Synology BeeStation Plus. They earn $40,000 and 4 Master of Pwn points in the process.
Pwned by Synactiv
SUCCESS - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS used a magnificent eight different bugs - including multiple injections - to complete their SOHO Smashup of the QNAP Qhora-322 + QNAP TS-453E. They earn $100,000 and 10 Master of Pwn points.
Demonstrating root level access
ZDI Analysts Neal Brown (left) and Mat Powell observe Bongeun Koo and Evangelos Daravigkas of Team DDOS
WITHDRAW - Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS was withdrawn their attempt of the Philips Hue Bridge.
SUCCESS - SHIMIZU Yutaro (@shift_crops) of GMO Cybersecurity by Ierae, Inc. used a stack based buffer overflow to exploit the Canon imageCLASS MF654Cdw. Their second round win earns them $10,000 and 2 Master of Pwn points.
Nyan cat makes an appearance courtesy of GMO Cybersecurity
SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a pair of bugs to gain code execution on the Synology DiskStation DS925+. He earns himself $40,000 and 4 Master of Pwn points
The Summoning Team has root access on the Synology
ZDI Analysts Vincent Lee and Mat Powell observe the attempt from Sina Kheirkhah
SUCCESS - Stephen Fewer (@stephenfewer) of Rapid7 (@rapid7) used three bugs, including an SSRF and a command injection, to exploit the Home Assistant Green (which isn't actually green). He earns himself $40,000 and 4 Master of Pwn points.
Stephen Fewer has root on the Home Assistant Green
SUCCESS - Sang Nguyen Thien (@gnas0x0018) and mistsu of Team ANHTUD used four bugs - including multiple types overflows and an OOB Read - to exploit the Phillips Hue Bridge. Their outstanding work earns them $40,000 and 4 Master of Pwn points.
Team ANHTUD’s winning entry
SUCCESS/COLLISON - McCaulay Hudson (@_mccaulay) of Summoning Team (@SummoningTeam) successfully exploited the Home Assistant Green with four bugs - one unique SSRF and three bug collisions. They still earn $12,500 and 2.5 Master of Pwn points.
Summoning Team was here - again
SUCCESS - dmdung (@_piers2) of STAR Labs SG Pte. Ltd used a single OOB access bug to exploit the Sonos Era 300 smart speaker. In doing so, he earns $50,000 and 5 Master of Pwn points.
uid=0 means dmdung has root on the Sonos speaker
SUCCESS - Team PetoWorks [SungJun Park (@howrealsung), Wonbeen Im (@D0b6y), Dohyun Kim (@d0now_kim), and Juyeong Lee (@ju_cheda)] used a Release of Invalid Pointer or Reference bug to exploit the Canon printer at Pwn2Own. They $10,000 and two Master of Pwn points for their third round win.
Configuration issues couldn’t stop Team PetoWorks
SUCCESS - YingMuo (@YingMuo), HexRabbit (@h3xr4bb1t), LJP (@ljp_tw) from DEVCORE Research Team and nella17 (@nella17tw) from DEVCORE Intern Program used multiple injections and a format string bug(!) to exploit the QNAP TS-453E. Their unique bugs earn them $40,000 and 4 Master of Pwn points.
Who said format string bugs don’t exist anymore?
SUCCESS - Hank Chen (@hank0438) of InnoEdge Labs used an auth bypass and an OOB write to exploit the Phillips Hue Bridge. His second round win earns $20,000 and 4 Master of Pwn points.
Hank Chen provides an enlightening exploit
SUCCESS - Sina Kheirkhah (@SinSinology) and McCaulay Hudson (@_mccaulay) of Summoning Team (@SummoningTeam) used a pair of bugs to exploit of the Synology ActiveProtect Appliance DP320. That rounds their day off with another $50,000 and 5 more Master of Pwn points.
Fingerprints on the screen can’t hide root access
SUCCESS - Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller of Compass Security (@compasssecurity) combined an arbitrary file write and cleartext transmission of sensitive data to exploit the Home Assistant Green. The unique bugs in their third round win earns them $20,000 and four Master of Pwn points.
ZDI Analyst Bobby Gould (right) overlooks the work done by the Compass Team
SUCCESS - Nguyen Ba Nam Dung and Vu Chi Thanh from Team ANTHUD used a single heap based buffer overflow to exploit the Canon imageCLASS MF654Cdw on their third and final attempt. Their fourth round win earns them $10,000 and 2 Master of Pwn points.
Third time’s a charm