我当黑客那几年(AiRedTeam) (Page 9)

CI/CD pipeline abuse: the problem no one is watching

📡 Elastic Security Labs · 0 CI/CD pipeline abuse: the problem no one is watching CVE-2025-30066 Preamble In 2025 and 2026, we watched a pattern play out across the industry. Attackers stopped going after production servers directly and started targeting the automation that deploys to them. Compromised developer credentials, a modified

安全情报

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

📡 Elastic Security Labs · 0 TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook Elastic Security Labs identified a new Brazilian banking trojan that we are tracking as TCLBANKER, a malware family we assess is a major update of the MAVERICK/SORVEPOTEL family. The campaign, tracked as REF3076, features a loader

安全情报

Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild

📡 Elastic Security Labs · 0 Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild CVE-2026-31431 Introduction Recent Linux kernel privilege escalation vulnerabilities, Copy Fail (CVE-2026-31431) , Copy Fail 2, and DirtyFrag, highlight how subtle page cache corruption bugs can become practical, reliable paths to root. These issues are especially relevant

安全情报

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

📡 watchTowr Labs · 0 Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) Welcome to watchTowr vs the Internet, part 68. That feeling you’re experiencing? Dread. You should be used to it by

安全情报

CodeQL zero to hero part 5: Debugging queries

📡 GitHub Security Lab · 0 CodeQL zero to hero part 5: Debugging queries Sylwia Budzynska Sylwia is a security researcher at GitHub Security Lab, where she works with finding vulnerabilities in open source software, helping secure the foundations on which all modern software is built upon. Learn to debug and fix

安全情报

Strengthening supply chain security: Preparing for the next malware campaign

📡 GitHub Security Lab · 0 Strengthening supply chain security: Preparing for the next malware campaign The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in

安全情报

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

📡 GitHub Security Lab · 0 AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent Get the guide to setting up the GitHub Security Lab Taskflow Agent > Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult

安全情报

Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)

📡 watchTowr Labs · 0 Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) CVE-2026-21902 Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) On today’s ‘good news disguised as other things’ segment, we’re turning our

安全情报

📊 2026-05-19 漏洞情报日报 · 200 条 · 高危 89

每日漏洞情报汇总 · 2026-05-19 📊 2026-05-19 漏洞情报日报 📋 共 200 条 🔥 高危/严重 89 条 🐙 GitHub-Advisory 50 条 🔥24 🛡️ NVD-Latest 65 条 🔥65 ⚔️ Sploitus 85 条 🤖 今日安全态势分析 🎯 今日重点关注 * CVE-2026-45697 (Formie) - 服务端模板注入漏洞。未认证用户可通过提交特制数据至Hidden字段触发Twig模板引擎解析，导致Craft CMS站点被完全接管。利用条件低，危害极高。 * GHSA-wx9m-wx4f-4cmg (mistralai PyPI) - 供应链投毒攻击。PyPI上的mistralai包2.4.6版本包含恶意dropper，在Linux系统上导入时执行。由于攻击者已成功上传恶意包，影响范围可能涉及直接或间接依赖该包的开发环境与生产系统。 * CVE-2026-45327 (TinyIce) - 未授权访问。TinyIce的WebRTC推流端点缺少身份验证，攻击者可未授权注入视频

漏洞分析

[webapps] glances 4.5.2 - command injection

CVE-2026-33641 Glances 4.5.2及以下版本配置解析中反引号内子串执行任意命令导致命令注入 High · CVSS 7.8 📋 漏洞基础信息 CVECVE-2026-33641漏洞类型命令注入 (OS Command Injection, CWE-78)受影响版本Glances 4.5.2 and below (fixed in 4.5.3)危害等级High · CVSS 7.8发布日期2026-05-13提交者Stepanov Daniil来源Exploit-DB 原文 ↗ 🔬 漏洞根因在 glances/config.py 的 Config.get_value() 方法中，使用正则查找配置值中的反引号子串并通过 system_exec() 执行，system_exec() 在 glances/

漏洞分析

[webapps] glances 4.5.2 - command injection

CVE-2026-33641 Glances配置解析中反引号内子串被作为系统命令执行导致命令注入 High · CVSS 7.8 📋 漏洞基础信息 CVECVE-2026-33641漏洞类型OS命令注入（CWE-78）受影响版本glances 4.5.2及以下版本（修复于4.5.3）危害等级High · CVSS 7.8发布日期2026-05-13提交者Stepanov Daniil来源Exploit-DB 原文 ↗ 🔬 漏洞根因在glances/config.py的Config.get_value()方法中，使用正则匹配反引号包围的子串，并通过glances/globals.py中的system_exec()函数调用subprocess.run()执行该命令，未对命令内容做任何验证或限制。 🎯 攻击场景 1. 攻击者需具有修改或影响Glances配置文件的能力（例如通过文件写入漏洞、共享配置目录写入权限等）。 2. 在配置文件的任意配置项值中插入反引号包裹的恶意命令，例如`touch /tmp/glances_pwned`

漏洞分析

[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload

CVE-2026-0740 漏洞 High · CVSS N/A 📋 漏洞基础信息 CVECVE-2026-0740漏洞类型漏洞受影响版本详见原文危害等级High · CVSS N/A发布日期2026-05-13提交者Sélim Lanouar (@whattheslime)来源Exploit-DB 原文 ↗ ⚔️ 原始 PoC # Exploit Author: Sélim Lanouar (@whattheslime) # Fofa Query: body="nfpluginsettings.js?ver=" # Shodan Query: http.html:"nfpluginsettings.js?ver=" # ============================================================================= if [ "$#" -ne 1 ]; then echo "Usage: $0 <

APT情报

TeamPCP供应链攻击：安全工具沦为数据窃取跳板，50万台机器沦陷

⛓️ Critical 供应链攻击威胁组织TeamPCP在2026年2月至3月期间，对Trivy、KICS、LiteLLM等广泛使用的开源安全工具发起多阶段供应链攻击，通过篡改GitHub Actions和PyPI注册表植入恶意载荷，窃取云访问令牌、SSH密钥和Kubernetes密钥等敏感数据。该攻击已导致超50万台机器、300GB数据被窃取，并利用窃取的凭证进一步感染48个额外软件包，至少16家组织被公开勒索。来源：Palo Alto Unit42 | 2026-03-31 | 原文链接 🔍 关键发现 * TeamPCP利用不完全的凭证轮换，通过伪造提交攻击（imposter commit）入侵Aqua Security Trivy的GitHub仓库，强制推送恶意代码至76个版本标签。 * 攻击载荷演化为三个版本：初始版直接读取进程内存窃取令牌，第二版采用模块化加载器，最终版CanisterWorm具备自复制和擦除功能，可扫描暴露的Docker API和SSH密钥。 * 攻击者利用窃取的npm发布令牌，在60秒内感染了@emilgroup、@opengov和@

APT情报

32年老漏洞重现：GNU inetutils Telnetd预认证远程代码执行漏洞（CVE-2026-32746）

🔓 Critical 漏洞利用攻击者可通过发送特制的LINEMODE SLC（Set Linemode Characters）协商数据包，在无需认证的情况下触发GNU inetutils Telnetd中的BSS缓冲区溢出漏洞，破坏相邻变量并实现远程代码执行。该漏洞自1994年引入，影响Ubuntu、Debian、FreeBSD、NetBSD、Citrix NetScaler、Apple Mac Tahoe、Haiku、TrueNAS Core、uCLinux、libmtev、DragonFlyBSD等多个主流系统和设备。来源：watchTowr Labs | 0 | 原文链接 🔍 关键发现 * 漏洞位于GNU inetutils Telnetd的LINEMODE SLC（Set Linemode Characters）协商处理函数中，是一个BSS缓冲区溢出漏洞，可覆盖约400字节的相邻变量。 * 该漏洞无需认证即可触发（Pre-Auth），攻击者通过发送IAC SB LINEMODE LM_

漏洞分析

CVE-2018-25335 (CVSS 9.8) - WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerabili

漏洞分析

CVE-2018-25332 (CVSS 9.8) - GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability

漏洞分析

CVE-2018-25320 (CVSS 9.8) - ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code executi

安全情报

Bugs that survive the heat of continuous fuzzing

📡 GitHub Security Lab · 0 Bugs that survive the heat of continuous fuzzing CVE-2024-24826CVE-2025-54080CVE-2022-40303CVE-2025-26623 Want to learn how to start fuzzing? Check out our Fuzzing 101 course at gh.io/fuzzing101 > Bugs that survive the heat of continuous fuzzing Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how

安全情报

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

📡 GitHub Security Lab · 0 How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework CVE-2026-25757CVE-2026-25758CVE-2025-64487CVE-2026-28514 For the last few months, we’ve been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They

安全情报

A year of open source vulnerability trends: CVEs, advisories, and malware

📡 GitHub Security Lab · 0 A year of open source vulnerability trends: CVEs, advisories, and malware Jonathan Evans Security Analyst, curator of the GitHub Advisory Database, and one of the members of the Security Lab responsible for issuing CVE IDs and publishing CVE records. Reviewed advisories hit a four-year low, malware

安全情报

Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)

📡 watchTowr Labs · 0 Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) CVE-2025-12101CVE-2025-5777 Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) There’s an elegance to vulnerability research that feels almost poetic -

安全情报

When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)

📡 watchTowr Labs · 0 When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) CVE-2025-64446 When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) The Internet is ablaze, and once again we all have a front-row seat - a bad person, if

安全情报

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

📡 watchTowr Labs · 0 SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL CVE-2025-34392CVE-2025-13659 SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in

安全情报

Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)

📡 watchTowr Labs · 0 Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) CVE-2025-52691 Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’

安全情报

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

📡 watchTowr Labs · 0 Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) CVE-2025-52691 Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability