mirror of
https://github.com/Hxnxe/CyberSentinel-AI.git
synced 2025-11-04 17:13:53 +00:00
更新
This commit is contained in:
ubuntu-master
parent
5a38192c27
commit
0a0f90622f
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
> 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。
|
> 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。
|
||||||
>
|
>
|
||||||
> 更新时间:2025-09-18 08:53:07
|
> 更新时间:2025-09-18 11:04:14
|
||||||
|
|
||||||
<!-- more -->
|
<!-- more -->
|
||||||
|
|
||||||
@ -18,17 +18,46 @@
|
|||||||
* [漏洞预警 | 西部数码NAS命令执行漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494478&idx=3&sn=17b33e64e880ced7cc75bf2ff6f04957)
|
* [漏洞预警 | 西部数码NAS命令执行漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494478&idx=3&sn=17b33e64e880ced7cc75bf2ff6f04957)
|
||||||
* [漏洞情报已验证 | 0 Day 金和OA WebDesign 存在SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzUyNzk1NjA5MQ==&mid=2247483929&idx=1&sn=061a27b443dc2dbf0a5b9e01de213b3d)
|
* [漏洞情报已验证 | 0 Day 金和OA WebDesign 存在SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzUyNzk1NjA5MQ==&mid=2247483929&idx=1&sn=061a27b443dc2dbf0a5b9e01de213b3d)
|
||||||
* [华夏ERP-v2.3代码审计-SQL注入](https://mp.weixin.qq.com/s?__biz=Mzg4NTg5MDQ0OA==&mid=2247488710&idx=1&sn=abc97d6fa10b8760a68f449fd36248d6)
|
* [华夏ERP-v2.3代码审计-SQL注入](https://mp.weixin.qq.com/s?__biz=Mzg4NTg5MDQ0OA==&mid=2247488710&idx=1&sn=abc97d6fa10b8760a68f449fd36248d6)
|
||||||
|
* [漏洞通告 | U8cloud 全版本 IPFxxFileService任意文件上传漏洞](https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247507933&idx=1&sn=dc6c92cfb68c5538a39090f11470c009)
|
||||||
|
* [实战案例 | 绕过审核登录后台&账号权限提升](https://mp.weixin.qq.com/s?__biz=MzkyNTUyNTE5OA==&mid=2247488430&idx=2&sn=f62b97ad7b6664cb5f0fbe07c2c8fefc)
|
||||||
|
* [新型FileFix攻击利用假Facebook页面窃取用户隐私](https://mp.weixin.qq.com/s?__biz=MzIwNzAwOTQxMg==&mid=2652252549&idx=1&sn=50bcad507f087cff775166830de8e60d)
|
||||||
|
* [iPhone17史上最重要安全升级:MIE技术抵御各类内存破坏漏洞](https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651248444&idx=1&sn=1738abd2079f240ba099e5739d754e4a)
|
||||||
|
* [苹果为被积极利用的CVE-2025-43300漏洞向后移植修复补丁](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494817&idx=1&sn=9c192a7d28e05f520cfead08b6df9c28)
|
||||||
|
* [代码审计 | 某系统多漏洞组合拳获取管理员权限小记](https://mp.weixin.qq.com/s?__biz=MzAwNDkzMTE0Ng==&mid=2247484302&idx=1&sn=0a860b8abc81e608ca27c551d5f1a919)
|
||||||
|
* [CVE-2025-55241Azure Entra 特权提升漏洞:一个令牌统管一切](https://mp.weixin.qq.com/s?__biz=MjM5Mzc4MzUzMQ==&mid=2650262011&idx=1&sn=bc29b1e0066b70ee116f9d7f58d2641b)
|
||||||
|
* [连续3年!微步荣获CNVD“年度最具价值漏洞”奖!](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650184669&idx=1&sn=08ca9f6beeaabefadd23b7256631becd)
|
||||||
|
* [从简单漏洞到 RCE:Linux 内核漏洞(CVE-2025-21692)PoC 发布](https://mp.weixin.qq.com/s?__biz=Mzk0NzQ0MjA1OA==&mid=2247485027&idx=1&sn=70bc1671c110cb1a46784017632187aa)
|
||||||
|
* [如何申请获取并公开CVEID编号](https://mp.weixin.qq.com/s?__biz=MzkwODE4ODUzMg==&mid=2247487128&idx=1&sn=db298f21b709d739ebc329037b3b2bc6)
|
||||||
|
* [HybridPetya :可绕过 UEFI 安全启动的 Petya/NotPetya 勒索软件](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796378&idx=1&sn=a92bfa05461ed7a38e931d09a6db28a4)
|
||||||
|
* [JAVA代审汉王e脸通代审与快速0day挖掘](https://mp.weixin.qq.com/s?__biz=Mzg4MzkwNzI1OQ==&mid=2247487128&idx=1&sn=ee7e76829b0fdf0ac5f9eafb44ce5f90)
|
||||||
|
* [《登入框》有哪些漏洞](https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247492369&idx=2&sn=7707c168c5bb5921daa7b82e7a6cad51)
|
||||||
|
* [AI漏洞扫描器 - Scan-X](https://mp.weixin.qq.com/s?__biz=MzkxNjIxNDQyMQ==&mid=2247498227&idx=1&sn=20bf3190d2d249a21c37e0486261bc35)
|
||||||
|
|
||||||
### 🔬 安全研究
|
### 🔬 安全研究
|
||||||
|
|
||||||
* [一张图看懂常见的信息安全体系框架:CISO必备的架构选型指南](https://mp.weixin.qq.com/s?__biz=Mzg4NDc0Njk1MQ==&mid=2247487566&idx=1&sn=74a57596bc357d0f3b46e3c93d545294)
|
* [一张图看懂常见的信息安全体系框架:CISO必备的架构选型指南](https://mp.weixin.qq.com/s?__biz=Mzg4NDc0Njk1MQ==&mid=2247487566&idx=1&sn=74a57596bc357d0f3b46e3c93d545294)
|
||||||
* [五角大楼将研究网络企业的潜在整合方案](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247513887&idx=2&sn=1f7cfde54af236be0edc7c8e2e5b0b4b)
|
* [五角大楼将研究网络企业的潜在整合方案](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247513887&idx=2&sn=1f7cfde54af236be0edc7c8e2e5b0b4b)
|
||||||
|
* [\"ucpd.sys后门事件\"详细分析技术报告-他是后门.....吗?](https://mp.weixin.qq.com/s?__biz=MzkyOTc0NDY2Nw==&mid=2247485442&idx=1&sn=a56332f9d4b4ef24ddcbc8da592399c8)
|
||||||
|
* [华为发布:智能世界2035的十大关键技术趋势](https://mp.weixin.qq.com/s?__biz=Mzg4MDU0NTQ4Mw==&mid=2247533573&idx=1&sn=268d10a6d507a9a45b25f0e6d2e6b087)
|
||||||
|
* [人工智能 知识图谱技术框架](https://mp.weixin.qq.com/s?__biz=MzkzMjcxOTk4Mg==&mid=2247485711&idx=1&sn=5241250d415295187e355a7fb613e5bc)
|
||||||
|
* [关于选聘大同市网络安全技术支撑单位及网络信息安全专家的公告](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506607&idx=4&sn=fd85017cb665b655868fcafb6ad3020d)
|
||||||
|
* [空军飞机维护保障中无人机应用策略的SWOT分析](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496084&idx=2&sn=fe62f6dc639c55315bbd8a52bcfb3d3f)
|
||||||
|
* [晋南会战内线作战的战场战略研究及其对现代防卫作战的启示](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496084&idx=5&sn=2bb49b5773779648e757c7a0848c0fbf)
|
||||||
|
* [司法会计鉴定和资金分析鉴定](https://mp.weixin.qq.com/s?__biz=MzI1NDMxOTkyNw==&mid=2247486117&idx=1&sn=096cd7dc1e4cf8097547a8fbd66dfcf7)
|
||||||
|
|
||||||
### 🎯 威胁情报
|
### 🎯 威胁情报
|
||||||
|
|
||||||
* [面试官:如何判断APP是用户搜的还是点广告来的?黑客:我会,我用它躲避沙盒,年入百万!](https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485061&idx=1&sn=cadafeb55e02015aeee8299550730d8c)
|
* [面试官:如何判断APP是用户搜的还是点广告来的?黑客:我会,我用它躲避沙盒,年入百万!](https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485061&idx=1&sn=cadafeb55e02015aeee8299550730d8c)
|
||||||
* [Shai-Hulud蠕虫攻击:npm供应链的重大威胁 | 感染了超过500个npm包](https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247513866&idx=1&sn=702243677992de0e82865d73b731d5c7)
|
* [Shai-Hulud蠕虫攻击:npm供应链的重大威胁 | 感染了超过500个npm包](https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247513866&idx=1&sn=702243677992de0e82865d73b731d5c7)
|
||||||
* [爱泼斯坦替以色列情报机构操控克林顿、特朗普,秘密破坏中东和平进程](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247513887&idx=1&sn=644b99f87bb09a4f13fc97308882aa92)
|
* [爱泼斯坦替以色列情报机构操控克林顿、特朗普,秘密破坏中东和平进程](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247513887&idx=1&sn=644b99f87bb09a4f13fc97308882aa92)
|
||||||
|
* [Shai-Hulud 蠕虫蔓延NPM生态攻击与近期系列事件关联分析](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247516098&idx=1&sn=52ce5293ecdfd21bd3473deb115c3895)
|
||||||
|
* [数百个 NPM 包遭持续攻击,供应链安全危机愈演愈烈](https://mp.weixin.qq.com/s?__biz=Mzg3NTY0MjIwNg==&mid=2247486272&idx=1&sn=f86a0009f995c63ef5e87a07faa10875)
|
||||||
|
* [新兴供应链攻击袭向npm软件库,逾40个程序包遭植入恶意代码](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494817&idx=4&sn=5357e11026c1c5e559ba208951c24f70)
|
||||||
|
* [网络犯罪组织入侵谷歌执法请求系统](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494817&idx=5&sn=22742a9dff8bcf7d3e53c6f078ebb397)
|
||||||
|
* [最新Android 病毒:不仅传播木马,还传播短信窃取器与间谍软件](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612364&idx=1&sn=c153af76e2c8c2dd4a16bc9001f07c78)
|
||||||
|
* [波兰将网络安全预算提升至 10 亿欧元以应对俄方黑客攻击](https://mp.weixin.qq.com/s?__biz=MzIzNDIxODkyMg==&mid=2650087005&idx=1&sn=f8230b882a0964f1018c75fe9663fffe)
|
||||||
|
* [捷豹路虎因网络攻击延长停产一周](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796378&idx=2&sn=bc17b7445d5f231e31e956eb78a390fc)
|
||||||
|
* [新供应链攻击波及npm仓库,40余个软件包遭篡改](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548593&idx=3&sn=0ba6854a9990c53fdbe918467ad91abf)
|
||||||
|
|
||||||
### 🛠️ 安全工具
|
### 🛠️ 安全工具
|
||||||
|
|
||||||
@ -38,6 +67,10 @@
|
|||||||
* [GhostRedirector:服务器沦为博彩推广工具](https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247518276&idx=1&sn=a558ff186977ad6f67a7ff16b85b6ad5)
|
* [GhostRedirector:服务器沦为博彩推广工具](https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247518276&idx=1&sn=a558ff186977ad6f67a7ff16b85b6ad5)
|
||||||
* [三未信安RWA可信上链预言机通过中国信通院检测认证](https://mp.weixin.qq.com/s?__biz=MzA5ODk0ODM5Nw==&mid=2650332184&idx=1&sn=bbe797dbc29cab88270f349ef154aac5)
|
* [三未信安RWA可信上链预言机通过中国信通院检测认证](https://mp.weixin.qq.com/s?__biz=MzA5ODk0ODM5Nw==&mid=2650332184&idx=1&sn=bbe797dbc29cab88270f349ef154aac5)
|
||||||
* [99攻防不靠大厂内部工具,学生党也能搭建自己的攻防打点工作流](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=3&sn=e8fade2ef9277d5915bb05b49ce82597)
|
* [99攻防不靠大厂内部工具,学生党也能搭建自己的攻防打点工作流](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=3&sn=e8fade2ef9277d5915bb05b49ce82597)
|
||||||
|
* [Packer-Fuzzer升级版工具,必备!!](https://mp.weixin.qq.com/s?__biz=MzkxMjg3NzU0Mg==&mid=2247486371&idx=1&sn=b1fa13289d285da9bd56d3e3a10ad6d4)
|
||||||
|
* [Mac安装2025破解版 Burpsuite](https://mp.weixin.qq.com/s?__biz=MzkyNTUyNTE5OA==&mid=2247488430&idx=1&sn=a90070da8c868b02034d1d46c0e27e83)
|
||||||
|
* [终端实时流量监控工具 Netop](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612364&idx=4&sn=aa886c29180eca66f2b3859d56bfe3d4)
|
||||||
|
* [App测试已安装证书仍无法抓包?教你简单判断 Android App 是单向 TLS 还是双向 mTLS?](https://mp.weixin.qq.com/s?__biz=Mzk4ODk4NDEyOA==&mid=2247484288&idx=1&sn=d0fcd21a19efb04a802208ec490107bc)
|
||||||
|
|
||||||
### 📚 最佳实践
|
### 📚 最佳实践
|
||||||
|
|
||||||
@ -45,6 +78,11 @@
|
|||||||
* [第十八届中国网络空间安全学科专业建设与人才培养研讨会会议通知](https://mp.weixin.qq.com/s?__biz=MzAxNTc1ODU5OA==&mid=2665516482&idx=1&sn=6f79bc7e787c75ef15f34b60ffe9a9e4)
|
* [第十八届中国网络空间安全学科专业建设与人才培养研讨会会议通知](https://mp.weixin.qq.com/s?__biz=MzAxNTc1ODU5OA==&mid=2665516482&idx=1&sn=6f79bc7e787c75ef15f34b60ffe9a9e4)
|
||||||
* [实战记录:在NingOS上部署H3C iMC V7平台,附完整流程与避坑指南](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458861573&idx=1&sn=553e89866c4ab4c26b55ba14ea18811e)
|
* [实战记录:在NingOS上部署H3C iMC V7平台,附完整流程与避坑指南](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458861573&idx=1&sn=553e89866c4ab4c26b55ba14ea18811e)
|
||||||
* [课程上新,加量不加价适合网安人的速成加解密逆向教程](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=2&sn=6ffb57d5455f7c2d0b877a0ed1ee0472)
|
* [课程上新,加量不加价适合网安人的速成加解密逆向教程](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=2&sn=6ffb57d5455f7c2d0b877a0ed1ee0472)
|
||||||
|
* [运维工程师转网安要学什么?有什么好处?](https://mp.weixin.qq.com/s?__biz=MzU3MjczNzA1Ng==&mid=2247499609&idx=1&sn=2f7a230458e9bbdf9ecc4f1c241c9d7f)
|
||||||
|
* [国家石油天然气管网集团有限公司油气调控中心2025年秋季招聘26届高校毕业生公告(网络安全运维岗)](https://mp.weixin.qq.com/s?__biz=Mzg3MzE4ODU4Nw==&mid=2247483917&idx=1&sn=39a99871cc7484b1fbc5e72d9b8c7525)
|
||||||
|
* [美国司法部对BreachForums论坛前管理员改判三年监禁](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494817&idx=3&sn=b770d0edf2cb365032041fc239344aeb)
|
||||||
|
* [赛事招标丨国家第二期“双高计划”专业群建设—教学软件购置项目](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=1&sn=8da8e80348e7fe8cd024c109449aaedc)
|
||||||
|
* [竞赛指南关于印发2025年北京市职工职业技能大赛数据安全管理员竞赛暨“网安联杯”首届数据安全管理员职业技能竞赛指南的通知](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=3&sn=b49d548af0d13cbfcbb05411de2cdb0e)
|
||||||
|
|
||||||
### 🍉 吃瓜新闻
|
### 🍉 吃瓜新闻
|
||||||
|
|
||||||
@ -52,6 +90,9 @@
|
|||||||
* [伊朗国防部涉嫌数据泄露 | 伊朗军事机密&伊朗国防部保密资料](https://mp.weixin.qq.com/s?__biz=MzU5MjgwMDg1Mg==&mid=2247486854&idx=1&sn=c28211ea5c273dd85a5bd0456a436536)
|
* [伊朗国防部涉嫌数据泄露 | 伊朗军事机密&伊朗国防部保密资料](https://mp.weixin.qq.com/s?__biz=MzU5MjgwMDg1Mg==&mid=2247486854&idx=1&sn=c28211ea5c273dd85a5bd0456a436536)
|
||||||
* [攻防渗透集锦JS泄露突破多个后台](https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247527351&idx=1&sn=78320ee70eac34c36d3b5a95e6f0a01e)
|
* [攻防渗透集锦JS泄露突破多个后台](https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247527351&idx=1&sn=78320ee70eac34c36d3b5a95e6f0a01e)
|
||||||
* [瑞典IT公司遭网络攻击 检察官:150万个人数据泄露](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498941&idx=2&sn=bd46f2aa883ce8bd74399f67fbf94e8a)
|
* [瑞典IT公司遭网络攻击 检察官:150万个人数据泄露](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498941&idx=2&sn=bd46f2aa883ce8bd74399f67fbf94e8a)
|
||||||
|
* [CDG助力企业云盘客户实现云上数据安全](https://mp.weixin.qq.com/s?__biz=MzA5MjE0OTQzMw==&mid=2666307362&idx=1&sn=cca106d37888f4a196ebfe3230441a96)
|
||||||
|
* [安全快报 | 越南国家信用信息中心遭黑客入侵导致数百万人敏感数据泄露](https://mp.weixin.qq.com/s?__biz=MzU3MDA0MTE2Mg==&mid=2247493207&idx=1&sn=6a6ed8ead63f70401a1772b5c85b192f)
|
||||||
|
* [Salesloft: GitHub账户遭入侵 导致Drift令牌被盗并引发大规模Salesforce数据窃取](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612364&idx=3&sn=e57a83a63ad263938fc0d49d846a4310)
|
||||||
|
|
||||||
### 📌 其他
|
### 📌 其他
|
||||||
|
|
||||||
@ -84,6 +125,43 @@
|
|||||||
* [Coinbase内部人员拍摄出售敏感信息 69000名用户受到影响](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498941&idx=3&sn=703f6d38b8d26142371ccaa66c8bd889)
|
* [Coinbase内部人员拍摄出售敏感信息 69000名用户受到影响](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498941&idx=3&sn=703f6d38b8d26142371ccaa66c8bd889)
|
||||||
* [邀请函 | 北京罕能教育全国巡回展-合肥站](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247491827&idx=1&sn=026a90e1c08b97f6398870d53596087c)
|
* [邀请函 | 北京罕能教育全国巡回展-合肥站](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247491827&idx=1&sn=026a90e1c08b97f6398870d53596087c)
|
||||||
* [看似普通的U盘,插上就沦陷!手把手教你制作BadUSB](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=1&sn=42a1e6357e12dbd75a6e6f57b5669b3b)
|
* [看似普通的U盘,插上就沦陷!手把手教你制作BadUSB](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485658&idx=1&sn=42a1e6357e12dbd75a6e6f57b5669b3b)
|
||||||
|
* [回调函数](https://mp.weixin.qq.com/s?__biz=MzkyODUzMjEzOA==&mid=2247483945&idx=1&sn=47e5e92123779b729af2d2af0082a349)
|
||||||
|
* [九一八,勿忘 | 铭记历史,吾辈自强](https://mp.weixin.qq.com/s?__biz=MzI0NjAyMjU4MA==&mid=2649597352&idx=1&sn=625f0867d5320bbe52861ba466d6b36e)
|
||||||
|
* [倒计时 4 天!第四届“创新·智能”网络安全大会即将在重庆启幕](https://mp.weixin.qq.com/s?__biz=MzUyMjAyODU1NA==&mid=2247492582&idx=1&sn=ee6f7e5f4cc582ddc5db7ebf4a8e2bea)
|
||||||
|
* [安装宽带时,ONU工作模式:桥接模式和路由器模式有啥区别?](https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649470734&idx=1&sn=a24b97a43f3c209576e2f57e428a5fda)
|
||||||
|
* [2025大模型重塑战局,智能驾驶商业化奇点已至](https://mp.weixin.qq.com/s?__biz=MzkyOTMwMDQ5MQ==&mid=2247520525&idx=1&sn=cd651515b59a2a8bd8982e6362dcd6f1)
|
||||||
|
* [python移除图片背景](https://mp.weixin.qq.com/s?__biz=MzkyMjI3MzU3MA==&mid=2247484647&idx=1&sn=2195f942a8d837b9d38dd32bcd565627)
|
||||||
|
* [2025 湾区杯决赛 writeup by 山海关安全团队](https://mp.weixin.qq.com/s?__biz=Mzg4MjcxMTAwMQ==&mid=2247488859&idx=1&sn=dc40696ceb2a8daea4671a228a384f45)
|
||||||
|
* [2025网安周|人工智能安全治理分论坛在昆明举行,范渊分享“让安全更智能、让智能更安全”之道](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650632897&idx=1&sn=25fcbd910b8f4c2a301b3cf5a75f6a08)
|
||||||
|
* [2025网安周|安恒信息获CNVD、CCTGA五项荣誉,彰显网络安全核心贡献力](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650632897&idx=2&sn=6cb7f8d3d95a37721668da56e647922e)
|
||||||
|
* [Odyssey大盗:假借AI热点的窃密者](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247510901&idx=1&sn=cefb8e69797fcea6dda99f33c9cf0fd2)
|
||||||
|
* [9·18警钟长鸣 | 勿忘国殇,吾辈自强](https://mp.weixin.qq.com/s?__biz=Mzg4MDU0NTQ4Mw==&mid=2247533573&idx=2&sn=af520bf254191d4c54c073d97819ba94)
|
||||||
|
* [微软与Cloudflare联手捣毁RaccoonO365网络钓鱼服务平台](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494817&idx=2&sn=6e71c39b83fc9ff14e9381d420c735fa)
|
||||||
|
* [中孚信息“安全沙箱”推动网络安全从“被动防御”向“主动免疫” 跃迁](https://mp.weixin.qq.com/s?__biz=MzAxMjE1MDY0NA==&mid=2247512076&idx=1&sn=f88dc62899f49d66029ae36bb6c65e96)
|
||||||
|
* [微软查封340个与日益壮大的网络钓鱼订阅服务相关的网站](https://mp.weixin.qq.com/s?__biz=MzU0MjE2Mjk3Ng==&mid=2247490035&idx=1&sn=056d5243e8df16f931fd0cd0df08c27b)
|
||||||
|
* [懂业务到底是要懂什么](https://mp.weixin.qq.com/s?__biz=MjM5NTk5Mjc4Mg==&mid=2655230347&idx=1&sn=53bdf20050996157b1d364a0b53a1594)
|
||||||
|
* [贵州省人社厅2025年网络安全人才就业招聘会](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506607&idx=1&sn=bd5bf3da5ba4e0d427c8945e7812f23b)
|
||||||
|
* [网络安全零基础学习方向及需要掌握的技能](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506607&idx=2&sn=7f8fc538a1aa550d25ec25c7cdaa87de)
|
||||||
|
* [中国网安/三十所2026届校园招聘](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506607&idx=3&sn=4a582ba82c0877cd63e8f3ad6b1eea9e)
|
||||||
|
* [勿忘九一八!铭记历史,吾辈自强!](https://mp.weixin.qq.com/s?__biz=MzU1ODgwNDYwNg==&mid=2247484678&idx=1&sn=be9219742c4fc8385bb5144e9b4541d8)
|
||||||
|
* [SOC的“中年危机”](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612364&idx=2&sn=19e100b7d453431e46a8ee8a859624b6)
|
||||||
|
* [大胆锐评!小某书上网络安全工程师的一天](https://mp.weixin.qq.com/s?__biz=MzkwNzM5NDk4Mw==&mid=2247484310&idx=1&sn=3c6f7caa4b0abbfb38edd95a8be7a745)
|
||||||
|
* [红蓝攻防如何快速打出Nday](https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247496819&idx=1&sn=f22511b28c3fc175971ddfb2b38ea8fc)
|
||||||
|
* [国仇家恨勿须提,白山黑水皆铭记](https://mp.weixin.qq.com/s?__biz=MzIzNDIxODkyMg==&mid=2650087005&idx=2&sn=8858f31c5699c4dda5c0d32005679d27)
|
||||||
|
* [微软和 Cloudflare 联手摧毁 RaccoonO365 网络钓鱼服务基础设施](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796378&idx=3&sn=1ff25390be1cbbd4a6a860076c7659d5)
|
||||||
|
* [2025年“鹏云杯”第十二届山东省大学生网络安全技能大赛火热来袭!](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=2&sn=6656e9dc0ed64ab738c62f2e38089437)
|
||||||
|
* [2025年中国网络安全创新创业大赛总决赛暨颁奖典礼在昆明成功举办](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=4&sn=64ff920b52563918b548708138380753)
|
||||||
|
* [第五届\"长城杯\"网络安全大赛线上初赛--Writeup](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=5&sn=2a2f280d5dcc0f7d2bf0c92257aa80d4)
|
||||||
|
* [第三届“陇剑杯”网络安全大赛初赛-夺旗闯关赛WriteUp](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494173&idx=6&sn=c9382b76523e41c4820079ff978c1b6b)
|
||||||
|
* [“一周懿语”丨第三十九期](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650632890&idx=1&sn=4e5c19f261217e768e7ecff24398d4fd)
|
||||||
|
* [9•18 以史为鉴,振兴中华](https://mp.weixin.qq.com/s?__biz=Mzk0MDQ5MTQ4NA==&mid=2247488118&idx=1&sn=90cb9f7f3ef2b414ef843a44965a33ea)
|
||||||
|
* [拨开迷雾见真章:如何正确理解网络安全工作的核心价值与行动逻辑](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247484646&idx=1&sn=2d9e66c6c940b597bb3ba85da859d0c3)
|
||||||
|
* [对照案例自查国家网信办 | 发布:近期网数、个保领域执法典型案例](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548593&idx=1&sn=04b74415789baf903f78a2de8e3a904d)
|
||||||
|
* [俄乌战争主要战役对我军加强实战化军事训练的总体启示](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496084&idx=1&sn=92399d504abab3946f5b13ba02370ff2)
|
||||||
|
* [非正规战的大众化:新兴科技与俄乌战争](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496084&idx=3&sn=1694e9c53492eb5b6fb044ceeee2c036)
|
||||||
|
* [驾驶舱改装对飞行员工作负荷的影响](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496084&idx=4&sn=0449924cbe7c38479f40244f105c6eb3)
|
||||||
|
* [《手搓Java内存马》](https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247492369&idx=1&sn=6fd15be81542aceb78359fa0c13d0a1b)
|
||||||
|
* [实战|近期某省级HVV实战回忆录](https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247507282&idx=1&sn=4bbfe80b3f45bc06cf620b7a88498038)
|
||||||
|
|
||||||
## 安全分析
|
## 安全分析
|
||||||
(2025-09-18)
|
(2025-09-18)
|
||||||
@ -257,6 +335,62 @@ PoC展示了Windows 11内核堆溢出漏洞的利用方法,涉及内核任意
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### CVE-2025-31258 - macOS 沙箱逃逸 (部分)
|
||||||
|
|
||||||
|
#### 📌 漏洞信息
|
||||||
|
|
||||||
|
| 属性 | 详情 |
|
||||||
|
|------|------|
|
||||||
|
| CVE编号 | CVE-2025-31258 |
|
||||||
|
| 风险等级 | `HIGH` |
|
||||||
|
| 利用状态 | `POC可用` |
|
||||||
|
| 发布时间 | 2025-09-18 00:00:00 |
|
||||||
|
| 最后更新 | 2025-09-18 02:42:10 |
|
||||||
|
|
||||||
|
#### 📦 相关仓库
|
||||||
|
|
||||||
|
- [CVE-2025-31258-PoC](https://github.com/BODE987/CVE-2025-31258-PoC)
|
||||||
|
|
||||||
|
#### 💡 分析概述
|
||||||
|
|
||||||
|
该仓库提供了一个针对 macOS 沙箱逃逸漏洞 CVE-2025-31258 的 PoC (Proof of Concept)。仓库包含 Xcode 项目,用于演示如何利用 RemoteViewServices 实现部分沙箱逃逸。代码主要通过调用私有 API PBOXDuplicateRequest 来尝试绕过沙箱限制,实现对用户文档目录的访问。PoC 仓库的更新包括更新了 README.md 文件,详细介绍了 PoC 的概览、安装步骤、使用方法和漏洞细节。此次更新增强了对漏洞的解释和演示,方便安全研究人员理解和复现漏洞。PoC 的实现方式主要依赖于 RemoteViewServices 框架的潜在漏洞。攻击者可以构造恶意消息,利用框架的缺陷绕过沙箱的访问控制,进而可能导致敏感信息泄露或更严重的系统损害。
|
||||||
|
|
||||||
|
#### 🔍 关键发现
|
||||||
|
|
||||||
|
| 序号 | 发现内容 |
|
||||||
|
|------|----------|
|
||||||
|
| 1 | 漏洞利用 RemoteViewServices 实现沙箱逃逸。 |
|
||||||
|
| 2 | PoC 通过调用私有 API PBOXDuplicateRequest 尝试绕过沙箱。 |
|
||||||
|
| 3 | 成功利用可能导致对用户文档目录的非授权访问。 |
|
||||||
|
| 4 | PoC 提供了详细的安装和使用说明,方便复现。 |
|
||||||
|
|
||||||
|
#### 🛠️ 技术细节
|
||||||
|
|
||||||
|
> 漏洞利用了 macOS 系统中 RemoteViewServices 框架的缺陷。
|
||||||
|
|
||||||
|
> PoC 调用了私有 API PBOXDuplicateRequest,该 API 可能存在安全漏洞。
|
||||||
|
|
||||||
|
> 攻击者通过构造特定的输入,绕过了沙箱的访问控制机制。
|
||||||
|
|
||||||
|
> PoC 演示了如何通过代码实现对用户文档目录的访问。
|
||||||
|
|
||||||
|
|
||||||
|
#### 🎯 受影响组件
|
||||||
|
|
||||||
|
```
|
||||||
|
• macOS RemoteViewServices 框架
|
||||||
|
```
|
||||||
|
|
||||||
|
#### ⚡ 价值评估
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>展开查看详细评估</summary>
|
||||||
|
|
||||||
|
虽然是部分沙箱逃逸,但利用了 macOS 1day 漏洞,且 PoC 提供了可运行的代码。成功利用可以绕过沙箱限制,访问用户文档目录,具有一定的威胁价值。由于补丁覆盖率低,漏洞具有较高的时效性。
|
||||||
|
</details>
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
## 免责声明
|
## 免责声明
|
||||||
本文内容由 AI 自动生成,仅供参考和学习交流。文章中的观点和建议不代表作者立场,使用本文信息需自行承担风险和责任。
|
本文内容由 AI 自动生成,仅供参考和学习交流。文章中的观点和建议不代表作者立场,使用本文信息需自行承担风险和责任。
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user