mirror of
https://github.com/Hxnxe/CyberSentinel-AI.git
synced 2025-11-04 17:13:53 +00:00
更新
This commit is contained in:
ubuntu-master
parent
e8b155b509
commit
c4c4f6b771
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
> 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。
|
> 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。
|
||||||
>
|
>
|
||||||
> 更新时间:2025-09-30 08:42:54
|
> 更新时间:2025-09-30 11:07:14
|
||||||
|
|
||||||
<!-- more -->
|
<!-- more -->
|
||||||
|
|
||||||
@ -24,15 +24,40 @@
|
|||||||
* [暗网曝出日菲东印等多国UNIX服务器RCE漏洞售卖](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514159&idx=1&sn=5424be577ce494803ee2afa6133b659a)
|
* [暗网曝出日菲东印等多国UNIX服务器RCE漏洞售卖](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514159&idx=1&sn=5424be577ce494803ee2afa6133b659a)
|
||||||
* [CVSS 10分严重漏洞: 从CVE-2025-41243看SpEL SimpleEvaluationContext绕过与利用](https://mp.weixin.qq.com/s?__biz=Mzk0NTU5Mjg0Ng==&mid=2247492374&idx=1&sn=7c2361e99bcf13f8a0601c4a4edc010e)
|
* [CVSS 10分严重漏洞: 从CVE-2025-41243看SpEL SimpleEvaluationContext绕过与利用](https://mp.weixin.qq.com/s?__biz=Mzk0NTU5Mjg0Ng==&mid=2247492374&idx=1&sn=7c2361e99bcf13f8a0601c4a4edc010e)
|
||||||
* [SDL 100/100问:针对内部的高中低危漏洞,给业务部门多长时间修复?](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247487368&idx=1&sn=b9c93c7e24a7dcc6c98eee6c544b43b4)
|
* [SDL 100/100问:针对内部的高中低危漏洞,给业务部门多长时间修复?](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247487368&idx=1&sn=b9c93c7e24a7dcc6c98eee6c544b43b4)
|
||||||
|
* [宏景eHR HrpService SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzkzMTcwMTg1Mg==&mid=2247492911&idx=1&sn=359ee113ca880ab94aace9a0ada55a86)
|
||||||
|
* [漏洞挖掘—只靠信息收集拿下证书站](https://mp.weixin.qq.com/s?__biz=MzkyNjczNzgzMA==&mid=2247484645&idx=1&sn=9379bb83e36645bb66ce345a9b605aab)
|
||||||
|
* [AI对抗AI:微软成功拦截利用LLM生成混淆代码的网络钓鱼攻击](https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651248480&idx=1&sn=cbb22e5adf7b8094e8e9379a5d7e801c)
|
||||||
|
* [深入剖析HTTP解析器不一致性漏洞:绕过安全防护的攻击技术](https://mp.weixin.qq.com/s?__biz=Mzk0NjY3NjE4Ng==&mid=2247485606&idx=1&sn=ddd94e3965d4bf972cd160c91dde68b7)
|
||||||
|
* [思科两大0day漏洞同时曝光:ASA/FTD设备VPN缺陷可导致Root权限远程代码执行](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612546&idx=3&sn=a56efd4ed6df270e25a884261bae20ba)
|
||||||
|
* [高危漏洞预警PHPGurukul Small CRM信息泄露漏洞CVE-2025-11053](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612546&idx=4&sn=b72c0090277c3c57298238ca4dbe9494)
|
||||||
|
* [WhatsApp 中新发现的零点击远程代码执行 RCE 漏洞使数百万苹果用户面临风险](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796497&idx=1&sn=2519743e8fc125304ace68c76d0ad8fa)
|
||||||
|
* [Notepad++ DLL 劫持漏洞威胁数百万用户,PoC已公开](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796497&idx=2&sn=ef5f2822ed2bf09e08316a154c418293)
|
||||||
|
* [菜狗安全《代码审计培训》国庆优惠开启:手把手0day挖掘教学](https://mp.weixin.qq.com/s?__biz=Mzg4MzkwNzI1OQ==&mid=2247487288&idx=1&sn=2391c13955cf95ada76d4e02f557f9d3)
|
||||||
|
* [LazyHunter:一键自动化内网漏洞侦察神器](https://mp.weixin.qq.com/s?__biz=MzkzMzE5OTQzMA==&mid=2247488910&idx=1&sn=4018f1a2ac9d87a04e8b0c18c0243036)
|
||||||
|
* [思科爆出致命零日漏洞!超200万设备面临远程代码执行风险](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548785&idx=2&sn=aa054c301b90264d520cc220181cf976)
|
||||||
|
* [iOS 0Day漏洞(CVE-2025-24085)相关PoC利用细节已公开](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548785&idx=3&sn=8a0f252abb6440ad8f91786e2256dafb)
|
||||||
|
* [利用Apps Script项目伪装在GCP中实现隐蔽持久化](https://mp.weixin.qq.com/s?__biz=MzIyMzM2MzE1OQ==&mid=2247484480&idx=1&sn=4cec1ef986be7b94b083ea10cafd868d)
|
||||||
|
|
||||||
### 🔬 安全研究
|
### 🔬 安全研究
|
||||||
|
|
||||||
* [天唯科技盛世华诞举国同庆|2025 年国庆放假安排暨技术服务保障温馨告知](https://mp.weixin.qq.com/s?__biz=MzkzMjE5MTY5NQ==&mid=2247504776&idx=1&sn=e9ee682d8227ff5b1f807949d8441753)
|
* [天唯科技盛世华诞举国同庆|2025 年国庆放假安排暨技术服务保障温馨告知](https://mp.weixin.qq.com/s?__biz=MzkzMjE5MTY5NQ==&mid=2247504776&idx=1&sn=e9ee682d8227ff5b1f807949d8441753)
|
||||||
|
* [OpenAI推出“安全模型”:为GPT-4o敏感对话引入强制路由机制](https://mp.weixin.qq.com/s?__biz=MzkxNTI2MTI1NA==&mid=2247504191&idx=2&sn=d401a89362e13478947bc9163f42a812)
|
||||||
|
* [台湾地下空间作战研究:基于体系对抗的防御韧性与能力评估](https://mp.weixin.qq.com/s?__biz=MzkyMjY1MTg1MQ==&mid=2247496336&idx=1&sn=4dd2cbc16c7a0d69cdf06c57b26cb37e)
|
||||||
|
* [“鹏云杯”第十二届山东省大学生网络安全技能大赛网络安全技术爱好者决赛入围名单](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=2&sn=4c9f7bc9b6b6facd72d3bb5bd0c0ccb1)
|
||||||
|
* [2025车用人工智能标准体系研究报告](https://mp.weixin.qq.com/s?__biz=MzkyOTMwMDQ5MQ==&mid=2247520575&idx=1&sn=35b595af76cc310972abc2d88529d842)
|
||||||
|
|
||||||
### 🎯 威胁情报
|
### 🎯 威胁情报
|
||||||
|
|
||||||
* [《挖矿病毒杀到第5次复活?看我硬核“斩根”操作:内存马、定时器、守护进程一锅端,CPU瞬间降温,黑客钱包原地停机!》](https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247492713&idx=1&sn=8f7cbdccf03c27f4191735c7f7450fbd)
|
* [《挖矿病毒杀到第5次复活?看我硬核“斩根”操作:内存马、定时器、守护进程一锅端,CPU瞬间降温,黑客钱包原地停机!》](https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247492713&idx=1&sn=8f7cbdccf03c27f4191735c7f7450fbd)
|
||||||
* [日本最大啤酒制造商因网络攻击暂停运营](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514153&idx=1&sn=008ba6cef420636b6598b63d172415c5)
|
* [日本最大啤酒制造商因网络攻击暂停运营](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514153&idx=1&sn=008ba6cef420636b6598b63d172415c5)
|
||||||
|
* [关于防范PS1Bot恶意软件的风险提示](https://mp.weixin.qq.com/s?__biz=MzA5Nzc4Njg1NA==&mid=2247489307&idx=1&sn=113fd14256c26da5e54aaf4a08284475)
|
||||||
|
* [GROW计划二期报名启动,携手奇安信基金会守护社会组织网络安全!](https://mp.weixin.qq.com/s?__biz=MzU4MzgwODc3Ng==&mid=2247499534&idx=1&sn=75539bb32989b332b048342130825bc8)
|
||||||
|
* [22 岁主谋落网!00 后黑客组建的 DDoS 僵尸网络帝国 RapperBot 被彻底取缔](https://mp.weixin.qq.com/s?__biz=MzIzNDIxODkyMg==&mid=2650087062&idx=1&sn=e9ecb48b05229cb237a56c1f41e75881)
|
||||||
|
* [捷豹路虎遭网络攻击后获英国15亿英镑贷款](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494929&idx=2&sn=e4ab2b8d397b7d617176fc80bda49fb2)
|
||||||
|
* [荷兰青少年涉嫌为亲俄黑客从事间谍活动被捕](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494929&idx=4&sn=6ad2b0a875b69bf477c1789529a96eeb)
|
||||||
|
* [揭秘魔罗桫(confucius)组织武器库源代码](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247516223&idx=1&sn=063924bb4022d15b9a8cfb97f7fcbb2b)
|
||||||
|
* [EvilAI 恶意软件伪装成 AI 工具渗透全球组织](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796497&idx=3&sn=674742123282b78610e9b9aaa6a8bea5)
|
||||||
|
* [为什么网络攻击者喜欢仿冒人力资源部门发送钓鱼邮件?](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548785&idx=4&sn=0de0f3f004f149c130d27302518eeaef)
|
||||||
|
|
||||||
### 🛠️ 安全工具
|
### 🛠️ 安全工具
|
||||||
|
|
||||||
@ -43,6 +68,11 @@
|
|||||||
* [论文速读| 语义感知模糊测试:LLM引导、推理驱动的输入变异的经验框架](https://mp.weixin.qq.com/s?__biz=MzkzNDUxOTk2Mw==&mid=2247497076&idx=1&sn=63acabc845865c03593e1fb4dd034c79)
|
* [论文速读| 语义感知模糊测试:LLM引导、推理驱动的输入变异的经验框架](https://mp.weixin.qq.com/s?__biz=MzkzNDUxOTk2Mw==&mid=2247497076&idx=1&sn=63acabc845865c03593e1fb4dd034c79)
|
||||||
* [IOT测试入门初窥:固件提取如何用 SWD 把固件“薅”出来!](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=1&sn=67d11fb6c07fadb87b10f6b651d4b0cd)
|
* [IOT测试入门初窥:固件提取如何用 SWD 把固件“薅”出来!](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=1&sn=67d11fb6c07fadb87b10f6b651d4b0cd)
|
||||||
* [99攻防不靠大厂内部工具,学生党也能搭建自己的攻防打点工作流](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=3&sn=5c992a48296e904954b84cef6d46ca97)
|
* [99攻防不靠大厂内部工具,学生党也能搭建自己的攻防打点工作流](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=3&sn=5c992a48296e904954b84cef6d46ca97)
|
||||||
|
* [API安全检测自动化工具](https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247527412&idx=1&sn=d144f8a52713af6bcfce6ea00bcd7120)
|
||||||
|
* [突破性成果发布!我的AI智能安全推理引擎实战测试全记录](https://mp.weixin.qq.com/s?__biz=MzAxNTQwMjAzOA==&mid=2452514952&idx=1&sn=7b09ef652deb443ba351e8640223330b)
|
||||||
|
* [渗透测试工具Yakit使用指南:从安装到实战](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247484682&idx=1&sn=b3c211269d7bc52aebe992db9cb6375b)
|
||||||
|
* [一款go编写的主机管理工具](https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247519729&idx=1&sn=2f300ca4736be67980dd2f62dfae9b2c)
|
||||||
|
* [一款可以梭哈内存马的工具](https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247507500&idx=1&sn=0eb1f93b04f2dab09cea7a667eb4ca07)
|
||||||
|
|
||||||
### 📚 最佳实践
|
### 📚 最佳实践
|
||||||
|
|
||||||
@ -53,6 +83,10 @@
|
|||||||
* [5家银行因“数据安全管理”等问题被罚](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=2&sn=3f82a6f729ce29d6e3165b260e760c83)
|
* [5家银行因“数据安全管理”等问题被罚](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=2&sn=3f82a6f729ce29d6e3165b260e760c83)
|
||||||
* [国庆/中秋限时优惠适合网安人的速成加解密逆向教程](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=2&sn=7361bb9b6d4a06150125e3765e356b18)
|
* [国庆/中秋限时优惠适合网安人的速成加解密逆向教程](https://mp.weixin.qq.com/s?__biz=MzkzNDI5NjEzMQ==&mid=2247485824&idx=2&sn=7361bb9b6d4a06150125e3765e356b18)
|
||||||
* [软件工程智能化变革的探索与实践](https://mp.weixin.qq.com/s?__biz=MjM5NTk5Mjc4Mg==&mid=2655230781&idx=1&sn=424ebeb04ef5cf3f045712f6ea5991e6)
|
* [软件工程智能化变革的探索与实践](https://mp.weixin.qq.com/s?__biz=MjM5NTk5Mjc4Mg==&mid=2655230781&idx=1&sn=424ebeb04ef5cf3f045712f6ea5991e6)
|
||||||
|
* [从行标到国标:运维安全管理的八年之“跃”](https://mp.weixin.qq.com/s?__biz=MzAwMTQ5NTU3NQ==&mid=2654318941&idx=1&sn=70dbe69208912149b7aaf09c11157ecb)
|
||||||
|
* [2025年福州市第五届“榕匠杯”网络与信息安全管理员职业技能竞赛圆满落幕](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=4&sn=750800829255f46cba0d98f6f21f990a)
|
||||||
|
* [Akira勒索软件突破SonicWall VPN多重认证防护](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494929&idx=1&sn=bdbe34ec2367fe2d8c9e06450b05ca4a)
|
||||||
|
* [国产化替代核心:安全可靠测评之操作系统选型指南(2023-2025)](https://mp.weixin.qq.com/s?__biz=MzkxMzI3MzMwMQ==&mid=2247531455&idx=1&sn=0c1c80f39ad7f56930330cc96c14abfb)
|
||||||
|
|
||||||
### 🍉 吃瓜新闻
|
### 🍉 吃瓜新闻
|
||||||
|
|
||||||
@ -61,6 +95,11 @@
|
|||||||
* [CDN恶意流量防御方案与企业网络安全定责探讨|总第301周](https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&mid=2247492237&idx=1&sn=355a99271ead2831125814a19ca6e1fa)
|
* [CDN恶意流量防御方案与企业网络安全定责探讨|总第301周](https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&mid=2247492237&idx=1&sn=355a99271ead2831125814a19ca6e1fa)
|
||||||
* [零代码开发!用Oracle APEX快速构建数据库应用](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458861788&idx=1&sn=3671636da475c1e94bc86e1c9d46854b)
|
* [零代码开发!用Oracle APEX快速构建数据库应用](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458861788&idx=1&sn=3671636da475c1e94bc86e1c9d46854b)
|
||||||
* [关于加强数字经济创新型企业培育的若干措施](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247491901&idx=1&sn=a9aac705ce11c71359762b2e8542308f)
|
* [关于加强数字经济创新型企业培育的若干措施](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247491901&idx=1&sn=a9aac705ce11c71359762b2e8542308f)
|
||||||
|
* [论文解读:《面向合规数据泄露通知的隐私数据分类法的自动扩展》](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247499114&idx=1&sn=a896d2b46614b4f490fe015003189db4)
|
||||||
|
* [哈罗德百货通报新一轮第三方服务商数据泄露事件](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494929&idx=3&sn=7b2a4c9f84ccb7946012b98271ce4160)
|
||||||
|
* [行业咨询:安博通《关于实际控制人所持公司部分股票将被司法拍卖的提示性公告》](https://mp.weixin.qq.com/s?__biz=MzUzNjkxODE5MA==&mid=2247494108&idx=1&sn=5f555b3f84042782198e29bbe45fd3b7)
|
||||||
|
* [大无语:上海一公司用中秋国庆福利钓鱼员工](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247548785&idx=1&sn=4dedd647f890d8d4940adbf7cce05607)
|
||||||
|
* [问界数据安全团队招人](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506635&idx=3&sn=ff2a4083189c53ec2804cf633eae1098)
|
||||||
|
|
||||||
### 📌 其他
|
### 📌 其他
|
||||||
|
|
||||||
@ -89,6 +128,57 @@
|
|||||||
* [2025年10月起一批网络安全相关新规开始施行!](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=1&sn=2b9115c9f6279bec1d71e68df4c96187)
|
* [2025年10月起一批网络安全相关新规开始施行!](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=1&sn=2b9115c9f6279bec1d71e68df4c96187)
|
||||||
* [《深圳市加强应用程序个人信息保护若干指引(2025年版)》发布](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=3&sn=1d6154aaa03b501ba04cebfc65fa20b1)
|
* [《深圳市加强应用程序个人信息保护若干指引(2025年版)》发布](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=3&sn=1d6154aaa03b501ba04cebfc65fa20b1)
|
||||||
* [《浙江省实施 办法》12月1日起施行](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=4&sn=04e7b6944fc4864af49fb45dc99d47fe)
|
* [《浙江省实施 办法》12月1日起施行](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499090&idx=4&sn=04e7b6944fc4864af49fb45dc99d47fe)
|
||||||
|
* [培训资讯 | 数字证据全要素审查高级研修班兰州](https://mp.weixin.qq.com/s?__biz=Mzg4MzEwMDAyNw==&mid=2247485356&idx=1&sn=76ec87147a624e0c45c9245ee60a599b)
|
||||||
|
* [这样学起来真的不费劲](https://mp.weixin.qq.com/s?__biz=Mzk0MzcyNjMyNg==&mid=2247486283&idx=1&sn=cb3f40c45b0bcd9760cd931932180399)
|
||||||
|
* [零基础想入行网安?先搞懂这 3 件事再出发!](https://mp.weixin.qq.com/s?__biz=MzU3MjczNzA1Ng==&mid=2247499789&idx=1&sn=9114475e7cc540e87cb1469566160e81)
|
||||||
|
* [2025年国庆中秋假期安全保障通知](https://mp.weixin.qq.com/s?__biz=MzAwNTAxMjUwNw==&mid=2650279061&idx=1&sn=2d596308be2b9915fc265e143e478881)
|
||||||
|
* [AI告诉你等级测评备受诟病的原因](https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247501863&idx=1&sn=4682ad2f4203f8846b0a465c180ff740)
|
||||||
|
* [怎样通过远程桌面远程连接Kali Linux系统](https://mp.weixin.qq.com/s?__biz=MzI4MjkxNzY1NQ==&mid=2247487135&idx=1&sn=768c07303e6a5170c0cb7ebf4236a7f1)
|
||||||
|
* [CISO为何成了美国最不受欢迎的高管职位?](https://mp.weixin.qq.com/s?__biz=MzkxNTI2MTI1NA==&mid=2247504191&idx=1&sn=5e054b8f96210e8a2b8e600d6ecd71d0)
|
||||||
|
* [嘉韦思网络安全服务持续在线,保障无忧!](https://mp.weixin.qq.com/s?__biz=MzIxNTA4OTI5Mg==&mid=2647713152&idx=1&sn=9fdd245d0cd72942a8291e483990bc46)
|
||||||
|
* [新规解读GB/T46068-2025正式发布!您的个人信息跨境流动合规了吗?](https://mp.weixin.qq.com/s?__biz=MzkzMDE4NTE5OA==&mid=2247489170&idx=1&sn=fe239cb7a74892bb705aaf8a50bafe48)
|
||||||
|
* [通知2025年国庆中秋应急安排](https://mp.weixin.qq.com/s?__biz=MzIyNTIyMTU1Nw==&mid=2247485909&idx=1&sn=32ee15f3ba73f3d3e5c30b566aac4ba0)
|
||||||
|
* [赛事招标丨中国移动2025年网络安全劳动竞赛系列重大活动支撑服务采购项目](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=1&sn=a1bb3dc99127bf87629be5ffabd04669)
|
||||||
|
* [关于2025年无锡市网络安全技能竞赛结果公示](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=3&sn=30784c3667973897a6b6bbef702b455f)
|
||||||
|
* [喜报丨桂林机场在2025年交通运输网络安全大赛取得佳绩](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=5&sn=e2eb2860b626756a6c0c4d37274e8877)
|
||||||
|
* [喜报 | 学院学子在第五届“长城杯”网络安全大赛暨京津冀蒙网络安全技能竞赛决赛中荣获佳绩](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=6&sn=31740646999b6b7572f30ae02f3cdf00)
|
||||||
|
* [某市网络安全技能大赛初赛WP(部分)](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=7&sn=8291701dfdd72527cfe792d249c06631)
|
||||||
|
* [solar9月公益赛WP](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494433&idx=8&sn=31105024009960e05de2185ced390cb6)
|
||||||
|
* [U商“一人分饰两角”诈骗甄别与侦查](https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247518492&idx=1&sn=836312ad64d7b15d9300ab1bdf154a2c)
|
||||||
|
* [赛宁支撑第三届“天网杯”网络安全大赛圆满收官](https://mp.weixin.qq.com/s?__biz=MzA4Mjk5NjU3MA==&mid=2455490191&idx=1&sn=811eea72eb092736bdac48ebf53ecf18)
|
||||||
|
* [秦安:以色列男子准备向内塔尼亚胡连开三枪,“加沙屠夫”到了穷途末路](https://mp.weixin.qq.com/s?__biz=MzA5MDg1MDUyMA==&mid=2650481444&idx=1&sn=5bb3d0db13a69b85a5c58431a229d13e)
|
||||||
|
* [系统调整及网络维护通知](https://mp.weixin.qq.com/s?__biz=Mzk0MTM1MTg3Nw==&mid=2247483949&idx=1&sn=6d785f9cfc31715971daf8e3b0d8ea60)
|
||||||
|
* [so混淆加密|移植OLLVM到NDK并集成到 Android Studio](https://mp.weixin.qq.com/s?__biz=Mzg2NzUzNzk1Mw==&mid=2247498707&idx=1&sn=55e99d31ed67c61166ebeff20a184ffb)
|
||||||
|
* [10.1|国庆V24-26年小迪安全培训](https://mp.weixin.qq.com/s?__biz=MzA5MzQ3MDE1NQ==&mid=2653940668&idx=1&sn=7b4786a6b66a6da7fcb3a23ab8835348)
|
||||||
|
* [0063.SVG 图像到存储型 XSS](https://mp.weixin.qq.com/s?__biz=MzA4NDQ5NTU0MA==&mid=2647691058&idx=1&sn=08a996a6ec6198d34b37f306e8db33b1)
|
||||||
|
* [绿盟科技“AI安全围栏”项目入选2025年人工智能先锋案例](https://mp.weixin.qq.com/s?__biz=MjM5ODYyMTM4MA==&mid=2650473314&idx=1&sn=22d2e0a4adb88a1e52ee58c5bb2b5c46)
|
||||||
|
* [效率源|国庆节值班安排](https://mp.weixin.qq.com/s?__biz=MjM5ODQ3NjAwNQ==&mid=2650554899&idx=1&sn=50427a6b03d3539e866ee801688a5d6b)
|
||||||
|
* [Polar2025秋季挑战赛web-writeup](https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247492891&idx=1&sn=95c8cc65dcaf327189ef91770754224a)
|
||||||
|
* [666](https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247500507&idx=1&sn=81f9d233ba6c2c57d89da7cb96e81253)
|
||||||
|
* [sci论文润色机构怎么选?在这家老牌机构润色后秒发一区!](https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247500507&idx=2&sn=24e32e83079da227670b3cec0ea84986)
|
||||||
|
* [好靶场237各位股东,国庆值班安排表](https://mp.weixin.qq.com/s?__biz=Mzg4MDg5NzAxMQ==&mid=2247486367&idx=1&sn=10a9289ac4b77415439d99404ce61e79)
|
||||||
|
* [韩国服务器发生火灾后紧急恢复数字服务](https://mp.weixin.qq.com/s?__biz=MzU0MjE2Mjk3Ng==&mid=2247490093&idx=1&sn=c71949d9574ad2dce1828f8a9a6372ad)
|
||||||
|
* [2025年8月攻防考试成绩](https://mp.weixin.qq.com/s?__biz=MzI1NzQ0NTMxMQ==&mid=2247490809&idx=1&sn=6e2c54833ecaca5224aa674c338dc1b3)
|
||||||
|
* [国庆优惠劵大白哥帮会国庆优惠,错过等一年!](https://mp.weixin.qq.com/s?__biz=MzkyNDYwNTcyNA==&mid=2247488462&idx=1&sn=2a3ebdccc80a5d325615265ea0c1bb7a)
|
||||||
|
* [AI独角兽翻车:700名印度码农冒充AI,微软软银血本无归|XCSSET 新变种:专攻苹果 Mac 开发者,窃取加密货币钱包!](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612546&idx=1&sn=4f5202b96bc23cc8a27f78e0cb65888c)
|
||||||
|
* [AI时代网络安全六大关键趋势](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612546&idx=2&sn=ecb9d25d68008b37dd05be316fd2c10d)
|
||||||
|
* [安恒信息再登全国工商联研发和专利双500榜!](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650633478&idx=1&sn=ad0bffd4dc7d82ae539375f11d9a4102)
|
||||||
|
* [从“中国方案”到“全球答案”|安恒信息发布“智护全球 安行万里”出海解决方案](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650633478&idx=2&sn=f62c830f22439cc1910d114dc11bda93)
|
||||||
|
* [2025云栖大会|安恒信息获阿里云奖项,联合发布AI生态解决方案](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650633478&idx=3&sn=47bd4392d11ee2cff7bb3d027fd4a8b9)
|
||||||
|
* [月满华诞,安全同行 | 赠2本道哥亲签《白帽子讲Web安全(第2版)》](https://mp.weixin.qq.com/s?__biz=MzI3MzQyMjQxOQ==&mid=2247484237&idx=1&sn=d68d750f55b8de111726febe656224fb)
|
||||||
|
* [人民英雄永垂不朽](https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247490136&idx=1&sn=92059ba20b8524bdbf6fc583ff6f3395)
|
||||||
|
* [山河万里庆华诞 四叶草安全以专业守护 祝祖国繁荣昌盛](https://mp.weixin.qq.com/s?__biz=MjM5MTI2NDQzNg==&mid=2654553148&idx=1&sn=4cca703ada4d46e438ba7161ff5b8ab7)
|
||||||
|
* [某东来DL线上商城监控库存步骤解析](https://mp.weixin.qq.com/s?__biz=MzIxODQzOTA5Mg==&mid=2247486862&idx=1&sn=50fe606ca8d8c4845aa49196c0a09aa6)
|
||||||
|
* [共庆华诞,坚守如一丨云天安全服务保障时刻在线](https://mp.weixin.qq.com/s?__biz=MzI2NDYzNjY0Mg==&mid=2247502496&idx=1&sn=bf15876b46864c06feaef71910a65d35)
|
||||||
|
* [欢度国庆,喜迎中秋 | 极验2025年双节放假通知](https://mp.weixin.qq.com/s?__biz=MzI2MDE5MTQxNg==&mid=2649723920&idx=1&sn=8fa64ea788d605573e959e5eab9c999c)
|
||||||
|
* [以美为鉴:构建现代化的核能行业网络安全合规体系--为人工智能革命提供动力](https://mp.weixin.qq.com/s?__biz=MzkwMTM5MDUxMA==&mid=2247507957&idx=1&sn=709f629f316dbea145987eec6729607a)
|
||||||
|
* [浅谈Java Web中Word转换器与SSRF](https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247497294&idx=1&sn=e9587c0f620050b69d44aac759bb0941)
|
||||||
|
* [国庆假期应急保障通知](https://mp.weixin.qq.com/s?__biz=MzU3ODQ4NjA3Mg==&mid=2247567663&idx=1&sn=9432b637b189fe3c868fd985bff23d08)
|
||||||
|
* [山石网科上市6周年|六载科创路,双 A 护未来](https://mp.weixin.qq.com/s?__biz=MzAxMDE4MTAzMQ==&mid=2661303170&idx=1&sn=7b91c45b9cca3d4cd97702c7734d6f0b)
|
||||||
|
* [JS Hook脚本分享 | 秒杀路由守卫](https://mp.weixin.qq.com/s?__biz=MzkzNTcwOTgxMQ==&mid=2247486357&idx=1&sn=61a4d78687ddbd4a8b0aa4aea4f1c84f)
|
||||||
|
* [云天 · 安全通告(2025年9月30日)](https://mp.weixin.qq.com/s?__biz=MzI2NDYzNjY0Mg==&mid=2247502519&idx=1&sn=bf33574bf7ff43f85c1f6d3610439115)
|
||||||
|
* [国庆期间帮会限时优惠,8000+资源,800+师傅](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506635&idx=1&sn=e61261bb7d25f00a49930c699a753fab)
|
||||||
|
* [中旅集团招聘网络安全岗](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247506635&idx=2&sn=beae458f5f0ea731c3a99f6e06565f24)
|
||||||
|
|
||||||
## 安全分析
|
## 安全分析
|
||||||
(2025-09-30)
|
(2025-09-30)
|
||||||
@ -374,6 +464,67 @@ CVE-2025-0411是一个高危漏洞,允许绕过安全机制,导致远程代
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### CVE-2025-53770 - SharePoint扫描器,识别CVE-2025-53770
|
||||||
|
|
||||||
|
#### 📌 漏洞信息
|
||||||
|
|
||||||
|
| 属性 | 详情 |
|
||||||
|
|------|------|
|
||||||
|
| CVE编号 | CVE-2025-53770 |
|
||||||
|
| 风险等级 | `CRITICAL` |
|
||||||
|
| 利用状态 | `POC可用` |
|
||||||
|
| 发布时间 | 2025-09-30 00:00:00 |
|
||||||
|
| 最后更新 | 2025-09-30 01:56:57 |
|
||||||
|
|
||||||
|
#### 📦 相关仓库
|
||||||
|
|
||||||
|
- [CVE-2025-53770-Scanner](https://github.com/ziisenpai/CVE-2025-53770-Scanner)
|
||||||
|
|
||||||
|
#### 💡 分析概述
|
||||||
|
|
||||||
|
该GitHub仓库提供了一个针对SharePoint CVE-2025-53770漏洞的扫描工具。该工具通过子域名枚举和HTTP请求探测,尝试识别潜在的SharePoint服务器,并检测其是否存在该漏洞。该工具通过GitHub Actions进行持续集成,并提供了下载链接。代码由Python编写,依赖requests、rich和sublist3r库。代码的主要功能包括子域名枚举、漏洞探测和结果输出。更新内容主要包括更新下载链接和修复部分代码错误,但整体功能未变。CVE-2025-53770漏洞允许未授权的远程代码执行,因此具有极高的威胁。该扫描器本身并不尝试利用漏洞,仅用于探测。
|
||||||
|
|
||||||
|
考虑到该漏洞的严重性和工具的实用性,以及其直接针对CVE的特性,该工具具有一定的实战价值,可用于安全评估和漏洞扫描。
|
||||||
|
|
||||||
|
#### 🔍 关键发现
|
||||||
|
|
||||||
|
| 序号 | 发现内容 |
|
||||||
|
|------|----------|
|
||||||
|
| 1 | 扫描工具针对SharePoint CVE-2025-53770漏洞。 |
|
||||||
|
| 2 | 通过子域名枚举和HTTP请求探测目标SharePoint服务器。 |
|
||||||
|
| 3 | 依赖Python编写,使用requests, rich, sublist3r等库。 |
|
||||||
|
| 4 | 工具不进行漏洞利用,仅用于探测漏洞是否存在。 |
|
||||||
|
| 5 | Github Actions 持续集成,并提供下载链接 |
|
||||||
|
|
||||||
|
#### 🛠️ 技术细节
|
||||||
|
|
||||||
|
> 使用Sublist3r进行子域名枚举,获取潜在的SharePoint服务器。
|
||||||
|
|
||||||
|
> 构造HTTP请求,探测/_layouts/15/ToolPane.aspx?DisplayMode=Edit页面,以此判断是否存在CVE-2025-53770漏洞。
|
||||||
|
|
||||||
|
> 通过HTTP状态码和页面内容判断目标SharePoint服务器是否可能存在漏洞。
|
||||||
|
|
||||||
|
> 结果以CSV格式输出,方便用户分析。
|
||||||
|
|
||||||
|
> 代码逻辑清晰,易于理解和扩展。
|
||||||
|
|
||||||
|
|
||||||
|
#### 🎯 受影响组件
|
||||||
|
|
||||||
|
```
|
||||||
|
• Microsoft SharePoint Server(受CVE-2025-53770影响)
|
||||||
|
```
|
||||||
|
|
||||||
|
#### ⚡ 价值评估
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>展开查看详细评估</summary>
|
||||||
|
|
||||||
|
该扫描器针对高危漏洞CVE-2025-53770,漏洞利用难度低,潜在危害严重,且工具提供了一键扫描能力。可以帮助安全人员快速评估SharePoint服务器的安全性,具有重要的实战价值。
|
||||||
|
</details>
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
## 免责声明
|
## 免责声明
|
||||||
本文内容由 AI 自动生成,仅供参考和学习交流。文章中的观点和建议不代表作者立场,使用本文信息需自行承担风险和责任。
|
本文内容由 AI 自动生成,仅供参考和学习交流。文章中的观点和建议不代表作者立场,使用本文信息需自行承担风险和责任。
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user