Notable changes

Email template for org invites was updated again. The URL got HTML Encoded which resulted in a sometimes non-working URL (#5100)
Fixed SMTP issues with some providers which send er...

What's Changed

Add Content-Security-Policy and Permissions-Policy headers by @paskal in #1805
add RTL support by @adueck in #1799
fix: Apple login integration by @tomy0000000 in #1806
Fix prob...

有东西被加密了, 请输入密码查看.

降级Windows以利用已修补的漏洞；FortiManager 零日漏洞；secp256k1-node中ECDH私钥提取漏洞分析

思科ASA与FTD软件中远程访问VPN服务的重大漏洞；对可信平台模块的SPI接口进行嗅探攻击，以低成本提取BitLocker密钥；NUUO网络视频录像机任意文件上传

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

Linux内核TCP合成接收套接字关闭时的除零错误；CyberPanel 控制面板远程命令执行；Rust的安全幻影：语言层面的约束及其局限性

A bunch of malicious extensions in Chrome Web Store have hidden affiliate fraud functionality, collect users’ browsing profiles, or both. These extensions appear to be connected to the Karma shopping assistant, developed by Karma Shopping Ltd. which is not…

2024年9月24日，OpenAI的CEO Sam Altman发表文章《The Intelligence Age》，大胆地宣告了AI时代的到来。

给予文章强有力支撑的是ChatGPT-o1的发布，这是一次里程碑式的事件，在深度学习的加成下，大模型如虎添翼，表现强劲。
身处时代浪潮之中，DARKNAVY也积极拥抱AI，探索AI和安全的关系。AI能否在发现和利用漏洞时，再现人类的方法论？AI会不会带来新的安全问题？

楚人有鬻盾与矛者，誉之曰：“吾盾之坚，物莫能陷之。”以誉其矛曰：“吾矛之利，于物无不陷…

Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase "As an AI language model…".

APT29利用RDP渗透乌克兰；Windows TCP/IP 远程代码执行漏洞；WebKitGTK与WPE WebKit安全公告

利用Magento和Adobe Commerce系统的两个漏洞实现远程代码执行；利用公开的.git文件夹进行漏洞挖掘；利用 0-Day Opera 漏洞进行跨浏览器扩展存储攻击

The recent discovery of FortiJump (CVE-2024-47575) highlights a critical vulnerability exploited in the wild, prompting an urgent need to understand its…