unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
新型勒索软件HybridPetya可绕过UEFI安全启动 植入EFI分区恶意程序
HybridPetya勒索软件可绕过UEFI安全启动,在EFI分区植入恶意程序并加密数据。其利用CVE-2024-7344漏洞绕过安全机制,并结合Petya/NotPetya特性进行攻击。微软已修复相关漏洞,建议用户安装补丁并定期备份数据以防范威胁。...
2025-9-22 07:49:28 | 阅读: 0 |
收藏
|
玄武实验室每日安全 - buaq.net
hybridpetya
efi
安全
加密
绕过
利用Windows 11虚拟硬盘(VHDX)软腐败漏洞实现远程代码执行(CVE-2025-49683)
微软Windows 11中的虚拟硬盘(VHDX)存在软腐败漏洞(CVE-2025-49683),评分7.8高危。通过PowerShell脚本在特定位置引入字节级腐败,导致系统异常或远程代码执行。...
2025-8-3 07:49:53 | 阅读: 0 |
收藏
|
玄武实验室每日安全 - buaq.net
vhdx
corruption
49683
windows
httpx 1.7.0 远程拒绝服务漏洞:通过畸形
标签触发</a> <span class="d-block small opacity-50"> ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞,通过返回畸形<title>标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具,修复已提交。...<br> 2025-6-26 07:49:32 | 阅读: 0 | <a onclick='addCollect("345762")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-345023.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">httpx</span> <span class="badge bg-secondary">seclists</span> <span class="badge bg-secondary">malformed</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/25c8c2999c8c7241b092876d02527418.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-339024.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-339052.html">武器化PyPI包通过供应链攻击窃取Solana私钥:技术分析与防御建议</a> <span class="d-block small opacity-50"> 针对Solana开发者的供应链攻击利用恶意Python包“semantic-types”窃取加密货币私钥。该攻击通过转依赖和区块链外泄技术规避传统安全措施,并采用延迟激活策略增强隐蔽性。恶意软件利用猴子补丁技术实时拦截关键函数,在生成新密钥时捕获并加密私钥数据,并通过Solana区块链交易将其发送给攻击者。所有相关包仍活跃于PyPI,可能继续危害开发者环境。...<br> 2025-5-31 07:49:32 | 阅读: 22 | <a onclick='addCollect("339052")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-339024.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">solana</span> <span class="badge bg-secondary">malicious</span> <span class="badge bg-secondary">semantic</span> <span class="badge bg-secondary">pypi</span> <span class="badge bg-secondary">攻击</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/ba14b8aa39b2ced855b263c8dd98c0b1.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-337458.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-337483.html">AI ClickFix:利用ClickFix技术劫持计算机使用代理</a> <span class="d-block small opacity-50"> 文章探讨了ClickFix社会工程攻击如何针对AI系统,该技术通过欺骗用户点击按钮或执行恶意命令传播威胁,并已扩展至Linux和macOS系统。作者展示了如何利用JavaScript将恶意代码复制到剪贴板,并诱导AI执行这些代码。通过修改提示文本和按钮名称可提高成功率。文章强调需加强安全措施以防范此类攻击。...<br> 2025-5-25 07:50:0 | 阅读: 18 | <a onclick='addCollect("337483")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-337458.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">clickfix</span> <span class="badge bg-secondary">claude</span> <span class="badge bg-secondary">clipboard</span> <span class="badge bg-secondary">windows</span> <span class="badge bg-secondary">ttps</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-337473.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-337481.html">none</a> <span class="d-block small opacity-50"> 文章详细介绍了BadUSB攻击的工作原理,从2014年Black Hat大会的起源到使用Arduino UNO和自定义HID固件的实际实现。攻击利用USB协议缺乏严格设备类型验证的漏洞,使USB设备伪装成键盘并注入恶意命令。文章还提供了有效载荷代码、固件烧录方法及防御策略,并附有演示视频链接。...<br> 2025-5-25 07:49:31 | 阅读: 8 | <a onclick='addCollect("337481")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-337473.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">badusb</span> <span class="badge bg-secondary">netsec</span> <span class="badge bg-secondary">firmware</span> <span class="badge bg-secondary">arduino</span> <span class="badge bg-secondary">hid</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/a5838c419eb6f7c00b4fd3598e4d6eda.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-335970.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-336262.html">LogoFAIL:系统启动期间图像解析的危险</a> <span class="d-block small opacity-50"> Binarly Research团队发现UEFI固件中存在严重图像解析漏洞(LogoFAIL),影响所有主要设备制造商的x86和ARM设备。通过模糊测试发现这些漏洞,并展示了如何利用它们实现任意代码执行。攻击者可利用定制启动logo触发漏洞,绕过安全启动和Verified Boot等安全机制。...<br> 2025-5-19 07:49:43 | 阅读: 1 | <a onclick='addCollect("336262")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-335970.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">logofail</span> <span class="badge bg-secondary">firmware</span> <span class="badge bg-secondary">dell</span> <span class="badge bg-secondary">lenovo</span> <span class="badge bg-secondary">dxe</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/68fc95b2cee7939425947f24b0bc4a01.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-335972.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-336008.html">电动汽车充电桩漏洞研究:固件提取与本地提权漏洞分析</a> <span class="d-block small opacity-50"> 文章研究了电动汽车充电桩的两个安全漏洞:通过JTAG工具提取固件发现多数设备缺乏保护措施;本地用户可通过脚本获取root权限。这些研究强调了漏洞披露的重要性,以减少潜在威胁并提升汽车行业安全性。...<br> 2025-5-19 07:49:35 | 阅读: 12 | <a onclick='addCollect("336008")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-335972.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">firmware</span> <span class="badge bg-secondary">automotive</span> <span class="badge bg-secondary">jtag</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">charger</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-335682.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-335792.html">Invision Community 5.0.0 至 5.0.6 版本 customCss 远程代码执行漏洞</a> <span class="d-block small opacity-50"> Invision Community 5.0.0至5.0.6版本中发现远程代码执行漏洞,攻击者可通过customCss方法注入并执行任意PHP代码。已发布补丁至5.0.7版本,并分配CVE-2025-47916编号。...<br> 2025-5-17 07:50:0 | 阅读: 9 | <a onclick='addCollect("335792")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-335682.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">customcss</span> <span class="badge bg-secondary">php</span> <span class="badge bg-secondary">invision</span> <span class="badge bg-secondary">47916</span> <span class="badge bg-secondary">egidio</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-335701.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-335719.html">none</a> <span class="d-block small opacity-50"> Ivanti Endpoint Manager Security Scan存在本地权限提升漏洞(CVE-2025-22458),攻击者可通过在ProgramData中插入恶意DLL,在计划任务运行时解压并加载,从而获取SYSTEM权限并实现持久化。...<br> 2025-5-17 07:49:57 | 阅读: 14 | <a onclick='addCollect("335719")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-335701.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">vulscan</span> <span class="badge bg-secondary">thu</span> <span class="badge bg-secondary">tue</span> <span class="badge bg-secondary">landesk</span> <span class="badge bg-secondary">ldclient</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-335698.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-335732.html">CVE-2025-30072:Tiiwee X1报警系统因433MHz无线通信漏洞导致认证绕过</a> <span class="d-block small opacity-50"> Tiiwee X1 报警系统因433MHz无线通信缺乏加密和密钥滚动机制,易受捕获重放攻击。攻击者可通过捕获信号并重放以绕过认证,建议停用该设备以避免风险。...<br> 2025-5-17 07:49:55 | 阅读: 15 | <a onclick='addCollect("335732")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-335698.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">alarm</span> <span class="badge bg-secondary">syss</span> <span class="badge bg-secondary">tiiwee</span> <span class="badge bg-secondary">sebastian</span> <span class="badge bg-secondary">captured</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-329642.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-329678.html">漏洞链:预认证账户接管至永久后门访问</a> <span class="d-block small opacity-50"> 作者通过预认证账户接管漏洞,在预订应用中创建任意邮箱账户,并利用邀请功能逻辑缺陷将自己设为拥有者,实现永久后门访问。...<br> 2025-5-13 07:51:18 | 阅读: 13 | <a onclick='addCollect("329678")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-329642.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">victim</span> <span class="badge bg-secondary">invited</span> <span class="badge bg-secondary">permanent</span> <span class="badge bg-secondary">invitation</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-329561.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-329941.html">2025年5月12日网络安全周报:技术综述与最新威胁</a> <span class="d-block small opacity-50"> 近期网络安全动态包括Google在Chrome中使用AI检测钓鱼网站、SysAid On-Premise预认证RCE漏洞、iOS widget动画API滥用等技术细节。微软建议禁用Secure Time Seeding以避免日期问题;佛罗里达州加密后门法案失败;defendnot工具及Sword of Secrets硬件CTF挑战发布。...<br> 2025-5-13 07:50:54 | 阅读: 3 | <a onclick='addCollect("329941")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-329561.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">windows</span> <span class="badge bg-secondary">defender</span> <span class="badge bg-secondary">sysaid</span> <span class="badge bg-secondary">chrome</span> <span class="badge bg-secondary">security</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-329199.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-329226.html">GitLab 存储型 XSS 漏洞带来 16,000 美元奖金</a> <span class="d-block small opacity-50"> 安全研究人员发现GitLab存在Stored XSS漏洞,利用Markdown渲染中的正则表达式绕过CSP,在问题评论等处注入任意JavaScript代码。该漏洞被报告后获得$16,000赏金。...<br> 2025-5-11 07:49:56 | 阅读: 6 | <a onclick='addCollect("329226")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-329199.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">gitlab</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">漏洞</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327676.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327697.html">通过 Sharp4UserExec 指定 Windows 本地账户实现权限提升和降级</a> <span class="d-block small opacity-50"> 文章描述了通过Sharp4UserExec工具指定Windows本地账户实现权限提升和降级的方法,并指出当前环境出现异常问题,需完成验证步骤后才能继续访问相关服务。...<br> 2025-5-5 07:52:19 | 阅读: 21 | <a onclick='addCollect("327697")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327676.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">windows</span> <span class="badge bg-secondary">biz</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/b5e3911543f6ed3f1c6e39a47e202700.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327686.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327799.html">人工智能在供应链中的风险及管理</a> <span class="d-block small opacity-50"> 文章探讨了AI在供应链中的应用如何改变网络安全格局,指出第三方风险管理中因供应商快速集成AI而产生的潜在漏洞和数据共享风险,并建议通过持续监控、透明沟通和采用TPRM平台等措施应对这些挑战。...<br> 2025-5-5 07:52:7 | 阅读: 8 | <a onclick='addCollect("327799")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327686.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">风险</span> <span class="badge bg-secondary">threats</span> <span class="badge bg-secondary">utm</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="https://8aqnet.cdn.bcebos.com/2d48cfee9b6e353cbf89d8c8f50222ca.jpg" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327683.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327701.html">供应链攻击揭秘:恶意代码潜伏六年被发现</a> <span class="d-block small opacity-50"> Sansec发现一起针对21个Magento扩展的供应链攻击事件,影响500至1, 1, 1, 1, 1, 1, 1, 1,...<br> 2025-5-5 07:52:5 | 阅读: 23 | <a onclick='addCollect("327701")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327683.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">sansec</span> <span class="badge bg-secondary">backdoored</span> <span class="badge bg-secondary">magento</span> <span class="badge bg-secondary">php</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327493.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327513.html">LLM智能体的安全与隐私风险:九大威胁分析与案例研究</a> <span class="d-block small opacity-50"> 文章探讨了大语言模型(LLM)代理在安全与隐私方面的问题,包括幻觉、灾难性遗忘、误解、调优指令攻击、数据提取攻击、推理攻击、知识中毒、功能性操纵和输出操纵等风险与漏洞。这些威胁源于架构设计、训练数据质量及推理限制等因素。...<br> 2025-5-3 07:49:59 | 阅读: 7 | <a onclick='addCollect("327513")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327493.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">agents</span> <span class="badge bg-secondary">llm</span> <span class="badge bg-secondary">prompts</span> <span class="badge bg-secondary">攻击</span> <span class="badge bg-secondary">injection</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327474.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327532.html">从开放式重定向到账户接管:一次意外的旅程</a> <span class="d-block small opacity-50"> 作者通过子域名狩猎和端点模糊测试发现Open Redirect漏洞,并结合JavaScript实现账户接管(ATO)。...<br> 2025-5-3 07:49:59 | 阅读: 7 | <a onclick='addCollect("327532")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327474.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">sight</span> <span class="badge bg-secondary">worried</span> <span class="badge bg-secondary">漏洞</span> <span class="badge bg-secondary">ato</span> <br> </span> </label> </td> </tr> </table> <table style="margin-top: 20px;"> <tr> <td class="" style="height: 150px;width: 30%;border: none;"> <img class="banner_img" id="banner_img" src="" onerror="this.src=randomImage('https:\/\/buaq.net\/go-327107.html')"> </td> <td class="list-group-item py-3" style="min-height: 152px;border: none;"> <label> <a class="paper_list" href="/go-327319.html">自主AI代理的高级威胁模型:识别和应对九种核心安全威胁</a> <span class="d-block small opacity-50"> 生成式AI代理的自主操作引入新型安全威胁,涉及长期记忆、动态决策和工具集成。研究提出ATFAA框架,识别9类威胁,包括推理路径劫持、知识中毒及治理漏洞等,这些威胁具时间复杂性和跨系统传播性,需整体安全策略应对。...<br> 2025-5-1 07:51:4 | 阅读: 2 | <a onclick='addCollect("327319")' style='font-size:13px' href="#">收藏</a> | <a href="?domain=buaq.net"> <img style="width: 16px;" src="/image?f=https%3A%2F%2Ft0.gstatic.com%2FfaviconV2%3Fclient%3DSOCIAL%26type%3DFAVICON%26fallback_opts%3DTYPE%2CSIZE%2CURL%26url%3Dhttp%3A%2F%2Fbuaq.net%26size%3D128" onerror="this.src=getIcon('buaq.net','https:\/\/buaq.net\/go-327107.html')" class="rounded float-left" alt="..."> 玄武实验室每日安全 - buaq.net </a> <br> <span class="badge bg-secondary">agents</span> <span class="badge bg-secondary">threats</span> <span class="badge bg-secondary">memory</span> <span class="badge bg-secondary">security</span> <span class="badge bg-secondary">governance</span> <br> </span> </label> </td> </tr> </table> </div> <br> <nav class="d-flex justify-content-center" aria-label="Page navigation example"> <ul class="pagination pagination-sm"> <li class="page-item"><a class="page-link" href="/?page=0&domain=buaq.net">Previous</a></li> <li class="page-item"><a class="page-link" href="/?page=1&domain=buaq.net">1</a></li> <li class="page-item"><a class="page-link" href="/?page=2&domain=buaq.net">2</a></li> <li class="page-item"><a class="page-link" href="/?page=3&domain=buaq.net">3</a></li> <li class="page-item"><a class="page-link" href="/?page=4&domain=buaq.net">4</a></li> <li class="page-item"><a class="page-link" href="/?page=5&domain=buaq.net">5</a></li> <li class="page-item"><a class="page-link" href="/?page=6&domain=buaq.net">6</a></li> <li class="page-item"><a class="page-link" href="/?page=7&domain=buaq.net">7</a></li> <li class="page-item"><a class="page-link" href="/?page=8&domain=buaq.net">8</a></li> <li class="page-item"><a class="page-link" href="/?page=2&domain=buaq.net">Next</a></li> </ul> </nav> </div> <script> function addCollect(id) { $.get("/user/addcollect?id=" + id, function(data) { alert(data); }) } </script> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="facebook" viewBox="0 0 16 16"> <path d="M16 8.049c0-4.446-3.582-8.05-8-8.05C3.58 0-.002 3.603-.002 8.05c0 4.017 2.926 7.347 6.75 7.951v-5.625h-2.03V8.05H6.75V6.275c0-2.017 1.195-3.131 3.022-3.131.876 0 1.791.157 1.791.157v1.98h-1.009c-.993 0-1.303.621-1.303 1.258v1.51h2.218l-.354 2.326H9.25V16c3.824-.604 6.75-3.934 6.75-7.951z"/> </symbol> <symbol id="instagram" viewBox="0 0 16 16"> <path d="M8 0C5.829 0 5.556.01 4.703.048 3.85.088 3.269.222 2.76.42a3.917 3.917 0 0 0-1.417.923A3.927 3.927 0 0 0 .42 2.76C.222 3.268.087 3.85.048 4.7.01 5.555 0 5.827 0 8.001c0 2.172.01 2.444.048 3.297.04.852.174 1.433.372 1.942.205.526.478.972.923 1.417.444.445.89.719 1.416.923.51.198 1.09.333 1.942.372C5.555 15.99 5.827 16 8 16s2.444-.01 3.298-.048c.851-.04 1.434-.174 1.943-.372a3.916 3.916 0 0 0 1.416-.923c.445-.445.718-.891.923-1.417.197-.509.332-1.09.372-1.942C15.99 10.445 16 10.173 16 8s-.01-2.445-.048-3.299c-.04-.851-.175-1.433-.372-1.941a3.926 3.926 0 0 0-.923-1.417A3.911 3.911 0 0 0 13.24.42c-.51-.198-1.092-.333-1.943-.372C10.443.01 10.172 0 7.998 0h.003zm-.717 1.442h.718c2.136 0 2.389.007 3.232.046.78.035 1.204.166 1.486.275.373.145.64.319.92.599.28.28.453.546.598.92.11.281.24.705.275 1.485.039.843.047 1.096.047 3.231s-.008 2.389-.047 3.232c-.035.78-.166 1.203-.275 1.485a2.47 2.47 0 0 1-.599.919c-.28.28-.546.453-.92.598-.28.11-.704.24-1.485.276-.843.038-1.096.047-3.232.047s-2.39-.009-3.233-.047c-.78-.036-1.203-.166-1.485-.276a2.478 2.478 0 0 1-.92-.598 2.48 2.48 0 0 1-.6-.92c-.109-.281-.24-.705-.275-1.485-.038-.843-.046-1.096-.046-3.233 0-2.136.008-2.388.046-3.231.036-.78.166-1.204.276-1.486.145-.373.319-.64.599-.92.28-.28.546-.453.92-.598.282-.11.705-.24 1.485-.276.738-.034 1.024-.044 2.515-.045v.002zm4.988 1.328a.96.96 0 1 0 0 1.92.96.96 0 0 0 0-1.92zm-4.27 1.122a4.109 4.109 0 1 0 0 8.217 4.109 4.109 0 0 0 0-8.217zm0 1.441a2.667 2.667 0 1 1 0 5.334 2.667 2.667 0 0 1 0-5.334z"/> </symbol> <symbol id="twitter" viewBox="0 0 16 16"> <path d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"/> </symbol> </svg> <footer class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"> <div class="col-md-4 d-flex align-items-center"> <a href="/" class="mb-3 me-2 mb-md-0 text-muted text-decoration-none lh-1"> </a> <p class="mt-5 mb-3 text-muted">© <a href="https://unsafe.sh">unSafe.sh - 不安全</a> Powered By <a href="https://github.com/code-scan/PaperCache">PaperCache</a></p> </div> <ul style="padding: 20px" class="nav col-md-4 justify-content-end list-unstyled d-flex"> <li class="ms-3"><a href="#">admin#unsafe.sh</a></li> <li class="ms-3"><a href="https://aq.mk">安全马克</a></li> <li class="ms-3"><a href="https://xj.hk">星际黑客</a></li> <li class="ms-3"><a href="https://t00ls.net">T00ls</a></li> </ul> </footer> </body> <script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script> <script>LA.init({id:"KiRUVDOwqCVHgDgf",ck:"KiRUVDOwqCVHgDgf"})</script> </html>