A security researcher released the YellowKey proof‑of‑concept showing that, on Windows 11 and Server 2022/2025, BitLocker can be bypassed without a password or recovery key by using a crafted USB and multiple reboots, sparking accusations that Microsoft may have embedded a backdoor in the WinRE component.
The article walks through locating a university system, logging in with a student ID, uploading a specially crafted .txt file filled with garbage characters, renaming it to an .aspx page, and successfully bypassing detection to obtain a web shell.
This article explains the high‑severity remote code execution and data‑theft flaw discovered in Apifox, outlines how malicious scripts can steal SSH keys, Git credentials and shell history, and provides step‑by‑step Mac and Windows commands for self‑inspection and comprehensive remediation.
This comprehensive guide answers 100 common network security questions, covering basic concepts, core properties, threat sources, attack types, encryption methods, access controls, incident response, and emerging technologies such as zero‑trust, quantum encryption, and SOAR.
An open‑source watchboard has catalogued over 250,000 publicly exposed OpenClaw AI agents, revealing common misconfigurations such as binding to 0.0.0.0, weak or missing authentication, and the CVE‑2026‑25253 RCE flaw, prompting concrete security recommendations for operators.
A non‑professional using Claude Code exploited a cloud‑permission flaw in DJI Romo robots to control 6,700 devices across 24 countries, while a separate AI‑driven campaign compromised over 600 Fortinet firewalls in 55 nations, illustrating how generative AI is dramatically lowering the barrier to large‑scale cyber attacks.
A high‑severity (CVSS 8.0) command‑execution flaw (QVD‑2026‑7687) in WeChat Linux versions ≤ 4.1.0.13 lets attackers gain system privileges by tricking users into opening malicious filenames, with a public PoC and a security patch available from version 4.1.0.16 onward.
This article explains what network ports are, classifies well‑known, registered and dynamic ports, demonstrates scanning tools and commands, details common attack techniques such as buffer overflow, DoS and MITM, and provides practical hardening recommendations for the most frequently targeted ports.
This comprehensive guide walks ops engineers through the most common Linux security flaws—from sudo misconfigurations and SUID/SGID risks to SSH, web server, kernel, container, file system, logging, firewall, and compliance issues—offering concrete code snippets, step‑by‑step hardening measures, and actionable best‑practice recommendations.
This article explains Python object injection, covering class basics, the pickle module's role in serialization, how untrusted data can lead to code execution, detection methods, and step‑by‑step creation of a malicious payload to demonstrate a real exploit.
This article explains how Java’s native serialization can expose plain‑text passwords, illustrates real‑world breaches, and shows how using the transient keyword together with encryption, library replacement, security frameworks, and penetration testing creates a five‑layer defense against serialization attacks.
A severe security flaw in the ingress‑nginx controller (CVE‑2025‑19742) allows unauthenticated attackers to inject malicious NGINX configuration via the auth‑tls‑match‑cn annotation, leading to remote code execution, secret leakage, and potential full Kubernetes cluster takeover, with detailed remediation steps provided.
This article provides a systematic security analysis of the Model Context Protocol (MCP), demonstrating how malicious tool definitions, prompt injection, command injection, and over‑privileged implementations enable data theft, arbitrary code execution, and large‑scale attacks against AI agents and their users.
The PHP Foundation released a security audit of the php‑src core, revealing several high‑severity CVEs that were patched in version 8.4.6, detailing the affected components, audit scope, and overall assessment of PHP's security posture.
A severe supply‑chain vulnerability (CVE‑2025‑27607) in python‑json‑logger versions 3.2.0 and 3.2.1 allows remote code execution through a missing dependency, prompting an urgent upgrade to version 3.3.0 to mitigate the risk.
A security advisory warns that malicious mining code was injected into certain Vant component versions, targeting users from specific regions, and urges developers to verify their Vant version and upgrade immediately to the safe release v4.9.15.
This article analyzes a vulnerability in Android's FileSharingActivity that allows malicious apps to manipulate file-sharing intents, craft dangerous URIs and filenames, and ultimately overwrite sensitive data or execute arbitrary code, while also offering concrete mitigation strategies.
This article explains a security vulnerability grading standard that defines five severity levels (S0‑S4), outlines handling timeframes, describes conditions for automatic level upgrades, and lists typical vulnerability types for each level to guide effective risk management.
Recent disclosures revealed critical Spring DoS flaws (CVE‑2024‑38809 and CVE‑2024‑38808) exploitable via oversized If‑Match/If‑None‑Match headers and malicious SpEL expressions, plus a Nacos 2.4.1 vulnerability allowing arbitrary file read/write through port 7848, mitigated by upgrading to the patched Spring and Nacos releases or restricting the vulnerable ports.
A newly disclosed Linux kernel vulnerability called "indler"—a 0‑day memory‑corruption bug hidden since 2012—was uncovered by security researcher Zhang Yinkui, who detailed its discovery via a random kernel oops, KASAN detection, and its potential for massive remote code execution across billions of devices.
Researchers from Truffle Security revealed that GitHub's delete function often fails to truly remove data, exposing a new Cross Fork Object Reference (CFOR) vulnerability that allows anyone with a commit hash to access deleted or private repository data, posing serious security risks.
This article examines how mismatched read/write implementations in Android's Parcelable and AIDL mechanisms create exploitable IPC vulnerabilities, outlines several historical bug patterns, and discusses potential attack vectors and mitigation strategies.
This article explains how Windows’ Best‑Fit Mapping can cause PHP‑CGI to misinterpret query‑string characters, allowing attackers to inject malicious parameters and execute arbitrary code, and provides detailed mitigation steps including version upgrades and Apache rewrite rules.
The article examines Git CVE‑2024‑32002, a remote‑code‑execution flaw that lets attackers run malicious code simply by cloning a crafted repository, exploiting Git hooks, submodules and case‑insensitive symbolic‑link tricks, and advises users to verify their Git version and update to mitigate the risk.
The article explores how accepting vulnerability, building trust, and confronting toxic behavior can reshape software engineering teams, fostering genuine connections, better collaboration, and lasting impact despite the challenges of modern remote work and high‑turnover environments.
This article analyzes the BLUFFS vulnerability disclosed at ACM CCS 2023, detailing how the legacy Bluetooth security mechanism (LSC) allows attackers to manipulate authentication and key‑generation parameters, leading to forward‑secrecy and future‑secrecy breaches, and evaluates the impact across devices supporting Bluetooth 4.2‑5.4.
The article examines how command‑injection flaws in popular Node.js npm packages such as find‑exec and fs‑git arise from unsafe concatenation of user input into shell commands, and recommends rigorous validation, using execFile or spawn, and regular dependency audits to prevent catastrophic system compromise.
This article explains the fundamentals of Android Binder services, categorizes Origin, AIDL, HIDL, and Vendor types, describes methods for locating services, and details common vulnerability patterns such as uninitialized memory, out-of-bounds reads/writes, and type confusion, illustrated with real CVE cases and mitigation insights.
This article details the methodology for discovering and analyzing Android local socket service vulnerabilities, outlines prerequisite skills, explains service classifications, demonstrates data‑handling function tracing, and presents a CVE‑2023‑35694 case study, highlighting common flaw types and mitigation insights.
Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.
The article reports two high‑severity libcurl vulnerabilities (CVE‑2023‑38545 and CVE‑2023‑38546) disclosed by curl’s maintainer, explains the limited public information before the scheduled curl 8.4.0 release, and urges developers to upgrade promptly due to the library’s widespread use.
The curl project announced the upcoming 8.4.0 release and disclosed two high‑severity CVEs that affect both the curl command‑line tool and the libcurl library, urging organizations to audit their usage, prepare upgrades, and stay alert for further details.
This article introduces the Android Java Framework vulnerability discovery process, outlining characteristic vulnerability types, and presenting three practical methods—historical CVE analysis, feature‑based exploration, and business‑logic testing—along with step‑by‑step guidance and illustrative examples to help beginners quickly start effective Framework security research.
This article examines the multi‑stage Tornado Cash governance attack, explaining the proposal mechanism, token‑locking logic, creation of zombie accounts, use of create/create2, malicious self‑destruct functions, delegatecall exploitation, and the resulting token theft, while highlighting key security lessons for blockchain governance.
OpenAI announced a new Bug Bounty Program offering up to $20,000 for verified vulnerabilities, inviting global security researchers to help secure its AI models while outlining clear rules, out‑of‑scope exclusions, and a partnership with Bugcrowd for reward management.
This article explains the Spring Framework DoS vulnerability (CVE‑2023‑20861), outlines affected versions, details the root cause in SpEL expression handling, and provides step‑by‑step mitigation and upgrade instructions for both Spring Framework and Spring Boot, along with references and security considerations.
The article explains how misconfigured caches and inconsistent front‑end/back‑end parsing enable web cache poisoning and HTTP request smuggling attacks, illustrates practical exploitation scenarios, and recommends disabling caching, unifying request‑boundary logic, and adopting HTTP/2 or strict configurations to defend against these high‑impact threats.
A stored XSS vulnerability (CVE-2023-0050) in affected GitLab CE/EE versions allows attackers to execute arbitrary JavaScript via crafted Kroki diagrams, with a broad impact and remediation requiring upgrades to version 15.7.8 or later.
The ThinkPHP framework suffers from a deserialization vulnerability (CVE‑2022‑45982) affecting versions 6.0.0‑6.0.13 and 6.1.0‑6.1.1, where unsanitized user input passed to unserialize() can allow attackers to execute arbitrary system commands, and no official patch has been released yet.
The article provides a detailed security analysis of the XiongHai CMS 1.0, describing its directory structure and exposing multiple vulnerabilities including file inclusion, SQL injection, XSS, and vertical privilege escalation, along with example exploit code.
This article provides an extensive overview of phpMyAdmin security weaknesses, detailing information‑gathering techniques, version detection, path discovery, multiple exploitation methods such as file writes, log manipulation, slow‑query abuse, user‑defined functions, MOF attacks, and step‑by‑step PoCs for numerous CVEs, all illustrated with concrete SQL and script examples.
This article explains a permission‑bypass vulnerability in Nacos 1.4.2 caused by a specific User‑Agent header, demonstrates how to reproduce it, and provides step‑by‑step instructions for fixing the issue by upgrading to version 2.1.1 or adjusting configuration files.
The advisory details a GitLab CE/EE vulnerability (CVE‑2022‑2882) that allows authenticated attackers to modify integration URLs and steal GitHub integration access tokens, lists affected versions across community and enterprise editions, and recommends upgrading to specific patched releases.
A remote code execution vulnerability (CVE-2022-42721) affecting Linux kernel versions 5.1 through 5.19.14 allows local attackers to inject malicious WLAN frames that corrupt the mac80211 BSS handling list, enabling execution of arbitrary code, and can be mitigated by upgrading to kernel 5.19.15 or later.
Label Studio versions prior to 1.6.0 contain an SSRF flaw that allows authenticated users to access arbitrary files on the server via the data import module, with self‑registration enabled by default, and a proof‑of‑concept exploit is publicly available.
The article provides a comprehensive technical walkthrough of the Hyper‑V DirectX component, detailing its architecture, virtual GPU configuration, attack surface, and step‑by‑step exploitation of four critical CVEs (CVE‑2022‑21918, CVE‑2021‑43219, CVE‑2022‑21912, CVE‑2022‑21898) with code snippets and debugging insights.
A PHP input‑validation flaw (CVE‑2022‑31629) in several versions lets attackers inject malicious __Host‑ or __Secure‑ prefixed cookies, which the application may accept and act upon, and the issue can be mitigated by upgrading to patched PHP releases.
A PHP vulnerability (CVE-2022-31628) allows uncontrolled recursive decompression of specially crafted gzip files, leading to infinite loops and resource exhaustion, affecting PHP versions 7.4.31, 8.0.0‑8.0.24, and 8.1.0‑8.1.11, and can be mitigated by upgrading to patched releases.
The article examines three Android Bluetooth stack flaws—CVE‑2020‑27024 in the SMP pairing protocol, CVE‑2021‑0918 in GATT notifications, and CVE‑2021‑39805 in L2CAP signaling—detailing their out‑of‑bounds memory errors, underlying code issues, and implications for future Rust‑based stack security.
The Go net/url package contains a path traversal flaw (CVE-2022-32190) where JoinPath fails to strip "../" segments, allowing attackers to access sensitive files, affecting versions prior to 1.18.6 and 1.19.1, and can be mitigated by upgrading to the patched releases.
A recent Docker security issue shows that publishing container ports to 127.0.0.1 does not prevent external access, because Docker adds an iptables rule that forwards traffic to the container’s internal IP, allowing attackers on the same network to reach the service.
A newly discovered Fastjson vulnerability affecting versions up to 1.2.80 can bypass autoType restrictions, enabling remote attacks, and the advisory outlines the risk, affected versions, upgrade paths, safeMode hardening, the fastjson v2 migration, and none‑autotype alternatives to protect Java applications.
In the Pwn2Own 2022 competition, hacker Manfred Paul exploited two critical Firefox vulnerabilities in under eight seconds, earning $100,000, while the event also uncovered major bugs across Ubuntu, Tesla, Microsoft, and Safari, highlighting the real-world impact of rapid zero‑day exploits.
Microsoft researchers uncovered the Nimbuspwn vulnerability in systemd’s networkd-dispatcher, detailing how directory‑traversal, symlink‑race, and TOCTOU flaws let attackers replace root‑owned scripts, achieve privilege escalation, and why coordinated patching across hundreds of Linux distributions is critical.
A security researcher discovered that 7‑Zip (including version 21.07) contains CVE‑2022‑29072, a vulnerability that can be triggered by dragging a .7z file onto the Help → Content area, leading to privilege escalation and arbitrary command execution, with a temporary fix of deleting the vulnerable 7‑zip.chm file.
This article explains the two high‑severity Spring Cloud Gateway vulnerabilities (CVE‑2022‑22946 and CVE‑2022‑22947), detailing their descriptions, affected versions, exploitation conditions, and provides concrete remediation steps such as upgrading to safe releases or disabling the vulnerable actuator endpoints.
This article explains why upgrading Spring is the official fix for the recent RCE vulnerability, and provides two practical workarounds—extending RequestMappingHandlerAdapter and mitigating exploitation conditions—for projects stuck on older Spring or Spring Boot versions.
A recent Spring Framework 0‑day remote code execution vulnerability, caused by unsafe use of SerializationUtils#deserialize, affects Java versions above 8, is rated dangerous by security analysts, and highlights the risks of indiscriminate JDK upgrades.
The article investigates the circulating rumors of a massive Spring framework vulnerability, clarifies its actual scope—affecting Java 9+ projects—and explains why the alleged CVE differs from official reports, while warning readers to rely only on verified security advisories.
The author humorously explores a newly disclosed Spring framework RCE 0‑day vulnerability caused by Java serialization, explains why systems running JDK 8 or earlier are unaffected, compares its impact to Log4j2, and warns against indiscriminate JDK upgrades.
This guide explains the Spring SPEL injection flaw, how to determine if your Java application is affected by checking JDK version and Spring usage in WAR or JAR packages, and provides official upgrade steps along with temporary WAF and code‑level mitigations.
This article explains two high‑severity Spring Cloud Gateway vulnerabilities (CVE‑2022‑22946 and CVE‑2022‑22947), outlines the affected versions, describes how attackers can exploit exposed Actuator endpoints, and provides concrete mitigation steps such as upgrading to safe releases or disabling the gateway actuator.
Adobe released an emergency patch for a critical Magento zero‑day (CVE‑2022‑24086), JetBrains removed Log4j from the IntelliJ platform, and Google unveiled Android 13 "Tiramisu" with new privacy and UI enhancements, highlighting the industry's rapid response to security and usability challenges.
The article explains how a seemingly prank README submitted by Linus Torvalds leveraged a GitHub "fake‑commit" flaw, demonstrates the malformed URLs used to hide commits, and discusses related GitHub vulnerabilities that remain unpatched, offering insight for security‑aware developers.
A detailed experiment scans several Docker base images, showing how default Python images contain hundreds of vulnerabilities, while slimmer or Alpine‑based images dramatically reduce the attack surface, highlighting the security trade‑offs of image bloat and the importance of careful base‑image selection.
This article introduces web security testing, explains why it is essential, describes common vulnerabilities such as weak passwords, XSS, CSRF, SQL injection, authorization bypass, and file upload issues, and offers practical prevention measures and testing guidelines for developers and testers.
This article explains the Logback CVE‑2021‑42550 vulnerability affecting versions before 1.2.9, outlines the three conditions required for exploitation, compares its severity to Log4j, and provides concrete steps—including upgrading to 1.2.9 and setting the configuration file read‑only—to protect Java applications.
Logback’s CVE‑2021‑42550 affects versions below 1.2.9, allowing attackers with write access to the configuration file to execute arbitrary code via LDAP, but its severity is rated Medium; upgrading to 1.2.9 or newer, setting config files read‑only, and aligning Spring Boot versions can mitigate the risk.
The article explains the Log4j2 remote code execution flaw caused by unsafe JNDI lookups, outlines its widespread impact on Java applications and major Chinese tech firms, and provides concrete emergency mitigation steps such as JVM parameter changes, firewall rules, and upgrading to version 2.17.0.
This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.
This article examines the Log4j2 critical vulnerability, explains why merely having log4j‑api does not guarantee exposure, demonstrates step‑by‑step reproduction in a Spring Boot project, analyzes the JNDI injection mechanism, and outlines temporary mitigations and official fixes.
This article explains the critical Log4j2 remote code execution vulnerability, offers JD Cloud's free online scanning service, details rapid defense measures using Web Application Firewall and Starshield, and provides step‑by‑step mitigation and upgrade recommendations to protect Java applications.
The Log4j2 flaw, a low‑cost, high‑impact Java logging vulnerability, has exposed tens of thousands of open‑source components and over 70% of enterprise systems, prompting massive remediation efforts and highlighting the urgent need for robust security support.
The article explains the severe Log4j2 remote‑code‑execution vulnerability affecting versions 2.0 to 2.14.1, provides the official patch link, and lists practical temporary mitigation steps such as JVM flags, configuration changes, environment variables, and network isolation to protect Java applications.
Apache Log4j 2’s recursive lookup flaw enables remote code execution without special configuration, affecting versions up to 2.14.1; the article outlines the vulnerability’s impact, affected components, and provides both permanent fixes—upgrading to 2.15.0‑rc2—and urgent mitigation steps such as JVM flags and environment variable changes.
A high‑severity Apache Tomcat denial‑of‑service flaw (CVE‑2021‑42340) discovered on 2021‑10‑15 scores 7.8, impacts multiple Tomcat releases, and can be mitigated by upgrading to the listed secure versions while following 360CERT's remediation guidance.
This article explains the causes, impacts, and various techniques of SQL injection attacks in PHP applications, demonstrates vulnerable code examples, and provides practical mitigation measures such as input validation, error handling, character encoding considerations, and secure coding practices.
This article presents a comprehensive GitHub collection of Spring Boot vulnerabilities, explains how to identify information‑leakage and remote‑code‑execution flaws via exposed Swagger and Actuator endpoints, and provides step‑by‑step verification commands for security testing.
This article presents a collection of Spring Boot security vulnerabilities, detailing information leakage and remote code execution cases, with step‑by‑step exploitation guides and underlying principles, intended for security research and authorized testing only.
This article introduces a GitHub repository that documents 16 Spring Boot vulnerabilities, detailing information leakage and remote code execution cases, providing step‑by‑step exploitation guides, underlying principles, and analysis for security research and authorized testing.
A controversial university paper on covertly injecting vulnerabilities into open‑source software sparked a chain of malicious Linux kernel patches, provoked a fierce response from maintainer Greg Kroah‑Hartman, and forced the University of Minnesota to suspend the research amid heated community debate.
A critical 0day vulnerability in the WeChat Windows desktop client allows attackers to execute shellcode via a crafted web link without leaving files or new processes, prompting users to update to version 3.2.1.143 or apply temporary safeguards such as using the system browser and avoiding unknown links.
A recent study by RealAI shows that a specially crafted pair of glasses, generated with AI‑driven adversarial patterns, can bypass the face‑unlock systems of 19 Android smartphones within minutes, highlighting a serious vulnerability in modern biometric authentication.
Cybersecurity’s essence is examined from multiple angles—vulnerabilities, adversarial confrontation, trust assumptions, risk management, human awareness, cost considerations, and governance—highlighting that security is not a single concept but a composite of technical, managerial, and strategic layers embodied in the CIA triad.
This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.
This article explains what HTTP request smuggling is, how the vulnerability arises from conflicting Content‑Length and Transfer‑Encoding headers, describes common CL.TE, TE.CL and TE.TE attack patterns, and outlines detection techniques and defensive measures for modern web infrastructures.
This article explains what directory (path) traversal is, demonstrates how attackers can read or write arbitrary files on a server by manipulating file‑path parameters, outlines common bypass techniques, and provides concrete defensive coding practices to mitigate the vulnerability.
JumpServer disclosed a remote‑execution flaw on January 15 2021 affecting versions earlier than v2.4.5, v2.5.4 and v2.6.2; users should upgrade to the safe releases or apply a temporary Nginx rule that blocks the vulnerable API endpoints before restarting the service.
The article explains a privilege‑escalation flaw in the ThinkCMF CMS built on ThinkPHP 5.0, demonstrates how to exploit it via crafted URLs to invoke arbitrary PHP functions such as phpinfo, and describes the official fix that adds strict controller name validation.
This article reviews typical vulnerabilities in popular PHP frameworks—especially ThinkPHP—demonstrates how insecure update methods and multithreaded code can lead to SQL injection and race conditions, and shows how to mitigate them using pessimistic locks, transactions, and proper auditing steps.
A critical vulnerability in BaoTa Linux panel 7.4.2, disclosed on August 23, 2020, allows attackers to bypass authentication, access databases and gain server control; the article details affected versions, global exposure statistics, proof‑of‑concept evidence, and recommended remediation steps.
Oracle will release a massive quarterly Critical Patch Update fixing up to 433 security flaws—many with CVSS scores of 9.8 or higher and a large portion exploitable without authentication—affecting a wide range of its products, and administrators are urged to apply the patches immediately.
This article examines Fastjson's AutoType feature, explains how it works, demonstrates how it can lead to serious deserialization vulnerabilities, reviews the evolution of related security patches across versions, and provides guidance on safe usage and mitigation strategies.
RuoYi Management System v4.3.1 introduces multiple functional enhancements and critical security patches, including fixes for Shiro remember‑Me command execution, SQL injection via PageHelper, Shiro permission‑bypass, and Fastjson deserialization vulnerabilities, along with code examples and configuration guidance.
The article details the high‑severity CVE‑2020‑1948 remote code execution flaw in Apache Dubbo, describing its background, risk rating, affected versions, remediation steps, asset‑mapping data, and a timeline of disclosures to help users protect their Java RPC services.
On May 28, 2020, 360CERT reported a high‑severity remote code execution flaw in Alibaba’s Fastjson library (versions ≤1.2.68) that bypasses autotype restrictions, affecting many assets, and provided temporary mitigation steps and upgrade recommendations to safeguard systems.
Apache Dubbo’s CVE‑2019‑17564 is a high‑severity vulnerability that allows remote code execution via unsafe deserialization when the HTTP protocol is enabled, affecting versions 2.5.x through 2.7.4; the article details the flaw’s mechanics, affected classes, detection methods, and recommended upgrades or WAF protections.
The article explains two critical npm vulnerabilities—arbitrary file access via a crafted bin field and binary planting that lets globally installed packages replace executables—detailing their impact, how they can be exploited, and urging users to upgrade promptly.
The article outlines several SQL injection vulnerabilities discovered in various Sequelize ORM versions, explains the underlying causes related to improper JSON path key handling for MySQL, MariaDB, Postgres, and SQLite, provides reproduction screenshots, and strongly advises upgrading to patched releases.
This article explains the fastjson vulnerability where malformed \x escape sequences cause endless EOF reads leading to out‑of‑memory crashes, outlines the affected versions, provides detailed exploitation mechanics, and lists recommended upgrade paths to mitigate the risk.
