EUVD-2021-9617

Malicious code in bioql PyPI...

CVE-2025-57771

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

The Word Vulnerability, CVE-2017-0199 dissect that Microsoft patch that you installed? - Vulnerability warning-the black bar safety net

! Foreword Recently, FireEye detects a use of the vulnerability, CVE-2017-0199 malicious OfficeRTF document--earlier this week FreeBuf also reported the vulnerability, without the need to enable Word macros, open a malicious RFT document can be infected with a malicious program. When the user ope...

Binary loopholes-the evil of the printf-bug warning-the black bar safety net

This article is binary vulnerabilities related series of articles. printf some of the lesser-known characteristics, for coding convenience, but also introduces security problems. This paper focus on the description of printf in the exploits of some of the usage, in the normal programming is not...

On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net

elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...

IP. Board 3.4.5 SQL injection vulnerability in the use and analysis-vulnerability warning-the black bar safety net

I. background information First I want to introduce this web App of background information, as well as on the vulnerability of some of the basic overview: IPB Forum known as Invision Power Board（abbreviated IPB or IP. Board, is the world's most famous Forum app by PHP+MySQL architecture, 1. The X...