RT Eric Terrell:  Re @defcon At Los Alamos National Labs, one of Cray's largest customers, we put old Crays around trees and used them as park benches...

CVE-2021-46204 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via ta...

CVE-2021-46203 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

CVE-2021-44299 A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated att...

CVE-2021-42810 A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on ...

CVE-2021-33913 libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthentica...

CVE-2021-33912 libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an un...

CVE-2022-23221 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SE...

CVE-2022-22310 IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker cou...

CVE-2021-38788 The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the i...

RT Real World CTF: Metal Coins: "Concept of sealing wax", ancient and classic, freezes the imprint of 2022 "Real World CTF". Follow us on CTFTime:http...

RT Real World CTF: Top 12 teams in 2022 Real World CTF will get full set of customized souvenirs! Super Hunters Conquer Together. Welcome aboard. Foll...

RT Real World CTF: Key Chain: Random collision, interlaced light, outline the "dragon" of "Real World CTF". Follow us on CTFTime:https://ctftime.org/e...

大叔太可怜了 凌晨一点我嗷嗷哭😭

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

Here's a really good work you won't see anywhere, if I may say so myself. Powerful additions to an already powerful tool. https:/knoxss.me

New #BugBytes 🗞️ Find out how to test for reverse proxy misconfigurations with @pdnuclei, @b1two_'s proxy for testing NTLM EPA authentication, how...

CVE-2021-46030 There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background t...

CVE-2021-44837 An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regard...

CVE-2021-46104 An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information ...

CVE-2021-45808 jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.

CVE-2021-38787 There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT...

查了一下我的LPR利率选的对日LPR利率生效，一个4月份一个10月份。如果明天5年期LPR降息，还算有一笔贷款能很快就减一点利息了，就是多的那一笔要到10月份去了。

回复@稻草人的迷失:本来就是故意的。//@稻草人的迷失:我觉得是故意的，这样一年还得保持原利率。

意思是夹狗就是这下场//@西安麦芽://@tombkeeper:你们注意这条微博第三段倒数第二个逗号前面的内容……//@老赵: 厉害了 //@普外科曾医生:35岁男性就出现这种情况，那真不应该，尽早手术吧！

填权了没钱没有套利真亏呀，ADR分现金了除权了，看看明天港股怎么除权哈。其实两个是对等的，都除权日过后应该价值相等，不会差价达到分红的2.9%这么多的。明天港股对应的股价还是应该和现在ADR差别不大，真的是错过了，还是应该融资也买几千股的。

现在是动不动就抓人，自己还违法，真的很垃圾。//@慧文王GG:垃圾//@小天天:啥事//@胡波:哎//@老蘇老了:咳//@巍峰:而且，那条微博还泄露了当事人的身份证号，这事也得批评下。//@江宁婆婆:唉

不开心，5年期不年前就降，我的房贷利息今年都降不了一分钱。银行股要涨了，我前几天就说要配银行打新，可惜还没钱呢。

说起读文档——早年我们实验室研究过穿 IE 沙箱。当时几个技术路线都有同事在做。我就跑去读微软 IE 开发组的 Blog。我把他们所有的 Blog 全部读了一遍——其实也不算多，大概一百来篇。我大概花了一个下午加一个晚上，然后就找到了一条线索，最终发现了一个穿沙箱的办法。笨功夫不一定更费时间。

你们注意这条微博第三段倒数第二个逗号前面的内容……//@老赵: 厉害了 //@普外科曾医生:35岁男性就出现这种情况，那真不应该，尽早手术吧！

Captain Hook - How (not) to look for vulnerabilities in Java applications

C# tool to discover low hanging fruits

Yasso: Intranet assisted penetration toolset

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

Upstox - 111,002 breached accounts

Open Subtitles - 6,783,158 breached accounts

RT Will Dormann:  Re @Dinosn This is a PoC for May's CVE-2021-31166 update.  Not CVE-2022-21907. I'm not sure why so many are confusing the two.  Perh...

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

RT Marc Smeets: Outflank Security Tooling demo time! Monday Febr 7 at 16:30h Central EU time / 09:30h Central US time.  Contact me if you are interest...

Re @thecybermentor @squatsandshells The issues of practicality and difficultly are separate from gamification.  Don't conflate them.   Gamification is...

GitHub - modzero/MZ-21-02-Trendmicro: Critical Vulnerabilities in Trend Micro Deep Security Agent for Linux -

Re @JoakimTauren Shameless plug:

CVE-2022-21297 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0....

CVE-2022-21383 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Log). Supported versions ...

CVE-2022-21337 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4....

CVE-2022-21342 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0....

CVE-2022-21345 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are ...

CVE-2022-21350 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected...