Tencent Security Xuanwu Lab Daily News• README.md:https://github.com/evilsocket/jscythe ・ jscythe - 滥用 node.js inspector 机制实现任意 JS 代码执行 – Jett• Blind exploits to rule WatchGuard firewalls:https://www.ambionics.io/blog/hacking-watchguard-firewalls ・ 利用 5 个漏洞 Hacking WatchGuard Firewalls,实现 pre-auth RCE – Jett• A technical analysis of Pegasus for Android – Part 1 – CYBER GEEKS:https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/ ・ CyberGeeks 对 Pegasus Android 平台样本的技术分析 – Jett• [Windows] Limitations:https://blog.78researchlab.com/53e53729-d728-4635-a58d-08ad8a1f68e4 ・ Windows IKE Extension 今年 1 月份修复漏洞的分析 – Jett• +Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users:https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ ・ 5 款总下
………………………………
