漏洞 Vulnerability CVE-2020-14882/14883: Weblogic ConSole HTTP 协议代码执行漏洞POC公开通告 https://cert.360.cn/warning/detail?id=1809357283e3a9bb3af3d8b9cbea70d2 安全研究 Security Research 仅通过一个GET请求的Weblogic RCE — CVE-2020–14882分析 https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf 详述两个VMWare Workstation TOCTOU漏洞 https://www.thezdi.com/blog/2020/10/22/detailing-two-vmware-workstation-toctou-vulnerabilities 关于 Ryuk 恶意软件如何发展加密和躲避技术的探索 https://paper.seebug.org/1380/ 滥用msvsmon和Windows远程调试器 https://labs.sentinelone.com/misusing-msvsmon-and-the-windows-remote-debugger/ AKSK 命令执行到谷歌验证码劫持 https://xz.aliyun.com/t/8429 安全事件 Security Incident 严重的Oracle WebLogic漏洞在野外被利用 https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-flaw-actively-targeted-in-attacks/ 勒索软件团伙泄露了乔治亚县选民信息 https://www.bleepingcomputer.com/news/security/georgia-county-voter-information-leaked-by-ransomware-gang/ 安全工具 Security Tools Shiro反序列化利用工具 https://github.com/Ares-X/shiro-exploit IDEA静态代码安全审计及漏洞一键修复插件 https://github.com/momosecurity/momo-code-sec-inspector-java