漏洞 Vulnerability (Pwn2Own Tokyo 2019) Netgear R6700v3 LAN RCE write-up and exploit https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md Nexus Repository Manager 2.x 命令注入漏洞 (CVE-2019-5475) 两次绕过 https://paper.seebug.org/1260/ 安全工具 Security Tools GoGhost是一种高性能、轻量级、便携的用于大规模SMBGhost扫描的开源工具 https://github.com/deepsecurity-pe/GoGhost 安全报告 Security Report 游走在东欧和中亚的奇幻熊 https://mp.weixin.qq.com/s/pE_6VRDk-2aTI996sff0og 安全资讯 Security Information 美联邦通信委员会周二正式将华为和中兴通讯指定为国家安全威胁 https://www.zdnet.com/article/fcc-officially-designates-huawei-zte-as-national-security-threats/ 59款中国APP印度遭禁后续：TikTok主动下架 https://www.cnbeta.com/articles/tech/997721.htm 安全研究 Security Research 重新审视 CVE-2019-19781 (Citrix NetScaler / ADC) 漏洞 https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc/ SMBaloo:A CVE-2020-0796 (aka “SMBGhost”) Windows ARM64.漏洞利用 https://github.com/msuiche/smbaloo Zombie VPN在一个特殊的vpnsdk（anchorFree）上执行的系统级代码（CVE-2020-12828) https://0xsha.io/posts/zombievpn-breaking-that-internet-security 点一下就接管Azure DevOps帐户的漏洞 https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2 恶意软件 Malware 藏身“隐秘的角落”大肆敛财？！XMRig变种挖矿木马猖獗作恶 https://mp.weixin.qq.com/s/-7Gq7115NYSw2fceBrr__w