漏洞 Vulnerability CVE-2019-1003030: Jenkins 2.63 沙箱绕过 https://cxsecurity.com/issue/WLB-2020100124 CVE-2020-16952: Microsoft SharePoint SSI / ViewState 远程代码执行 https://cxsecurity.com/issue/WLB-2020100123 CVE-2020-17022: Microsoft Windows Codecs Library 远程代码执行 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 安全资讯 Security Information GravityRAT间谍软件的目标是印度的Android和MacOS设备 https://www.darkreading.com/attacks-breaches/gravityrat-spyware-targets-android-and-macos-in-india/d/d-id/1339218 Microsoft Exchange, Outlook 遭到apt组织围攻 https://threatpost.com/microsoft-exchange-outlook-apts/160273/ 这个新的恶意软件使用远程覆盖攻击劫持你的银行帐户 https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/ 安全研究 Security Research 域渗透之SPN https://www.anquanke.com/post/id/219934 DrayTek Vigor 2960 从未授权到rce https://bestwing.me/drayteck-vigor-vulnerability-d%1Disclosure.html 攻击者如何利用二维码及如何降低二维码风险 https://www.csoonline.com/article/3584773/how-attackers-exploit-qr-codes-and-how-to-mitigate-the-risk.html KimSuky各类攻击手法浅析 https://www.anquanke.com/post/id/219593