漏洞 Vulnerability CNVD-C-2020-121325：禅道文件上传漏洞通告 https://cert.360.cn/warning/detail?id=ace6901fc02100078ce586ffe53d4cfb 安全研究 Security Research Citrix 网关插件多个提权漏洞的分析 https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/ IBM QRadar Java 反序列化漏洞分析（CVE-2020–4280 https://medium.com/@testbnull/cve-2020-4280-ibm-qradar-java-deserialization-anlysis-and-bypass-c3fe57207057 CVE-2020-26561：Linksys WRT160NL 远程溢出漏洞分析 https://research.nccgroup.com/2020/10/20/wrt160nl-cve-2020-26561-bof/ CVE-2018-2093： Firefox WebAssembly 整数溢出漏洞分析 https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/?utm_source=rss&utm_medium=rss&utm_campaign=firefox-vulnerability-research 安全事件 Security Incident 美国大选：垃圾邮件发送者使用伪造的选民登记表来窃取用户数据和银行凭证 https://www.thetechstreetnow.com/tech/us-elections-spammers-use-fake-voter-registration-forms-to-steal-user-data-and-banking-credentials/11118660311353938322/11118660311353938322/ 勒索软件攻击佐治亚州县的投票系统 https://www.hackread.com/voting-system-georgia-county-ransomware-attack/ Cloudflare修复了HTTP/2走私漏洞 https://lab.wallarm.com/cloudflare-fixed-an-http-2-smuggling-vulnerability/ 安全工具 Security Tools Awesome Asset Discovery：资产发现工具总结 https://github.com/redhuntlabs/Awesome-Asset-Discovery Manuka：一个开源情报沙箱 https://github.com/spaceraccoon/manuka