A Treasure Map for Static Analysis in C Language

A Treasure Map for Static Analysis in C Language

At the end of the article on pointer handling (click here to view), we mentioned the functionality of generating side-effects for pointers: #include <stdio.h> int test(int a,int b,int* c){ *c = a + b; return 0; } int main(){ int a=1,b=2,c; test(a,b,&c); printf("%d\n",c); return 0; } When analyzing data flow using printf(* #-> as $a), … Read more

Rust Language Helps Android Memory Safety Vulnerabilities Drop Below 20% for the First Time

Rust Language Helps Android Memory Safety Vulnerabilities Drop Below 20% for the First Time

Google has disclosed that due to the ongoing adoption of the Rust programming language in the Android system, the number of memory safety vulnerabilities has dropped below 20% of the total vulnerabilities for the first time.“We chose Rust for safety reasons, as it has achieved a 1000-fold reduction in memory safety vulnerability density compared to … Read more

Common Linux Commands: ln, cp, rm, find

1. ln ln is short for link.Links can be understood as “shortcuts” or “aliases” for files/directories. There are soft links and hard links, with soft links being more commonly used. ln [options] <source file> <target link> Soft links, also known as symbolic links, are more like “shortcuts” in Windows systems. -s –symbolic Create a soft … Read more

Shocking! Can Robot Vacuums Become Tools for Spying?

When Robot Vacuums Become “Peepers”: How to Protect Privacy in Smart Homes? In August 2024, news broke that “a well-known brand of robot vacuum has a security vulnerability that allows it to be remotely controlled for spying,” causing anxiety in countless households. The “cleaning assistant” that was supposed to free our hands can silently record … Read more

Industrial Control System Attacks on Buildings Have Become a Reality

Industrial Control System Attacks on Buildings Have Become a Reality

In the classic action-adventure film “Mission: Impossible” from 1996, Tom Cruise’s character Ethan Hunt hacks into the HVAC system of a target building, compromising its security controls to successfully complete his mission. Today, the futuristic scenes depicted in the movie have become a reality. In a recent advisory report, the U.S. Department of Homeland Security … Read more

Security Observations on Educational Networks: Universities Must Beware of Vulnerabilities in the HTTP/2 Protocol

Security Observations on Educational Networks: Universities Must Beware of Vulnerabilities in the HTTP/2 Protocol

AI technology is changing the patterns of cyber attacks. Cybersecurity company ESET has announced the detection of the world’s first AI-driven ransomware “PromptLock,” which utilizes the Ollama API to locally invoke OpenAI’s gpt-oss:20b model, generating and executing malicious Lua scripts in real-time to bypass traditional antivirus signature detection methods. Another security company, Kaspersky, has also … Read more

IoT Security: Your Smart Camera at Home Might Be Under Surveillance

IoT Security: Your Smart Camera at Home Might Be Under Surveillance

Recently, I installed several smart cameras at home, thinking I could check on my house at any time, especially to keep an eye on my mischievous cat. But just yesterday, I saw the news about the Ecovacs smart vacuum cleaner being hacked, and I suddenly realized that these “little eyes” in my home could also … Read more

Practical Analysis of Attackers Exploiting Windows and Linux Vulnerabilities for System Intrusion

Practical Analysis of Attackers Exploiting Windows and Linux Vulnerabilities for System Intrusion

Part01 Exploitation Trend Escalation Recent monitoring by global cybersecurity teams has detected a significant increase in activities where attackers exploit vulnerabilities in Windows and Linux systems to conduct complex attacks aimed at gaining unauthorized system access. These attacks typically begin with phishing emails or malicious web content, deploying weaponized documents to initiate the attack. When … Read more

MediaTek’s Over 60 Chipsets Vulnerable to High-Risk Exploits Leading to Privilege Escalation or DoS Attacks, Affecting Smartphones, Tablets, and IoT Devices

MediaTek's Over 60 Chipsets Vulnerable to High-Risk Exploits Leading to Privilege Escalation or DoS Attacks, Affecting Smartphones, Tablets, and IoT Devices

MediaTek today released an important security announcement addressing multiple vulnerabilities in its latest modem chipsets and urged device manufacturers to deploy updates immediately. This announcement comes two months after confidential notifications were sent to manufacturers, confirming that no exploitation of these vulnerabilities has been observed in the wild.Part01 Key Points MediaTek has patched high and … Read more

Local Privilege Escalation Vulnerabilities in Linux UDisks and MediaTek Chipsets

Local Privilege Escalation Vulnerabilities in Linux UDisks and MediaTek Chipsets

1. Local Privilege Escalation Vulnerability in Linux UDisks Daemon CVE-2025-8067, PoC Released The UDisks daemon in Linux has a serious vulnerability (CVE-2025-8067, CVSS 8.5) that allows non-privileged users to exploit a negative index when creating loop devices via D-Bus, potentially leading to denial of service or local privilege escalation. It is recommended to update to … Read more