【 Django】将潜在恶意数据反序列化为 RCE https://hackerone.com/reports/1415436
【IBM】通过用户搜索的 SQL 注入和明文密码 https://hackerone.com/reports/703819
【Lark Technologies】用户所在城市在帮助台上存储 xss https://hackerone.com/reports/971857
【Lark Technologies】在组织中使用位置存储的 xss(Larksuite 调查应用程序) https://hackerone.com/reports/998138
威胁分析报告:DatopLoader 利用 ProxyShell 交付 QBOT 和 Cobalt Strike https://www.cybereason.com/blog/threat-analysis-report-datoploader-exploits-proxyshell-to-deliver-qbot-and-cobalt-strike?blaid=2488896
新的 SysJoker 后门针对 Windows、Linux 和 macOS https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
