Windows 취약점, Linux 익스플로잇, OWASP Top 10을 다루는 실시간 보안 권고.
sudo 1.9.x 권한 상승 취약점. 일반 사용자가 root 권한 탈취 가능. CVSS 7.4. 즉시 패치 필요.
Broken Access Control is OWASP #1 for the fourth year. This guide covers the three most exploited patterns — IDOR, path traversal, and JWT algorithm confusion — with real-world examples and fixes.
SQL injection remains the most exploited web vulnerability in 2025. Modern bypass techniques including JSON operator injection, second-order SQLi, and Unicode WAF evasion are examined with defensive countermeasures.
2025년 상반기 국내 개인정보 1,200만 건 유출. 쇼핑몰 SQL 인젝션, 의료기관 내부자, 앱서비스 클라우드 설정 오류 등.
OWASP has refreshed the Top 10 for 2025 with new entries around LLM/AI security, software supply chain risks, and elevated SSRF. Here is a complete breakdown of changes and actionable priorities.
Modern NTLM relay chains combining DropTheMIC, ESC8 (AD CS HTTP relay), and Shadow Credentials allow full domain compromise without cracking a single password hash.
A use-after-free in the Windows Common Log File System (CLFS) driver was exploited as a zero-day by the RansomEXX ransomware group before Microsoft patched it in April 2025.
regreSSHion is a signal handler race condition in OpenSSH allowing unauthenticated remote code execution as root on glibc-based Linux systems. Over 14 million internet-facing servers were initially vulnerable.
Chrome V8 타입 컨퓨전 취약점. 악성 웹페이지 방문만으로 원격 코드 실행 가능. 즉시 최신 버전으로 업데이트.