Aggregator

Cybersecurity researchers have discovered a malicious package on the npm package registry that masq

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

error code: 521

作者：Nicolas Grislain 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2412.19291v1#Sx4 摘要 检索增强生成（Retrieval-Augmented Generation, RAG）已成为为大型语言模型（Large Language Models, LLM）提供最新且相关上下文的主流技术。这一技术可以缓解模型生成不准确...

A vulnerability, which was classified as critical, has been found in Trlinux Postaci Webmail 1.1.3. Affected by this issue is some unknown functionality of the file /includes/global.inc of the component GET Request Handler. The manipulation leads to information disclosure (Password). This vulnerability is handled as CVE-2000-1100. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Sun Solaris 2.4. It has been classified as problematic. This affects an unknown part of the component Coredump. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-1999-1413. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cyber Espionage / HackingGerman prosecutors have charged three Russian-German nationals for acting

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.

A vulnerability classified as problematic was found in IP3 IP3 Netaccess 75. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2006-2043. Local access is required to approach this attack. Furthermore, there is an exploit available.

Hello there, not so long ago I published a post about Cyberbro, a FOSS tool

Накрутка рейтинга приводит к распространению вредоносного ПО.

A vulnerability classified as critical was found in Mystarmedia Moviebase addon 1.5.5. This vulnerability affects unknown code of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2012-0906. The attack can be initiated remotely. Furthermore, there is an exploit available.

临近年关，往往是病毒“冲业绩”的紧要关头。奇安信病毒响应中心在进行日常全网安全巡查的时候，发现一个经典的病毒木马披上了“12306订票助手”的新装，企图在游子回家的路上下手。经过分析发现，此伪装木马属于“暗黑彗星”家族。

临近年关，往往是病毒“冲业绩”的紧要关头。奇安信病毒响应中心在进行日常全网安全巡查的时候，发现一个经典的病毒木马披上了“12306订票助手”的新装，企图在游子回家的路上下手。经过分析发现，此伪装木马属于“暗黑彗星”家族。

一、背景暗黑彗星（DarkComet）是一款自2012年起被广泛用于网络攻击的远程访问木马（RAT），由Jean-Pierre Lesueur（DarkCoderSc）开发，尽管其最初开发意图是为合法

登录 注册

根据发表在 PNAS 期刊上的一项研究，如果人类不会说话他们的集体认知可能不如蚂蚁。集体认知被认为是群居的一大优势，但哪些因素促进了群体智慧？研究人员对比了蚂蚁或人类个体和群体处理一个相同几何谜题的方式，发现蚂蚁集体协作时其表现显著提升，但如果人类之间的交流方式受到限制，他们集体协作时的表现甚至会下降。研究人员认为，在缺乏讨论和辩论能力的情况下，个人会试图迅速达成共识，而不是对问题进行全面评估。他们认为，这种“群体思维”会导致人们做出徒劳的“贪婪”努力。

A vulnerability has been found in Oracle Commerce Guided Search and Commerce Experience Manager 6.1.4/11.0/11.1/11.2 and classified as critical. This vulnerability affects unknown code of the component Platform Services. The manipulation leads to information disclosure. This vulnerability was named CVE-2016-2107. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

2025年1月7日(星期二)上午 10:00(北京时间)

[SecMet]是安全学术圈近期打造的一个线上线下结合的学术研讨模式，研讨会分为全公开和半公开模式，其中半公开模式仅对安全学术圈内部交流群和特殊专题投稿人员参加，每期主题根据领域主席（Primary