Aggregator

Submit #787670 / VDB-356246

Submit #787672 / VDB-354200

Submit #787671 / VDB-354203

Submit #787669 / VDB-354206

Submit #787668 / VDB-354207

Submit #787665 / VDB-354209

Submit #787664 / VDB-354210

Submit #787661 / VDB-354208

Submit #787660 / VDB-354202

Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately

Радиотелескопы засекли скрытого гиганта в созвездии Геркулеса.

亚马逊正式宣布，从 2026 年 5 月 20 日起停止支持 2012 年以及之前发布的旧型号 Kindle 和 Kindle Fire 设备，这些设备的用户将无法通过 Kindle 商店购买、借阅或下载新内容。亚马逊声称它已经为这些设备提供了 14 年，部分型号甚至长达 18 年的支持。它正在通知仍然使用这些设备的用户，为相关用户提供折扣帮助他们过渡到新设备。受影响的设备包括：第一代和第二代 Kindle，Kindle DX 和 DX Graphite、Kindle Keyboard、Kindle 4、Kindle Touch、Kindle 5 和第一代 Kindle Paperwhite。亚马逊 Kindle 已于2024 年6 月30 日退出了中国市场。

Submit #787321 / VDB-356245

A critical security bulletin highlights multiple vulnerabilities in Verify Identity Access and Security Verify Access products. If left unpatched, these widespread security flaws could allow malicious actors to access sensitive information, escalate their system privileges, or cause a complete denial-of-service of the application. Organizations relying on these authentication platforms must take immediate action to patch […]

The post IBM Identity and Verify Access Vulnerabilities Allow Remote Attacker to Access Sensitive Data appeared first on Cyber Security News.

A highly sophisticated, unpatched zero-day exploit is actively targeting users of Adobe Reader. Detected by the EXPMON threat-hunting system, this malicious PDF file is designed to steal sensitive local data and perform advanced system fingerprinting. The exploit functions flawlessly on the latest version of Adobe Reader. It requires no user interaction beyond simply opening the […]

The post Hackers Actively Attacking Adobe Reader Users Using Sophisticated 0-Day Exploit appeared first on Cyber Security News.

今天推送前中情局官员，大西洋理事会和海登中心研究员约翰·赛弗（John Sipher）撰写的文章：特朗普正在对美国情报机构造成结构性破坏。

Anthropic has introduced Claude Mythos Preview, an advanced language model with extraordinary capabilities for discovering and autonomously exploiting undiscovered zero-day vulnerabilities. To ensure these powerful tools are used defensively, the company has launched Project Glasswing to collaborate with industry partners and patch critical software systems. Claude Mythos Preview represents a massive upgrade over older models like […]

The post Anthropic Unveils Claude Mythos Preview With Powerful Zero-Day Detection Capabilities appeared first on Cyber Security News.

AI 的进步预计会对整个社会造成巨大冲击，为了应对这一社会问题，OpenAI 提出了一系列建议，包括对机器人征税，设立公共财富基金，以及推行四天工作制。OpenAI 表示这份文件是它应对 AI 工具普及可能冲击就业岗位以及整个行业而提出的初步想法。它的核心建议是设立公共财富基金，投资于与 AI 发展相关的长期资产，将收益直接分配给公民。四天工作制则要求雇主在不减少薪酬的情况下减少工作时间。另一项建议是改革税收制度，将税基转向企业所得税和资本利得税，而不是依赖可能受到 AI 引发的大规模失业潮冲击的劳动所得税和工资税。

Submit #787234 / VDB-207847