Aggregator

Китайский малыш выжигает эфир на все 500 ватт.

这里拿携程举例子。之前就有朋友在携程买票，结果“被贷款”，我作为所谓的携程 V7 黑钻用户老用户，知道在携程买票必然是步步惊心的，自以为足够小心了。结果上个月买火车票时，还是中了招。 图一我一看就知道不能点第一个链接，便宜肯定是骗人（仔细看，就能看见 +36 元），所以我直接点了第二个链接——确实怪我，没看见要 +25 元。 图二里是有明细的，但我确实平时不怎么细看，直接付款了。 后来机缘巧合，在大概十分钟后发现中招，有些不痛快，就退票退款了，退的时候告诉我，铁路局收了一些退票费不能退，如图三——我忍了。 过了一会，我突然觉得不对，算了一下账，原来携程收我的所谓“优享预定”也是不退的——每张票收 25 元的优享预定，究竟是什么呢——我看了看，是图四，原谅我没看出它的价值来。 于是我打了电话到携程投诉，客服很客气地表示退款，把铁路局的也退了，还表示要送我 100 元现金券。我拒绝了，表示我可能会写一写这个例子。 作为一个产品经理，我其实能理解这种设计。我甚至理解，哪怕梁建章提要求，也未必改得掉这个问题，毕竟背后有太多利益，都是净利润，不能轻易因为投诉就放弃。 只是，这确实就是我标题写的：产品的默认设置，就体现价值观。 我们做的产品也一样，希望真的能客户第一（真的很难）。

Creator, Author and Presenter: Jack Cable

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: The Product Security Imperative: Lessons From CISA appeared first on Security Boulevard.

Gogs最新RCE分析与利用详情

Google's Gemini is now testing a new feature called "Projects." This will be similar to OpenAI's Project Feature for ChatGPT. [...]

The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko. [...]

In the week of August 11-17, 2025, the cybersecurity landscape was marked by critical updates from major vendors and a surge in sophisticated threats, underscoring the ongoing battle against digital vulnerabilities. Microsoft rolled out its Patch Tuesday updates on August 12, addressing over 90 vulnerabilities, including several zero-day exploits in Windows and Office suites that […]

The post Weekly Cybersecurity News Recap : Microsoft, Cisco, Fortinet Security Updates and Cyber Attacks appeared first on Cyber Security News.

Турецкие власти требуют объяснений, индустрия замерла в ожидании.

A vulnerability was found in ZenCart 2.1.0. It has been declared as problematic. Impacted is an unknown function of the component CKEditor. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9103. The attack may be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".

OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm or is being abused. [...]

A vulnerability was found in 1&1 Mail & Media mail.com App 8.8.0 on Android. It has been classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. This vulnerability is listed as CVE-2025-9102. The attack must be carried out locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #628298 / VDB-320425

Submit #628264 / VDB-320424

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/tags/save of the component Tag Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-9101. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in zhenfeng13 My-Blog 1.0.0 and classified as problematic. This affects an unknown part of the file /blog/comment of the component Frontend Blog Article Comment Handler. Performing manipulation results in authentication bypass by capture-replay. This vulnerability is identified as CVE-2025-9100. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #628095 / VDB-320423

Submit #628097 / VDB-320422

A vulnerability, which was classified as critical, was found in Acrel Environmental Monitoring Cloud Platform up to 20250804. Affected by this issue is some unknown functionality of the file /NewsManage/UploadNewsImg. Such manipulation of the argument File leads to unrestricted upload. This vulnerability is referenced as CVE-2025-9099. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #628096 / VDB-227812