Aggregator

感谢Binary Ninja，欢迎其它厂商加入联动

美国联邦法官裁决 Anthropic 使用书籍训练 AI 是合理使用，但使用盗版书籍训练并不是。法庭文件显示，Anthropic 从盗版网站下载了逾 700 万本书籍。它还购买了数百万本纸质书，拆开装订扫描了每一页，将其以数字形式存储。盗版书库和扫描书库被用于训练 Anthropic 大模型 Claude 的不同版本，每年为该公司带来逾十亿美元收入。法官裁决使用盗版书籍训练 AI 不是合理使用，将在晚些时候就盗版书籍相关赔偿进行审理。

A vulnerability classified as critical has been found in Johannes Ekberg XRay CMS 1.1.1. This affects an unknown part of the file login2.php of the component Login. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2012-1026. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Financial Services Liquidity Risk Measurement and Management 8.0.7/8.0.8 and classified as critical. Affected by this issue is some unknown functionality of the component Apache Groovy. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2019-11358. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Xoops up to 2.0.5.2. This affects an unknown part of the file viewtopic.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2004-2756. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

据悉，2024年9月以来，有关部门和地方持续整治涉转基因网络谣言，重点监测打击涉转基因造谣传谣行为，依法依规查处一批制作、传播涉转基因谣言信息的网络账号主体，现将部分典型案例公布如下。

为充分发挥司法裁判的示范和引领作用，最高人民法院发布5个网络消费民事典型案例，主要体现以下方面工作重点。

通过卫星进行的数据传输能够覆盖全球广阔区域。尤其是在传统地面通信网络难以触及的偏远地区，卫星互联网提供了无可替代的连接服务。然而，卫星互联网在带来便利和高效通信的同时，也面临着一系列复杂的安全风险。

当大模型接入开放、动态的互联网环境时，不仅面临信息质量参差、实时计算延迟等技术难题，更潜藏数据安全、内容合规等系统性风险。因此，深入研究大模型联网的风险与应对举措，具有重要的理论价值和现实意义。

A vulnerability, which was classified as problematic, has been found in tera-charts 0.1. Affected by this issue is some unknown functionality of the component Chart. The manipulation of the argument fn leads to path traversal. This vulnerability is handled as CVE-2014-4940. The attack may be launched remotely. Furthermore, there is an exploit available.

XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat Friedman. This brings XBOW’s total funding to $117 million. Founded by Oege de Moor, XBOW has built an autonomous platform that continuously tests applications for vulnerabilities. Instead of relying on periodic, manual penetration tests, XBOW’s system runs nonstop, using AI to identify … More →

The post XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up appeared first on Help Net Security.

UK ransomware victims are paying extortionists twice as much as a year ago

A vulnerability classified as problematic has been found in iterate Cyberduck and Mountain Duck. Affected is an unknown function of the component TLS Certificate Handler. The manipulation leads to use of weak hash. This vulnerability is traded as CVE-2025-41256. It is possible to launch the attack remotely. There is no exploit available.

Неизвестные включили клапан на максимум, но катастрофы удалось избежать.

A vulnerability was found in Brother Industries/FUJIFILM Business Innovation/RICOH Printer. It has been rated as critical. This issue affects some unknown processing of the component HTTP Service/HTTPS Service/IPP Service. The manipulation of the argument Origin header leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-51979. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Brother Industries/FUJIFILM Business Innovation/RICOH/Toshiba Tec Printer. It has been declared as critical. This vulnerability affects unknown code of the component WS-Addressing. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-51981. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Brother Industries/FUJIFILM Business Innovation/RICOH/Toshiba Tec Printer. It has been classified as critical. This affects an unknown part of the component Web Service. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2024-51980. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Brother Industries/FUJIFILM Business Innovation/RICOH/Toshiba Tec Printer and classified as problematic. Affected by this issue is some unknown functionality of the file /etc/mnt_info.csv of the component HTTP Service/IPP Service. The manipulation leads to file and directory information exposure. This vulnerability is handled as CVE-2024-51977. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Brother Industries/FUJIFILM Business Innovation/RICOH Printer and classified as critical. Affected by this vulnerability is an unknown functionality of the component Service Port 9100. The manipulation of the argument FORMLINES leads to improper validation of syntactic correctness of input. This vulnerability is known as CVE-2024-51982. The attack can be launched remotely. There is no exploit available.

诚挚欢迎各界合作伙伴、客户朋友们莅临参观指导！