Aggregator

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

The Hackers News
1 month 1 week ago
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security
The Hacker News

研究发现 AI 摘要会显著降低搜索结果页的点击率

Solidot
1 month 1 week ago
Google 已经为其搜索结果页面引入了 AI 摘要功能,它宣称该功能不会抢走网站的流量。然而皮尤研究中心的一项研究给出了不同的答案:AI 摘要会显著降低搜索结果页的点击率。研究人员分析 2025 年 3 月收集的 Ipsos KnowledgePanel 900 名用户的数据,显示当页面包含 AI 摘要时,用户点击搜索结果的可能性要小得多。如果搜索结果页面不包含 AI 摘要,用户的点击率为 15%;如果包含 AI 答案,点击率降为 8%。对于 Google 在 AI 摘要中包含的链接,研究发现其点击率为 1%——链接的来源主要是维基百科、YouTube 和 Reddit。更令人担忧的是用户在看到 AI 摘要之后更可能关闭会话,也就是不再继续搜索,不去验证 AI 摘要是否正确——而幻觉是生成式 AI 的固有问题,幻觉指的是虚构的错误信息。研究表明,Google 对 AI 的使用正在改变收集信息与搜索结果互动的方式。

INC

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

CVE-2025-41687 | Weidmueller IE-SR-2TX-WL u-link Management API stack-based overflow (VDE-2025-052 / EUVD-2025-22434)

VulDB Recent Entries
1 month 1 week ago
A vulnerability, which was classified as critical, was found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. Affected is an unknown function of the component u-link Management API. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-41687. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8070 | ASUSTOR ABP/AES Windows Service Configuration unquoted search path (EUVD-2025-22418)

VulDB Recent Entries
1 month 1 week ago
A vulnerability, which was classified as problematic, has been found in ASUSTOR ABP and AES. This issue affects some unknown processing of the component Windows Service Configuration. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2025-8070. The attack needs to be approached locally. There is no exploit available.
vuldb.com

CVE-2025-41684 | Weidmueller IE-SR-2TX-WL Main Web Interface tls_iotgen_setting os command injection (VDE-2025-052 / EUVD-2025-22435)

VulDB Recent Entries
1 month 1 week ago
A vulnerability classified as critical was found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. This vulnerability affects unknown code of the file tls_iotgen_setting of the component Main Web Interface. The manipulation leads to os command injection. This vulnerability was named CVE-2025-41684. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41683 | Weidmueller IE-SR-2TX-WL Main Web Interface event_mail_test os command injection (VDE-2025-052 / EUVD-2025-22436)

VulDB Recent Entries
1 month 1 week ago
A vulnerability classified as critical has been found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. This affects an unknown part of the file event_mail_test of the component Main Web Interface. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-41683. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Windows 11 Gets New Black Screen of Death With Auto Recovery Tool

Cyber Security News
1 month 1 week ago

Microsoft has unveiled significant improvements to Windows 11’s system recovery capabilities, introducing a redesigned Black Screen of Death restart screen alongside an automated Quick Machine Recovery (QMR) tool.  These enhancements are part of the broader Windows Resiliency Initiative (WRI), designed to minimize downtime and streamline recovery processes when system failures occur. Key Takeaways1. Windows 11's […]

The post Windows 11 Gets New Black Screen of Death With Auto Recovery Tool appeared first on Cyber Security News.

Guru Baran

CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild

Cyber Security News
1 month 1 week ago

CISA has issued an urgent warning regarding two critical Microsoft SharePoint vulnerabilities that threat actors are actively exploiting in the wild.  The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline. Key Takeaways1. […]

The post CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild appeared first on Cyber Security News.

Guru Baran

思考小而美

吴鲁加
1 month 1 week ago
脑子里在盘旋着“小而美”的一些问题,于是提了些问题,感觉脑子清晰一点了。

微软从 Google DeepMind 挖走了至少 24 名 AI 工程师

Solidot
1 month 1 week ago
微软过去六个月从 Google AI 研究部门 DeepMind 至少挖走了 24 名 AI 工程师,硅谷巨头之间的 AI 人才战在火热持续中。本周二,Google Gemini 聊天机器人前工程主管 Amar Subramanya 在职业社交网络 LinkedIn 上发帖宣布自己担任微软企业 AI 副总裁,成为最新一名投奔微软的前 Google AI 工程师。他称赞新雇主的文化氛围耳目一新。其他已加入微软的 DeepMind AI 工程师包括了前工程主管 Sonal Gupta、软件工程师 Adam Sadovsky 和产品经理 Tim Frank。

Managed ad