Aggregator

文章介绍了一种名为AVVERIFIER的工具，用于检测智能合约中的地址验证漏洞。该工具通过三阶段检测（白名单验证检查、外部调用检查及状态修改分析），识别潜在漏洞状态，并帮助开发者提升合约安全性。

云服务商 Cloudflare 解释了 7 月 14 日的网络故障：它的 1.1.1.1 公共 DNS 服务从 21:52 UTC 到 22:54 UTC 期间不可用，对于依赖 1.1.1.1 解析域名的用户而言，这意味着几乎所有服务都不可用。Cloudflare 称事故是内部配置错误导致的，不是网络攻击或 BGP 劫持。错误配置是在 6 月 6 日引入的，但当时相关服务尚未投入到生产环境，因此没有立即产生影响。

Google的AI框架Big Sleep发现SQLite数据库中的内存损坏漏洞CVE-2025-6965，在其被利用前修复。

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an

A vulnerability has been found in FFmpeg and classified as problematic. This vulnerability affects unknown code of the file libavcodec/alsdec.c of the component ALS Decoder. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-7700. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Zyxel VMG8825-T50K. This affects an unknown part of the component URL Parser. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-7673. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Alcatel-Lucent OmniAccess Stellar. Affected by this issue is some unknown functionality. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2025-52689. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Alcatel Lucent OmniAccess Stellar. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-52687. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Alcatel-Lucent OmniAccess Stellar. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-52690. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Alcatel-Lucent OmniAccess Stellar. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-52688. The attack may be initiated remotely. There is no exploit available.

Машины учатся говорить всё выразительнее.

Claude Code 是一个 AI 编程助手，但国内用户受限于 Claude 模型的使用问题。文章介绍如何通过 Kimi K2 大模型替代 Claude 模型，并详细说明了环境准备、API 配置及切换方法。Kimi K2 在代码生成、上下文处理和成本方面具有显著优势。

文章探讨了LLM工具调用（tool-call）机制，包括function calling和MCP的显式与隐式调用方式。显式调用需手动处理工具调用流程，而隐式调用由LLM自动完成。隐式虽高效但易出错，显式则更可控且适合特定场景。文章还介绍了半自动回填式的显式调用方法及其适用性。

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年7月7日至2025年7月13日）安全漏洞情况如下

环境异常需验证后继续访问。

BetterLyrics 是一款为 Windows 设计的沉浸式歌词显示软件，支持多种音乐播放器实时抓取歌词并提供流畅动画效果。基于 WinUI 3 和 Fluent Design 开发，开源且功能丰富。

Он выглядел как безобидный код, но обманул всех и стал главной угрозой десятилетия.

文章探讨了成为道德黑客所需条件，包括是否需要学士和硕士学位、技能展示是否足够、漏洞赏金能否维持生计以及所需时间等问题。

文章描述了从微软Intune enrolled设备中提取企业应用APK的挑战。传统方法因Intune的安全策略和用户资料隔离而失败。通过将应用转移至个人资料并结合MMSF工具实现自动化提取，成功解决了问题。