Aggregator

近日，悬镜供应链安全情报中心在python仓库捕获到一例伪装成日均下载量超百万次的知名网络图结构分析库NetworkX包投毒事件，影响深远。

性别决定是最基本的生物发育过程之一，也是科学界探索的热点。在发育过程中表达的基因对多种器官的形成起着至关重要的作用。位于 Y 染色体上的哺乳动物性别决定基因 Sry 是睾丸形成所必需的，该基因仅在胚胎发生过程中的很短时间内被激活。然而 Sry 激活背后的具体机制仍不清楚。大阪大学领导的研究团队发现铁在雄性哺乳动物的性别发育中发挥关键作用。无论是饮食还是药物干预引起的母体缺铁，都可能导致 Sry 基因的组蛋白甲基化发生改变。缺铁的雌鼠产下的一些 XY 后代被证实会发生性别逆转，这可能是与 Sry 基因激活受损有关。

Delta Electronicsが提供するDTM Softには、信頼できないデータのデシリアライゼーションの脆弱性が存在します。

A vulnerability was found in stitionai devika. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal: '\..\filename'. This vulnerability is traded as CVE-2024-5926. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in rjrodger jsonic-next 2.12.1 and classified as problematic. Affected by this vulnerability is the function empty. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-38993. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Wallet for WooCommerce Plugin up to 1.5.4 on WordPress. This vulnerability affects unknown code. The manipulation of the argument search[value] leads to sql injection. This vulnerability was named CVE-2024-6353. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Premium Packages Plugin up to 5.9.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7386. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Apache Answer up to 1.3.5. This issue affects some unknown processing of the component Gravatar. The manipulation leads to inadequate encryption strength. The identification of this vulnerability is CVE-2024-40761. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in mudler localai up to 2.19.3. This vulnerability affects unknown code of the component Configuration File Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-6983. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Plasmoapp RPShare Fabric mod 1.0.0. This affects the function build of the component DonwloadPromptScreen. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-33368. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Plasmoapp RPShare Fabric mod 1.0.0 and classified as critical. This vulnerability affects the function getFileNameFromConnection of the component DownloadTask. The manipulation leads to path traversal. This vulnerability was named CVE-2024-33369. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Apache XML Graphics FOP 2.9 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2024-28168. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SKT Themes SKT Blocks Plugin up to 1.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-48036. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in LA-Studio Element Kit for Elementor Plugin up to 1.3.8.1 on WordPress. Affected is an unknown function of the component LaStudioKit Progress Bar Widget. The manipulation of the argument progress_type leads to file inclusion. This vulnerability is traded as CVE-2024-37479. It is possible to launch the attack remotely. There is no exploit available.

2022 年 9 月 26 日，NASA 执行双小行星重定向测试(DART)任务的飞船撞击了名为 Dimorphos 的小行星。这是世界首次行星防御技术演示，撞击成功偏转了小行星轨道，但同时也释放了大量石头，而这些巨石可能会使得未来的偏转小行星的工作更加复杂。撞击产生了 104 块半径从 0.2 米到 3.6 米不等的巨石。研究团队发现，这些喷出的巨石们的动量高达 DART 撞击器的三倍。这些巨石不仅产生几乎与 DART 撞击相同的冲击力，四散的方向也明显分为两群。研究团队认为，这些被抛出的巨石可能来自特定来源，或许是小行星上的一些较大巨石，它们在 DART 探测器主体撞击地表之前就被太阳能板击碎而飞溅出来。由于 DART 撞击产生的巨石的动量主要垂直于太空船的轨道，这意味着它可能使轨道面倾斜一度以上，并导致小行星在太空中不规则地翻滚。这项研究结果说明了未来若欲再度以撞击方式偏转小行星的轨道，其表面地形与岩石分布状态，将可能对偏转成果产生不可预期的变数。

In today’s digital-first world, cybercrime is evolving rapidly, making digital forensic investigation tools indispensable for law enforcement, cybersecurity professionals, and corporate investigators. These tools empower experts to uncover, analyze, and present digital evidence from computers, mobile devices, cloud services, and networks. The right forensic software can mean the difference between solving a case efficiently and […]

The post 10 Best Digital Forensic Investigation Tools – 2025 appeared first on Cyber Security News.

A vulnerability classified as very critical has been found in End-of-Train and Head-of-Train. This affects an unknown part of the component BCH Handler. The manipulation leads to weak authentication. This vulnerability is uniquely identified as CVE-2025-1727. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Connect2id Nimbus JOSE+JWT up to 10.0.1. Affected is an unknown function of the component JSON Object Handler. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2025-53864. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been classified as critical. This affects an unknown part of the component KnoxVault Trustlet. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-20983. An attack has to be approached locally. There is no exploit available.

r/netsecstudents是一个Reddit小组，旨在帮助网络安全性学生分享资源、提问和互相学习。