Aggregator

普渡大学研究显示，一次典型的高温美发过程可能释放超百亿纳米颗粒。研究表明，卷发棒、直发器等造型工具温度超过 150℃ 时，护发产品中的环状硅氧烷等低挥发性成分会迅速挥发、成核并生成大量新纳米颗粒，大多数颗粒直径小于 100 纳米。一次 10-20 分钟的高温美发过程，可能让人体吸入超百亿纳米颗粒。这些颗粒会直接沉积在肺部，其中肺泡区的沉积剂量最高。研究人员建议，尽量减少或避免使用需配合高温工具的产品，特别是标榜“耐热”的免洗型发胶、发霜、发凝胶。如果必须使用，应确保室内通风良好。

A vulnerability classified as problematic was found in ImageMagick up to 6.9.13-26/7.1.2-0. This issue affects some unknown processing. Such manipulation leads to reliance on undefined, unspecified, or implementation-defined behavior. This vulnerability is listed as CVE-2025-55160. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in ImageMagick up to 6.9.13-26/7.1.2-0. This vulnerability affects the function ReadOneMNGIMage of the file coders/png.c. This manipulation causes integer overflow. This vulnerability is tracked as CVE-2025-55154. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ImageMagick up to 7.1.2-0. Impacted is an unknown function. Performing manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2025-55005. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in ImageMagick up to 7.1.2-0. The affected element is the function ReadOneMNGIMage. Executing manipulation can lead to heap-based buffer overflow. This vulnerability is registered as CVE-2025-55004. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in GNU C Library up to 2.41. The affected element is the function regcomp. Such manipulation leads to double free. This vulnerability is traded as CVE-2025-8058. An attack has to be approached locally. There is no exploit available. It is advisable to upgrade the affected component.

英伟达已通知半导体后工序大企业美国 Amkor Technology 和韩国三星电子停止涉及 H20 的相关业务。英伟达也向台湾鸿海精密工业提出了类似请求。英伟达之所以对 H20 的生产持犹豫态度，是因为中国市场的需求预期正在迅速恶化。中国相关部门于 7 月对 H20 存在安全方面的漏洞提出了担忧。对于英伟达来说，H20 本应是开拓中国市场的王牌产品。在困境之下，英伟达正在摸索的方案是投放新型芯片。H20 基于上一代 Hopper 架构，英伟达据报道正基于最新一代的 Blackwell 架构开发面向中国市场的半导体。

New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams. […]

Bluesky 拒绝遵守美国密西西比州一项要求所有社交媒体用户验证年龄的新法律，决定屏蔽密西西比州用户访问其服务。Bluesky 通过官方博客解释说，作为一个小团队它没有足够的资源执行法律所要求的重大技术修改，同时对该法律的范围及其对隐私的影响表达了担忧。密西西比州的 HB 1126 法案要求社交网络在所有用户访问前验证年龄。美国最高法院法官周四决定阻止一项紧急上诉，上诉原本会阻止法律在面临挑战期间生效。Bluesky 不得不决定如何合规。HB 1126 不只是要求用户访问成人内容前验证年龄，而是要求所有用户验证年龄。意味着社交网络如 Bluesky 必须验证每位用户的年龄，而 18 岁以下用户访问服务还需要征得其父母同意。Bluesky 指出，不遵守规定的可能处罚非常严厉——最高每位用户 1 万美元。Bluesky 强调该法律超出了保护儿童安全的范围。

Дезинформация, психоз и отсутствие правил превращают технологию в угрозу.

Electronics manufacturer Data I/O reports a ransomware attack to SEC, the company was forced to take offline operational systems. Electronics manufacturer Data I/O reported a ransomware attack to the US Securities and Exchange Commission (SEC). The company was forced to take offline operational systems following the attack. Data I/O is a leading provider of manual […]

A vulnerability classified as problematic was found in LinuxServer.io Heimdall 2.6.3-ls307. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-Host/Referer results in open redirect. This vulnerability was named CVE-2025-50578. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability has been found in Cursor up to 1.3.8 and classified as critical. Impacted is an unknown function of the file vscode/settings.json of the component Setting Handler. Performing manipulation results in improper authorization. This vulnerability is identified as CVE-2025-54130. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Cursor up to 1.3.8 and classified as critical. The affected element is an unknown function of the file /.Cursor/mcp.json of the component MCP File Parser. Executing manipulation can lead to os command injection. This vulnerability is tracked as CVE-2025-54135. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in AOMEI Cyber Backup and classified as critical. Affected by this vulnerability is an unknown functionality. Performing manipulation results in missing authentication. This vulnerability is reported as CVE-2025-8610. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-9298. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. This vulnerability is cataloged as CVE-2025-9237. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Cursor up to 1.2. This affects an unknown function of the component Model Context Protocol. Performing manipulation results in os command injection. This vulnerability is cataloged as CVE-2025-54133. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Cursor up to 1.2. This impacts an unknown function of the component Mermaid. Executing manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2025-54132. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Cursor up to 1.2. Affected by this issue is some unknown functionality. This manipulation causes command injection. This vulnerability appears as CVE-2025-54131. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.