Aggregator

据OPENAI本月最新发布的报告《Influence and cyber operations: an update》，伊朗黑客组织CyberAv3ngers利用人工智能模型ChatGPT策划针对工业

2024 年诺贝尔和平奖授予了日本原子弹氢弹爆炸受害者团体协议会(简称被团协)。被团协由 广岛、长崎核爆幸存者组成，因其为实现无核世界所做的努力以及通过证人证词表明绝不能再次使用核武器而获得和平奖。挪威诺贝尔委员会希望借此承认一个事实：核武器在接近 80 年里没有在战争中使用过。日本被团协等组织为核禁忌的建立做出了巨大贡献。但令人担忧的是今天反对使用核武器的禁忌正面临压力。核大国正对其核武库进行现代化和升级；新兴国家似乎正准备获取核武器；当前正发生的战争出现了使用核武器的威胁。在人类历史的这一时刻，我们需要提醒自己核武器是什么：它们是世界上迄今为止最具破坏性的武器。

A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9817. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-9818. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket

Check Point

Microsoft открывает новую эру безопасности, где не нужно жертвовать удобством.

供应链安全问题已成为国际冲突“超限战”武器 日期：2024年10月11日 阅：11

业务安全“星选厂商”|海云安入选2024年度网络与信息安全行业代表性星选企业 日期：2024年10月11日 阅：12

Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said

Автоматические пентесты выявляют все слабые места прежде, чем это сделают хакеры.

Хакеры зря рассчитывают на популярный чат-бот.

欧盟数据空间的第一部立法

A vulnerability classified as problematic was found in posimyththemes Plus Addons for Elementor Plugin up to 5.6.11 on WordPress. This vulnerability affects the function render of the file modules/widgets/tp_accordion.php of the component Template Data Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-8913. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-9814. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. This vulnerability is known as CVE-2024-9815. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. This vulnerability is handled as CVE-2024-9816. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adobe Commerce up to 2.4.7-p2/2.4.6-p7/2.4.5-p9/2.4.4-p10 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-45121. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.7-p2/2.4.6-p7/2.4.5-p9/2.4.4-p10. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-45119. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gradio up to 4.43. It has been classified as critical. This affects an unknown part. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-47084. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.