Aggregator

宇树科技公布数字孪生的机器人运动控制专利；阿里采购寒武纪 15 万片 GPU 的消息不实

vivo发布Y500手机，配备8200mAh电池及天玑7300处理器；《人工智能生成合成内容标识办法》实施；91助手宣布2025年关停；暴雪起诉魔兽世界私服Turtle WoW；微软否认Windows 11更新损坏固态硬盘。

环境异常提示需完成验证后继续访问。

银狐最新攻击样本分析与威胁情报

Lightning 是 TiDB 的高速数据导入工具，支持 TB 级数据快速迁移。其架构清晰模块化，核心功能包括表结构恢复、数据导入及多后端模式（Local 和 TiDB）。通过检查点机制实现断点续传，并采用多层次并发控制和内存管理优化性能。

网络攻击门槛正在急剧降低！

A vulnerability classified as critical was found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected is the function cachefiles_withdraw_cookie. Such manipulation leads to use after free. This vulnerability is listed as CVE-2024-41057. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected by this vulnerability is the function fscache_withdraw_volume. Performing manipulation results in improper update of reference count. This vulnerability is cataloged as CVE-2024-41058. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.40/6.9.9. It has been declared as critical. Affected by this vulnerability is the function ufshcd_clear_cmd of the component scsi. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2024-41054. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.10.221/5.15.162/6.1.99/6.6.40/6.9.9. Impacted is the function pfn_section_valid. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2024-41055. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.40/6.9.9 and classified as critical. This impacts the function ufshcd_abort_one of the component scsi. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2024-41053. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.40/6.9.9 and classified as problematic. This affects an unknown function of the component vfio. Performing manipulation of the argument Count results in improper initialization. This vulnerability is cataloged as CVE-2024-41052. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Bluetooth Core up to 5.2. This affects an unknown function of the component LE/BR/EDR. The manipulation results in channel accessible by non-endpoint. This vulnerability is known as CVE-2020-26558. Access to the local network is required for this attack. No exploit is available.

A vulnerability identified as problematic has been detected in Bluetooth Core up to 5.3. Affected by this issue is some unknown functionality of the component Non-Discoverable Mode. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2022-24695. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as problematic was found in Bluetooth Core Specifications up to 5.3. The impacted element is an unknown function of the component Bluetooth LE/BR/EDR. Such manipulation leads to channel accessible by non-endpoint. This vulnerability is listed as CVE-2021-37577. The attack must be carried out from within the local network. There is no available exploit.

Redis HyperLogLog(CVE-2025-32023)漏洞是一个高危的远程代码执行漏洞，影响Redis 2.8至8.0.3的多个版本。攻击者通过构造恶意的HyperLogLog稀疏编码数据，在PFMERGE或PFADD等命令触发时，利用整数溢出导致堆/栈越界写入，最终实现任意代码执行。漏洞核心在于稀疏模式转换过程中未校验寄存器索引idx的负值，通过精心设计的XZERO编码链使idx溢出

A vulnerability was found in IBM Maximo Application Suite 9.0. It has been declared as critical. This affects an unknown part of the component Role-Based Access Control. Such manipulation leads to incorrect privilege assignment. This vulnerability is listed as CVE-2025-2898. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.