Aggregator

天主教教宗驻地最爱 Linux 软件了。Reddit 用户统计了 Linux 应用商店 Flathub 在不同国家/地区的下载量，然后根据其人口总数计算了人均下载量。结果出人意料：罗马的城中之国梵蒂冈的人均下载量全球最高，一大原因是梵蒂冈只有 496 人（维基百科给出的 2024 年数据是 882 人），总下载量 6878，人均下载量接近 14，远超第二名德国的人均 4 次。统计显示，Flathub 在欧洲、美国、加拿大、澳大利亚和新西兰相当受欢迎，但在亚洲和非洲没多少用户。Flathub 提供了 Flatpak 打包的 Linux 软件，绝大部分 Linux 发行版都支持运行 Flatpak 软件。

Creators, Authors and Presenters: Jan Berens, Marcell Szakaly

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: One Modem To Brick Them All -Vulns In EV Charging Comms appeared first on Security Boulevard.

Cyberattack on Collins Aerospace check-in system disrupts major European airports, causing flight delays and cancellations across hubs.

奥地利军方从私有的 MS Office 切换到了开源的 LibreOffice。此举并非是为了节省大约 1.6 万台工作站的软件许可证费用，用军方官员的话说是为了加强数字主权，维护基础设施的独立性，确保数据仅在内部处理。主要动机是微软的办公软件正迁移到云端，而军方不可能使用外部云服务处理内部数据。奥地利军方从 2022 年开始就在试用 LibreOffice 为迁移做准备。军方此前使用的是 Microsoft Office 2016 Professional，如今已经卸载，但仍需要使用微软办公软件的用户可以内部申请使用 MS Office 2024 LTSC。奥地利军方在使用 LibreOffice 过程中还为开源项目贡献了代码。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed two malware strains found in a network compromised via Ivanti EPMM flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published technical details of two malware families that were discovered in the network of an unnamed organization following the compromise of Ivanti Endpoint Manager Mobile (EPMM). […]

Тщательно продуманные легенды столкнулись с простой арифметикой транзакций.

ISSTA 主会场 Full Paper，之前发的只是附属研讨会的短文

AI-powered malware, known as ‘MalTerminal’, uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed. This discovery follows the recent analysis of PromptLock, another AI-driven malware, indicating a clear trend toward adversaries weaponizing large language models (LLMs). This discovery was […]

The post First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.

小米和国家市场监督管理总局周五宣布，召回 2024 年 2 月 6 日至 2025 年 8 月 30 日生产的部分 SU7 标准版电动汽车，共计 116887 辆。召回编号S2025M0149I：涉及XMA7000MBEVR2和XMA7000MBEVR5车型，共计98462辆。召回编号S2025M0150I：涉及BJ7000MBEVR2车型，共计18425辆。本次召回范围内部分车辆在L2高速领航辅助驾驶功能开启的某些情况下，对极端特殊场景的识别、预警或处置可能不足，若驾驶员不及时干预可能会增加碰撞风险，存在安全隐患。小米汽车科技有限公司将通过汽车远程升级（OTA）技术，为召回范围内的车辆免费升级软件，以消除安全隐患。今年早些时候曾发生过一起涉及 SU7 辅助驾驶系统的致命车祸，导致三名大学生死亡。

The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors. According to recent data, more than 23,600 vulnerabilities were published in the first half of 2025 alone, representing a 16% increase over 2024. This alarming trend has seen sophisticated threat actors, including nation-state groups and […]

The post Top Zero-Day Vulnerabilities Exploited in the Wild in 2025 appeared first on Cyber Security News.

A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been declared as problematic. The affected element is an unknown function of the component Podman. Executing manipulation can lead to creation of temporary file with insecure permissions. The identification of this vulnerability is CVE-2025-4953. The attack may be launched remotely. There is no exploit available.

2025年9月的投稿指南！

Почему немецкий бизнес не может выжить в киберпространстве?

A vulnerability categorized as problematic has been discovered in libexpat up to 2.7.1. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2025-59375. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

关键词用户隐私泄露🚨工信部重拳整治！

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

A vulnerability identified as critical has been detected in Mambo 4.5.1. Affected is an unknown function of the file credits.html.php of the component mediad. This manipulation of the argument mosConfig_absolute_path causes code injection. This vulnerability is handled as CVE-2007-5362. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in mosMedia. It has been declared as critical. This vulnerability affects unknown code. Such manipulation of the argument mosConfig_absolute_path leads to code injection. This vulnerability is listed as CVE-2007-5362. The attack may be performed from remote. In addition, an exploit is available.