Aggregator

A vulnerability was found in Apple watchOS up to 8.1.1 and classified as problematic. This issue affects some unknown processing of the component Audio. Executing a manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2021-30960. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Apple tvOS up to 15.1.1 and classified as problematic. Affected is an unknown function of the component Audio. Such manipulation leads to buffer overflow. This vulnerability is listed as CVE-2021-30960. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 15.1.1. This affects an unknown part of the component Audio. Performing a manipulation results in buffer overflow. This vulnerability was named CVE-2021-30960. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 12.0. This issue affects some unknown processing of the component Audio. The manipulation results in buffer overflow. This vulnerability is known as CVE-2021-30960. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

Microsoft встраивает веб прямо в Copilot и нервирует рынок браузеров

继澳大利亚之后，印度科技重镇卡纳塔克邦（Karnataka）与印度尼西亚相继宣布将禁止 16 岁以下青少年使用社交媒体及高风险数字平台。印尼通信与数码部长梅蒂雅（Meutya Hafid）星期五发声明说，政府将从 3 月 28 日起，分阶段注销 16 岁以下青少年在“高风险平台”上的账户。首批受影响的平台包括 YouTube、TikTok、Facebook、Instagram、Threads、X、Bigo Live 以及游戏平台 Roblox。梅蒂雅说，颁布禁令是因为青少年面临网络色情、网络欺凌、网络诈骗和网络成瘾的威胁。印度卡纳塔克邦立法议员星期五在邦预算会议上提出禁止16岁以下青少年使用社媒应用的法案。卡纳塔克邦将成为全印度首个实行这项禁令的邦。议员里兹万说：“青少年在未了解后果的情况下，就开始使用社交媒体。我们将与社会人士探讨，如何在社媒落实年龄限制。”

A vulnerability, which was classified as problematic, was found in PluXml CMS 5.8.21/5.9.0-rc7. The impacted element is an unknown function of the component Static Page. The manipulation results in cross site scripting. This vulnerability was named CVE-2026-24351. The attack may be performed from remote. There is no available exploit.

A vulnerability described as problematic has been identified in Python CPython up to 3.14.x. The impacted element is the function b64decode/standard_b64decode/urlsafe_b64decode. The manipulation results in incorrect type conversion. This vulnerability was named CVE-2025-12781. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A deep dive into Iranian cyber warfare and actionable defenses for network operators.

The post Securing Critical Infrastructure in a Time of War appeared first on Security Boulevard.

当一个负责造机器人的人，因为担心机器人杀人而辞职，这件事本身就说明了很多问题。

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents. Security debt is becoming a governance issue for CISOs Application security backlogs keep expanding across large development … More →

The post Week in review: Weaponized OAuth redirection logic delivers malware, Patch Tuesday forecast appeared first on Help Net Security.

NASA 执行双小行星重定向测试(DART)任务的探测器于 2022 年 9 月撞击了小行星 Dimorphos，这是世界首次行星防御技术演示。撞击不仅改变了 Dimorphos 绕较大伴星 Didymos 的运动，也同时使这对双小行星绕太阳的轨道出现可测量的改变。观测结果显示，原本约 770 天的公转周期缩短了 0.15 秒，这是人类制造的物体首次被量测到改变天体绕太阳运行的轨道。先前研究已发现，Dimorphos 绕直径约 805 米的 Didymos 公转周期（约 12 小时）因撞击缩短了 33 分钟。新的研究指出，撞击喷出的碎屑使整个系统的轨道速度改变约每秒 11.7 微米，导致其绕太阳的公转周期改变 0.15 秒。虽然这对轨道来说只是极其微小的变化，但随着时间累积，仍可能造成显著偏移，甚至影响一颗潜在危险小行星是否会撞上地球。

A vulnerability classified as critical was found in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2026-3796. The attack is restricted to local execution. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber […]

Submit #758991 / VDB-349763

Оказывается, гравитационные волны — это ещё и телескоп. Причём самый мощный из существующих.

A vulnerability classified as critical has been found in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. This vulnerability is identified as CVE-2026-3795. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. This vulnerability is referenced as CVE-2026-3794. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #768241 / VDB-349762

Submit #768240 / VDB-345395