Aggregator

大众汽车正为其电动汽车 ID.3 推出提升引擎功率的订阅模式，如果司机想要从标准的 201 马力提升到 228 马力，他们需要每月支付约 16.50 英镑或每年 165 英镑，或一次性支付 649 英镑的终身费用。该费用是与汽车绑定而不是与司机绑定，如果司机卖掉了 ID.3，购买了另一辆 ID.3，那么如果想要获得更高的动力将需要再次支付。大众汽车辩解称，司机是在为更强的运动体验付费，他们无需为此购买更高引擎功率的型号。提升功率无需机械方面进行改变，主要是调整下软件，可能是修改下布尔值。

Кто на самом деле в зоне риска — корпорации или средний бизнес?

A critical security vulnerability has been discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, potentially allowing remote attackers to execute arbitrary code on industrial control systems.  The vulnerability, tracked as CVE-2025-7353, affects multiple ControlLogix Ethernet modules and carries a maximum CVSS score of 9.8, indicating severe security implications for industrial automation environments.  Key Takeaways1. Critical […]

The post Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Use-after-free (UAF) vulnerabilities represent one of the most critical and prevalent security threats in modern software systems, particularly affecting applications written in memory-unsafe languages like C and C++. These vulnerabilities occur when a program continues to use a memory location after it has been freed, creating opportunities for attackers to manipulate program execution flow, corrupt […]

The post What is Use-After-Free Vulnerability? – Impact and Mitigation appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel and classified as problematic. The affected element is the function ksmbd_smb2_check_message of the file fs/ksmbd/smb2misc.c of the component ksmbd. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2023-3865. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability was found in Linux Kernel. It has been classified as critical. The impacted element is an unknown function of the component ksmbd. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2023-3866. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability classified as problematic has been found in Microsoft Windows. The affected element is an unknown function of the component Wireless Networking. Performing manipulation results in an unknown weakness. This vulnerability was named CVE-2020-24588. The attack needs to be approached within the local network. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability categorized as problematic has been discovered in Apache Tomcat up to 8.5.100/9.0.107/10.1.43/11.0.9. The affected element is an unknown function of the component HTTP2 Handler. The manipulation results in denial of service. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-48989. The attack may be performed from a remote location. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in IETF HTTP Working Group Fastly H20 and HTTP2. The impacted element is an unknown function of the component Stream Reset Handler. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2025-8671. It is possible to initiate the attack remotely. There is no exploit available.

经过多轮激烈角逐，奇安信代码安全实验室凭借优异的技术能力和攻防实力，从成功晋级线下决赛的30支精英战队中脱颖而出，斩获一等奖（最高奖项）

De Koninklijke Marine ruimt momenteel mijnen en andere explosieven in de Noordzee. Dat gebeurt met de Belgische en Estse zeemacht. Met de militaire aanwezigheid boven de Waddeneilanden wordt bovendien sabotage van kritieke infrastructuur zoals kabels voorkomen. Het landentrio traint ook hoe het optimaal een haven veilig kan houden. De activiteiten maken deel uit van Sandy Coast 25. Die is vandaag begonnen.

Winners of DARPA’s AI Cyber Challenge proved AI can automate patching at scale. Their tools will go open source, offering defenders new power—but also raising concerns about AI-fueled exploits.

The post DARPA AI Cyber Challenge Winners Impress With Quick, Scalable Patching  appeared first on Security Boulevard.

The Warlock ransomware gang has taken credit for the cyber-attack after the UK telco giant publicly confirmed an incident on August 14

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This vulnerability affects the function rpl_do_srh_inline. This manipulation causes use after free. This vulnerability is handled as CVE-2025-38476. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.39/6.15.7. The affected element is the function cipso_v4_sock_setattr of the component smc. Executing manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-38475. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function sch_qfq. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-38477. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. The impacted element is an unknown function of the component usb. Executing manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2025-38474. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

站在新起点，期待脱颖而出的优秀项目能把握机遇，加速成果转化与产业化进程。

培训将围绕真实案例展开复盘，系统讲解“AI辅助防御、新型技战法应用、蓝队协同机制优化”等关键内容，帮助学员在实战中真正做到“知其然，更知其所以然”。