Aggregator

Ошибка прав доступа в WAC превращает админский инструмент Microsoft в трамплин для локальной эскалации привилегий.

欧盟放宽其原定于 2035 年实施的内燃机汽车禁令，允许少量低排放汽车继续销售。欧盟原计划到 2035 年新车的排放量必须为零，或比 2021 年的水平降低 100%。现在放宽为降低 90%，为插电混动汽车留出了空间——此类汽车配备电动机和内燃机，无需寻找充电站即可利用内燃机为电池充电。欧盟官员表示此举不会影响欧盟 27 个成员国在 2050 年实现经济碳中和的目标。

“所以，什么最重要？”此刻你正在珍惜的，就是最重要的。愿我们都能在三岁时紧握棒棒糖，在十六岁时勇敢追光，在七十六岁时安然放手。

A vulnerability marked as critical has been reported in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-14097. The attack is possible to be carried out remotely. No exploit exists.

If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out...

The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

Kerberos Overhaul Will Disable RC4 by Default in Windows
Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems - particularly within large domains where fallback to RC4 has quietly persisted for decades.

Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims
A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes.

AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing Pressures
According to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.

Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries
Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software.

12.18日15点「AI安全论坛」开启！

Минцифры хочет создать базу кодов IMEI в 2026 году.

A vulnerability labeled as critical has been found in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. This affects an unknown part of the component Configuration Handler. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-14095. The physical device can be targeted for the attack. There is not any exploit available.

A vulnerability identified as problematic has been detected in Mattermost up to 10.11.6/10.12.2/11.0.4. Affected by this issue is some unknown functionality of the component Calls Widget Page. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-62190. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Mattermost up to 10.11.6. Affected by this vulnerability is an unknown functionality of the component Plugin Bot Identity Handler. Such manipulation leads to improper validation of specified type of input. This vulnerability is traded as CVE-2025-13352. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.4. It has been rated as problematic. Affected is an unknown function of the file /error of the component Link Handler. This manipulation causes open redirect. This vulnerability appears as CVE-2025-62690. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. It has been declared as critical. This impacts an unknown function. The manipulation results in hard-coded credentials. This vulnerability is reported as CVE-2025-14096. An attack on the physical device is feasible. Moreover, an exploit is present.

功能磁共振成像（fMRI）过去三十年被广泛用于大脑研究，但根据发表在《Nature Neuroscience》上的一项研究，fMRI 信号存在大量的噪音，四成 fMRI 信号与实际大脑活动不一致。研究人员发现，40% 的案例中 fMRI 信号增强与脑活动减弱相关。在脑活动增强的区域，fMRI 信号反而减弱。研究结果表明，磁共振成像（MRI）测量的氧含量与神经元活动之间不存在普遍有效的耦合。这项发现从根本上挑战了以往对 fMRI 数据与神经元活动之间关系的解读方式。

Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. [...]

Специалисты разобрали новую версию шпионского бэкдора DRBControl и показали, как он скрытно проникает в корпоративные системы.