Aggregator

堆喷你就喷吧，一喷一个不吱声

Dream Chapter系列4道题，从简单到疯狂，只做了前3道，都很有收获，最后这道也补上吧。难度 INSANE 的堆题，这里提出一个比网上WP更好用的TSU+打法，以及独一份的详解scanf内部机制利用分析。

欧盟放宽其原定于 2035 年实施的内燃机汽车禁令，允许少量低排放汽车继续销售。欧盟原计划到 2035 年新车的排放量必须为零，或比 2021 年的水平降低 100%。现在放宽为降低 90%，为插电混动汽车留出了空间——此类汽车配备电动机和内燃机，无需寻找充电站即可利用内燃机为电池充电。欧盟官员表示此举不会影响欧盟 27 个成员国在 2050 年实现经济碳中和的目标。

如何防止模型滥用？如何避免隐私泄露和偏见传播？如何评估模型在安全性和可靠性上的表现？这些问题不仅关系到技术的可持续发展，更关乎社会的公平与安全。 为了更好的理解这些问题，对于大模型开展安全测评是至关重要的。

A vulnerability marked as critical has been reported in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-14097. The attack is possible to be carried out remotely. No exploit exists.

为了防止忘掉，特意花时间重新写了一遍

apple系列是IO的骨干成员

Kerberos Overhaul Will Disable RC4 by Default in Windows
Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems - particularly within large domains where fallback to RC4 has quietly persisted for decades.

Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims
A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes.

AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing Pressures
According to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.

Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries
Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software.

Минцифры хочет создать базу кодов IMEI в 2026 году.

A vulnerability labeled as critical has been found in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. This affects an unknown part of the component Configuration Handler. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-14095. The physical device can be targeted for the attack. There is not any exploit available.

ISCTF2025-WEB方向WP详解

A vulnerability identified as problematic has been detected in Mattermost up to 10.11.6/10.12.2/11.0.4. Affected by this issue is some unknown functionality of the component Calls Widget Page. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-62190. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Mattermost up to 10.11.6. Affected by this vulnerability is an unknown functionality of the component Plugin Bot Identity Handler. Such manipulation leads to improper validation of specified type of input. This vulnerability is traded as CVE-2025-13352. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.4. It has been rated as problematic. Affected is an unknown function of the file /error of the component Link Handler. This manipulation causes open redirect. This vulnerability appears as CVE-2025-62690. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. It has been declared as critical. This impacts an unknown function. The manipulation results in hard-coded credentials. This vulnerability is reported as CVE-2025-14096. An attack on the physical device is feasible. Moreover, an exploit is present.

功能磁共振成像（fMRI）过去三十年被广泛用于大脑研究，但根据发表在《Nature Neuroscience》上的一项研究，fMRI 信号存在大量的噪音，四成 fMRI 信号与实际大脑活动不一致。研究人员发现，40% 的案例中 fMRI 信号增强与脑活动减弱相关。在脑活动增强的区域，fMRI 信号反而减弱。研究结果表明，磁共振成像（MRI）测量的氧含量与神经元活动之间不存在普遍有效的耦合。这项发现从根本上挑战了以往对 fMRI 数据与神经元活动之间关系的解读方式。