Aggregator

A vulnerability was found in Linux Kernel up to 6.12.42/6.15.10/6.16.1/6.17-rc1. It has been classified as critical. The affected element is the function split_huge_pmd of the component userfaultfd. This manipulation causes denial of service. This vulnerability is tracked as CVE-2025-38686. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.16.1. Affected is the function i2c_unregister_device. The manipulation leads to use after free. This vulnerability is documented as CVE-2025-38682. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

印度电信部要求智能手机制造商在手机上预装用户无法禁用的政府网络安全应用 Sanchar Saathi。该命令是于 11 月 28 日下达给手机制造商的，要求在 90 天内完成。该命令没有公开发布，而是通过私下下达给智能手机制造商。苹果、三星、vivo、OPPO 和小米等都受到新命令的约束。印度电信部还要求对于现有手机，制造商需要通过软件更新将该应用推送给用户。印度是全球最大的手机市场之一，有逾 12 亿用户。Sanchar Saathi 于 1 月推出，政府声称该应用帮助找回了逾 70 万部丢失的手机。印度此举可能会激怒苹果公司和隐私倡导者。苹果公司通常会拒绝此类请求，Counterpoint Research 研究总监 Tarun Pathak 称，苹果可能会寻求折衷方案：与其强制预装，不如协商要求提供一个选项，引导用户安装该应用。

印度电信部要求智能手机制造商预装不可禁用的安全应用Sanchar Saathi，并在90天内完成。该应用已帮助找回70万部丢失手机，但可能引发隐私争议。

Почему даже самые безбашенные взломщики бросают своё ремесло после 20 лет?

AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks. Developers build layered defenses Across the AI ecosystem, developers are adopting layered controls throughout the lifecycle. They combine training safeguards, deployment filters, and post release tracking tools. A model may be trained to refuse harmful prompts. After release, its inputs and outputs may pass … More →

The post Attackers keep finding new ways to fool AI appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2025-12-02, 50 days ago. The vendor is given until 2026-04-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2025-12-02, 50 days ago. The vendor is given until 2026-04-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2025-12-02, 50 days ago. The vendor is given until 2026-04-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Marcin Wiazowski' was reported to the affected vendor on: 2025-12-02, 50 days ago. The vendor is given until 2026-04-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-12-02, 50 days ago. The vendor is given until 2026-04-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

好，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。首先，我得仔细阅读用户提供的文章内容，理解其主要信息。 文章是德文写的，但看起来是关于39C3大会的议程发布。主要内容包括议程的首次发布，时间安排在12月27日早上10:30开始，有165个演讲，分为七个主题。还有提到一些惊喜演讲会在大会前公布，并且议程可能会有小调整。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖关键点：议程发布、时间、演讲数量和主题分类、惊喜演讲和可能的调整。 然后，我要避免使用像“这篇文章总结了...”这样的开头，直接描述内容。同时，保持语言简洁明了。 最后，检查字数是否符合要求，并确保信息准确无误。 39C3大会议程首次发布，包含165个演讲，分为七个主题，并计划在大会期间公布更多惊喜内容。

当前环境出现异常，请完成验证后继续访问。

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”这样的开头。首先，我需要理解文章的主要内容。看起来文章提到了环境异常，完成验证后才能继续访问，还有“去验证”的选项。 用户可能是在遇到登录或访问问题时看到了这篇文章，所以他们需要一个简洁的总结来了解情况。我应该抓住关键点：环境异常、验证、继续访问。这样用户就能快速明白发生了什么。 另外，用户要求控制在一百个字以内，所以我需要精简语言，避免冗长。直接描述情况，不需要多余的解释。这样总结出来的内容既准确又符合用户的要求。 最后，检查一下是否符合所有条件：中文、一百字以内、直接描述内容。确保没有遗漏任何重要信息，并且表达清晰。 当前环境出现异常，需完成验证后方可继续访问。

目前，OpenAI 已启动调查以明确事件的完整影响范围。

这两款模型通过付费订阅或免费本地部署的方式，在网络犯罪圈的使用率正持续上升。

A vulnerability classified as problematic was found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing manipulation of the argument cdetails can lead to cross site scripting. This vulnerability is registered as CVE-2025-13577. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-13579. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2025-13580. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability has been found in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0 and classified as problematic. This vulnerability affects unknown code of the component File Management Module. This manipulation causes information management error. This vulnerability is handled as CVE-2025-58304. It is feasible to perform the attack on the physical device. There is not any exploit available. The affected component should be upgraded.