Aggregator

Как доверие к ИИ помогло преступникам заразить Mac инфостилером AMOS под видом безобидного совета.

Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems

众筹平台 GoFundMe 发表年度报告《Year in Help》，称有更多的人在 2025 年众筹房租和食品等生活必需品。报告称房租、水电费和食品杂货等基本开支的筹款活动数量增长了 20%，“每月账单（Monthly bills）”是增长速度第二快的众筹类别，仅次于对非营利组织的捐助。生活必需品众筹增长的英语国家包括了美国、加拿大、英国和澳大利亚。GoFundMe CEO Tim Cadogan 称，在美国政府停摆期间，随着每月福利 SNAP 的中断，食品相关的众筹活动增加了近六倍。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

希腊前财长、经济学家 Yanis Varoufakis 认为今天的科技巨头是新时代的苏维埃，推行基于算法的计划经济。Palantir 联合创始人 Peter Thiel 宣称失败者才要竞争。他的意思是赢家不仅仅是通过消灭竞争对手去垄断市场，它们还会不断扩张直至摧毁市场本身，复活苏联式的国家计划经济。苏联的国家计划经济之所以失败，是因为它缺乏科技巨头最强大的武器：云资本——以算法、数据中心和光纤构成的集成网络。一位年长的托洛茨基主义者认为苏联以社会主义的名义创造了一种工业封建主义，而今天的科技巨头以资本主义和自由市场的名义创造了一种科技封建主义。随着科技巨头的云资本不断积累并集中到越来越少的人手中，各国政府愈来愈依赖科技巨头。通过在租用的云基础设施上构建核心功能，各国政府实际上是从亚马逊 AWS、微软和 Google 等公司回租其运作能力。这种依赖催生了一种科技封建权力维度。云资本用源自苏联时代的计划工具取代了市场，在此过程中它杀死了资本主义。

A vulnerability categorized as critical has been discovered in open-webui Open WebUI up to 0.6.36. This vulnerability affects unknown code. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2025-65958. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Nextcloud Server and Enterprise Server up to 31.0.8/32.0.0. It has been rated as problematic. Affected is an unknown function of the component admin_audit App. Performing manipulation results in insufficient logging. This vulnerability is cataloged as CVE-2025-66552. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Flexsense DiskBoss 7.7.14. Affected by this vulnerability is an unknown functionality of the component Directory Handler. The manipulation of the argument Add Input Directory results in memory corruption. This vulnerability is cataloged as CVE-2020-36881. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in Flexsense DiskBoss 7.7.14. This issue affects some unknown processing. Performing manipulation of the argument Reports/Data Directory results in memory corruption. This vulnerability is cataloged as CVE-2020-36880. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Mozilla Firefox up to 145. This vulnerability affects unknown code of the component JIT. Executing manipulation can lead to Remote Code Execution. This vulnerability is registered as CVE-2025-14325. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

Elke marinier die voor het eerst zijn baret opzet, erft volgens de commandant Korps Mariniers een geschiedenis die in drieënhalve eeuw is opgebouwd. Brigadegeneraal Ivo Moerman zei dit vandaag in Rotterdam waar het Korps Mariniers zijn 360-jarig bestaan vierde, tussen de inwoners van Rotterdam. De stad waar de mariniers al eeuwenlang mee zijn verbonden.

近期出现多起利用 ChatGPT 共享链接聊天记录实施的网络钓鱼攻击，其攻击套路大致如下： 攻击者首先在谷歌平

Впервые создан процессор, превосходящий существующие решения в 100 раз.

Spanish police accused a 19-year-old man of stealing 64 million personal data records from multiple companies and attempting to sell them on hacker forums.

A vulnerability marked as problematic has been reported in yuvalo WP Google Analytics Events Plugin up to 2.8.2 on WordPress. Affected by this issue is some unknown functionality. Performing manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability is known as CVE-2025-63009. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in GTT Sistema de Información Tributario. The affected element is an unknown function of the component Active Directory Login. Such manipulation leads to authentication bypass by spoofing. This vulnerability is traded as CVE-2025-13953. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in i2A CronosWeb. Impacted is an unknown function of the file /CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas. This manipulation of the argument documentCode causes authorization bypass. This vulnerability appears as CVE-2025-41358. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Fortinet FortiVoice up to 7.2.1. The affected element is an unknown function. Performing manipulation results in sql injection. This vulnerability is identified as CVE-2025-64156. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in WAGO Indsutrial-Managed-Switches up to 02.63. This vulnerability affects the function check_account. The manipulation leads to stack-based buffer overflow. This vulnerability is documented as CVE-2025-41730. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.