Aggregator

A vulnerability was suspected in Linux Kernel up to 6.8.5. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.18.3. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.4.231/5.10.168/5.15.94/6.1.12. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.10.4. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.10.7. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-6375. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in jqlang jq 1.8.0. It has been declared as critical. Affected by this vulnerability is the function f_strflocaltime of the file /src/builtin.c. The manipulation leads to use after free. This vulnerability is known as CVE-2025-49014. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #597446 / VDB-313370

关于 AI，一些可能的“非共识” 飞机上想到，随手记下。 - 不要忽视第二语言的学习（比如英语）。很多朋友认为，有了 AI 翻译，英语学习的性价比很低了，大量使用 AI 辅助阅读、辅助沟通就可以。我的观点是，在一定程度上，换一种语言，也能换一种思维模式，这是巨大的内在优势。 - 不要忽视自己动手写作。很多人看过 AI 输出的文字，尤其是模仿大师作品风格的输出后，开始大量让 AI 代替自己写作和输出。我的观点是：写作的灵魂是思想，AI 可以辅助做脑力激荡、研究探索，但不要让它取代你思考——尤其是，慢慢地，它真的能替你思考，而你却可能失去思考的能力。 - 不要忽视提出正确的问题的能力和追问的能力。有人把 AI 当成搜索引擎，有问题了，问一两句就结束了。我的观点是：AI 就如顶级老师——有 AI 之前，我们身边其实就有很多各行各业的好老师，但大多数人并没有学会怎么找到他们，怎么提出正确的问题，怎么动手实践，怎么观察实践中出现的新问题，怎么进一步追问，怎么把你遇到的现实生活中的问题转变为能与行家深度沟通的一系列问题。 - 不要以为有了答案，就误以为自己看懂了，甚至就掌握了。很多人，问出问题后，只是粗浅地浏览答案，就当作自己理解了。甚至我自己，让 AI 做过的不少 Deep Research，我只是草草翻阅，甚至有些只看看结构。我的观点是：信息越垂手可得，信息的有效吸收反而越困难，要有耐心。 - 不要过度追逐新的 AI 产品。很多人生怕错过，生怕不懂 AI 会被时代淘汰，于是疯狂追新——很像猴子掰玉米，掰了一路，丢了一路。我的观点是，与其追新，不如盯着几个顶级产品，使用它们，融进工作流。寻找你工作中 AI 可以提供协助的环节，用得越多，效率越高。 最后说一句，要放轻松。其实很多时候，很多地方，没有 AI 也没问题。AI 不能代替你在路边看到的小花，不能给你撸猫时的温暖和喵喵回应，更不能给你和家人孩子在一起时那种亲切微妙的连接感。

A vulnerability was found in cardano-scaling hydra up to 0.21.x. It has been classified as problematic. Affected is an unknown function. The manipulation leads to handling of exceptional conditions. This vulnerability is traded as CVE-2025-48886. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Она не стучалась — просто вошла. И теперь ваш ПК сделает всё, чего она захочет.

Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites

10% играют с ними ради прикола. Кончается плохо.

Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident

The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. [...]

Он хотел замести следы, а попал в хронику скандальной утечки. Теперь у него достаточно времени, чтобы подумать.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.84/6.6.25/6.8.4. This issue affects the function cifs_stats_proc_write of the component SMB Client. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-35868. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.30/6.8.9. It has been classified as critical. Affected is the function current_tracer of the file /sys/kernel/tracing of the component tracefs. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-36963. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.