Aggregator

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. [...]

Знакомьтесь - самые провокационные экспонаты на калифорнийской выставке Art Basel.

早期美国军用电话网络曾采用呼叫优先级机制，通过专用按钮实现五级通信优先级划分。

根据发表在《Cell Genomics》的一项遗传分析，今天的家猫（Felis catus）是在唐朝前后抵达中国。此前中国出现的捕鼠动物是豹猫（Prionailurus bengalensis）。现代家猫起源于近东的非洲野猫，经过驯化后传播至全球。中国最早的猫科动物考古记录来自距今五千多年的陕西泉护村遗址，一具猫类遗骸显示其与人类关系密切，曾被认为可能是家猫，但后被确认为体型与家猫相近的本土猫科动物豹猫。因此家猫何时以及如何传入中国的问题一直悬而未解。为解答这一问题，北大博士后韩雨和同事采集和分析了来自人居环境、时间跨度超过五千年的 22 份小型猫科动物骨骼样本，涵盖了中国已知大部分的古代猫类遗存。通过古 DNA 技术获得了全部 22 份线粒体基因组和 7 份全基因组。其中 7 份为豹猫样本，年代从 5400 年前新石器时代晚期的仰韶文化延续至 1800 年前的东汉末年，揭示了豹猫与人类持续 3500 多年的密切关系。研究中 14 份样本鉴定为家猫，均来自唐代及其后的时期。中国迄今最早的家猫遗骸出土于陕西靖边唐朝统万城遗址，碳14测年为公元 706 至 883 年，距今约 1200 年。基因组表型复原显示，该猫为雄性，毛色可能为纯白或白斑狸花，短毛、长尾，且不携带现代家猫常见的遗传缺陷。结合文献记载与考古图像，家猫传入中国的时间应早于出土遗存的年代，可能在公元 6—7 世纪唐代前后。基因组分析进一步确定了家猫传入中国的路线。中国唐代家猫与哈萨克斯坦占肯特遗址出土的同时期家猫，以及近东黎凡特地区的非洲野猫和家猫遗传关系紧密。这三地恰位于陆上丝绸之路的重要枢纽，表明家猫很可能随商旅往来，经由丝绸之路自地中海东岸途经中亚传入中国。

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.

AI 是人类能力的「放大器」。

A vulnerability identified as critical has been detected in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. The identification of this vulnerability is CVE-2025-14190. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to implement restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #699144 / VDB-334610

A vulnerability categorized as critical has been discovered in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. This vulnerability was named CVE-2025-14189. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection. This vulnerability is uniquely identified as CVE-2025-14188. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been declared as critical. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. This vulnerability is handled as CVE-2025-14187. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #699133 / VDB-334609

Currently trending CVE - Hype Score: 3 - Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target ...

Submit #698833 / VDB-334608

Submit #698652 / VDB-334607

На виртуальном полигоне проверяют, готовы ли военные сотрудничать с провайдерами, СМИ и гражданскими структурами в одну секунду.

A vulnerability was found in Grandstream GXP1625 1.0.7.4. It has been classified as problematic. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. This vulnerability is known as CVE-2025-14186. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #698650 / VDB-334606

根据 Nuffield Trust 智库的一项研究，三成英国全科医生在会诊时使用 AI 工具如 ChatGPT，由于 AI 工具不可避免存在幻觉，使用这些工具可能会导致医生犯错和面临诉讼。研究调查了 2108 名家庭医生，598 人（28%）的人表示已在使用 AI 工具，男性医生（33%）使用 AI 的比例高于女性医生（25%），富裕地区医生使用 AI 的比例远高于贫困地区。报告指出，无论是否使用 AI，绝大多数全科医生都担心诊所可能会面临“职业责任和医疗法律问题”、“临床错误风险”以及“患者隐私和数据安全”问题。调查还发现，使用 AI 工具的医生将节省下来的时间用于休息而不是接诊更多患者。

Submit #698632 / VDB-252892