Aggregator

瑞士ProtonMail推出Lumo AI助手，基于开源模型构建全程加密数据且不用于训练AI。免费版有配额限制，Lumo Plus每月12.99美元。

决赛倒计时三天！终极对决！挑战者已准备就位！

当前环境出现异常情况，需完成验证后方可继续访问。页面提供验证链接供用户操作。

HackerNews 编译，转载请注明出处： 谷歌宣布推出一项名为“OSS Rebuild”的新计划，旨在增强开源软件包生态系统的安全性，防范软件供应链攻击。 谷歌开源安全团队（GOSST）的Matthew Suozzo在本周的博客文章中表示：“随着供应链攻击持续针对广泛使用的依赖库，OSS Rebuild能为安全团队提供强大的数据来避免遭受入侵，同时无需增加上游维护者的负担。” 该项目旨在为Python Package Index (Python)、npm (JS/TS) 和 Crates.io (Rust) 软件包注册表提供构建溯源（build provenance），并计划将其扩展到其他开源软件开发平台。 OSS Rebuild 的核心思路是结合利用声明式构建定义（declarative build definitions）、构建工具（build instrumentation）和网络监控能力，生成可信的安全元数据。这些元数据随后可用于验证软件包的来源，并确保其未被篡改。 谷歌表示：“通过自动化和启发式方法，我们确定目标软件包的预期构建定义并重建它。我们将结果与现有的上游制品进行语义比较，对两者进行归一化处理，以消除导致比特级（bit-for-bit）比较失败的不稳定因素（例如，归档压缩差异）。” 成功复现软件包后，构建定义和结果将通过 SLSA Provenance 作为证明机制发布。这使用户能够可靠地验证其来源、重复构建过程，甚至从已知功能基线定制构建。 在自动化无法完全复现软件包的情况下，OSS Rebuild 提供了可替代使用的手动构建规范。 谷歌指出，OSS Rebuild 有助于检测不同类别的供应链入侵事件，包括： 包含公共源代码仓库中不存在代码的已发布软件包（例如 @solana/web3.js 事件） 可疑的构建活动（例如 tj-actions/changed-files 案例） 通过人工审查难以识别的、嵌入在软件包中的异常执行路径或可疑操作（例如 XZ Utils 后门） 除了保护软件供应链，该方案还能改进软件物料清单（SBOM）、加速漏洞响应、增强软件包的可信度，并消除组织依赖 CI/CD 平台负责其软件包安全性的需要。 谷歌解释道：“重建工作通过分析已发布的元数据和制品来推导，并与上游软件包版本进行评估。成功后，将为上游制品发布构建证明，验证上游制品的完整性，并消除许多可能的入侵来源。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文  

文章介绍了错误代码521的含义及其常见原因，并提供了排查和解决问题的方法。

A vulnerability, which was classified as problematic, has been found in Atlassian Confluence up to 5.8.16. Affected by this issue is some unknown functionality of the file rest/prototype/1/session/check. The manipulation of the argument PATH_INFO leads to cross site scripting. This vulnerability is handled as CVE-2015-8398. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

QueryDash插件增強Obsidian的Dataview功能，支持過濾、欄位排序、分頁等操作，并可生成任務清單和時間軸視圖。

A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-7933. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Nokia WaveSuite NOC. Affected is an unknown function of the component User Management. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-24938. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Nokia WaveSuite NOC. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-24937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in CommScope Ruckus Unleashed 10.5.1.0.279. It has been classified as critical. Affected is an unknown function of the component Web Interface. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-46120. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in CommScope Ruckus Unleashed and Ruckus ZoneDirector. Affected is an unknown function of the file ap_debug.sh of the component Restricted CLI. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-46117. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CommScope Ruckus Unleashed. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/_cmdstat.jsp of the component Diagnostics API Endpoint. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2025-46122. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nokia WaveSuite NOC and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-24936. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

In the latest security update for Windows Server 2019, released on July 8, a critical flaw has emerged—one that threatens the stability of entire clustered infrastructures. Patch KB5062557 disrupts the proper functioning of the...

The post Windows Server 2019 Update (KB5062557) Breaks Clusters, Causes VM Restarts & BitLocker Issues appeared first on Penetration Testing Tools.

红超巨星参宿四发现伴星，该伴星已进入其大气层并将在未来一万年内撞入。参宿四即将进入生命末期并发生超新星爆发。

苹果推出AppleCare One订阅计划，每月19.99美元起，涵盖iPhone、iPad和Apple Watch的额外保修及防盗丢失保险。用户可注册现有设备需诊断确认状态良好，并提供无限制维修和专家支持。

当前环境出现异常状态，需完成验证后才能继续访问。

文章指出当前环境异常，需完成验证后方可继续访问。

当前环境出现异常，需完成验证后方可继续访问。