Aggregator

Шпионское ПО с 2017 года перехватывает коммуникации пользователей.

PDQ Deployの「Deploy User」Run Modeによるデプロイ処理中に、指定されたアカウントの資格情報が窃取される問題が報告されています。

宾夕法尼亚州立大学和哥伦比亚大学科学家首次观察到一类特殊准粒子——半狄拉克费米子。这类准粒子在朝一个方向移动时拥有质量，而朝另一个方向移动时则失去质量。研究人员表示，对这些准粒子开展深入研究，有望促进下一代电池、传感器等技术发展。当粒子的能量完全源自其运动时，它就没有质量。这意味着它本质上是以光速传播的纯能量，如以光速移动的光子就被认为没有质量。在固体材料中，一些行动一致的粒子（也被称为准粒子）的“一举一动”可能与单个粒子截然不同。有些准粒子仅在朝一个方向移动时才拥有质量，而朝另一个方向移动时没有质量。这些奇特的粒子被命名为半狄拉克费米子。研究人员在名为锆硅硫化物（ZrSiS）的半金属材料晶体内，首次窥见了半狄拉克费米子的“真容”。在实验中，研究团队将一块锆硅硫化物冷却至 -268.9℃左右，然后将其置于实验室强大的磁场中，并用红外光照射，随后分析材料反射的光。借助磁光光谱学技术，观测了锆硅硫化物晶体内准粒子的性质。

Facebook Messenger Group Call DoS Write-up

A vulnerability was found in danieliser Popup Maker Plugin up to 1.20.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument post_title leads to cross site scripting. The identification of this vulnerability is CVE-2024-10583. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in hashthemes Hash Form Plugin up to 1.2.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12201. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in wpdevteam NotificationX Plugin up to 2.9.3 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11727. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in wplegalpages Cookie Consent for WP Plugin up to 3.6.5 on WordPress and classified as problematic. Affected by this issue is the function wpl_script_save. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11724. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in g5theme Essential Real Estate Plugin up to 5.1.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Transaction Log Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-12329. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in unitecms Unlimited Elements for Elementor Plugin up to 1.5.126 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10784. It is possible to launch the attack remotely. There is no exploit available.

North Korean hackers behind $50 million crypto heist of Radiant Capital

A vulnerability, which was classified as problematic, has been found in wpsoul Greenshift Plugin up to 9.9.9.3 on WordPress. This issue affects the function wp_reusable_render of the component Shortcode Handler. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-11181. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Tungsten Automation Power. This vulnerability affects unknown code of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-12550. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Tungsten Automation Power. This affects an unknown part of the component JP2 File Parser. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-12548. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tungsten Automation Power. It has been rated as critical. Affected by this issue is some unknown functionality of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-12551. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tungsten Automation Power. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-12549. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tungsten Automation Power. It has been classified as critical. Affected is an unknown function of the component JPF File Parser. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-12547. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

NASA JPL 与 AeroVironment 的工程师正详细调查机智号（Ingenuity）火星直升机 2024 年 1 月 18 日最后一次飞行任务，将在接下来数周内发布首例在其他星球发生的飞行事故技术报告。机智号是第一架在另一个星球上飞行的飞行器，最初设计为在 30 天内进行最多五次飞行实验，但机智号工作了将近三年并进行 72 次飞行，飞行距离超过最初计划的 30 倍，累积飞行时间超过两小时。调查显示，机智号的导航系统在飞行时无法提供准确的数据可能是事故的主因。第 72 次飞行计划为简单的垂直上升以检测机智号的飞行系统状况并拍摄该区域的地景，飞行数据显示机智号在上升到 12 米高悬停并拍摄照片，19 秒后开始下降，并在 32 秒后回到地面并停止通讯。隔天，任务团队修复了通讯，并在回传的图片中发现机智号旋翼的叶片遭受到严重的损毁。

A vulnerability was found in Apple macOS up to 15.1 and classified as critical. This issue affects some unknown processing of the component File Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-54524. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 15.1 and classified as critical. This vulnerability affects unknown code of the component kASLR. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-54531. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.