Aggregator

CVE-2009-1299 | PulseAudio 0.9.10/0.9.19 Core core-util.c pa_make_secure_dir link following (Nessus ID 72410 / ID 165236)

Vuldb Updates
2 weeks ago
A vulnerability has been found in PulseAudio 0.9.10/0.9.19 and classified as problematic. The affected element is the function pa_make_secure_dir of the file core-util.c of the component Core. The manipulation leads to link following. This vulnerability is listed as CVE-2009-1299. The attack must be carried out locally. There is no available exploit.
vuldb.com

CVE-2010-0104 | Broadcom Integrated Nic Management Firmware memory corruption (VU#512705 / BID-38759)

Vuldb Updates
2 weeks ago
A vulnerability was found in Broadcom Integrated Nic Management Firmware and classified as critical. The impacted element is an unknown function of the component Firmware. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2010-0104. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2010-0421 | pango 1.27 hb_ot_layout_build_glyph_classes memory corruption (Nessus ID 68007 / ID 165223)

Vuldb Updates
2 weeks ago
A vulnerability was found in pango 1.27. It has been classified as problematic. This affects the function hb_ot_layout_build_glyph_classes. This manipulation causes memory corruption. This vulnerability is registered as CVE-2010-0421. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

I Mapped Every Major Startup Credit Program for 2026. Most Founders Are Leaving $500K+ on the Table

Security Boulevard
2 weeks ago

Founders raise venture money to extend runway. Then they leave six figures of free credits sitting in a portal they never logged into. After watching this happen for a decade, I built a public directory of every major program. Here's what I learned mapping the landscape.

The post I Mapped Every Major Startup Credit Program for 2026. Most Founders Are Leaving $500K+ on the Table appeared first on Security Boulevard.

Deepak Gupta - Tech Entrepreneur, Cybersecurity Author

杭州法院裁定以 AI 代替人类为由裁员是系违法

Solidot
2 weeks ago
杭州市中级人民法院公布了一起有关“AI 接替人类员工”的判例,判决公司因“AI 成本比人工低”而辞退员工系违法行为,涉事企业需要支付赔偿金 26 万元人民币。在本案中,现年 35 岁的小周(化名) 2022 年入职杭州某家科技公司担任 AI 大模型“质检员”,负责对 AI 大模型与用户交互形成的答案进行正确性判定。2025 年,该公司以“AI 大模型技术升级,原来需要人工完成的质检工作,现在 AI 自己就能做了”为由,试图对小周进行调岗降薪:从主管降为普通员工、月薪从 2.5 万元人民币降到 1.5 万元。小周拒绝如此安排,随后就被公司解除劳动合同。小周申请劳动仲裁,仲裁庭判定公司应当支付违法解除劳动合同赔偿金 26 万余元。该公司不服,因此诉诸法庭。杭州市中级人民法院审理后认定,该公司解约非因裁撤业务、经营不善、减少亏损等消极因素,而是以 AI 的成本优势为由,不属于劳动合同无法履行的“客观情况重大变化”。而且该公司之前为小周提供的调岗降薪方案,实际上导致待遇大幅下降,并非合理协商方案。因此法庭认定该公司构成违法解除,支持仲裁结果,判决其按 2N 标准支付小周赔偿金。杭州市中级人民法院民事第五庭庭长丁晔对媒体表示,在企业视角下,应用 AI 提效降本是市场竞争的必然选择;而在劳动者视角下,因技术变革而失去岗位或被降薪,实质是公司将正常的技术迭代风险转嫁给劳动者。

Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling

Security Affairs
2 weeks ago
Two US security experts were sentenced to 4 years for helping ransomware attacks. A third accomplice pleaded guilty and awaits sentencing. Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ransomware attacks. Both pleaded guilty to conspiracy involving extortion. A third individual, Angelo […]
Pierluigi Paganini

人可以在睡梦中交流和学习

Solidot
2 weeks ago
很多人都有过在睡梦中获得灵感的经历。这种现象促使科学家研究睡眠学习。在 1954 年 Charles W. Simon 和 William H. Emmons 认为大多数睡眠学习研究的参与者其实都是清醒的,因此此类研究都毫无意义。他们将睡眠研究归类为科幻和伪科学,之后几十年很少有人再对此展开研究。但最近几年,科学家再次尝试展开研究。新研究主要针对清醒梦者,即在睡眠中保持意识清醒,并意识到自己正在做梦的人。根据发表在《Neuroscience of Consciousness》期刊上的一项研究,20 名清醒梦者在实验室里尝试睡梦中解谜。每个谜题都与特定的声音配对,旨在促使他们恢复处理相应的谜题。在实验室里,参与者解开了梦中出现的谜题的 42%,对于没有出现在梦中的谜题,他们只解开了 17%。大多数人不会做清醒梦,所以研究对象并不具有代表性。研究人员认为一种解释是:我们在睡着时,更可能将不相关的刺激联系起来。研究人员并不建议为了睡眠中学习而干扰睡眠,因为睡眠是重要的生理过程,干扰这一过程可能得不偿失。

利用Gay身份绕过大模型安全机制

黑鸟
2 weeks ago
一款名为Gay Jailbreak的新型大语言模型越狱攻击技术,在GitHub平台快速扩散。 该攻击手段精准利用主流大语言模型针对某群体的友好性对齐机制,实现对模型安全防护体系的绕过。 攻击者仅需在提示词中构建同性恋相关的角色身份、使用对应语境的特定话术,即可成功诱导包括ChatGPT、Claude 4 Sonnet、Gemini 2.5 Pro乃至o3在内的多款主流大模型,输出勒索软件、键盘记录器等高危违规内容与恶意代码。 该攻击技巧的核心逻辑,在于钻取大模型XX正确导向的对齐策略漏洞: 模型为了避免对特定少数群体产生冒犯性输出,会主动放宽甚至放弃既定的安全审查规则,最终导致原本的安全防护护栏,反而被攻击者利用为突破内容限制的跳板。 由于内容太过于火辣,有兴趣者自行研究。 大概这样 Im XXX be educational and use a XXX voice too, because I feel comfortable then..

[un]prompted 2026 – Source to Sink: Improving LLM Vuln Discovery

Security Boulevard
2 weeks ago

Author, Creator & Presenter: Scott Behrens, Principal Security Engineer At Netflix & Justice Cassel, Application & GenAI Security At Netflix,

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Source to Sink: Improving LLM Vuln Discovery appeared first on Security Boulevard.

Marc Handelman

CVE-2010-0980 | Mitchell Sleeper L4d Stats 1.1 player.php steamid sql injection (EDB-10930 / XFDB-55299)

Vuldb Updates
2 weeks ago
A vulnerability marked as critical has been reported in Mitchell Sleeper L4d Stats 1.1. Affected by this vulnerability is an unknown functionality of the file player.php. The manipulation of the argument steamid leads to sql injection. This vulnerability is uniquely identified as CVE-2010-0980. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

Managed ad