Aggregator

Google понадобилось 8 лет для миллиарда запросов...ChatGPT уложился в 2 года.

聊聊成为CISO的五个关键能力，少走弯路。

当前环境出现异常状态，需完成验证后方可继续访问服务。

Redis发现高危漏洞RediShell（CVE-2025-49844），CVSS评分10.0分。该漏洞利用Lua脚本绕过沙箱实现远程代码执行，影响约75%云环境。建议立即升级至最新版本并加强安全配置。

A vulnerability was found in Apache Portable Runtime APR up to 1.6.2 and classified as critical. Affected by this issue is the function apr_exp_time*/apr_os_exp_time*. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2017-12613. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Apple macOS up to 10.14.0. It has been rated as critical. This issue affects some unknown processing of the component APR. Performing manipulation results in out-of-bounds read. This vulnerability was named CVE-2017-12613. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Apache HTTP Server up to 2.4.54. This vulnerability affects unknown code of the component Header Handler. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2006-20001. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Elastic Kibana up to 7.17.29/8.18.7/8.19.4/9.0.7/9.1.4. The affected element is an unknown function of the component Crowdstrike Connector. Performing manipulation results in insufficiently protected credentials. This vulnerability is cataloged as CVE-2025-37728. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in VMware Spring Security up to 6.4.9/6.5.3 and classified as problematic. This affects an unknown function of the component EnableMethodSecurity. Such manipulation leads to authorization bypass. This vulnerability is listed as CVE-2025-41248. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in VMware Spring Framework up to 5.3.44/6.1.22/6.2.10. It has been classified as critical. This impacts an unknown function of the component EnableMethodSecurity. Performing manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-41249. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in VMware Spring Framework up to 5.3.43/6.0.29/6.1.21/6.2.9. This issue affects some unknown processing of the component Servlet Container Handler. Performing manipulation results in path traversal. This vulnerability is known as CVE-2025-41242. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. This vulnerability is traded as CVE-2025-11425. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability described as critical has been identified in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. This vulnerability is known as CVE-2025-11426. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Johannes Ullrich值班中，威胁级别为绿色。提供Application Security课程（Dallas站）及ISC Stormcast播客（9646期）信息。

由于未成年人身心尚未发育成熟的特殊性，加上算法推荐机制本身的技术局限、平台企业的价值观错位与法律责任的落实不力等多层次原因，未成年人在强算法推荐的网络环境中正面临过度娱乐化推送和不良信息推送等问题的冲击。

2025年3月14日，国家互联网信息办公室等四部门联合发布《人工智能生成合成内容标识办法》及其配套强制性国家标准，自9月1日起正式实施。这一重要制度的出台，标志着我国在AI治理领域迈出了关键一步。

深度伪造是一种基于人工智能的内容生成或篡改技术，通过算法对图像、视频、音频等多媒体内容进行高度逼真的合成、替换或修改，制造出虚假但难以分辨真伪的信息。虽然深度伪造技术为数字内容创作和娱乐产业注入了创新活力，但这一技术的滥用也催生了新型犯罪。

A vulnerability has been found in Goodtech FTP Server up to 3.0.1.2.1.0 and classified as problematic. Affected is an unknown function of the component Connection Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2001-0188. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as critical, was found in University of Washington wu-ftpd up to 2.6.1. This impacts an unknown function of the component Debug Mode. Executing manipulation of the argument PASV can lead to improper privilege management. The identification of this vulnerability is CVE-2001-0187. The attack may be launched remotely. Furthermore, there is an exploit available. You should upgrade the affected component.