Aggregator
美国商务部计划发布规则,以国家安全理由限制或禁止进口中国无人机,以及来自中国等国重量超过 10000 磅的车辆。从中国进口的无人机占美国商用无人机销量的绝大部分,其中逾半数来自全球最大无人机制造商大疆。此前拜登政府已以国家安全为由,限制进口中国生产的汽车和卡车。去年 12 月拜登签署了一项法案,该法案可能为禁止大疆、道通智能在美国销售新型无人机铺平道路。
Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test
10 months ago
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan.
The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025.
"The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity
The Hacker News
ISMG Editors: The Pentagon, Microsoft and Chinese Workers
10 months ago
Also: Software Supply Chain Risks, Cato's AI Security Buy
In this week's update, four ISMG editors discussed the Pentagon's review of Microsoft's use of Chinese nationals on U.S. military cloud systems, renewed concerns over software supply chain risks and Cato Networks' first-ever acquisition to boost AI security.
In this week's update, four ISMG editors discussed the Pentagon's review of Microsoft's use of Chinese nationals on U.S. military cloud systems, renewed concerns over software supply chain risks and Cato Networks' first-ever acquisition to boost AI security.
BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages
10 months ago
Creator, Author and Presenter: Kirill Boychenko
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.
Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!
The post BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages appeared first on Security Boulevard.
Marc Handelman
Anthropic 向图书作者支付 15 亿美元和解侵权诉讼
10 months ago
上月底 AI 初创公司 Anthropic 与图书作者就版权侵犯集体诉讼达成和解,避免了潜在可能高达数十亿美元的侵权赔偿。法庭文件显示,Anthropic 从盗版电子书库 LibGen 和 PiLiMi 下载了多达 700 万电子书,在 2021 年和 2022 年创建了一个巨大的书库。本周图书作者披露 Anthropic 同意支付 15 亿美元并销毁为训练其 AI 模型而盗版的所有书籍副本。这一和解协议涉及的赔偿金额是美国版权诉讼史上最高的。协议涵盖 Anthropic 为训练 AI 而盗版的 50 万部作品。每位作者的每部作品将获得 3000 美元的赔偿。Anthropic 已同意了和解条款,但还需要获得法院批准。
CVE-2023-40414 | Apple watchOS Web Contents use after free (WID-SEC-2024-1213)
10 months ago
A vulnerability described as critical has been identified in Apple watchOS. Affected by this vulnerability is an unknown functionality of the component Web Contents Handler. Executing manipulation can lead to use after free.
This vulnerability is registered as CVE-2023-40414. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2023-39928 | WebKitGTK/WPE WebKit up to 2.41.x MediaRecorder API use after free (WSA-2023-0009 / WID-SEC-2024-1213)
10 months ago
A vulnerability categorized as critical has been discovered in WebKitGTK and WPE WebKit up to 2.41.x. This affects an unknown part of the component MediaRecorder API. The manipulation results in use after free.
This vulnerability is known as CVE-2023-39928. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2023-40414 | Apple macOS WebKit use after free (WID-SEC-2024-1213)
10 months ago
A vulnerability classified as problematic has been found in Apple macOS. Affected by this issue is some unknown functionality of the component WebKit. This manipulation causes use after free.
This vulnerability appears as CVE-2023-40414. The attacker needs to be present on the local network. There is no available exploit.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-40414 | Apple iOS/iPadOS Web Contents use after free (WID-SEC-2024-1213)
10 months ago
A vulnerability marked as critical has been reported in Apple iOS and iPadOS. Affected is an unknown function of the component Web Contents Handler. Performing manipulation results in use after free.
This vulnerability is cataloged as CVE-2023-40414. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2014-1745 | Google Chrome 34.0.1847.131 SVG svgfontfaceelement.cpp resource management (EUVD-2014-1819 / Nessus ID 74256)
10 months ago
A vulnerability was found in Google Chrome 34.0.1847.131. It has been declared as critical. This issue affects some unknown processing of the file core/svg/svgfontfaceelement.cpp of the component SVG Handler. Such manipulation leads to improper resource management.
This vulnerability is uniquely identified as CVE-2014-1745. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-32359 | Apple iOS/iPadOS up to 16.7.1 VoiceOver information disclosure (WID-SEC-2024-1213)
10 months ago
A vulnerability identified as problematic has been detected in Apple iOS and iPadOS up to 16.7.1. Affected by this issue is some unknown functionality of the component VoiceOver. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2023-32359. It is possible to launch the attack on the physical device. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2020-18651 | exempi up to 2.5.0 Audio File getFrameValue buffer overflow (Issue 13 / Nessus ID 252334)
10 months ago
A vulnerability was found in exempi up to 2.5.0. It has been classified as critical. The affected element is the function ID3_Support::ID3v2Frame::getFrameValue of the component Audio File Handler. The manipulation leads to buffer overflow.
This vulnerability is listed as CVE-2020-18651. The attack may be initiated remotely. There is no available exploit.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2020-18652 | exempi up to 2.5.0 webp File WEBP_Support.cpp buffer overflow (Issue 12 / Nessus ID 252335)
10 months ago
A vulnerability was found in exempi up to 2.5.0. It has been classified as critical. Affected is an unknown function of the file WEBP_Support.cpp of the component webp File Handler. Performing manipulation results in buffer overflow.
This vulnerability was named CVE-2020-18652. The attack may be initiated remotely. There is no available exploit.
It is suggested to install a patch to address this issue.
vuldb.com
CVE-2025-20128 | Cisco Secure Endpoint up to 8.1.7.21512 ClamAV heap-based overflow (cisco-sa-clamav-ole2-H549rphA / Nessus ID 214849)
10 months ago
A vulnerability, which was classified as critical, has been found in Cisco Secure Endpoint. This issue affects some unknown processing of the component ClamAV. This manipulation causes heap-based buffer overflow.
This vulnerability is tracked as CVE-2025-20128. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-10032 | Campcodes Grocery Sales and Inventory System 1.0 /index.php page cross site scripting (EUVD-2025-27081)
10 months ago
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0 and classified as problematic. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting.
This vulnerability is identified as CVE-2025-10032. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
CVE-2025-10033 | itsourcecode Online Discussion Forum 1.0 /admin Username sql injection (EUVD-2025-27080)
10 months ago
A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been declared as critical. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection.
This vulnerability is listed as CVE-2025-10033. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
Firefox 将于 2026 年 9 月停止支持 32 位 Linux 系统
10 months ago
Mozilla 宣布 Firefox 浏览器将于 2026 年 9 月停止支持 32 位 Linux 系统。Mozilla 称,大部分 Linux 发行版已经不再支持 32 位架构,在 Linux 平台维护 32 位 Firefox 日益困难和不可靠。为了集中精力,Mozilla 宣布将于 Firefox 144 之后停止支持 32 位 Linux,即 Firefox 145 将只支持 64 位 Linux。Mozilla 建议 32 位 Linux 用户升级到 64 位 Linux 使用 64 位 Firefox。如果用户无法立即升级,Firefox ESR 140 的安全更新将一直支持到 2026 年 9 月。
Цифровой Мидас: всё, к чему прикоснулся Альтман, превратилось в ботов вместо золота
10 months ago
ИИ-профили, токсичные ответы и контент-фермы становятся новой нормой.
Want to see wife’s PH activity
10 months ago
Reddit通知用户因IP地址请求过多被限流,建议等待后重试。如持续受限,可联系客服并提供账户信息及代码。
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
10 months ago
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. [...]
Bill Toulas