Aggregator

Apache Struts 文件上传漏洞(CVE-2024-53677)安全风险通告

Diving deep into Jetbrains TeamCity Part 2 - Analysing CVE-2024-24942 leading to unauthenticated Path Traversal

CMake调用git log正常输出中文

A Threat Actor Claims to have Leaked the Data from PharmaWebCanada

最近开始学习编译原理的课程：https://www.bilibili.com/video/BV16h411X7 […]

Nisos
Shielded on All Sides: How Company Executives Can Mitigate Virtual Kidnapping Schemes

Virtual kidnapping, or virtual kidnapping for ransom, is a coercive telephonic scheme used to extort ransom payments from victims...

The post Shielded on All Sides: How Company Executives Can Mitigate Virtual Kidnapping Schemes appeared first on Nisos by Nisos

The post Shielded on All Sides: How Company Executives Can Mitigate Virtual Kidnapping Schemes appeared first on Security Boulevard.

OnlyFans 的一大魅力是网红或内容创作者与粉丝之间的直接互动，但对于有数以千计粉丝的网红而言，她们的时间是有限的，不可能有足够的时间能与粉丝一一对话。因此她们外包了聊天服务。外包者被称为“聊天者”，主要来自于菲律宾、巴基斯坦、印度等薪水远低于美国的国家。随着 AI 聊天工具的成熟，这些人类外包聊天者逐渐被 AI 机器人所取代。提供 AI 聊天服务的创业公司 ChatPersona 创始人 Kunal Anand 称，他们使用了网红们的聊天数据库构建了自己的模型。Anand 称该公司有约 6000 客户，包括了个人和机构。该领域有很多创业公司涌入，除了 ChatPersona 还有 FlirtFlow、ChatterCharms 和 Botly 等。其中一家公司 Supercreator 提供的 AI 工具会将付费用户移至顶部，忽略非付费用户。

Automattic CEO Matt Mullenweg 在败诉后退出 WordPress 社区论坛

A vulnerability has been found in ltdrdata ComfyUI-Impact-Pack up to 7.6.1 and classified as critical. This vulnerability affects unknown code of the file /upload/temp of the component POST Request Handler. The manipulation of the argument filename leads to path traversal: '.../...//'. This vulnerability was named CVE-2024-21575. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Президент отметил важность технологий для госуправления и обороны.

「众智维科技」获数千万B1轮融资，安全运营智能体：智能，安全，未来!

基于 llamafile 和 Continue 的本地AI代码助手

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader

A vulnerability, which was classified as problematic, was found in Huawei HarmonyOS 5.0.0. This affects an unknown part of the component UIExtension Module. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-54118. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Huawei HarmonyOS 5.0.0. Affected by this issue is some unknown functionality of the component UIExtension Module. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-54117. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as problematic was found in Huawei HarmonyOS 5.0.0. Affected by this vulnerability is an unknown functionality of the component M3U8 Module. The manipulation leads to improper check for unusual conditions. This vulnerability is known as CVE-2024-54116. The attack can be launched remotely. There is no exploit available.