Aggregator

A vulnerability was found in JetBrains TeamCity and classified as very critical. Affected by this issue is some unknown functionality. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2024-36470. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WooCommerce plugin up to 2.6.2 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the component Social Login Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-5871. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in WooCommerce plugin up to 2.6.2 on WordPress. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to insufficiently random values. This vulnerability was named CVE-2024-5868. The attack can be initiated remotely. There is no exploit available.

移动操作系统是否会走向三足鼎立

移动操作系统是否会走向三足鼎立

30 строк кода, которые могут спасти гигаватты энергии.

为了打击数字支付领域日益增多的欺诈行为，印度央行 RBI 宣布为该国银行推出专属域名.bank.in。RBI 行长 Sanjay Malhotra 在声明中表示，此举旨在增强居民对网银服务的信任，减少网络安全威胁和网络钓鱼等恶意活动。.bank.in 域名的唯一注册商将是 The Institute for Development and Research in Banking’ Technology (IDRBT) ，将从 2025 年 4 月起开放注册。RBI 还计划为金融领域的非银行实体设立一个专属域名 fin.in。

在亚洲和澳洲六地试点涨价之后，微软准备在更多地区上调 Microsoft 365 的订阅费用，理由当然是 AI 助手 Copilot。微软已经向用户发出了涨价电邮通知，如果用户不采取任何行动，那么他们收到的账单将会显示付款增加；或者用户可以选择切换到不包含 AI 功能的订阅方案，那么他们支付的费用将不会上调。

他们限制和禁用的理由是担心中国应用程序带来的安全风险。

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年1月20日至2025年1月26日）安全漏洞情况如下。

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年1月27日至2025年2月2日）安全漏洞情况如下。

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "

Сенаторы США требуют объяснений у Google и Amazon за размещение рекламы на сайтах с нелегальным контентом.

英国安全机构将能够访问全球用户上传到iCloud的端到端加密文件，而不仅仅是英国用户的数据。

和解条款规定 PayPal 必须在 10 天内支付 200 万美元的罚款。

如今人们已不再使用混币服务，转而采用跨链桥来模糊交易并逃避追踪。2024 年，集中式交易所仍是勒索软件收益的主要提现渠道，有 39%的勒索软件收益通过此类交易所流转。

Первые испытания iSWAP и SWAP с фотонной телепортацией.

A vulnerability was found in Apple watchOS up to 5.1.2. It has been declared as critical. This vulnerability affects unknown code of the component Kernel. The manipulation leads to memory corruption. This vulnerability was named CVE-2019-6213. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.