Aggregator

微软 Defender XDR 误报致 1700 余份机密文件泄露，ANY.RUN 紧急应对仍难完全止损

看雪论坛作者ID：xubeining

可导致 rootkit 以无法检测的方式在系统上运营，同时绕过高阶的企业安全软件。

在这159个漏洞中，25.8%的漏洞正在等待或正在由美国 NIST NVD分析，而3.1%的漏洞已被分配新的“延期”状态标记。

韩国个人信息保护委员会 24 日发布的调查结果显示，目前暂停在韩下载服务的中国 AI 模型DeepSeek（深度求索）曾将韩国用户信息和输入内容擅自转移至中美等地。从 1 月 15 日到 2 月 15 日，DeepSeek 将用户的设备、网络、APP 信息等个人信息擅自转移至字节跳动旗下云服务平台火山引擎等 3 家在华企业和 1 家在美企业。DeepSeek 未事先就此获得用户同意，也未在个人信息处理方针中明示相关内容。除用户个人信息之外，DeepSeek 还将用户在输入框内输入的内容擅自转移给火山引擎。委员会指出，DeepSeek 没有将输入内容转移的必要，且未事前提供“opt-out”选项，建议其立即删除向火山引擎转移的输入内容相关数据。委员会未公布 DeepSeek 重启在韩服务的具体时间。考虑到 DeepSeek 已对大部分问题采取改善措施，预计其不日将重启在韩下载服务。

Gmail пообещал шифр, а открыл фишерам портал в чужие ящики.

A vulnerability was found in GreenCMS 2.3. It has been rated as problematic. Affected by this issue is the function adduser of the file index.php. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2020-21366. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in YiiCMS 1.0 and classified as problematic. Affected by this vulnerability is the function news. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2020-21246. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Neeke HongCMS 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument updateusers leads to cross-site request forgery. This vulnerability is handled as CVE-2020-21252. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Typora 0.9.79. It has been declared as problematic. This vulnerability affects unknown code of the component mermaid Syntax Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2020-21058. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in khodakhah NodCMS 3.0. This affects an unknown part. The manipulation of the argument address leads to cross site scripting. This vulnerability is uniquely identified as CVE-2020-20697. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in EasySoft ZenTao PMS 11.6.4. Affected is an unknown function. The manipulation of the argument lastComment leads to cross site scripting. This vulnerability is traded as CVE-2020-21268. It is possible to launch the attack remotely. There is no exploit available.

1.Qilin勒索团伙公布了新的受害公司 2.Play勒索团伙公布了新的受害者 3.Hunters勒索团伙公布了新的受害公司

1.Qilin勒索团伙公布了新的受害公司 2.Play勒索团伙公布了新的受害者 3.Hunters勒索团伙公布了新的受害公司

The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. [...]

Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs

相信很多人有过这样的体验:在玩竞技手游时,一旦网络延迟超过100毫秒,就会明显感受到卡顿,一眨眼功夫就被对手“ […]