Aggregator

人物访谈第七期，让我们走进刘丰毓的故事

A vulnerability categorized as critical has been discovered in Tenda AC5, AC6, AC7, AC9, AC10, AC1206 and FH1205. This issue affects the function formSetSpeedWan. The manipulation of the argument speed_dir results in stack-based buffer overflow. This vulnerability was named CVE-2023-38936. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability identified as critical has been detected in Tenda AC5, AC6, AC7, AC8, AC9, AC10 and AC1206. Impacted is the function formSetVirtualSer of the component Parameter Handler. This manipulation of the argument list causes stack-based buffer overflow. The identification of this vulnerability is CVE-2023-38937. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Tenda F1202 and FH1202 1.2.0.9. This affects the function formWrlsafeset. Such manipulation of the argument mit_ssid leads to stack-based buffer overflow. This vulnerability is listed as CVE-2023-38939. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability marked as critical has been reported in Tenda F1202, FH1202, PA202 and PW201A. This affects an unknown part of the file /L7Im. This manipulation of the argument page causes stack-based buffer overflow. The identification of this vulnerability is CVE-2023-38938. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Tenda AC5, AC8, AC9, AC10 and AC1206. It has been rated as critical. This vulnerability affects the function formSetQosBand of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-38935. The attack can only be initiated within the local network. No exploit exists.

A vulnerability labeled as critical has been found in Tenda F1203, FH1203 and FH1205. Affected by this issue is the function formSetDeviceName. The manipulation of the argument deviceId results in stack-based buffer overflow. This vulnerability was named CVE-2023-38934. The attack needs to be approached within the local network. There is no available exploit.

作者：Zhihao Dou、Dongfei Cui、Weida Wang等 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2601.14054v1 摘要：拆分学习（Split Learning, SL）提供了一种协同模型训练框架，允许参与者共享同一数据集同时保留独特的特征集，从而保障数据隐私。然而，拆分学习易受后门攻击的影响——恶意客户端会通过微妙...

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or

IBM Survey Finds AI Strategy Now Hinges on Integration and Differentiation
The thriving enterprise of 2030 will be AI-first, not just AI-enabled, said IBM's latest Institute for Business Value. The company surveyed more than 2,000 C-suite executives in the second half of 2025. The results paint a picture of the future of digital transformation dominated by AI technology.

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace
Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it's looking to key ally Israel for lessons and cooperation.

CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift
Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it's investing heavily to stay ahead in the AI security race.

State Monitoring Incident Involving a Health Entity Worker for Potential Fraud
The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud.

IBM Survey Finds AI Strategy Now Hinges on Integration and Differentiation
The thriving enterprise of 2030 will be AI-first, not just AI-enabled, said IBM's latest Institute for Business Value. The company surveyed more than 2,000 C-suite executives in the second half of 2025. The results paint a picture of the future of digital transformation dominated by AI technology.

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace
Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it's looking to key ally Israel for lessons and cooperation.

CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift
Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it's investing heavily to stay ahead in the AI security race.

State Monitoring Incident Involving a Health Entity Worker for Potential Fraud
The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud.