Aggregator

Zram и zswap помогают пережить нехватку RAM без срочной покупки новых модулей памяти.

Алгоритмы замечает подвох ещё до того, как пользователь прочитает первое сообщение.

Starbucks disclosed a breach after phishing attacks on its employee portal led to unauthorized access to Partner Central accounts, exposing staff data. Starbucks reported a data breach affecting hundreds of employees after phishing attacks targeted its Partner Central employee portal. The security breach was detected on February 6, the incident involved unauthorized access to staff […]

Почему математики тысячелетиями гонятся за π — и никогда его не поймают.

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent. In a post shared on WeChat, CNCERT noted that the platform's "inherently weak default security configurations," coupled with its

Новая функция работает на базе уже имеющейся технологии WordPress Playground.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

家用路由器，本该是你家中最值得信任的网络设备。你的手机、笔记本电脑、智能电视，所有智能设备都通过它接入网络。

根据发表在《Science Advanc》期刊上的一项研究，研究人员调查了参与国际空间站 Multiple Artificial-gravity Research System 实验的小鼠肌肉流失情况。他们测量了在 0.33g、0.67g 和 1g 重力下离心机中训练的小鼠，发现 0.67g 和 1g 下的小鼠肌肉几乎没有差异，但 0.33g 下出现了明显的肌肉流失。0.33g 类似火星上的重力条件。

A vulnerability was found in Aureus ERP up to 1.3.0-BETA2 and classified as problematic. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. This vulnerability is tracked as CVE-2026-4175. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in thimpress Thim Kit for Elementor Plugin up to 1.3.7 on WordPress and classified as problematic. Impacted is an unknown function of the file /thim-ekit/archive-course/get-courses of the component REST Endpoint. Performing a manipulation of the argument post_status results in missing authorization. This vulnerability is identified as CVE-2026-1870. The attack can be initiated remotely. There is not any exploit available.

Meta 宣布 2026 年 5 月 8 日之后 Instagram 私信不再支持端到端加密（E2EE），理由是使用率太低，想要继续使用端对端加密的用户可以切换到它的另一款消息应用 WhatsApp。端到端加密的消息和通话只有发送者和接收者可以查看或收听发送的内容，其他任何人（包括 Meta）均无法查看或收听。Meta 是在 2021 年测试 Instagram 私信的端到端加密功能，该功能只在部分地区提供，且默认没有启用。2022 年 2 月俄乌战争爆发数周后，该公司向俄乌两国所有成年用户提供私信加密功能。

Submit #769827 / VDB-351083

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-4174. The attack can only be performed from a local environment. Furthermore, an exploit is available. The existence of this vulnerability is still disputed at present. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".

Submit #769799 / VDB-351081

A vulnerability, which was classified as critical, has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causes sql injection. The identification of this vulnerability is CVE-2026-4173. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #769775 / VDB-351080