Aggregator

Встроенные ограничения ChatGPT и Gemini обходятся даже без технических знаний — обычные вопросы вызывают предвзятость.

2025年10月，火绒安全产品拦截恶意攻击总数310596140次，拦截恶意行为总数112073013次；火绒安全团队为用户提供服务总数4778次，应急响应总数512次。 点击蓝字，关注+星标 ⭐ 精彩内容不迷路~ 求点赞 求分享 求喜欢

2024年9月，一场突如其来的勒索软件攻击，让日本中型物流企业 Kantsu 陷入全面停摆：服务器被锁定、系统瘫痪、通讯中断，公司上千名员工和500多家客户的业务一夜之间陷入混乱。

A vulnerability labeled as critical has been found in cURL up to 8.16.0. Affected is an unknown function of the component SFTP Host Handler. Executing manipulation can lead to key exchange without entity authentication. The identification of this vulnerability is CVE-2025-10966. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in BlueZ up to 5.58. It has been classified as problematic. This affects the function params_len of the file profiles/audio/avrcp.c. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2022-39176. The attack may be carried out on the physical device. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in BlueZ up to 5.58. It has been declared as problematic. This impacts an unknown function of the file profiles/audio/avdtp.c. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2022-39177. The physical device can be targeted for the attack. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Modsecurity owasp-modsecurity-crs 3.2.0. This affects an unknown part of the component WAF Protection. Performing manipulation results in sql injection. This vulnerability is known as CVE-2020-22669. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as critical, has been found in vim. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is referenced as CVE-2022-3099. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in vim. Affected by this vulnerability is an unknown functionality. This manipulation causes use after free. This vulnerability is handled as CVE-2022-3134. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in libmodbus. Affected by this issue is the function modbus_reply of the file src/modbus.c. Such manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2022-0367. Access to the local network is required for this attack to succeed. There is no exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability labeled as problematic has been found in Red Hat Ceph Storage. This affects an unknown part. Such manipulation leads to inadequate encryption strength. This vulnerability is listed as CVE-2021-3979. The attack must be carried out from within the local network. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as critical has been discovered in w3m 0.5.3. This impacts the function checkType of the file etc.c of the component HTML Handler. The manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2022-38223. The attack may be launched remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Python up to 3.10. This issue affects some unknown processing in the library lib/http/server.py. The manipulation results in path traversal. This vulnerability was named CVE-2021-28861. The attack needs to be approached within the local network. There is no available exploit. The presence of this vulnerability remains uncertain at this time. It is best practice to apply a patch to resolve this issue.

A vulnerability labeled as problematic has been found in Linux Kernel. The affected element is an unknown function of the component Shared Memory Page Handler. The manipulation results in resource consumption. This vulnerability was named CVE-2021-3669. The attack may be performed from remote. There is no available exploit.

Вместо привычных докладов гостей ждут живые дискуссии, прожарка и IT-стендап. Конференция состоится 20 ноября.

複数のHTTP/2サーバー実装に対して、ストリームリセット処理の不備に関する「MadeYouReset」と呼ばれる脆弱性（CVE-2025-8671）が報告されています。一部のベンダーは自身の製品への本脆弱性の影響を示すためにCVE-2025-8671とは異なる固有のCVE IDを割り当てています。
「MadeYouReset」は、ストリームのリセット処理に関するHTTP/2の仕様上の動作と実際のサーバー内の処理との間の不一致を悪用することで、リソース枯渇状態を引き起こします。

根据英国通信管理局 Ofcom 的数据，去年英国 65 岁以上的老年人平均每天在智能手机、电脑和平板上花费逾三个小时，看电视逾五个半小时。GWI 对七个国家的调查发现，65 岁以上的老年人比 25 岁以下的年轻人更有可能拥有平板、智能电视、电子书阅读器，台式机和笔记本电脑。近五分之一的 55-64 岁人群拥有一台游戏机。哈佛医学院 McLean 医院科技与老龄化实验室主任 Ipsit Vahia 表示，部分老年人越来越像青少年，生活重心日益倾向手机。韩国 2022 年的一项研究估计，60-69 岁人群中 15% 存在手机成瘾风险。今年 4 月发表的一项元​​分析调查了逾 40 万名老年人，发现经常用电子设备的 50 岁以上老年人的认知能力下降速度低于不使用电子设备的老年人。

ZEDEDA has released a full-stack edge Kubernetes-as-a-Service solution that extends a cloud-native deployment experience to distributed edge environments. ZEDEDA Edge Kubernetes App Flows automates the edge application lifecycle, from packaging and configuration to delivery and observability, eliminating the need to manage cluster and application orchestration infrastructure. Edge Kubernetes App Flows supports the bare-metal and GPU compute required for edge AI applications, such as automated detection of manufacturing flaws and predictive maintenance. Built on ZEDEDA’s edge … More →

The post ZEDEDA introduces Edge Kubernetes App Flows to automate edge application lifecycle appeared first on Help Net Security.

Veeam Software launched its new Veeam App for Microsoft Sentinel. The solution provides advanced integration with Veeam Data Platform and empowers organizations to detect, investigate, and respond to cyber threats and backup anomalies, delivering data resilience and operational efficiency across SOC. As cyberattacks increasingly target backup environments, many SOC teams face a critical visibility gap in their security posture ecosystem, leaving organizations vulnerable to attacks on their last line of defense – their backups. The … More →

The post Veeam App for Microsoft Sentinel brings backup intelligence directly into the SOC appeared first on Help Net Security.