Aggregator

韩国科学技术院科学家通过对微生物进行基因工程改造，首次制备出类似尼龙的坚固且柔韧的生物塑料。全球每年会产生约4亿吨不可降解的石油基塑料废物和微塑料，危及野生动物、人类和地球健康。尽管科学家已利用细菌生产出聚羟基烷酸酯（PHA）等聚酯，但在利用细菌生产服装鞋帽所需的尼龙类材料方面始终未能实现，其难点在于自然界缺乏合成此类聚合物的天然酶。为攻克这一难题，研究团队此次修改了一系列细菌物种的酶编码基因，并将改造后的DNA环插入大肠杆菌体内。随后这些“定制”基因成功表达出几种新型天然酶，而这些酶可连接分子链以产生出聚合物。最终，团队得到了聚酯酰胺（PEA）生物塑料，其主要由聚酯和少量类似尼龙的酰胺键组成。测试结果表明，其中一种PEA的物理、热和机械性能与聚乙烯相当。聚乙烯是目前使用范围最广的商用塑料之一。团队表示，借助大型生物反应器，他们可扩大上述生产流程的规模。然而，这一“微生物工厂”的产业化之路仍面临诸多挑战。这些PEA聚合物体积庞大，无法穿过细胞壁，需要粉碎大肠杆菌才能将其释放出来。此外，在将产品加工成薄膜或颗粒之前，还需进行复杂的纯化过程。

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. [...]

A recent study has revealed that rooted devices are over 3.5 times more likely to be targeted by mobile malware, underscoring the risks they bring to organizations. Rooting and jailbreaking, once popular methods for customizing mobile devices, are now primarily used by power users. While manufacturers have introduced more customization options and tighter security protocols […]

The post Rooted (Jailbroken) Mobile Devices 3.5 Times More Vulnerable to Cyber Attacks appeared first on Cyber Security News.

A vulnerability has been found in changeweb unifiedtransform and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-2292. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in binary-husky gpt_academic. Affected is an unknown function of the component URL Validation Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-12392. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda AC8 16.03.34.06. This issue affects the function get_parentControl_list_Info. The manipulation of the argument deviceid leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-29101. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in binary-husky gpt_academic up to 3.83. This vulnerability affects the function crazy_utils.get_files_from_everything. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-11030. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in binary-husky gpt_academic up to 3.83. It has been rated as problematic. Affected by this issue is the function Markdown_Translate.get_files_from_everything. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-11031. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in bentoml openllm up to up to 0.6.10. This affects an unknown part. The manipulation leads to path traversal: '\..\filename'. This vulnerability is uniquely identified as CVE-2024-8982. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in langgenius dify up to 0.10.x. It has been declared as critical. Affected by this vulnerability is the function ssrf_proxy of the component DOCX File Handler. The manipulation of the argument reltype leads to server-side request forgery. This vulnerability is known as CVE-2025-0184. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in composiohq composio up to 0.4.4 and classified as problematic. This issue affects the function BROWSERTOOL_GOTO_PAGE/BROWSERTOOL_GET_PAGE_DETAILS. The manipulation leads to improper neutralization of data within xpath expressions. The identification of this vulnerability is CVE-2024-8955. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Inflectra SpiraTeam 7.2.00. It has been classified as critical. Affected is an unknown function of the component NewsReaderService. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-48590. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in mlflow up to 2.16.x and classified as problematic. This vulnerability affects unknown code of the component Dbfs Service. The manipulation leads to path traversal: '\..\filename'. This vulnerability was named CVE-2024-8859. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in modelscope agentscope up to 0.0.4. This affects an unknown part of the file /read-examples of the component POST Request Handler. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2024-8524. It is possible to initiate the attack remotely. There is no exploit available.

Microsoft has lifted an upgrade block that prevented Asphalt 8: Airborne players from upgrading their systems to Windows 11 24H2 due to compatibility issues. [...]