Aggregator

Qilin

Dark Feed IO
4 months 1 week ago

You must login to view this content

cohenido

FDA 拒绝审核 Moderna 的 mRNA 流感疫苗

Solidot
4 months 1 week ago
Moderna 周二披露 FDA 拒绝审核其实验性 mRNA 流感疫苗。FDA 由美国卫生部直接管辖,而现任卫生部长 Robert F. Kennedy Jr.是一位反疫苗者。在耗资数亿美元、招募近 41000 名受试者的试验中,Moderna 将mRNA-1010 疫苗的安全性和有效性与已批准流感疫苗进行对比。试验结果表明,mRNA-1010 疫苗优于对照疫苗。但今年 2 月 3 日 FDA 以试验不够充分控制不够好为由拒绝对疫苗的上市申请进行审核。Moderna 表示已请求与 FDA 会面以了解拒绝的理由。mRNA-1010 疫苗已获得欧盟、加拿大和澳大利亚的审核批准。

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

The Hackers News
4 months 1 week ago
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
The Hacker News

Google Chrome 145 重新加入对 JPEG-XL 图像的支持

Solidot
4 months 1 week ago
Google 释出了 Chrome 145,主要变化包括:重新加入对 JPEG-XL 图像的支持,text-justify CSS 属性、支持多列换行、设备绑定会话凭据、IndexedDB 的 SQLite 后端、默认情况下减少用户代理字符串、Upsert 等。Google Chrome 是在 2023 年 移除了对实验性的 JPEG-XL 图像格式的支持,此举引发了很多争议,因为 Chrome/Chromium 占据了九成市场份额,它是 Web 标准事实上的仲裁者。但到了 2025 年事情有了戏剧性转变。Google 改变了主意,开始恢复对 JPEG-XL 图像的支持,去年 12 月 Chrome/Chromium 代码库合并了 Rust 语言开发的 JPEG-XL 图像解码器 jxl-rs。

NetBSD 11.0 RC1 释出

Solidot
4 months 1 week ago
NetBSD 项目释出了 NetBSD 11.0 的首个 RC 版本。主要新特性包括:支持 64 位 RISC-V 平台;增强对 POSIX.1-2024 和 C23 编程接口标准的兼容性;增强对 compat_linux(8) 中 Linux 系统调用的支持;初步支持高通骁龙 X Elite 平台;改进 npf(7) 防火墙;新 MICROVM kernel for x86,专为实现极速虚拟机启动设计,在 2020 年时代 x86 CPU 上启动仅需 10 毫秒;新 virt68k,等等。

Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Them

Embrace The Red
4 months 1 week ago

There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills supply chain backdoor that survives human review.

Additionally, I also built a basic scanner, and had my agent propose updates to OpenClaw to catch such attacks.

Attack Surface

Skills introduce common threats, like prompt injection, supply chain attacks, RCE, data exfiltration,… This post discusses some basics, highlights the most simple prompt injection avenue, and shows how one can backdoor a real Skill from OpenAI with invisible Unicode Tag codepoints that certain models, like Gemini, Claude, Grok are known to interpret as instructions.

Windows 记事本爆出一个远程代码执行漏洞

Solidot
4 months 1 week ago
微软最近几年为其以精简著称的记事本应用引入了新功能,其中包括 AI 和 Markdown,新增功能也扩大了其攻击面,它刚刚爆出了一个远程代码执行漏洞 CVE-2026-20841,该漏洞与处理外链有关:当用户用记事本打开一个 Markdown 文件,攻击者可以引诱用户点击一个恶意链接,导致应用启动未经验证的协议去加载并执行远程文件。

Managed ad