Aggregator

数字经济建立在开源的基础之上。大部分网站都运行在开源的 Apache 和 Nginx 之上，大部分服务器都运行开源的 Linux 系统，而最流行的移动系统 Android 也是基于 Linux，用于管理云计算工作负荷的 Kubernetes 也是开源的。开源运动在中国引起关注是在 2010 年代中期，开源社联合创始人林旅强（Richard）回忆称，早期采用开源的人主要是想要使用免费软件的开发者，当他们认识到向开源项目贡献代码有助于改善他们的求职前景时。他们开始拥抱开源运动。大企业紧跟其后。拥抱开源被认为有助于减少对西方技术的依赖。开源为科技公司提供了一种使用现有代码的快捷方式，能在庞大的开发者社区的帮助下构建自己的程序。2019 年华为被美国禁止使用 Android，2020 年华为推出了开源项目 OpenHarmony，华为还与阿里巴巴、百度和腾讯等合作成立了致力于开源开发的开放原子基金会（OpenAtom Foundation）。中国不仅成为开源项目的重要贡献者，也成为开源软件的早期采用者。京东是首批部署 Kubernetes 的公司之一。最近炙手可热的 AI 也进一步推动了中国的开源运动，企业和政府都将开源大模型视为缩小与美国差距的最快途径。DeepSeek 开源了其大模型，而阿里巴巴开源了 Qwen，百度也准备开源其文心大模型。

A vulnerability classified as critical has been found in CSV Me Plugin up to 2.0 on WordPress. Affected is the function csv_me_options_page. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-6086. It is possible to launch the attack remotely. There is no exploit available.

CloudX：为 Burp Suite 打造的加密解密终极方案 作者长期探索渗透测试中加密、防重放、签名等问题的最优解，最终以高度灵活的规则驱动机制推出了 CloudX。该工具设计先进、体积轻巧（不足 3000 行代码），具备强大的可扩展性和透明性。

JQCTF2025 Customize Virtual Machine复现

LitCTF2025 re wp&&复现

НОАК использует ИИ, который «галлюцинирует».

手把手带你深入分析 Fastjson JDBC 调用链利用过程

MiscCropping先伪加密修复ai写一个脚本exp扫描该二维码即可flag灵感菇🍄哩菇哩菇哩哇擦灵感菇灵感菇🍄打开环境，获取灵感菇查看源码，发现一个项目访问之后，得到用法用法下载main.py脚本直接利用发现出错，存在非法字符删除第一个蘑菇，再次运行得到flagflag像素中的航班先看附件，南方航空查找长城杯线下时间地点只有南航翅膀长这样，河南机场官网居然只有一趟航班。可能是实时的。看看航班

A vulnerability was found in WP-FeedStats tarteaucitron.io Plugin up to 1.9.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Query Parameter Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4955. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Как в Иране борются с Израилем внутри смартфонов.

A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity. Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible

После уязвимости админам придётся доказывать, что они не причастны.

Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.

Dashlane introduced AI phishing alerts, an advancement to the Dashlane Omnix platform that protects enterprises and users against threats targeting user credentials. Trained by Dashlane on both legitimate and phishing sources, the new innovation detects and alerts users to phishing risks the moment they visit a suspicious website, while giving admins the insights to secure employees against phishing domains. AI has made it even easier for threat actors to continually evolve their tactics to evade … More →

The post Dashlane’s AI model alerts businesses to phishing risks appeared first on Help Net Security.

Kusari unveiled Kusari Inspector, an AI-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows. In Kusari Inspector, Kusari has brought together a powerful combination of industry standards, AI, and dependency graph analysis, to help organizations detect software supply chain risks early during the pull request process, and address them before code integration. The tool finds security weaknesses and supply chain risks in order to maintain secure development throughout … More →

The post Kusari Inspector improves supply chain security appeared first on Help Net Security.

A vulnerability was found in langgenius dify 1.2.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-49149. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Fuji Electric Smart Editor up to 1.0.1.0. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-41413. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Fuji Electric Smart Editor up to 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-41388. The attack may be launched remotely. There is no exploit available.