Aggregator

X/Twitter 用户经常会 @Grok，询问 xAI 的聊天机器人对各种话题的看法。然而从本周三开始，马斯克（Elon Musk）的 AI 似乎也嗨了，对任何话题都以南非“白人种族灭绝”进行回应。Grok 喋喋不休地的将任何话题都转向南非“白人种族灭绝”以及相关歌曲《Kill the Boer》，它拒绝讨论其他话题。Grok 对该话题的观点几乎与马斯克完全一致，其训练材料可能就来自 X。

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The identification of this vulnerability is CVE-2025-4747. The attack may be initiated remotely. Furthermore, there is an exploit available.

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]

Пока вы подбираете шрифт, вредоносный код уже забирает права администратора.

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. This vulnerability was named CVE-2025-4746. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #571035 / VDB-309047

ИИ захватил поиск и заменил ответы на догадки… но этот алгоритм обещает всё исправить.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞76个，影响到微软产品的其他厂商漏洞0个。

近日，国家信息安全漏洞库（CNNVD）收到关于Fortinet多款产品安全漏洞（CNNVD-202505-1780、CVE-2025-32756）情况的报送。

Submit #571020 / VDB-309046

A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-4745. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. This vulnerability is handled as CVE-2025-4744. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. This vulnerability is known as CVE-2025-4743. The attack can be launched remotely. Furthermore, there is an exploit available.

Liongard has launched LiongardIQ, a new product designed to address the complexities of cyber resilience. Available July 2025, LiongardIQ moves beyond the Liongard you once knew—introducing a next-generation platform powered by real-time visibility and response, centralized asset intelligence, and embedded AI to deliver intelligent Attack Surface Management. “This is Liongard revolutionized,” said Michelle Accardi, CEO of Liongard. “We’ve taken everything that made the platform essential and reimagined it for today’s cybersecurity landscape. LiongardIQ is relentless. … More →

The post LiongardIQ unifies asset inventory, network monitoring and AI insights appeared first on Help Net Security.

Submit #570967 / VDB-309045

Submit #570965 / VDB-309044

Submit #570963 / VDB-309043

A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-4742. Local access is required to approach this attack. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.