Aggregator

近日，攻击者利用SVG（Scalable Vector Graphics）附件来发送恶意邮件，由于其复杂性和可扩展性，使得安全软件难以识别其中的恶意代码。

大语言模型Prompt越狱的自动化攻防

《自然-人类行为》发表的一项研究认为，在 23 个国家 50 岁以上人群中，使用互联网或与更高的生活满意度、自我报告健康状况更佳和较少抑郁症状相关。这项研究由香港大学张清鹏团队完成，研究结果对公共卫生政策和实践有潜在影响，特别是在老龄化和精神卫生服务有限的国家。2019 年全球 55 岁及以上的人群中约有 14% 遭遇了精神健康问题如抑郁。张清鹏团队分析了 23 个国家（包括美国、英国、中国、墨西哥和巴西）中 87559 名年龄≥50岁的成年人使用互联网与心理健康之间的关系，追踪时间中位数为 6 年。他们发现使用互联网（包括收发电子邮件、购物、预订旅行以及搜索信息）与较高的生活满意度、较少的抑郁症状以及较好的自我报告健康状况相关。在美国、英国和中国，使用互联网的参与者比不用的人抑郁症状更少。

AI助力软件供应链安全革新

全国超过300个饮用水系统存在安全漏洞

Fastly claims global organizations are taking 25% longer than expected to recover from security incidents

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group

A vulnerability has been found in Apple Mac OS X up to 10.3.2 and classified as problematic. This vulnerability affects unknown code of the component CoreFoundation Notification Logging. The manipulation leads to information disclosure. This vulnerability was named CVE-2004-0166. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Metamail 2.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2004-0105. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in OpenBSD 3.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component isakmpd. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2004-0218. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Rob Flynn Gaim 0.75 and classified as critical. This vulnerability affects the function yahoo_decode. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-0005. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Database up to 9.2.0.4. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2003-1208. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in X2 Studios XMMS Remote. It has been rated as critical. This issue affects some unknown processing of the file XMMS.pm. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2003-1128. The attack may be initiated remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as problematic, was found in ScriptLogic 4.01. Affected is an unknown function of the component Logs Share Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2003-1122. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun Management Center 2.1.1/3.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Install. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2003-1124. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Whale Communications e-Gap 2.5 on Win 2000. It has been declared as critical. This vulnerability affects unknown code of the component HTTP TRACE Handler. The manipulation leads to information disclosure (Source). This vulnerability was named CVE-2003-1127. The attack can be initiated remotely. There is no exploit available.

微软东京设立了日本首个研究基地。微软在世界各地设立了多个研究基地。在亚洲，已有中国的北京和上海两个基地。东京成为第三个。该基地将把日本企业擅长的机器人和汽车领域的技术与人工智能（AI）相结合，以提高生产效率和创造新业务。微软正在调整以中国为中心的海外 AI 研究体系，并通过分散基地为中美对立激化做好准备。此前媒体曾经报道微软计划将部分中国研究人员转移到 2023 年在加拿大温哥华设立的研究所。

AlmaLinux 企业级发行版释出了 v9.5。AlmaLinux 9.5 旨在改进性能、开发工具和安全。编译器和软件包更新包括：GCC 14，LLVM 18.1.8，Rust 1.79.0，Go 1.22，GCC 11.5，Annobin 12.70，.NET 9.0，BIND 9.18，Apache HTTP Server 2.4.62，Node.js 22 等等。AlmaLinux 旨在提供与 Red Hat Enterprise Linux（RHEL）二进制兼容的社区支持的企业发行版，它诞生的原因是 2020 年 12 月 Red Hat 宣布停止开发 CentOS，其第一个稳定版本于 2021 年 3 月 30 日发布。