Aggregator

录播+直播 动手实践，实现从0到1的跨越

开云旗下三大奢侈品牌数百万用户数据遭窃

看雪论坛作者ID：兆兆的罩罩

伊比利亚收获蚁通过克隆其他物种雄蚁的精子产生混血工蚁，实现跨物种繁殖。这种“性驯化”机制使它们无需依赖地理邻近性即可维持种群运作。

根据发表在《自然》期刊上的一项研究，一种名为伊比利亚收获蚁（Messor ibericus）的蚁后可以产下两个不同物种的蚂蚁。蚁群里的个体通常分为三类，包括蚁后，雄蚁以及工蚁。研究发现，伊比利亚收获蚁的工蚁体内带有另一种“工匠收获蚁”（Messor structor）的基因，但这并非杂交的结果，而是蚁后从工匠收获蚁雄蚁的精子直接克隆出来的“复制品”。这一“异种生殖”现象不仅刷新了人类对蚂蚁生殖机制的认知，还首次提供了雌性主动“繁殖”另一物种的直接证据。研究人员推断，这个演化故事的起点是一种被称为“精子寄生”（sperm parasitism）的现象。在数百万年前，伊比利亚收获蚁的蚁后因某种未知原因失去了生产本物种工蚁的能力。为了维持蚁群的运作，它们不得不“借用”生活在附近的工匠收获蚁雄蚁的精子，与自己的卵结合，生产出兼具两个物种基因的混血工蚁。然而这种生殖策略严重依赖于建造收获蚁种群的地理邻近性，对于蚁后来说，寻找异种雄蚁交配是一件既耗时又不稳定的“麻烦事”。为了摆脱这种束缚，伊比利亚收获蚁演化出了一种更为高效且惊人的策略——“性驯化”（sexual domestication）。它们不再需要在野外寻找工匠收获蚁雄蚁，而是直接利用储存在自己体内的异种精子，通过一种特殊的克隆过程来生产它们。

A vulnerability marked as problematic has been reported in Apple watchOS. Affected by this vulnerability is an unknown functionality of the component App. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-31255. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Apple macOS. This affects an unknown function of the component App. Executing manipulation can lead to information disclosure. This vulnerability appears as CVE-2025-31255. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Apple iOS and iPadOS. This impacts an unknown function of the component App. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-31255. An attack has to be approached locally. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Apple tvOS. Affected is an unknown function of the component App. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-31255. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability has been found in Apple iOS and iPadOS up to 18.7 and classified as critical. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-30468. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in Apple iOS and iPadOS up to 18.7. This affects an unknown function of the component Keyboard Suggestion Handler. The manipulation results in information disclosure. This vulnerability is identified as CVE-2025-24133. An attack on the physical device is feasible. There is not any exploit available. Upgrading the affected component is advised.

Thales claims there were over 40,000 API incidents in the first half of 2025

AOMedia联盟宣布将于年底发布新一代视频编解码器AV2，其压缩性能显著优于前代AV1，并增强对AR/VR应用的支持及多节目分屏播放功能。

由 Amazon、Cisco, Google、Intel、Microsoft、Mozilla 和 Netflix 等联合创办的开放媒体联盟 AOMedia 宣布将于年底发布 AV1 的后继者 AV2 编解码器。AOMedia 声称，AV2 是开放视频编码的一次世代飞跃，旨在满足全球日益增长的流媒体需求，压缩性能显著优于 AV1。AV2 增强了对 AR/VR 应用的支持，支持多节目分屏播放，改进屏幕内容处理，能在更宽的视觉质量范围内运行。

Израиль нашел и заморозил "черную кассу" Ирана.

文章介绍了一台名为BountyHunter的简单Linux机器，旨在帮助新手通过端口扫描和枚举技术获取用户和root权限。文中使用NMAP进行扫描，发现开放的SSH和HTTP服务，并进一步分析了Apache服务器上的Web应用。

文章描述了HackTheBox中一个Easy Linux机器的破解过程，利用Grafana漏洞获取初始权限，并通过SSH和cron作业实现提权至root。