Aggregator

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function misc_deregister of the file /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind of the component soc. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38487. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Impacted is the function bpf_arch_text_poke. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2025-38489. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function crypt_message of the component smb. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-38488. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.15.7. This vulnerability affects the function set_channel_map of the component BRK Handler. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-38486. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.39/6.15.7 and classified as problematic. This affects the function simple_write_to_buffer of the component iio. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-38484. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been classified as critical. This vulnerability affects the function fxls8962af_fifo_flush of the component iio. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-38485. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been rated as critical. This affects the function COMEDI_INSNLIST. The manipulation of the argument n_insns leads to buffer overflow. This vulnerability is documented as CVE-2025-38481. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this vulnerability is an unknown functionality of the component comedi. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-38482. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 and classified as problematic. Affected by this issue is some unknown functionality of the component comedi. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-38483. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This impacts the function do_insn_ioctl of the component comedi. The manipulation results in improper initialization. This vulnerability was named CVE-2025-38478. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected is the function insn_rw_emulate_bits of the file comedi_fops.c of the component Subdevice Driver. This manipulation causes uninitialized pointer. The identification of this vulnerability is CVE-2025-38480. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in GNU Tar up to 1.35. This affects an unknown function of the component TAR Archive Handler. This manipulation causes path traversal: '../filedir'. The identification of this vulnerability is CVE-2025-45582. It is possible to initiate the attack remotely. There is no exploit available.

嗯，用户让我总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容，理解其主要观点。 文章主要讲的是使用Ghidriff工具分析软件补丁，特别是针对rAthena框架中的一个堆缓冲区溢出漏洞（CVE-2025-58447）。作者展示了如何通过比较补丁前后的二进制文件，找出代码变化，进而理解漏洞修复的机制。 用户可能是一位网络安全爱好者或者研究人员，对逆向工程和漏洞分析感兴趣。他们希望快速了解文章的核心内容，而不需要详细的技术步骤。 所以，我需要提炼出关键点：Ghidriff工具、堆溢出漏洞、补丁分析、修复机制。然后用简洁的语言把这些点连贯起来，确保在100字以内。 可能的结构是：介绍工具和分析对象，说明分析过程和结果。这样既清晰又符合用户的要求。 文章介绍了使用Ghidriff工具分析软件补丁的过程，重点研究了rAthena框架中一个堆缓冲区溢出漏洞（CVE-2025-58447）的修复机制。通过比较补丁前后的二进制文件差异，揭示了漏洞修复的关键代码变化，并展示了如何通过代码检查防止溢出攻击。

Windows 11发布新版本Build 26220.7051，新增任务栏AI助手Ask Copilot、Xbox全屏体验和蓝牙共享音频功能，并优化ARM设备性能。

In August of 2024 I stopped in my local book shop (shoutout to The Raven Bookstore) as I often do to browse the shelves and see if there was anything I couldn't live without. A very colorful book jacket caught my eye. It was Kevin Fedarko's A Walk in the Park: The True Story of a Spectacular Misadventure in the Grand Canyon.

Fedarko's book tells the story of him and long time collaborator, friend, and National Geographic photographer Peter McBride hiking through the Grand Canyon. McBride approached Fedarko with the idea as a way of celebrating the 100th anniversary of Grand Canyon National Park.

But Fedarko and McBride don't experience the Canyon the way most people do. According to the National Park Service, fewer than 1% of  visitors to the Grand Canyon hike below the rim at all and the majority of those who do are day hikers, who may venture down one of the main trails from the South Rim, most commonly the Bright Angel Trail. They may walk down to one of the first few rest houses, or perhaps Havasupai Gardens, Plateau Point, or maybe as far as the Colorado River. More ambitious hikers in the Grand Canyon will do a rim-to-rim hike, meaning they'll start at the South Rim or North Rim and hike to the opposite rim. Many fit hikers will do this in one day and some crazy people will even do rim-to-rim-to-rim in one go.  Aside from looking for a challenge, many choose rim-to-rim because it doesn't require a backcountry permit. If you're not camping overnight in the Canyon, you don't need a permit. Getting a permit isn't easy. You have to enter the lottery four months in advance, if you want to camp and 15 months in advance if you want to stay in a cabin at Phantom Ranch. Fedarko and McBride didn't opt for rim-to-rim. They opted for a through hike east-to-west. An east-to-west through hike of the Grand Canyon is very challenging. After all the elevation changes and navigating around the Canyon's various side-canyons, a through hike of this type adds up to more than 750 miles / 1207 km. The Grand Canyon is a desert and it's hot much of the time and in the winter it can be cold, snowy and icy. Logistically, a through hike means you have to set up caches for water and food along the route. The route that Fedarko and McBride took required some canyoneering skills, rappelling and navigating slot canyons.  Fortunately for them, they had some help from some of the Grand Canyon's most experienced hikers. Rich Rudow and a community of other experienced Grand Canyon backcountry hikers took on the task of helping Fedarko and McBride go from inexperienced hikers to finishing their section hike over the course of a year. Fedarko's book was my favorite non-fiction book of 2024. It's frustrating in parts, emotional in parts, and triumphant in the end. Fedarko uses his experience through hiking the Canyon to highlight some challenges the Canyon is facing, mostly from developers who want to put in a tram system to ferry 10K people a day to the Confluence, perhaps the most sacred place in the Canyon for many of the indigenous peoples who called the Canyon home before the U.S. Government forced them out.

McBride also published a book of beautiful photographs taken during their year long section hike. The Grand Canyon: Between River and Rim is a stunning book and also worth checking out. Fedarko and McBride's books inspired me to visit the Grand Canyon. I hadn't been on a real camping and backpacking trip in more than 30 years. Obviously an east-to-west through hike was out of the question. A rim-to-rim hike sounded doable, but not in a day. I decided I'd do a rim-to-rim hike over four days and three nights, from the North Rim Campground, to Cottonwood Campground, to Phantom Ranch and the Bright Angel Campground all via the North Kaibab Trail, then continue on the Bright Angel Trail along the Colorado River to Havasupai Gardens and finally, up the Bright Angel Trail to the South Rim. The Grand Canyon had other ideas. Over the next few blog posts, I'll share some details of my adventure.

The post A Walk in the Park appeared first on Security Boulevard.

文章描述了作者在2024年阅读凯文·费达科的《公园漫步》后受到启发，决定徒步穿越大峡谷的经历。书中讲述了费达科与摄影师彼得·麦克布赖德挑战750英里东至西全程徒步的故事，并揭示了大峡谷面临的开发威胁。受此影响，作者计划进行四天三夜的南北缘往返徒步。

马斯克预言智能手机将转型为 AI 边缘节点；寒武纪回应原 CTO 索赔 42.87 亿元；谷歌公布首支 AI 广告

嗯，用户发来了一个请求，让我帮忙总结一篇文章的内容，控制在一百个字以内。看起来他可能是在遇到环境异常的问题，需要快速了解情况。首先，我需要理解他的具体需求是什么。 他提供的文章内容主要是关于环境异常的提示，说完成验证后可以继续访问，并且有一个“去验证”的链接。所以，文章的核心信息是关于环境异常和验证的要求。 接下来，我要考虑如何用简洁的语言概括这个内容。用户要求不要用“文章内容总结”之类的开头，直接描述即可。所以，我需要确保总结准确且符合字数限制。 可能会想到的关键词包括：环境异常、验证、访问限制、安全措施等。把这些关键词组织成一个流畅的句子，同时不超过一百个字。 最后，检查一下是否涵盖了所有关键点，并且语言简洁明了。确保用户能够快速理解文章的主要内容。 当前环境出现异常问题，需完成验证后方可继续访问。

Name: Haunted Pumpkin CTF '25 (an Haunted Pumpkin CTF (OSINT) event.)
Date: Oct. 31, 2025, 5 p.m. — 01 Nov. 2025, 22:59 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://osintswitzerland.ch/events/haunted-pumpkin-ctf
Rating weight: 0.00
Event organizers: OSINT Switzerland

美团 LongCat 团队研发的 VitaBench（Versatile Interactive Tasks Benchmark）正式发布，这是当前高度贴近真实生活场景所面临复杂问题的大模型智能体评测基准。VitaBench 以外卖点餐、餐厅就餐、旅游出行三大高频真实生活场景为典型载体，构建了包含 66 个工具的交互式评测环境，并进行了跨场景的综合任务设计，例如要求 agent 在一个旅行规划任务中通过思考、调用工具和用户交互，完整执行到买好票、订好餐厅的终端状态。