Aggregator

在亚洲和澳洲六地试点涨价之后，微软准备在更多地区上调 Microsoft 365 的订阅费用，理由当然是 AI 助手 Copilot。微软已经向用户发出了涨价电邮通知，如果用户不采取任何行动，那么他们收到的账单将会显示付款增加；或者用户可以选择切换到不包含 AI 功能的订阅方案，那么他们支付的费用将不会上调。

他们限制和禁用的理由是担心中国应用程序带来的安全风险。

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年1月20日至2025年1月26日）安全漏洞情况如下。

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年1月27日至2025年2月2日）安全漏洞情况如下。

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "

Сенаторы США требуют объяснений у Google и Amazon за размещение рекламы на сайтах с нелегальным контентом.

英国安全机构将能够访问全球用户上传到iCloud的端到端加密文件，而不仅仅是英国用户的数据。

和解条款规定 PayPal 必须在 10 天内支付 200 万美元的罚款。

如今人们已不再使用混币服务，转而采用跨链桥来模糊交易并逃避追踪。2024 年，集中式交易所仍是勒索软件收益的主要提现渠道，有 39%的勒索软件收益通过此类交易所流转。

Первые испытания iSWAP и SWAP с фотонной телепортацией.

A vulnerability was found in Apple watchOS up to 5.1.2. It has been declared as critical. This vulnerability affects unknown code of the component Kernel. The manipulation leads to memory corruption. This vulnerability was named CVE-2019-6213. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in strongSwan 5.9.8/5.9.9 and classified as critical. Affected by this issue is some unknown functionality of the component TLS-based EAP. The manipulation leads to expired pointer dereference. This vulnerability is handled as CVE-2023-26463. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Easy Digital Downloads Plugin up to 3.1.1.4.1 on WordPress. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-30869. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Easy Digital Downloads Sell Digital Files Plugin up to 3.2.5 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-51684. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Easy Digital Downloads Plugin up to 3.2.6 on WordPress. It has been classified as problematic. This affects an unknown part of the component Pricing Options Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-0659. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Themify Builder Plugin up to 7.0.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-24872. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in ESPHome 2023.12.9 and classified as critical. Affected by this issue is some unknown functionality of the component Configuration Directory Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-27081. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Coming Soon Page & Maintenance Mode Plugin up to 2.2.1 on WordPress. Affected is an unknown function of the component Maintenance Mode. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-1136. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Packing Slips for WooCommerce Plugin up to 1.3.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-1773. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in SAP NetWeaver AS Java 7.50. This affects an unknown part of the component Administrator Log Viewer Plug-In. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-22127. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.