Aggregator

Таиланд открывает коридор свободы для тысяч жертв кибермафии.

微软去年底为其经典应用记事本（Notepad）引入了 AI 文本重写功能，用户可选择文本然后右键菜单里选择重写或者使用快捷键 Ctrl + I。现在微软已将该功能置于付费墙之后，要求用户订阅了 Microsoft 365 Personal 或 Family 方案才能访问该功能。使用记事本的 AI 重写功能将需要用户登录账号并且其订阅计划包含足够的“AI 积分”。如果用户不订阅微软的服务，他们可选择禁用该功能并隐藏其图标。

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.58/6.11.5. Affected by this issue is the function smb2_set_ea of the file fs/smb/client/smb2ops.c. The manipulation leads to double free. This vulnerability is handled as CVE-2024-50152. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.5. It has been declared as problematic. Affected by this vulnerability is the function reset_control_status. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2024-50137. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.5. This affects the function bpf_parse_param. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2024-50165. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.6. This affects the function alloc_tag_module_unload of the file net/netfilter/nf_nat_core.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-50212. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.5 and classified as problematic. Affected by this issue is the function run_job of the component drm. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-50149. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.10/6.12.1. This affects the function f2fs_submit_page_bio in the library f2fs.ko. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2024-53221. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Wireshark up to 4.2.10/4.4.3. Affected by this issue is some unknown functionality of the component Bundle Protocol/CBOR Dissector. The manipulation leads to uncontrolled recursion. This vulnerability is handled as CVE-2025-1492. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

劫持有风险。。。

劫持有风险。。。

惠普以 1.16 亿美元收购了 AI 硬件创业公司 Humane 的大部分资产，Humane 立即停售了 499 美元的产品 AI Pins。它通知其客户，AI Pins 将在 10 天内停止工作。AI Pins 将能正常工作到 2 月 28 日 12PM PT，之后客户将无法访问其设备的所有功能，包括但不限于呼叫、消息、AI 查询和云端访问。Humane 建议客户在 2 月 28 日前下载存储的任何数据，它计划在关闭服务器的同时永久删除所有客户数据。

赛博赌狗如何挑战超长公式，破解公式中52位长度的密码（flag）。

A vulnerability has been found in SAP Internet Graphics Service and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PARAMS leads to basic cross site scripting. This vulnerability is known as CVE-2007-3613. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Lumu announced Playback feature for Managed Service Providers (MSPs). Playback collects, analyzes and stores network metadata including network logs, and turns them into actionable threat intelligence. This enterprise-grade technology is widely adopted by the financial sector, healthcare, government, and education, and is now being made available to the MSP market and its SMB clients. Playback enables MSPs to efficiently meet compliance requirements, and strengthen threat detection while significantly reducing operational costs. Via a self-service experience, … More →

The post Lumu Playback strengthens threat detection appeared first on Help Net Security.

A vulnerability has been found in Adobe Substance3D Modeler up to 1.14.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-53005. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.21. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-43755. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe InDesign Desktop up to 18.5.4/19.5. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-49546. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe InDesign Desktop up to 18.5.4/19.5. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-49547. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.