Aggregator

A vulnerability labeled as problematic has been found in Codeaurora Android-msm 3.16.1. The affected element is the function acdb_ioctl of the file audio_acdb.c. Executing a manipulation of the argument ioctl can lead to memory corruption. This vulnerability is registered as CVE-2013-2597. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in Apple iOS up to 7.1.2. The affected element is an unknown function of the component IOHIDFamily. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2014-4404. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Apple Mac OS X up to 10.9.3. The affected element is an unknown function of the component IOHIDFamily. Executing a manipulation can lead to memory corruption. This vulnerability appears as CVE-2014-4404. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.

人工智能（AI）不再仅仅是未来战争的问题。

Показываем, насколько просто стать жертвой взлома при выполнении рутинных задач.

IT has long been concerned with ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, too.

中国载人航天工程首批外籍航天员选拔工作于 2026 年 4 月上旬结束，2 名巴基斯坦籍候选对象 Muhammad Zeeshan Ali（穆罕默德·齐尚·阿里）和 Khurram Daud（胡拉姆·达乌德）最终入选。他们将作为预备航天员来华参加训练，在完成各项训练并通过考核后，其中 1 人将以载荷专家身份参加飞行任务，成为首位进入中国空间站的外籍航天员。2025 年 2 月，中巴在伊斯兰堡签署《关于选拔、训练巴基斯坦航天员并参与中国空间站飞行任务的合作协议》，随即正式启动巴基斯坦航天员选拔工作。经过初选、复选、定选三个阶段的严格筛选和评定，最终选拔出 2 名巴基斯坦预备航天员。

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 149. This impacts an unknown function of the component Web Codecs. Executing a manipulation can lead to uninitialized pointer. The identification of this vulnerability is CVE-2026-6748. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 149. The impacted element is an unknown function of the component HTML Component. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-6746. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

英国议会通过了法案 Tobacco and Vapes Bill，17 岁及以下儿童将面临终身禁止购买香烟的禁令。该法案旨在禁止商店向 2009 年 1 月 1 日之后出生的儿童出售烟草，阻止他们吸烟，最终目标是打造无烟一代。吸烟是可预防死因之一，该法案被视为是几十年来英国最大的公共卫生干预措施。

UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate

Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]

Толщина интерфейса — один атом. И мозг превращается в читаемую карту.

Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access […]

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works.

Prove has launched the Prove Identity Platform, turning identity verification into an ongoing, real-time process for users, businesses, and AI agents. AI agents are already initiating real transactions on behalf of real people. OpenAI and Stripe launched the Agentic Commerce Protocol in September. Visa named Anthropic, OpenAI, and Perplexity as agentic commerce partners. As that shift accelerates, the central question facing every organization becomes: Is this person real, and did they authorize this specific action, … More →

The post Prove Identity Platform connects verification, authentication, and fraud prevention appeared first on Help Net Security.

22 岁的 Sam 在印度医学院学习，经济拮据，父母资助的钱大部分花在执业资格考试上，他还在为毕业后移民美国存钱。他尝试了很多赚钱法，制作 YouTube 短视频，向其他医学院学生出售学习笔记等等，效果不一，他在浏览 Instagram 时突然产生了一个想法，为什么不用 Google Gemini 的 Nano Banana Pro 生成一个女孩，然后出售她的比基尼照片？然而他的 AI 女孩基本无人问津，他转而询问 Gemini 背后的原因。AI 指出他创造的是没有特色的性感女孩，需要与网络上数以百万计的类似女孩展开竞争。Gemini 帮助他挑选了一个非常有潜力的细分市场：MAGA/保守派。Gemini 指出美国保守派尤其是老年男性，通常拥有更高的可支配收入，而且更忠诚。Sam 于去年 1 月创建了 Emily Hart（@emily_hart.nurse），一名注册护士，长相类似 Jennifer Lawrence，他在发布照片时配上了很多反对自由派和支持保守派的口号，如“基督是王，堕胎是谋杀，非法移民必须被遣返”之类。Sam 从未去过美国，但却成为 MAGA 思想的忠实拥护者，他说自己每天都会写支持基督教、支持第二修正案、拥护生命权、反堕胎、反觉醒主义和反移民的文章。虽然他觉得自己的骗局过于明显，但他的账号却爆红了。他发布的每则 Reels 视频都能获得 300 万、500 万、1000 万的观看量，算法在推荐此类内容。由于 OnlyFans 限制 AI 模特，因此他在不限制 AI 的平台 Fanvue 发布了 AI 生成的软色情，依靠 Fanvue 订阅收入和 MAGA 主题 T 恤销售，他每月赚到了数千美元。Emily Hart 是众多 AI 生成的 MAGA 女网红之一，此类网红都是基于特定模板生成的：白人金发，从事应急救援工作如警察、消防员或急救员，言论都是常见的右翼观点。MAGA 女网红比较罕见，因为 18-29 岁的女性绝大多数倾向于自由派，年轻 MAGA 女性更能吸引保守派男性眼球。自由派对 AI 的识别度更高，Sam 尝试过生成自由派女网红，根本没有互动。他曾收到一则视频，一名男子对着 Emily 的照片自慰，对方给了 50 美元小费，他的感觉就是“随你便”。@emily_hart.nurse 账号在今年 2 月被 Instagram 以存在欺诈行为为由封禁。Sam 说即使没封他也打算收手了，他需要将重心转移到学业上。