Aggregator

CVE-2026-6131 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setTracerouteCfg command os command injection

VulDB Recent Entries
2 months 1 week ago
A vulnerability categorized as critical has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. This vulnerability is cataloged as CVE-2026-6131. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-31413 | Linux Kernel up to 6.12.79/6.18.20/6.19.10/7.0-rc1/7.0-rc4 bpf maybe_fork_scalars runtime out-of-bounds (EUVD-2026-21717)

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.12.79/6.18.20/6.19.10/7.0-rc1/7.0-rc4. It has been rated as critical. Affected is the function maybe_fork_scalars of the component bpf. The manipulation of the argument runtime leads to out-of-bounds read. This vulnerability is listed as CVE-2026-31413. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

DDoS Attack Types Explained: Volumetric, Protocol, and Application Layer Attacks

Security Boulevard
2 months 1 week ago

Key Takeaways There are three main DDoS attack categories:  Volumetric (Layer 3), Protocol (Layer 4), and application layer (Layer 7) – each with different attack characteristics Each category requires a different mitigation approach, though the mitigation of layer 3/4 attacks is the same in majority of cases Application layer (L7) attacks are the hardest to […]

The post DDoS Attack Types Explained: Volumetric, Protocol, and Application Layer Attacks appeared first on Security Boulevard.

Israel Solomon

反腐如何影响餐饮业

Solidot
2 months 1 week ago
2012 年党中央发布了限制铺张浪费的八项规定(全称“十八届中央政治局关于改进工作作风、密切联系群众的八项规定”),为经济学家提供了罕见的机会观察反腐如何影响餐饮业的选址和整体经济格局。研究人员利用大众点评的数据,分析了 2010-2014 年间数十万条顾客评论和消费报告,记录了 120 个政府机关的地址,观察附近数万家餐厅的情况。结果显示,八项规定实施后,政府机关附近餐厅的生意立即下滑。顾客到访量下降 5.5%,人均消费下降 2.7%。这相当于北京餐厅每年损失约 4 亿美元的销售额。高档餐厅受到的冲击最大。到 2016 年,北京餐饮业的整体格局发生了改变。在整顿前,高档餐饮大多集中在政治权力中心附近,之后高档餐厅逐渐分散到普通商业区和居民区。这表明政治权力的地理分布直接改变地方经济格局。它以正常市场力量无法解释的方式将财富和资源聚集在一起。研究表明,政治权力会影响企业选址。研究还揭示了反腐的隐性成本,其经济影响远超预期目标。

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

The Hackers News
2 months 1 week ago
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
The Hacker News

CPUID 网站下载链接被劫持传播恶意程序

Solidot
2 months 1 week ago
提供 CPU-Z 和 HWMonitor 等流行免费系统分析工具的 CPUID 网站遭到入侵,导致用户在短时间内下载了恶意程序。用户首先通过社交媒体报告安装从 CPUID 下载的程序时杀毒软件弹出了警告。CPUID 网站随后证实,它使用的一个第三方 API 在 4 月 9-10 日期间被入侵了大约 6 个小时,导致主网站随机显示恶意链接。CPUID 提供的应用本身没有被纂改。攻击者主要针对 HWMonitor 用户,恶意版本包含了一个假的 CRYPTBASE.dll 文件,它会连接指令控制服务器下载更多恶意负荷。CPUID 表示问题已修复。

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

while(1);的top-down分析

宋宝华
2 months 1 week ago
这种极简循环里,它被定义为 Core Bound 的子项,表示“虽然我没卡住(0% Backend Bound),但我已经被这条单指令压榨到了单端口执行的极限”。指令在现代 CPU 中通常在前端就被处理掉(Nop-elimination),或者被分配到一个极其简单的微操作。frontend bound消除,backend bound到15.7%,84.2%的时间在retiring指令。这一半的 Slot 退休了(50% Retiring),另一半空着(50% Frontend Bound)。
21cnbao

Managed ad