Aggregator

最近返乡陪父母待了些天。之前说过，与父母在一起，三五天内，温情脉脉。时间再长，往往容易有些小冲突。

HackerNews 编译，转载请注明出处： 知名研究员Haifei Li发现一份疑似利用未修补Adobe Reader零日漏洞的PDF文件，正寻求网络安全社区协助调查这一复杂的PDF利用程序。 Haifei Li是资深安全研究员，过去二十年曾在Fortinet、微软、McAfee和Check Point任职，也是基于沙盒的零日漏洞检测系统Expmon的创始人兼开发者。 Expmon检测到这一新型Reader利用程序，分析显示该PDF“作为初始利用程序，具备收集和泄露各类信息的能力，可能随后执行远程代码执行（RCE）和沙箱逃逸（SBX）利用”。 研究员认为该PDF利用零日漏洞，因为攻击已确认对最新版Adobe Reader有效。 虽然Li确认已识别的利用程序会从受入侵系统收集用户及其他数据，但未能复现完整攻击链，获取可能用于沙箱逃逸或远程代码执行的额外载荷。 SecurityWeek已联系Adobe，但考虑到公司仅在4月7日左右收到利用详情，评估可能需要一定时间。 针对该潜在零日的利用程序已提交至Expmon和VirusTotal。VirusTotal上识别的一份样本于2025年11月提交，表明该漏洞至少已被利用4个月。 一位审查该利用程序的威胁情报分析师指出，恶意PDF包含俄语诱饵，并提及俄罗斯油气行业的时事。 Adobe近年来多次致谢Li报告Reader和Acrobat漏洞，包括关键代码执行缺陷。然而，对于2024年发现的Reader漏洞CVE-2024-41869，在Li报告发现明显试图武器化该漏洞的PDF后，Adobe未确认野外利用。 消息来源：securityweek.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： RSAC研究人员发现一种高成功率绕过苹果Apple Intelligence AI安全协议的方法。 Apple Intelligence是深度集成于iOS、iPadOS和macOS的个人智能系统，结合生成式AI与个人上下文。它主要通过紧凑的端侧大语言模型在苹果芯片上直接处理任务，利用用户独特上下文（消息、照片和日程）为系统级写作工具和Siri等功能提供支持。对于更复杂的推理，它通过私有云计算将请求卸载至苹果专用云基础设施上的更大基础模型。 RSAC研究团队对Apple Intelligence进行了安全审查，试图绕过端侧大语言模型的输入输出过滤器（用于阻止恶意输入和防止不良输出）及内部防护栏以影响其行为。 为此，他们结合两种对抗技术。第一种是Neural Execs——一种已知的提示注入攻击，使用”乱码”输入欺骗AI执行攻击者定义的任意任务，这些输入作为通用触发器无需针对不同载荷重新制作。 第二种方法是Unicode操纵。研究人员通过将恶意输出文本反向书写并使用Unicode从右至左覆盖功能，成功绕过内容限制。”本质上，我们将恶意/冒犯性英文输出文本反向编码，使用Unicode技巧强制大语言模型正确渲染，”研究人员解释。 结合两种方法可使攻击者强制端侧Apple Intelligence大语言模型生成冒犯性内容，或更关键地，操纵与Apple Intelligence集成的第三方应用中的私有数据和功能，如健康数据或个人媒体。 该攻击经100个随机提示测试，成功率达76%。研究人员估计，10万至100万用户已安装可能易受此类攻击的应用。 “RSAC估计，截至2025年12月，消费者手中已有至少2亿台支持Apple Intelligence的设备，苹果应用商店已出现使用Apple Intelligence的应用——因此它已成为高价值目标，”研究人员指出。 苹果于2025年10月接到通知，据RSAC研究，防护措施已在近期iOS 26.4和macOS 26.4中推出。研究人员尚未发现恶意利用的证据。 消息来源：securityweek.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 欧洲铁路旅行公司Eurail正在通知超过30万人，其个人信息在2025年12月的数据泄露事件中被盗。 该事件最初于1月披露，当时公司警告称可能持有Eurail通票的客户受到影响。黑客入侵这家荷兰公司的网络后，窃取了包含基本身份和联系信息的文件。 2月，一名黑客在明网网络犯罪网站上吹嘘从Eurail的AWS S3、Zendesk和GitLab实例窃取约1.3TB数据，包括源代码、支持工单和数据库备份。黑客声称窃取了数百万Eurail/Interrail客户的个人信息，与旅行公司的谈判已失败。 3月初，Eurail确认黑客一直在暗网出售被盗数据，并在其Telegram频道发布了样本数据集。公司还表示不存储银行或信用卡信息，也不存储护照视觉副本。 上周，Eurail向多个美国州检察长办公室提交泄露通知，披露攻击中姓名和护照号码被盗。公司告诉俄勒冈州检察长办公室，数据泄露仅影响308,777人，正在向可能受影响个人发送书面通知。 消息来源：securityweek.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 荷兰医疗软件供应商ChipSoft遭受勒索软件攻击，被迫下线其面向患者和医疗机构的网站及数字服务。 ChipSoft是荷兰大型电子健康记录（EHR）系统供应商，其旗舰平台HiX被众多荷兰医院使用。 本周早些时候，Reddit用户报道称这家医疗行业数字解决方案开发商遭遇网络安全事件。当地媒体证实，ChipSoft向医疗机构发布的内部备忘录显示公司遭网络攻击，警告”可能存在未授权访问”。 据报道，该IT服务提供商向医疗中心运营商保证正在采取一切措施”尽可能限制不利影响”，同时建议他们在清理完成前断开与其系统的连接。 昨日，荷兰医疗网络安全计算机应急响应小组（Z-CERT）宣布ChipSoft遭受勒索软件事件影响。该机构表示正与公司及医疗机构合作，识别影响并协助恢复。 作为预防措施，ChipSoft禁用了所有与其Zorgportaal、HiX Mobile和Zorgplatform数字医疗服务的连接。 虽然荷兰部分媒体称大多数面向患者的系统正常运行，但也有多份报告称各医院相同系统无法使用。已确认的系统中断报告涉及Weert的Sint Jans Gasthuis、Roermond的Laurentius、Venlo的VieCuri医院以及Almere的Flevo医院。 BleepingComputer已联系ChipSoft询问事件详情，但截至发稿未获回复。 针对医疗IT系统提供商的网络攻击对威胁行为体极具破坏性和牟利性，因为这些公司运营多个医疗中心的信息枢纽，管理大量敏感数据。 上月，医疗IT公司CareCloud披露数据泄露事件，暴露敏感数据并导致数小时服务中断。2026年3月初，Cognizant的医疗IT公司TriZetto Provider Solutions遭受数据泄露，超过340万人的敏感信息外泄。 消息来源：bleepingcomputer.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Павел Дуров заявил, что громкие обещания приватности расходятся с реальной практикой сервиса.

A vulnerability, which was classified as problematic, has been found in Lana Email Logger Plugin up to 1.0.2 on WordPress. The affected element is an unknown function of the component Email Subject Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2023-3166. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in GD Mail Queue Plugin up to 3.9.3 on WordPress. It has been declared as problematic. This impacts an unknown function of the component Email Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-3122. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in YaySMTP Plugin up to 2.4.5 on WordPress. This affects an unknown function of the component Email Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-3093. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in MStore API Plugin up to 3.9.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Firebase Server Key. The manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2023-3202. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in MStore API Plugin up to 3.9.6 on WordPress. It has been rated as problematic. Impacted is an unknown function of the component Order Title Update. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2023-3199. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Mailtree Log Mail Plugin up to 1.0.0 on WordPress. Impacted is an unknown function of the component Email Subject Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2023-3135. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Mail Queue Plugin up to 1.1 on WordPress. The affected element is an unknown function of the component Email Subject Handler. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2023-3167. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as problematic has been reported in About Me 3000 Widget Plugin up to 2.2.6 on WordPress. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-3369. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Advanced Popups Plugin up to 1.1.1 on WordPress. Affected by this issue is the function metabox_popup_save. The manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2021-4421. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in User Registration Plugin up to 3.0.1 on WordPress. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument profile-pic-url results in deserialization. This vulnerability is reported as CVE-2023-3343. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as critical has been identified in User Registration Plugin up to 3.0.2/3.0.2.1 on WordPress. Affected by this issue is the function ur_upload_profile_pic. Executing a manipulation can lead to unrestricted upload. This vulnerability appears as CVE-2023-3342. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Buy Me a Coffee Plugin up to 3.6 on WordPress. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-2082. The attack is possible to be carried out remotely. No exploit exists.

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including