25% вознаграждения за $44 млн: CoinDCX объявила охоту на хакеров
Куда пропали украденные миллионы и почему их всё ещё можно спасти?
Aggregator
论文摘要攻击:通过 LLM 安全论文破解大型语言模型
5 months ago
作者:Liang Lin, Zhihao Xu, Xuehai Tang, Shi Liu, Biyu Zhou, Fuqing Zhu, Jizhong Han, Songlin Hu
译者:知道创宇404实验室翻译组
原文链接:https://arxiv.org/html/2507.13474v1
内容警告:本文包含模型生成的不安全内容。
摘要
大型语言模型(LLMs)的安全性受到了...
走近 DMA — 三角洲里的天才少年
5 months ago
本文为私人文章,暂不公开
Tr0y
数万款小程序存在严重安全隐患,复旦团队推出白泽·鉴微平台,提供免费“安全体检”!
5 months ago
数字便捷的背后,是否也埋下了信息安全失控的导火索?复旦大学安全团队深度揭示小程序生态的系统性安全风险。
弱密码导致一家没有备份的 158 年英国公司倒闭
5 months ago
勒索软件组织 Akira 通过猜测员工的弱密码入侵了一家英国北安普敦郡运输公司 KNP 的计算机系统,加密系统勒索赎金。KNP 有 158 年历史,有 700 名员工。报道称,黑客没有披露赎金金额,一家专业勒索软件谈判公司估计赎金可能高达 500 万英镑。该公司没有这么多钱,以及显然没有备份,这起事件最终导致了公司倒闭。
Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices
5 months ago
Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1 […]
Pierluigi Paganini
CVE-2025-8019 | Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6 at/appy.cgi sub_40B6F0 wan_proto buffer overflow
5 months ago
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow.
This vulnerability is handled as CVE-2025-8019. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
SharePoint + админские права = подарок для APT41. Особенно в Африке
5 months ago
Один скрытый файл на корпоративном сервере позволил удалённо управлять всей инфраструктурой.
慢雾:面向香港稳定币发行人的智能合约实施指南
5 months ago
本指南提供清晰的技术路径与实践建议,支持香港稳定币生态的健康发展。
CVE-2025-8018 | code-projects Food Ordering Review System 1.0 reservation_page.php reg_Id sql injection
5 months ago
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection.
This vulnerability is known as CVE-2025-8018. The attack can be launched remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well.
vuldb.com
CVE-2025-8017 | Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList stack-based overflow
5 months ago
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2025-8017. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #619530: Shenzhen Rio Tinto Technology Co., Ltd. LBT-T300-T310 v2.2.3.6 Buffer Overflow [Accepted]
5 months ago
Submit #619530 / VDB-317222
wuee
SharePoint Under Siege: New Zero-Day (CVE-2025-53770) Actively Compromises 100+ Global Organizations
5 months ago
A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...
The post SharePoint Under Siege: New Zero-Day (CVE-2025-53770) Actively Compromises 100+ Global Organizations appeared first on Penetration Testing Tools.
ddos
Submit #619379: code-projects Food Ordering Review System 1.0 External Initialization of Trusted Variables or Data Stores [Accepted]
5 months ago
Submit #619379 / VDB-317221
iC0rner
雷神众测漏洞周报2025.7.14-2025.7.20
5 months ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
研究发现四天工作制显著提升幸福感
5 months ago
根据发表在《Nature Human Behaviour》期刊上的一项研究,在不减少收入的情况下,每周工作四天能增进员工工作满意度和身心健康,这得益于工作效率提升、疲劳度降低和睡眠问题减少。这些发现凸显出组织和政策制定者通过重新评估工作时长来改善员工福祉的潜力。为测试四天工作制(不减薪)干预的效果,研究人员开展了为期 6 个月的试验,涉及澳大利亚、加拿大、新西兰、英国、爱尔兰和美国 141 家组织的 2896 名雇员。利用调查数据,他们比较了干预前后的工作和健康相关指标(包括职业倦怠、工作满意度、心理和身体健康)。他们还将结果与另外 12 个没有尝试该措施的公司的 285 名雇员作了比较。结果显示,在采取 4 天工作制以后,平均每周工作时间减少了 5 小时。和继续每周工作 5 天的公司员工相比,每周工作时间减少 8 小时或以上的员工,自我报告倦怠感降低,工作满意度和精神健康改善。同样的效应在每周工作时长减少 1-4 小时和 5-7 小时的员工身上也被观察到,尽管效果相对较小。这些获益可以部分归因于睡眠问题减少、疲劳程度降低,以及个人工作能力提升。
Submit #619364: Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE [Accepted]
5 months ago
Submit #619364 / VDB-317220
liuchangwei
CVE-2025-7777 | mirror-registry Header Host injection
5 months ago
A vulnerability was found in mirror-registry and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to injection.
The identification of this vulnerability is CVE-2025-7777. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-7974 | Rocket.Chat information disclosure
5 months ago
A vulnerability has been found in Rocket.Chat and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure.
This vulnerability was named CVE-2025-7974. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-8015 | WP Shortcodes Plugin up to 7.4.2 on WordPress Image Title/Slide Link cross site scripting
5 months ago
A vulnerability, which was classified as problematic, was found in WP Shortcodes Plugin up to 7.4.2 on WordPress. This affects an unknown part. The manipulation of the argument Image Title/Slide Link leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-8015. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com