Aggregator

作者：Sarthak Choudhary, Nils Palumbo, Ashish Hooda, Krishnamurthy Dj Dvijotham, Somesh Jha 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2506.04390v1 摘要 检索增强型生成（RAG）系统容易受到攻击，攻击者会在检索到的文档集中注入被篡改的段落，即使在很...

塑料污染已成为普遍存在的环境问题；全球海洋垃圾中的大部分是塑料碎片，后者已被证实对海洋生物、生态系统及沿海经济构成严重威胁。大部分塑料污染源自陆地，它们是通过河流、污水或刮风进入海洋的。在进入海洋系统的塑料制品中，一次性塑料购物袋的危害尤为严重；为遏制此类污染，各地已实施从收费到全面禁用等多种政策措施。研究人员就美国塑料袋禁令和收费政策对减少海岸线塑料袋垃圾数量的影响进行了评估。作者发现：与未实施此类法规的地区相比，塑料袋管制法规使得清理过程中收集的塑料袋在垃圾中的占比下降了 25% 至47%。塑料袋管制政策或能使野生动物缠绕事件减少 30% 至 37%。研究结果显示，对消费者收取塑料袋使用费的政策可能是减少塑料垃圾最有效的手段。

A vulnerability was found in Custom Post Carousels with Owl Plugin up to 1.4.11 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-5125. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

漏洞管理系统一个基于 Vue 3 和 FastAPI 的漏洞管理系统，用于管理和追踪安全漏洞。主要是为了解决

对美国科罗拉多州恐龙岭恐龙脚印的分析显示，恐龙求偶时可能也会跳舞。研究报告发表在《Cretaceous Research》期刊上。恐龙岭出土了大量标志性恐龙化石。研究人员利用航拍照片分析了恐龙留下的大量痕迹。总的来说，这些痕迹可分为两大类。第一类呈碗状，形状模糊不清；第二类占大多数，它们更长、更细，有时还会相互重叠。Buntin和同事发现，这些刮痕分布密集且出现在不同的地层中，这表明该地点曾被同一种类的恐龙多次光顾。这些痕迹也呈现出独特的模式。一些印记显示，恐龙在用爪子刮擦地面时可能顺时针转体，这表明它们在跳一种独特而重复的舞蹈。圆形的凹痕表明，这些刮痕后来可能被改造成了巢穴，筑巢行为在现代某些鸟类中很常见。跳舞的恐龙可能是似鸟龙—— 一种类似鸵鸟的食草动物，或者是棘龙—— 一种类似霸王龙的恐龙。

近日，由腾讯安全云鼎实验室等主办的“锋刃无影·御见未来”第4期安全技术沙龙在长沙圆满落幕！

威胁猎人最新监测显示，2025年6月至少三类贷款产品正遭遇不同类型的黑产团伙批量攻击，涉及银行信用贷、互联网信贷产品、小微企业贷等多个业务场景..

任天堂游戏机 Switch 2 尚未在中国大陆正式发售，但多个大型电商平台上都有香港版出售，价格多在 4000 元人民币以上。与香港的售价以及在日本出售的多语言版相比，价格普遍偏高。任天堂解释称：“在中国大陆尚未销售 Switch 2。在香港是通过子公司在进行官方销售”。京东社媒官方账号介绍，Switch 2 与全球销售同步，在 6 月 5 日上线，称这是“任天堂官方授权首批货源”。分析师表示“在中国大陆仍有增长空间。虽然大陆的游戏机爱好者有限，但热度很高，消费者愿意为进口版支付溢价”。第一代 Switch 由腾讯代理，对于是否代理第二代 Switch，腾讯未正面回应。

A vulnerability classified as problematic was found in ImageMagick 7.1.0-4. Affected by this vulnerability is the function ReadEnhMetaFile of the file coders/emf.c. The manipulation leads to divide by zero. This vulnerability is known as CVE-2021-40211. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Mozilla Firefox up to 120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component NSS NIST Curve Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2023-6135. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD Ryzen and EPYC. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Vector Register File Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-20593. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Node.js. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Experimental Policy Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-30584. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component AMD. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-20569. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges with IoT visibility, security, and new regulations. For CISOs building or improving an IoT security strategy, what should be the top 3 priorities? 1. First off, creating an IoT infrastructure that matches … More →

The post Strategies to secure long-life IoT devices appeared first on Help Net Security.

6月24日16：00不见不散！

DanaBleed漏洞是在2022年6月随DataBot 2380版本引入的，该版本新增了一个命令和控制（C2）协议。

1.Qilin勒索团伙公布了新的受害公司 2.Play勒索团伙公布了新的受害者 3.INC Ransom团伙公布新的受害公司

Браузер, который не знает о вас ничего, теперь знает всё о мошенниках.

本文约4029字，预计阅读时间12分钟。2025年6月11日普老板在克里姆林宫举行会议，审查2027-2036年俄国家军备计划草案的主要参数。

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argument firstname leads to sql injection. This vulnerability is known as CVE-2025-6394. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.