Aggregator

研究人员发现，常用的丁腈橡胶和乳胶实验室手套会释放与微塑料相似的硬脂酸盐颗粒，可能会在研究微塑料污染时高估其含量。实验室手套会无意中将颗粒转移到用于分析空气、水等样本的实验室工具上。研究人员建议使用洁净室手套，这种手套释放的颗粒要少得多。硬脂酸盐是一种类肥皂的盐基物质，被添加到一次性手套中，以帮助其在制造过程中轻松与模具分离。由于其化学性质与部分塑料相似，在实验室分析中会难以区分，增加了研究微塑料污染时出现假阳性的风险。

This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls

#数学思维 梯形ABCD，AD∥BC、AE/EB=m/n、AD=a、BC=b、S(ABCD)=S，求S△CDE。 看到有人扯“梯形一半模型”，那个太窄，这个更一般化。

The OpenSSH project released version 10.3 and 10.3p1 on April 2, 2026, addressing a shell injection vulnerability and introducing several security-hardening changes that administrators should review before upgrading. The most notable security fix targets a shell injection vulnerability in the -J (ProxyJump) command-line option. Prior to this release, user and host names passed via -J […]

The post OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security Issues appeared first on Cyber Security News.

A seemingly routine procurement email has become the entry point for a sophisticated six-stage malware attack targeting industrial suppliers and procurement teams. The campaign, tracked as NKFZ5966PURCHASE, disguises itself as a Boeing Request for Quotation (RFQ) from a person named “Joyce Malave,” luring victims into opening a malicious Word document. Once opened, the file silently […]

The post Hackers Abuse DOCX, RTF, JS, and Python in Stealthy Boeing RFQ Malware Campaign appeared first on Cyber Security News.

OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack rekeying support will fail when they attempt to interoperate with OpenSSH going forward. The project removed the bug-compatibility code that previously allowed such implementations to keep working. Deployments running non-standard or legacy SSH software should verify rekeying … More →

The post OpenSSH 10.3 patches five security bugs and drops legacy rekeying support appeared first on Help Net Security.

A vulnerability was found in Philips MRI 1.5T and MRI 3T 5.x. It has been rated as problematic. This vulnerability affects unknown code. Performing a manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2021-26248. The attack requires a local approach. No exploit exists.

A vulnerability categorized as critical has been discovered in Philips MRI 1.5T and MRI 3T 5.x. This issue affects some unknown processing. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2021-26262. The attack requires local access. There is no available exploit.

A vulnerability was found in Philips MRI 1.5T and MRI 3T 5.x. It has been declared as problematic. Impacted is an unknown function. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2021-42744. The attack needs to be launched locally. No exploit is available.

A vulnerability categorized as problematic has been discovered in CryoutCreations Verbosa Plugin up to 1.2.3 on WordPress. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-44050. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Johan van der Wijk Content Blocks Plugin up to 3.3.5 on WordPress. The impacted element is an unknown function of the component Custom Post Widget. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-44051. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in CryoutCreations Septera Plugin up to 1.5.1 on WordPress. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-45452. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in CryoutCreations Roseta Plugin up to 1.3.0 on WordPress. This impacts an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-45451. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in WP Sunshine Sunshine Photo Cart Plugin up to 3.2.5 on WordPress. Affected is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2024-43971. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in highwarden Super Store Finder Plugin up to 6.9.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-43975. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in WP Royal Royal Elementor Addons Plugin up to 1.3.982 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-44001. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in PickPlugins Team Showcase Plugin up to 1.22.25 on WordPress. This affects an unknown part. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-44002. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LikeBtn Like Button Rating Plugin up to 2.6.54 on WordPress. It has been declared as problematic. Affected is an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-44064. The attack can be launched remotely. No exploit exists.

Вашингтон осознал, что защита резиденции Пита Хегсета —  дырявая.

Удастся ли Рунету отключить VPN-пользователей к 15 апреля?