Aggregator

美国版权局裁定，AI 辅助作品如果包含可感知的人类创意如创意修改或安排可获得版权保护，而完全由 AI 生成的内容仍然没有获得版权保护的资格。美国版权局的报告是基于 2023 年启动的 AI 和版权相关的意见征询，它收到了逾万条评论。它的报告称，一个人通过提示词让 AI 聊天机器人生成内容或 AI 图像生成器生成图像，并不能赋予该人对其作品进行版权保护的能力。

A Threat Actor claims to be Selling Data of an Unidentified Indian NEET Tuition Centre

TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows. The vulnerability is an improper neutralization of argument delimiters in the TeamViewer_service.exe component of TeamViewer […]

A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The manipulation of the argument user leads to sql injection. This vulnerability is known as CVE-2025-0882. The attack can be launched remotely. Furthermore, there is an exploit available.

Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server component, which would allow attackers to: Download files from the SimpleHelp server (e.g., log and configuration files) Use access credentials extracted from config files to authenticate to the server, elevate their privileges to admin, and upload files, … More →

The post SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs appeared first on Help Net Security.

Remote work is now an essential part of many businesses, requiring organizations to rethink how they provide secure and efficient access to corporate resources. Learn from TruGrid about the advantages of cloud-based RDP versus RDP over VPN, especially in the context of security, performance, and cost-effectiveness. [...]

A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. This vulnerability is traded as CVE-2025-0881. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The identification of this vulnerability is CVE-2025-0880. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #491463 / VDB-294127

​GitHub is mitigating an ongoing incident causing problems with multiple services, including performing pull requests, creating or viewing issues, and even viewing repositories and commits. [...]

Submit #489192 / VDB-294126

Submit #488716 / VDB-294125

A vulnerability has been found in Karl Ward Wards Files.gallery up to 0.11.0 and classified as critical. This vulnerability affects unknown code of the component Video File Handler. The manipulation leads to command injection. This vulnerability was named CVE-2024-53615. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in spanrig Embed Swagger UI Plugin up to 1.0.0 on WordPress. This affects the function wpsgui of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13700. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in efreja Music Sheet Viewer Plugin up to 4.1 on WordPress. Affected by this issue is the function pn_msv of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13670. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Red Hat Build of Keycloak, Data Grid, Fuse, JBoss Data Grid, JBoss Enterprise Application Platform, JBoss Enterprise Application Platform Expansion Pack, Process Automation and Single Sign-On. Affected by this vulnerability is an unknown functionality of the component Wildfly Server Role Based Access Control Provider. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-23367. The attack can be launched remotely. There is no exploit available.

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.