Aggregator

四名大众公司前高管周一因柴油门排放丑闻被判欺诈罪，两人被判监禁，两人被判缓刑。柴油门排放丑闻于 2015 年 9 月首次被披露，美国环保署发现大众制造的柴油汽车安装了作弊装置，当装置检测到汽车在进行排放测试时会降低性能以达到排放标准，而在实际驾驶中汽车的排放远超过限额。柴油门是汽车史上最大的企业丑闻之一，大众在 2020 年承认由于罚款和为和解而缴纳的费用它损失了逾 300 亿欧元。

基于HTTP/2服务器推送和签名HTTP交换的跨源Web攻击 by ourren

加密货币交易所安全风险 by ourren

更多最新文章，请访问SecWiki

И даже трейлера не будет.

A vulnerability was found in Yifang CMS 2.0.2. It has been classified as critical. This affects an unknown part of the file /api/file/getRemoteContent. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-45887. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Jan up to 0.5.14 and classified as critical. Affected by this vulnerability is the function shell.openExternal of the component Conversation Handler. The manipulation leads to code injection. This vulnerability is known as CVE-2025-29509. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user_proposal_update_order.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-46193. It is possible to launch the attack remotely. There is no exploit available.

Mozilla 释出了 Firefox 139.0。主要新特性包括：显著改进了 HTTP/3 连接的上传性能；支持扩展页的整页翻译；粘贴时保留 PNG 图像的透明度；支持 WebAuthn largeBlob 扩展；默认禁用的实验性功能如优先任务调度、View Transition API 等等。

A vulnerability was found in Vercot Serva32 2.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2013-0145. The attack can be launched remotely. Furthermore, there is an exploit available.

宾夕法尼亚大学工程学院化学工程实验室创造了一种新型纳米结构材料，能从空气中收集水分，水收集在孔隙中然后释放到表面，整个过程无需外部能量（其他人对此说法持有异议，认为仍然有能量需求，否则它就是某种永动机了）。研究报告发表在《Science Advances》期刊上。研究人员称这种新材料可用于在干旱地区收集空气中的水，或者用于利用蒸发能量冷却电子设备或建筑物的设备。研究人员称，他们的研究目的最初不是收集水，而是测试亲水纳米孔和疏水聚合物的组合，结果一名前博士生注意到了测试材料上的水滴。这种材料将亲水性和疏水性融合在一个独特的纳米级结构中，既能从空气中捕获水分，又能同时将水分以水滴的形式排出。

A vulnerability was found in GNU screen 5.0.0. It has been classified as critical. Affected is an unknown function of the component PTY. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-46803. An attack has to be approached locally. There is no exploit available.

比尔和梅林达·盖茨基金会、全球疫苗免疫联盟、疫苗联盟、威康信托基金和流行病防范创新联盟是啥关系？

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…

Alleged Sale of 100,000 Credit Cards

A vulnerability was found in Apple tvOS up to 10.2.1. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-7049. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.183/6.1.139/6.6.91/6.12.29/6.14.7. It has been rated as critical. This issue affects the function Change of the component net_sched. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37992. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #583012 / VDB-278773

How I wrapped large-language-model power in a safety blanket of secrets-detection, chunking, and serverless scale.

The post Building a Secure LLM Gateway (and an MCP Server) with GitGuardian & AWS Lambda appeared first on Security Boulevard.