Aggregator

A vulnerability classified as problematic has been found in Google Android 10.0/11.0/12.0/13.0. Affected by this vulnerability is the function onPackageRemoved of the file AccessibilityManagerService.java. This manipulation causes incorrect control flow. This vulnerability is registered as CVE-2023-20921. The attack needs to be launched locally. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability labeled as problematic has been found in Google Android 10.0/11.0/12.0/13.0. This affects the function queue of the file UsbRequest.java. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2023-20920. The attack is restricted to local execution. No exploit exists. It is best practice to apply a patch to resolve this issue.

你以为 AI 在帮你节约时间，真实情况是 在 AI 加持下的算法，让你越发沉迷于短视频、游戏、信息流里不可自拔 默认情况下，AI 用更冗长的语言，给了你更多信息，但是信息真伪、质量鉴别还需要你自己来 默认情况下，AI 帮你生成的代码会让你很快抵达 WoW 的高潮，但那些代码的可读性、可维护性可能堪忧 你以为必须紧跟时代学习各种新产品新名词，真实情况是 你最好知道自己要用 AI 干什么——绝大多数人不知道 AI 能解决自己的什么问题，对着一个对话框，提不出有价值的问题 你最好先能深度使用好一款产品，至少让它提供的价值远超你的时间和金钱投入，而不是每个东西浅尝辄止 你以为只用 AI 就能解决问题，真实情况是 世界上还有大量的领域无需 AI 没办法很好地解决问题 世界上还有大量的工具可以使用——AI 只是工具的一种，可能是最先进的，可能 AI 已经可以使用工具了，但你最好也还会使用多种工具 你以为 AI 已经回答了你的问题，真实情况是 你不知道答案的真伪 你有可能没有仔细看过 AI 提供的内容——虽然每个 Deep Research 看上去都那么专业 你大概率还没有思考、得出自己的结论、做出有效的决策 尤其是：AI 回答了你的问题，但你拿到结果了吗？ 你以为有了 AI，写作、英语、编程就不重要了，真实情况是 写作能力和英语能力以及编程能力可能更重要了——你必须把这些技能内化 否则，它替你思考，你却失去了思考的能力 我们以为自己比 AI 聪明，我猜情况可能是 AI 比我们聪明。 我们不是要善用 AI，而可能是要善于向 AI 借力——配合 AI 最好假设 AI 还会进步，来到自己的行业，它需要什么？我们做好准备

Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting…

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

The post Google patches two Android zero-days, 120 defects total in September security update appeared first on CyberScoop.

Две несовместимые вселенные синхронизированы благодаря уникальному “переводчику”.

在 XZ 后门事件中，化名为 JiaT75(Jia Tan)的攻击者通过在两年多时间里向项目积极贡献代码而获得信任，然后再通过施压而最终成为项目的共同维护者，得到了能悄悄在代码中植入后门的权限。在以大模型为代表的生成式 AI 时代，贡献代码可能比以往任何时候更轻松，这意味着攻击者可以使用大模型向开源项目积极贡献代码，而项目的维护者将难以判断代码背后的人的意图。开源项目的维护者缺乏资源、技能或时间去抵御此类的攻击，因此未来的开源项目可能更容易受到类似 XZ 后门事件的攻击。

Alleged Sale of RDWeb Access to a Singapore Engineering Services Company

Ten-year extensions of a threat information sharing law and a cybersecurity grant program for states and localities won bipartisan approval in the House Homeland Security Committee.

In a 2-1 decision, an appeals court upheld a 1935 Supreme Court precedent restricting the president’s ability to fire FTC commissioners. 

The post Court rules ‘fired’ FTC commissioners be reinstated — again appeared first on CyberScoop.

Пластиковая коробка за 30 долларов работает точнее кардиографа за сто тысяч.

A vulnerability was found in Drupal Mailjet up to 4.0.0. It has been classified as problematic. This affects an unknown part. Performing manipulation results in deserialization. This vulnerability is identified as CVE-2024-13296. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Drupal Eloqua up to 7.x-1.14. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. This vulnerability is listed as CVE-2024-13297. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in n8n up to 1.105.x. Affected by this vulnerability is an unknown functionality. This manipulation causes symlink following. This vulnerability is handled as CVE-2025-57749. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Tenda AC15 15.03.05.19_multi_TD01. It has been rated as critical. This issue affects the function fromSetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The identification of this vulnerability is CVE-2025-55564. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda i22 1.0.0.3(4687). It has been rated as critical. This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-9297. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in Microsoft Teams. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2025-53783. Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as problematic has been found in Microsoft Exchange Server. Impacted is an unknown function. Executing manipulation can lead to information disclosure. This vulnerability appears as CVE-2025-33051. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.