2023 年的海洋热浪史无前例
2023年全球海洋热浪创纪录,强度、持续时间和规模均达新高,影响北大西洋、热带太平洋等区域,覆盖96%海洋表面。异常高温峰值达1.63℃,可能预示气候系统临界点临近。
Aggregator
2023 年的海洋热浪史无前例
1 month 4 weeks ago
发表在《科学》期刊上的研究显示,2023 年全球海洋热浪的强度、持续时间和规模都达到了前所未有的程度。2023 年,全球多个区域(包括北大西洋、热带太平洋、南太平洋和北太平洋)都经历了极端海洋热浪。研究人员利用卫星观测和海洋再分析数据进行了全性球分析。研究结果显示,2023 年的海洋热浪在强度、持续时间和地理范围上均创下了新的纪录:其持续时间是历史平均水平的四倍,其覆盖面为全球 96% 的海洋表面。从区域面积来看,最强的升温区域发生于北大西洋、热带东太平洋、北太平洋和西南太平洋,这些区域合计占海洋异常高温面积中的 9 成。北大西洋的海洋热浪早在 2022 年中期就已经开始并持续了 525 天;而西南太平洋的海洋热浪事件则以其极大的空间范围和超长的持续时间打破了先前的记录。在热带东太平洋厄尔尼诺现象开始期间,异常高温的峰值达到了 1.63 摄氏度。研究人员认为,2023年的海洋热浪可能标志着海洋-大气动力学的根本性转变,它可能是地球气候系统即将达到临界点的一个早期预警。
What 50 companies got wrong about cloud identity security
1 month 4 weeks ago
Most organizations still miss basic identity security controls in the cloud, leaving them exposed to breaches, audit failures, and compliance violations. A new midyear benchmark from Unosecur found that nearly every company scanned had at least one high-risk issue, with an average of 40 control failures per organization. Top compliance violations and business impact (Source: Unosecur) The report analyzed diagnostic scan data from 50 enterprises across industries and regions between January and June 2025. Unlike … More →
The post What 50 companies got wrong about cloud identity security appeared first on Help Net Security.
Anamarija Pogorelec
ZDI-CAN-27507: Net-SNMP
1 month 4 weeks ago
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'buddurid' was reported to the affected vendor on: 2025-07-25, 59 days ago. The vendor is given until 2025-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-27783: Gemini MCP Tool
1 month 4 weeks ago
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Research' was reported to the affected vendor on: 2025-07-25, 59 days ago. The vendor is given until 2025-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-27263: Microsoft
1 month 4 weeks ago
A CVSS score 7.5 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-07-25, 59 days ago. The vendor is given until 2025-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-27289: Microsoft
1 month 4 weeks ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'lyntc and _ozb_' was reported to the affected vendor on: 2025-07-25, 59 days ago. The vendor is given until 2025-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-27311: Microsoft
1 month 4 weeks ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N severity vulnerability discovered by 'lytnc (Len Sadowski) and _ozb_ (Oguz Bektas)' was reported to the affected vendor on: 2025-07-25, 59 days ago. The vendor is given until 2025-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
Methods to Bypass OTP in Mobile Apps: Successful VAPT Scenarios
1 month 4 weeks ago
Corrupted MP4 file after about two hours.
1 month 4 weeks ago
一位用户分享了一个iPhone录制的家庭度假视频问题。视频在1小时40分钟处冻结,无法播放剩余部分。尽管文件大小为7GB且没有备份,但使用FFmpeg仅能恢复51秒。错误提示显示数据可能损坏或丢失。
Need help deobfuscating multilayered JavaScript unicode/homoglyph → charcode → base64? (Potentially different or deeper layered)? [for educational analysis]
1 month 4 weeks ago
这篇文章描述了作者分析一个高度混淆的JavaScript文件的过程,该文件用于浏览器游戏,采用了多层编码技术,包括unicode同形符、十六进制转储、字符编码和base64等。作者尝试使用工具如CyberChef和BinVis进行解码,但未能完全破解所有层,怀疑存在XOR加密或自定义压缩。作者寻求有经验的JavaScript逆向工程师帮助,并提供了一个代码片段作为挑战,希望有人能将其解码为可读的JS代码。
Sinkholing Suspicious Scripts or Executables on Linux, (Fri, Jul 25th)
1 month 4 weeks ago
文章介绍如何利用Linux的网络命名空间和虚拟以太网接口创建隔离环境分析可疑代码的方法。通过配置默认路由和使用tcpdump捕获流量实现网络隔离。此方法有效但仅限于网络流量隔离。
GitHub Spark доказывает: лучший код — тот, который не нужно писать
1 month 4 weeks ago
Инструмент доступен в тарифе Copilot Pro+.
HelloGookie
1 month 4 weeks ago
You must login to view this content
cohenido
Six months into DORA, most financial firms are still not ready
1 month 4 weeks ago
It’s been six months since the EU’s Digital Operational Resilience Act (DORA) came into effect, but a new Censuswide survey shows that nearly all financial services organizations in EMEA still feel unprepared. An overwhelming 96% of respondents said their current level of data resilience isn’t where it needs to be. The survey, which gathered input from senior IT decision-makers in the UK, France, Germany, and the Netherlands, paints a clear picture: financial institutions are still … More →
The post Six months into DORA, most financial firms are still not ready appeared first on Help Net Security.
Help Net Security
CVE-2024-56671 | Linux Kernel up to 6.12.5 Setting probe irq_chip.name initialization (Nessus ID 233479 / WID-SEC-2024-3762)
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.5. It has been rated as problematic. Affected by this issue is the function probe of the component Setting Handler. The manipulation of the argument irq_chip.name leads to improper initialization.
This vulnerability is handled as CVE-2024-56671. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-56681 | Linux Kernel up to 6.12.1 bcm ahash_hmac_init allocation of resources (Nessus ID 216224 / WID-SEC-2024-3762)
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.1. It has been declared as problematic. This vulnerability affects the function ahash_hmac_init of the component bcm. The manipulation leads to allocation of resources.
This vulnerability was named CVE-2024-56681. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-56666 | Linux Kernel up to 6.12.5 DRM pqm_uninit return value (WID-SEC-2024-3762)
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.5 and classified as problematic. This issue affects the function pqm_uninit of the component DRM. The manipulation leads to unchecked return value.
The identification of this vulnerability is CVE-2024-56666. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-56668 | Linux Kernel up to 6.12.5 __cache_tag_assign_domain null pointer dereference (WID-SEC-2024-3762)
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.12.5. It has been classified as critical. Affected is the function __cache_tag_assign_domain. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2024-56668. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-56667 | Linux Kernel up to 6.6.66/6.12.5 drm_info null pointer dereference (Nessus ID 233479 / WID-SEC-2024-3762)
1 month 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.6.66/6.12.5 and classified as critical. This issue affects the function drm_info. The manipulation leads to null pointer dereference.
The identification of this vulnerability is CVE-2024-56667. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com