Aggregator

A vulnerability described as critical has been identified in FLIR Thermal Camera F, Thermal Camera FC, Thermal Camera PT and Thermal Camera D 8.0.0.64. This vulnerability affects unknown code of the component Live Camera Stream. The manipulation results in missing authentication. This vulnerability is reported as CVE-2017-20213. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in Inim Electronics SmartLiving SmartLAN up to 6.x. The impacted element is an unknown function of the component Telnet/SSH/FTP. Such manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2020-21995. The attack can only be initiated within the local network. Moreover, an exploit is present. It seems this entry received a duplicate CVE-2019-25291.

A vulnerability has been found in Inim Electronics SmartLiving SmartLAN up to 6.x and classified as critical. Affected is the function system of the file web.cgi of the component testemail Module. Performing a manipulation of the argument par results in format string. This vulnerability is identified as CVE-2020-21992. The attack can be initiated remotely. There is not any exploit available. It looks like this entry got a duplicate CVE-2019-25289 assigned.

A vulnerability marked as problematic has been reported in iWT FaceSentry Access Control System 6.4.8. This affects an unknown part. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is documented as CVE-2019-25278. The attack can be initiated remotely. There is not any exploit available.

欢迎投递简历！

A vulnerability labeled as problematic has been found in iWT FaceSentry Access Control System 5.7.0/5.7.2/6.4.8. Affected by this issue is some unknown functionality of the file pluginInstall.php. Executing a manipulation of the argument msg can lead to cross site scripting. This vulnerability is registered as CVE-2019-25277. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in n8n-io n8n up to 1.120.x. Affected by this vulnerability is an unknown functionality of the component Form-based Workflow. Performing a manipulation results in improper authentication. This vulnerability is cataloged as CVE-2026-21858. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in n8n-io n8n up to 1.121.2. Affected is an unknown function. Such manipulation leads to code injection. This vulnerability is listed as CVE-2026-21877. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

好，我需要帮用户总结这篇文章。首先，文章主要讲的是MSI微星推出了一款新的电源，主要是为了防止RTX 5090等高功耗GPU出现熔毁问题。这个电源自带电流异常监测功能，可以实时监控GPU供电线的每路电压。 接下来，当检测到异常电压时，电源会通过桌面软件弹窗提醒用户，并且还会发出警报声。如果用户没有及时处理，电源会强制系统黑屏，降低GPU的负载，直到用户处理问题为止。 文章还提到英伟达的RTX 5080/5090在电源接口处烧毁的安全事故有所增加，虽然这种情况比较少见，但涉及到安全问题还是需要重视。MSI的新技术可以在潜在问题造成硬件损坏前及时提醒用户处理。 此外，微星还改进了电源线接口的针脚设计，以防止熔毁。目前有四款电源支持这项技术，分别是高端的MPG Ai1600TS和Ai 1300TS PCIe5电源配备GPU Safeguard+功能，中端的A1200PLS和A100PLS PCIe5采用GPU Safeguard功能。 总结一下，这篇文章主要介绍了MSI微星为解决高功耗GPU熔毁问题而推出的新电源技术及其功能。 MSI微星推出新电源技术GPU Safeguard+，实时监测显卡供电线电压异常，在检测到问题时通过桌面软件弹窗和警报声提醒用户，并在三分钟后强制黑屏以降低负载。该技术旨在预防RTX 5090等高功耗显卡因电流过大导致的烧毁事故。

2025年12月，一种新型PayPal邮件诈骗利用其订阅功能触发真实通知邮件，并插入虚假购买信息和电话号码诱导回拨。该骗局因使用合法基础设施更具欺骗性，后被PayPal修复漏洞。

Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in 2025 the most common phishing themes were designed to trick users into clicking links, scanning QR codes, opening attachments, or sharing personal information with attackers. These techniques remain successful despite years of security controls and … More →

The post Cybercriminals are scaling phishing attacks with ready-made kits appeared first on Help Net Security.

2026 年小模型或成为关键。

「具身智能」的形态，由用户需求决定。与其让机器人拿起扫把，不如让扫把直接长出「手脚」。

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”这样的开头。直接写描述就行。 首先，我得通读整篇文章，了解它的主要内容。这篇文章主要介绍了7款近期推出的浏览器扩展工具，每款工具都有详细的介绍和功能说明。 接下来，我需要提取每款工具的核心功能和亮点。比如AutoVerify是自动识别验证码的工具，复制网页为Markdown链接可以方便写作，Good2Dou帮助从Goodreads添加书籍到豆瓣，PageVS支持多分屏浏览，Peek Pop提供链接预览功能，Megi将AI对话整理成知识树，PeekLink则是预览窗口工具。 然后，我要把这些信息浓缩到100字以内。可能需要合并一些相似的功能描述，并突出每款工具的独特之处。 最后，确保语言简洁明了，直接描述文章内容，不使用任何开头语。 本文介绍了7款实用且有趣的浏览器扩展工具，包括自动识别验证码、复制网页为Markdown链接、从Goodreads添加书籍到豆瓣、多分屏浏览、链接预览、AI对话整理为知识树以及预览窗口管理等功能。

Three malicious npm packages are targeting JavaScript developers to steal browser logins, API keys, and cryptocurrency wallet data. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, were uploaded to the public npm registry and posed as tools linked to the popular bitcoinjs project. Any developer who added them as dependencies could silently install a new remote […]

The post Three Malicious NPM Packages Attacking Developers to Steal Login Credentials appeared first on Cyber Security News.

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails,

好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。首先，我得仔细阅读这篇文章，理解其主要内容。 文章主要讲的是OpenAI推出了一个新的功能ChatGPT Health。这个功能允许用户与ChatGPT进行健康相关的对话，并且可以安全地连接用户的医疗记录和健康应用，比如Apple Health、MyFitnessPal等。这样用户可以获得个性化的建议和信息。 接下来，文章提到了这个新功能的推出范围，主要是针对非欧洲经济区、瑞士和英国的用户。此外，OpenAI强调了隐私和安全的重要性，使用了专门的加密技术和数据隔离来保护用户的健康信息。他们还提到，这些对话不会用于训练他们的基础模型，并且健康信息不会影响到非健康相关的聊天。 文章还提到，ChatGPT Health是基于HealthBench基准测试开发的，这个基准测试专注于安全性和清晰度。同时，OpenAI指出他们评估了该模型在临床标准下的表现，并且强调这个工具是为了支持医疗护理而不是替代它。 另外，文章提到The Guardian的一项调查发现Google AI提供了错误的健康信息，而OpenAI也面临一些诉讼指控他们的工具导致了一些负面结果。这可能意味着他们推出ChatGPT Health时需要更加谨慎。 现在我需要把这些信息浓缩到100个字以内。重点包括：OpenAI推出ChatGPT Health，允许用户讨论健康问题并连接医疗记录和应用；注重隐私和安全；适用于特定地区的用户；以及强调该工具是辅助而非替代医疗建议。 最后检查一下是否符合要求：不使用特定开头语句，直接描述内容；控制在100字以内。 OpenAI推出ChatGPT Health功能，允许用户与AI助手讨论健康问题并连接医疗记录和应用以获得个性化建议。该功能注重隐私和数据安全，并适用于特定地区的用户。

A vulnerability was found in FLIR Thermal Camera F, Thermal Camera FC, Thermal Camera PT and Thermal Camera D 8.0.0.64. It has been rated as critical. This impacts an unknown function of the component SSH. This manipulation causes hard-coded credentials. This vulnerability is tracked as CVE-2017-20214. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in pnpm up to 10.25.0. It has been declared as critical. This affects an unknown function of the component Installation. The manipulation results in protection mechanism failure. This vulnerability is identified as CVE-2025-69264. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in kromitgmbh titra up to 0.99.49. It has been classified as problematic. The impacted element is an unknown function of the component Endpoint. The manipulation leads to dynamically-determined object attributes. This vulnerability is referenced as CVE-2026-21695. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.