Aggregator

科恩实验室自研二进制安全智能分析平台- BinaryAI技术分享：全新功能“二进制比对”的设计与实现。本文介绍了BinaryAI如何在大模型 BAI-2.0基础上叠加启发式算法，以函数粒度的语义匹配提高了复杂场景下二进制比对准确率及召回率。
体验地址：https://www.binaryai.cn

落霞孤鹜lxgw是「霞鹜」系列开源字体开发者，在《装了啥》栏目中分享了常用软硬件及字体改造创作经历。

A vulnerability was found in Phoenix Contact CHARX SEC-3000, CHARX SEC-3050, CHARX SEC-3100 and CHARX SEC-3150 up to 1.6.2. It has been declared as very critical. Affected is an unknown function of the component Firmware Update Handler. The manipulation results in insecure default initialization of resource. This vulnerability is known as CVE-2024-6788. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 1 - An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been ...

Currently trending CVE - Hype Score: 1 - An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a ...

Currently trending CVE - Hype Score: 1 - An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

Currently trending CVE - Hype Score: 1 - An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.

Currently trending CVE - Hype Score: 46 - In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in admin/plib/LoginManager.php.

Currently trending CVE - Hype Score: 86 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. ...

Currently trending CVE - Hype Score: 1 - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the ...

Currently trending CVE - Hype Score: 1 - Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 1 - Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Currently trending CVE - Hype Score: 1 - Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

文章揭示了三个与中国相关的网络间谍组织——Murky Panda、Genesis Panda和Glacial Panda——利用云服务中的零日漏洞进行攻击。这些组织通过入侵企业网络、滥用可信关系及横向移动技术获取情报。

国际刑警组织协调多国执法部门，在非洲18国逮捕1209名网络犯罪分子，涉及8.8万受害者。行动捣毁1.1万个恶意基础设施，追回9740万美元资金。重点打击勒索软件、网络诈骗及商业电邮入侵等犯罪行为。

文章探讨了Web 3.0时代下数据所有权的回归及其对数字安全的影响，强调了数据完整性的核心作用，并通过实例分析了其在AI系统中的重要性及构建方法。

当前环境出现异常状态,需完成验证后方可继续访问操作。

环境异常需验证后继续访问。