Aggregator

目前所有遭篡改的包仍可在npm上下载，但在部分情况下，npm平台会弹出“最新版本未经授权发布”的警告信息，这表明平台的自动审查机制已检测到异常。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool into a launchpad for corporate spying. The attackers have successfully registered over 40 typosquatted domains, […]

The post Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments appeared first on Cyber Security News.

A vulnerability labeled as problematic has been found in Linux Kernel up to 5.18.2. This impacts the function devm_reset_control_get_exclusive of the component qcom-qmp. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2022-49396. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Linux Kernel up to 5.18.2. Affected is the function clk of the component qcom-qmp. Performing manipulation results in memory leak. This vulnerability is identified as CVE-2022-49397. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.18.3. This issue affects the function mdio_bus_init. Such manipulation leads to improper initialization. This vulnerability is traded as CVE-2022-49350. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Linux Kernel up to 5.10.121/5.15.46/5.17.14/5.18.3. The impacted element is the function wait_for_device_probe. The manipulation results in deadlock. This vulnerability is reported as CVE-2022-49379. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.18.2. Affected by this vulnerability is the function list_for_each_entry. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2022-49393. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Linux Kernel up to 5.18.2. Affected by this issue is the function bug_on of the file fs/ext4/inode.c of the component ext4. The manipulation results in allocation of resources. This vulnerability is known as CVE-2022-49347. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

发表在《科学》期刊上的一项新实验，采用了独立于 X 平台算法的由 AI 驱动的浏览器扩展程序来重新排序 X/Twitter 上的信息流，结果表明即使所接触的仅是敌对政治内容的微小变化，也能

发表在《科学》期刊上的一项新实验，采用了独立于 X 平台算法的由 AI 驱动的浏览器扩展程序来重新排序 X/Twitter 上的信息流，结果表明即使所接触的仅是敌对政治内容的微小变化，也能在数天内显著影响用户对反对党的观感。这些发现为算法所控帖子排名对用户社交媒体信息流会有影响提供了直接的因果证据。社交媒体已成为全球许多人获取政治信息的重要来源。然而平台算法对我们在浏览过程中所接触的内容施加了强大的影响力，因为这些算法能以种种难以理解的方式悄然左右人们的思想、情绪和行为。尽管人们就这些排名算法影响我们的方式提出了诸多解释，但要验证这些理论却异常困难。这是因为平台运营方独自掌控着其专有算法的运行方式，而且只有他们才能尝试不同信息流设计并评估其因果效应。为规避这些难题，研究人员创建了浏览器扩展，在人们浏览社交媒体信息流时对信息流实时进行重新排序，这一过程无需获得平台本身的许可。研究表明算法介导的与政治敌意内容的接触既能塑造情感极化，也能实时调控用户在使用平台过程中的瞬时情绪反应。

Reading body language can be a powerful tool in understanding and communicating with o

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.Everest勒索团伙公布新的受害公司

主站 分类 云安全 AI安全 开发安全

Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new report by Hackuity. Fragmented detection and slow remediation Organizations use a formalized approach to manage vulnerabilities, but their tooling remains fragmented. Respondents rely on an average of four detection tools, and cloud or container configuration audits are the most common at 85%. This mix suggests broad coverage, but it … More →

The post Fragmented tooling slows vulnerability management appeared first on Help Net Security.

为推动开源情报技术的深入交流与创新发展，积极应对并引领新时代赋予的全新挑战与机遇，第五届全国开源情报技术大会将于2025年12月6-7日在北京温德姆酒店、华美达酒店召开。

BAE系统公司（BAE Systems）是一家在英国创立的跨国航空航天、武器和信息安全公司。

Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, Firewalla, Forescout, Immersive, Kentik, Komodor, Minimus, Nokod Security, and Synack. Action1 addresses Intune gaps with patching and risk-based vulnerability prioritization Action1 announced new integrations that extend Microsoft Intune with advanced patching and vulnerability management. The enhancements close security and compliance gaps in Intune by adding comprehensive third-party application patching, risk-based vulnerability prioritization, … More →

The post Infosec products of the month: November 2025 appeared first on Help Net Security.

Протестное письмо поддержали уже более трёх тысяч человек.