Aggregator

本文背景聚焦人工智能技术普及下本地部署大模型的需求激增，目的是通过对比分析Ollama/vLLM/LMStudio/Jan四类工具的差异及风险，提供安全部署指南与私有化知识库构建的最佳实践。

作者：启明星辰ADLab 原文链接：https://mp.weixin.qq.com/s/rZ4iGXs2O_xYD1yEOyu3CQ 1. 前言 在数字化时代，固件是硬件设备的核心软件组件，直接控制着硬件的运行状态和功能，其安全性至关重要。一旦固件存在安全漏洞，黑客即可利用来攻击设备的运行或者控制设备发起其它网络攻击，典型有Mirai病毒利用设备固件漏洞发起大规模的分布式拒绝服务。因此，挖...

The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions.

Related: Weaponizing Microsoft’s co-pilot

Until now, lackluster enterprise search capabilities kept many security risks in check—employees simply couldn’t find much of the … (more…)

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must first appeared on The Last Watchdog.

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must appeared first on Security Boulevard.

美国在进攻性网络行动中“日益落后”于其竞争对手？

美国在进攻性网络行动中“日益落后”于其竞争对手？

A vulnerability was found in Nextcloud Server up to 28.0.9/29.0.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Background Job Handler. The manipulation leads to use of weak hash. This vulnerability is handled as CVE-2024-52521. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nextcloud user_oidc up to 6.0.x. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. This vulnerability is handled as CVE-2024-52512. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GLPI up to 10.0.16. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-41678. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.3.18. This issue affects some unknown processing of the component Article Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50655. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Smart4Web. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument error leads to cross site scripting. The identification of this vulnerability is CVE-2024-50800. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Chamilo LMS 1.11.26. It has been classified as problematic. Affected is an unknown function of the file storageapi.php. The manipulation of the argument svkey leads to cross site scripting. This vulnerability is traded as CVE-2024-51142. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in GLPI up to 10.0.16. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43417. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GLPI up to 10.0.16. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43418. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has released the February 2025 preview cumulative update for Windows 11 24H2, with 33 improvements and fixes for multiple issues, including SSH and File Explorer bugs and the volume jumping to 100% when waking the PC from sleep. [...]

GitVenom malware campaign targets gamers and crypto investors by posing as open-source projects on GitHub. Kaspersky researchers warn of a malware campaign, dubbed GitVenom, targeting GitHub users. The threat actors behind this campaign created hundreds of fake GitHub repositories with malicious code, disguising them as automation tools, crypto bots, and hacking utilities. The attackers used […]

Google 发布了免费版编程助手 Gemini Code Assist，而且其免费额度足够大部分人使用。Gemini Code Assist 基于微调过的 Gemini 2.0 模型，程序员每个月可以用它完成 18 万次辅助编程。相比之下 GitHub Copilot 免费版每个月只有 2000 次。它能集成到 Visual Studio Code、JetBrains IDE 和 GitHub 等流行开发环境中。Gemini Code Assist 的上下文窗口最多 128,000 个令牌，能用于较大的代码库，使用只需要有 Gmail 帐户不需要信用卡。Google 声称逾四分之三的开发者在日常工作中使用 AI，有四分之一的新代码是在 AI 帮助下生成的。