Aggregator

在 Second Gen 活动上，Framework 宣布了三款新产品：配备 AMD Ryzen AI 300 APU 的升级版 Framework Laptop 13，针对学生的 Framework Laptop 12，以及配备 Ryzen AI Max 面向工作站的小主机 Framework Desktop。Framework Desktop 大小为 4.1 升，配备了原本用于笔记本电脑的 AMD Ryzen AI Max Strix Halo APU，Framework 称台式机使用的 Ryzen AI Max 在获得 120W 持续功率和 140W 增强功率的同时能保持安静。基础型号 Ryzen AI Max 385 搭配 32GB 内存版售价为 1099 美元，Ryzen AI Max+ 395 和 64GB 内存版售价 1599 美元，128GB 内存版本售价 1999 美元。现在开放预购，2025 年三季度发货。

本文背景聚焦人工智能技术普及下本地部署大模型的需求激增，目的是通过对比分析Ollama/vLLM/LMStudio/Jan四类工具的差异及风险，提供安全部署指南与私有化知识库构建的最佳实践。

作者：启明星辰ADLab 原文链接：https://mp.weixin.qq.com/s/rZ4iGXs2O_xYD1yEOyu3CQ 1. 前言 在数字化时代，固件是硬件设备的核心软件组件，直接控制着硬件的运行状态和功能，其安全性至关重要。一旦固件存在安全漏洞，黑客即可利用来攻击设备的运行或者控制设备发起其它网络攻击，典型有Mirai病毒利用设备固件漏洞发起大规模的分布式拒绝服务。因此，挖...

The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions.

Related: Weaponizing Microsoft’s co-pilot

Until now, lackluster enterprise search capabilities kept many security risks in check—employees simply couldn’t find much of the … (more…)

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must first appeared on The Last Watchdog.

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must appeared first on Security Boulevard.

美国在进攻性网络行动中“日益落后”于其竞争对手？

美国在进攻性网络行动中“日益落后”于其竞争对手？

A vulnerability was found in Nextcloud Server up to 28.0.9/29.0.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Background Job Handler. The manipulation leads to use of weak hash. This vulnerability is handled as CVE-2024-52521. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nextcloud user_oidc up to 6.0.x. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. This vulnerability is handled as CVE-2024-52512. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GLPI up to 10.0.16. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-41678. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.3.18. This issue affects some unknown processing of the component Article Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50655. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Smart4Web. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument error leads to cross site scripting. The identification of this vulnerability is CVE-2024-50800. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Chamilo LMS 1.11.26. It has been classified as problematic. Affected is an unknown function of the file storageapi.php. The manipulation of the argument svkey leads to cross site scripting. This vulnerability is traded as CVE-2024-51142. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in GLPI up to 10.0.16. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43417. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GLPI up to 10.0.16. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43418. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has released the February 2025 preview cumulative update for Windows 11 24H2, with 33 improvements and fixes for multiple issues, including SSH and File Explorer bugs and the volume jumping to 100% when waking the PC from sleep. [...]