Aggregator

美国公共图书馆使用的电子书借阅和管理服务商被发现提供了 AI 生成内容。美国公共图书馆主要使用了两家公司——Hoopla 和 OverDrive——的服务。其中 Hoopla 的电子书库包含了《Fatty Liver Diet Cookbook: 2000 Days of Simple and Flavorful Recipes for a Revitalized Liver》，作者是 Magda Tangy，她在互联网上找不到任何资料，她的书也在亚马逊有售，提供的个人照片被认为有高概率是 AI 生成。深度伪造检测公司 Reality Defender 称照片有 85% 的可能性是 AI 生成。Hoopla 的电子书库中 AI 生成电子书数量可能相当多，图书馆管理员对 AI 内容进入书库并不想完全禁止，但认为需要标记，让读者知道。

Aembit, the non-human identity and access management (IAM) company, today announced that Michael Trites has joined the company as senior vice president of global sales. In this role, Trites will lead Aembit’s global sales strategy, driving adoption of its industry-first Workload IAM Platform. Trites brings over two decades of experience scaling sales organizations at high-growth […]

The post Michael Trites Joins Aembit as Senior Vice President of Global Sales appeared first on Cyber Security News.

A vulnerability has been found in Ajsquare Aj Auction Pro-oopd 3.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument txtkeyword leads to cross site scripting. This vulnerability was named CVE-2009-4989. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Apple iOS up to 12.1.2. Affected by this vulnerability is an unknown functionality of the component Kernel. The manipulation leads to memory corruption. This vulnerability is known as CVE-2019-6213. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Миллиардер начинает самую масштабную дерегуляцию в истории США.

A vulnerability was found in RiteCMS 1.0.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument mode leads to cross site scripting. This vulnerability was named CVE-2013-5317. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in RTI Connext DDS Professional and Connext DDS Secure up to 6.1.0. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2021-38427. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in RTI Connext DDS Professional and Connext DDS Secure up to 6.1.0. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2021-38433. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in RTI Connext DDS Professional and Connext DDS Secure up to 6.1.0. Affected is an unknown function. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2021-38435. It is possible to launch the attack remotely. There is no exploit available.

Satori announced its new capabilities, enabling security teams to be in control of all customer data across the development lifecycle in a simple, cost-effective, and holistic way. These capabilities automate the daunting tasks of discovering data, risk assessment, providing granular access control, and mitigating security risks quickly across cloud platforms like AWS, Snowflake, Databricks, and MongoDB. A recent report by Gartner found that 75% of organizations are working to consolidate their cloud-native security vendors. Security … More →

The post Satori provides visibility into data store risk levels appeared first on Help Net Security.

A vulnerability was found in Sun Java Web Start. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2008-4910. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Submitty up to 20.04.01. It has been classified as problematic. Affected is an unknown function. The manipulation as part of SVG Document leads to cross site scripting. This vulnerability is traded as CVE-2020-12882. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

最近经历了一些事，一直在折腾 RTSP 协议的攻击可能性，市面上那些 RTSP 攻击工具很多都不太行，于是决定自己整一个。

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.9.6/16.10.4/16.11.1. It has been classified as problematic. This affects an unknown part of the component Public Project Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-3976. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.9.6/16.10.4/16.11.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2024-2878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Cloud Pak for Business Automation up to 22.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-52364. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Cloud Pak for Business Automation up to 22.0.2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-52365. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public

A critical vulnerability in Apple’s macOS kernel (XNU), tracked as CVE-2025-24118, has been disclosed, potentially allowing attackers to escalate privileges, corrupt memory, and even execute kernel-level code.  The flaw, affecting macOS Sonoma versions earlier than 14.7.3, macOS Sequoia versions earlier than 15.3, and iPadOS versions earlier than 17.7.4, was discovered by Joseph Ravichandran (@0xjprx), a […]

The post Apple’s macOS Kernel Vulnerability Let Attackers Escalate Privileges – PoC Released appeared first on Cyber Security News.