Aggregator

威胁猎人向你发送了一个简历投递邀请！

AI 创业公司 Anthropic 发布了首个混合推理模型 Claude 3.7 Sonnet，既能产生近实时的响应，也能产生逐步思考的过程。Claude 3.7 提供了一个展示推理过程的“便笺簿”，DeepSeek 也有类似功能，它可以帮助用户理解模型如何解决问题，以便于用户修改或改进提示词。Anthropic 同时发布了针对程序员的辅助编程工具 Claude Code。

A vulnerability was found in Bonway Services Bonway Static Block Editor Plugin up to 1.1.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50549. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Abdullah Nahian Awesome Progress Bar Plugin up to 1.0.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-50548. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Jason Pancake Hover Video Preview Plugin up to 1.0.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-50552. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Amazing Team Amazing Neo Icon Font for Elementor Plugin up to 2.0.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-50543. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Auburnforest DataMentor Plugin up to 1.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-50545. It is possible to initiate the attack remotely. There is no exploit available.

致命RAT钓鱼攻击瞄准亚太工业，利用中国云服务传播恶意软件，攻击政府、制造业等关键行业，威胁数据安全与系统完整性。

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

白帽大佬访谈，感兴趣的师傅们周四晚上20:00不见不散~

Sliver C2框架存在SSRF漏洞（CVE-2025-27090），攻击者可建立未授权TCP连接，**窃取数据流量**，**泄露IP**并**横向移动**。立即更新至v1.5.43版本，**防止严重风险**！

A vulnerability was found in Red Hat Connectivity Link. It has been declared as problematic. This vulnerability affects unknown code of the component rhcl-operator-container. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-25209. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Red Hat Connectivity Link. It has been classified as problematic. This affects an unknown part of the component rhcl-operator-container. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-25208. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Red Hat Connectivity Link and classified as problematic. Affected by this issue is some unknown functionality of the component rhcl-operator-container. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-25207. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in SparkShop up to 1.1.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Phar File Handler. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-57685. The attack can be launched remotely. There is no exploit available.