Aggregator

Submit #422994 / VDB-280969

North Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. A North Korea-linked threat actor, tracked as APT37 (also known as RedEyes, TA-RedAnt, Reaper, ScarCruft, Group123), exploited a recent Internet Explorer zero-day vulnerability, tracked as CVE-2024-38178 (CVSS score 7.5), in a supply chain attack. Threat intelligence firm AhnLab and South […]

Omni Family Health data breach impacts 468,344 individualsOmni Family Health disclosed a data

德国主权科技基金（Sovereign Tech Fund，STF)在庆祝其“赋权公共数字基础设施”两周年内时披露，过去两年向 60 个开放技术项目资助了逾 2300 万欧元。STF 过去两年收到了逾五百份申请，提议金额逾 1.14 亿欧元。主权科技基金旨在为开源项目提供亟需的软件维护资金，提高软件安全性，以及出于公共利益帮助开源项目进行其它方面的改进。

根据最新一期的《AI 现状报告（State of AI）》，OpenAI 相对于其它 AI 公司的优势基本消失。Anthropic 的 Claude 3.5 Sonnet、Google 的 Gemini 1.5、X 的 Grok 2，Meta 的 Llama 3.1 4050 亿参数开源模型，在部分基准测试中已与 OpenAI 的 GPT-4o 持平，部分测试甚至略胜。OpenAI 最近发布的 o1 Strawberry 模型在推理任务中仍然保持着优势。此外大模型执行推理任务所需的费用正在快速下降，一个原因是不同大模型之间性能相差不大，AI 企业被迫在价格上展开竞争；另一个原因是工程师们致力于优化降低运行成本。今天 OpenAI GPT-4o 每 token 输出费用仅为今年 3 月 GPT-4 推出时候的百分之一，Gemini 1.5 Pro 比 2 月 Gemini 模型宣布时低 76%。

It's true: Google Scholar profile of the renowned former physicist and polymath, Sir Isaac Newton bears a "verified email" note. According to Google Scholar, Isaac Newton is a "Professor of Physics, MIT" with a "Verified email at mit.edu." [...]

古巴电网周五发生故障，全国千万人断电。古巴最大的发电厂 Antonio Guiteras 电厂周五中午前发生故障，导致全国电网瘫痪。这次大断电前古巴已经在实施轮流断电。总理 Manuel Marrero Cruz 将问题归咎于基础设施老化和飓风 Milton 加剧了燃料短缺。飓风增加了将燃料运送到古巴的难度。古巴总理表示政府将优先为居民区恢复供电，承诺燃料会在未来几天运抵。古巴官员尚未透露电网何时恢复的时间。古巴最近几年面临日益严重的经济危机和粮食短缺。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-7015. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2016-7014. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in onesolutionapps Woodward Bail 1.1. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7803. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2016-7013. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in zlib up to 1.3. This affects the function zipOpenNewFileInZip4_64 of the component MiniZip. The manipulation of the argument filename/comment/extra leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-45853. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.