Aggregator

CVE-2020-1945 | Apache ant up to 1.10.7/1.9.14 Temp Directory information disclosure (Nessus ID 316177)

1 week ago

A vulnerability classified as critical was found in Apache ant up to 1.10.7/1.9.14. Affected by this issue is some unknown functionality of the component Temp Directory Handler. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2020-1945. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2020-10753 | Red Hat Ceph Storage RadosGW 3.x/4.x CORS ExposeHeader Tag Header Injection response splitting (Nessus ID 316287)

Vuldb Updates

1 week ago

A vulnerability identified as critical has been detected in Red Hat Ceph Storage RadosGW 3.x/4.x. This affects an unknown part of the component CORS ExposeHeader Tag Handler. The manipulation leads to http response splitting (Header Injection). This vulnerability is listed as CVE-2020-10753. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-13874 | GitLab Community Edition/Enterprise Edition up to 18.9.6/18.10.5/18.11.2 authorization (EUVD-2025-209834 / Nessus ID 316314)

Vuldb Updates

1 week ago

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. This vulnerability affects unknown code. Such manipulation leads to authorization bypass. This vulnerability is documented as CVE-2025-13874. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

vuldb.com

CVE-2026-1338 | GitLab Community Edition/Enterprise Edition up to 18.9.6/18.10.5/18.11.2 authorization (EUVD-2026-30221 / Nessus ID 316315)

Vuldb Updates

1 week ago

A vulnerability marked as problematic has been reported in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. Affected by this issue is some unknown functionality. The manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-1338. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

Спутники отключат, банки заблокируют, а интернет перекроют. НАТО предлагает сценарий полной изоляции России

Securitylab.ru

1 week ago

Петр Павел предложил НАТО подумать об асимметричном ответе Москве.

研究建议为保护心血管健康每周运动 10 小时

Solidot

1 week ago

澳门理工大学在《British Journal of Sports Medicine》期刊上发表报告，认为成年人应尽量每周进行约 560至610分钟（约10小时）的运动，从而显著降低心肌梗死、中风或心力衰竭等心血管疾病的风险。研究人员分析了英国健康数据库“英国生物银行”（UK Biobank）中一万七千多名参与者的数据。这些参与者连续一周佩戴加速度传感器，用于记录其日常活动水平。研究还通过骑行测试测量并估算其最大摄氧量。随后在约 8 年的时间内，跟踪观察参与者罹患疾病的情况。研究的核心结果是：遵循世卫组织建议（每周至少 150 分钟运动）可将心血管疾病风险降低约 8%-9%；而每周运动 560至610分钟时，风险降低幅度超过 30%。研究指出，体能基础较弱的人群，往往需要进行更多运动，才能获得与体能较好人群相同的健康益处。研究作者强调，尽管每周150分钟仍是一个重要的入门标准，但若想获得最佳的健康效果，应争取进行更多的运动。

От 7 приложений до 1213 за три года: как Россия стала мировым лидером по цензуре в App Store

Securitylab.ru

1 week ago

Это в 7 раз больше, чем в Китае и Вьетнаме вместе взятых.

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs

1 week ago

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to […]

Pierluigi Paganini

WhatsApp на скамье подсудимых: Meta читала все «зашифрованные» сообщения — и это длилось годами

Securitylab.ru

1 week ago

Цена вранья - миллиарды долларов.

Top 10 Best Malware Sandbox Tools for Security Teams in 2026

Cyber Security News

1 week ago

The cybersecurity landscape in 2026 is defined by unprecedented sophistication. Threat actors are leveraging generative AI, highly evasive polymorphic code, and zero-day exploits to bypass traditional perimeter defenses. For modern Security Operations Centers (SOCs) and incident response teams, signature-based detection is no longer sufficient. To truly understand and neutralize an unknown threat, security professionals must […]

The post Top 10 Best Malware Sandbox Tools for Security Teams in 2026 appeared first on Cyber Security News.

Balaji N

Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

1 week ago

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is […]

Pierluigi Paganini

智能体沙箱Allox即将开源：让大模型从“问题回答”走向“任务执行”

CodeWisdom

1 week ago

我们设计了Allox，一个面向智能体统一接入的执行沙箱。Allox以更稳定、更低token损耗的CLI控制面统一完成沙箱创建、任务执行、文件传输和策略审计，让Agent在可隔离、可治理、可恢复的环境里完成真实任务。

报告认为个人要为老年健康状况承担至少八成责任

Solidot

1 week ago

牛津长寿项目发表报告《Living Longer, Better》，认为个人至少要为老年时期的健康状况承担八成责任。报告指出，个人对自身寿命的掌控远超普遍认知。报告的结论是基于多项研究，这些研究认为至少 75% 的人类寿命由环境因素和可改变生活方式因素决定。其中一项研究使用了近 50 万英国生物银行参与者的数据。结果发现，环境暴露和习惯对过早死亡和生物衰老的影响远大于遗传因素。报告建议避免食用加工食品、完全戒酒、保证充足睡眠、晚上 6 点半以后不要进食，培养所谓的“非肉食心态”。在酒精问题上报告更直言不讳，称酒精有毒不要喝。批评者认为报告的结论过于简化，在贫困、污染和医保等问题上个人对自己选择的掌控力有限。