Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

根据发表在 PNAS 期刊上的一项研究，2008-2010 年之间社会极化加剧，与此同时社交圈亲密朋友的人数从两人增加到了四或五人。两者之间的关联或能从根本上解释世界各地的社会日益分裂成意识形态泡泡。数十年以来的社会学研究表明，人们平均拥有大约两位密友，而密友能影响他们对重要问题的看法。但从 2008 年起，密友的人数突然增加到了四到五名。更多的密友，以及由此带来的更紧密的社交网络，导致了网络的分裂，以及最后导致社会极化。研究人员利用基于真实数据的模型发现，当网络密度增加，内部的极化是不可避免的。研究人员说，彼此联系更紧密时，人们会更频繁的遭遇不同意见。不可避免的会导致更多冲突，从而加剧社会极化。

Recently, Anthropic added the capability for Claude’s Code Interpreter to perform network requests. This is obviously very dangerous as we will see in this post.

At a high level, this post is about a data exfiltration attack chain, where an adversary (either the model or third-party attacker via indirect prompt injection) can exfiltrate data the user has access to.

The interesting part is that this is not via hyperlink rendering as we often see, but by leveraging the built-in Anthropic Claude APIs!

New Android malware tries to “humanize” the actions attackers perform during remote control.

Станет ли ИИ главной угрозой для Web3?

The sprawling Domain Awareness System violates New York City residents' constitutional rights, an advocacy group says in a lawsuit filed on behalf of people who have an NYPD camera pointed at their home.

A vulnerability described as critical has been identified in Wavlink QUANTUM D3G WL-WN530HG3 M30HG3_V240730. The affected element is an unknown function of the file login.cgi. Such manipulation of the argument referrer leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-61128. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability marked as critical has been reported in IBM Concert up to 2.0.0. Impacted is an unknown function. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2025-36085. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Currently trending CVE - Hype Score: 5 - PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.

本文提出的 UNICORN，是一种基于运行时溯源的高级持续威胁（APT）检测器，旨在解决传统检测系统对 APT 检测能力不足、现有溯源分析方法存在静态模型无法捕捉长期行为、动态模型易被破坏、扩展性差等问题。

Cyber-related economic sanctions can alter adversary behavior, forcing underground networks to distance themselves from named actors

A vulnerability labeled as critical has been found in Krita. This issue affects some unknown processing of the component TGA File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2025-59820. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in IBM Concert Software up to 2.0.0. This vulnerability affects unknown code. The manipulation leads to improper clearing of heap memory before release. This vulnerability is documented as CVE-2025-36083. The attack needs to be performed locally. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in IBM Concert Software up to 2.0.0. This affects an unknown part. Executing manipulation can lead to improper output neutralization for logs. This vulnerability is registered as CVE-2025-36081. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in IPFire up to 2.28. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/urlfilter.cgi of the component Web Interface. Performing manipulation of the argument QUOTA_USERS results in cross site scripting. This vulnerability is cataloged as CVE-2025-34313. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in IPFire up to 2.28. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ids.cgi of the component Web Interface. Such manipulation of the argument IGNORE_ENTRY_REMARK leads to cross site scripting. This vulnerability is listed as CVE-2025-34303. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in IPFire up to 2.28. It has been classified as problematic. Affected is an unknown function of the component Web Interface. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-34302. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in IPFire up to 2.28 and classified as problematic. This impacts an unknown function of the file /cgi-bin/dns.cgi of the component Web Interface. The manipulation of the argument TLS_HOSTNAME/UPSTREAM_USER/UPSTREAM_PASSWORD/ADMIN_MAIL_ADDRESS/ADMIN_PASSWORD results in cross site scripting. This vulnerability is identified as CVE-2025-34318. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Вредоносная команда останется активной, пока вы сами не найдёте её и не удалите.

A vulnerability has been found in IPFire up to 2.28 and classified as problematic. This affects an unknown function of the file /cgi-bin/dns.cgi of the component Web Interface. The manipulation of the argument TLS_HOSTNAME leads to cross site scripting. This vulnerability is referenced as CVE-2025-34317. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.