Aggregator

Discovery Dish是一款低成本便携式卫星天线，用于接收L-band和S-band天气卫星、Inmarsat及Iridium信号，并支持业余氢线射电天文观测。视频展示了其组装过程及在解码AERO/STD-C消息、接收Iridium信号和获取氢线峰值方面的应用。

特朗普签署行政命令允许美国401(k)退休基金投资比特币等加密货币，此举可能为市场注入大量流动性，并刺激价格增长。

HackerNews 编译，转载请注明出处： 一种新型AI攻击利用被投毒的邀请控制你的灯光、锅炉甚至Zoom应用——而谷歌的Gemini仅仅是开始。 在特拉维夫的一间公寓里，三名网络安全研究人员远程激活了智能锅炉、打开百叶窗并关闭了灯光，整个过程无需物理接触或用户交互。 该攻击并非依赖恶意软件文件或被入侵的WiFi网络——它由一个简单的谷歌日历邀请触发，其中包含针对谷歌AI助手Gemini的隐藏指令。当研究人员随后要求Gemini总结即将发生的事件时，这些隐藏提示词被静默处理，智能设备随即执行了相应操作。 这是已知的首个导致现实世界物理后果的大语言模型（LLM）攻击案例，标志着AI驱动的安全威胁进入新阶段。 间接提示注入如何运作及其危险性 与传统黑客攻击不同，此类攻击并非利用代码漏洞——而是利用大语言模型解释语言的方式。 这种被称为“间接提示注入”的攻击，将恶意指令隐藏在看似无害的内容中，如日历标题、邮件主题或文档名称。AI助手（此例中为Gemini）会读取并处理这些信息，即使用户从未看到或理解它们。当被正常用户行为（如“谢谢”或“好的”）触发时，大语言模型可执行其被授权的操作——例如打开应用、访问文件或控制智能设备。这种攻击手法具有欺骗性的低技术含量，无需代码注入，也不依赖欺骗用户——它欺骗AI去解读用户的环境。 Gemini的新漏洞——当便利变成安全风险 Gemini不仅仅是一个聊天机器人。它是谷歌日益增长的“代理”生态系统的一部分，意味着它可以连接并控制日历、Gmail、Google Home和Zoom等工具。这种集成旨在通过让AI代表用户执行操作来提高生产力，但也扩大了攻击面。 研究人员强调的一个例子中，被投毒的提示词导致Gemini在未经用户批准的情况下打开Zoom并启动视频通话，将手机变成了潜在的监控设备。在另一个例子中，它将用户的邮件主题行编码成虚假的“来源”URL，泄露至攻击者控制的网站。研究人员展示了在安卓和网页平台上的14种攻击场景，表明用户不仅在软件层面，在整个生态系统层面都存在脆弱性。 谷歌的应对措施与用户防护方案 自研究人员曝光该漏洞后，谷歌已引入新的AI过滤器和确认提示，但这些防护措施仍在逐步推出中。根本问题依然存在，因为像Gemini这样的助手仍可能将隐藏文本误解为用户意图。 用户可通过以下方式降低风险： 在谷歌日历中关闭自动添加事件功能（这是提示注入的常见入口点）； 审查并限制助手对智能设备、应用和日历数据的访问权限，以防止意外操作； 像监督实习生般监督AI助手——它们在独立行动前需要监管。       消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

这篇文章讨论了HTTP错误代码521的问题。该错误通常由Cloudflare引起，可能由于服务器配置错误或网络连接问题导致。用户可以尝试检查服务器设置、联系托管服务提供商或暂时禁用Cloudflare以解决问题。

A vulnerability was found in IBM QRadar Suite Software and Cloud Pak for Security up to 1.10.21.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper validation of specified type of input. This vulnerability is handled as CVE-2023-47726. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Allegra. It has been rated as critical. Affected by this issue is the function unzipFile. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-5581. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Allegra. This affects the function renderFieldMatch. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-5579. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Allegra. This vulnerability affects the function loadFieldMatch. The manipulation leads to deserialization. This vulnerability was named CVE-2024-5580. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Trimble SketchUp 13.0.4124/24.0.553/2024.0.2 and classified as critical. This issue affects some unknown processing of the component SKP File Parser. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-2024. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung SmartThings 000.054.00013. It has been classified as very critical. Affected is an unknown function of the component Hub Local API Service. The manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2025-2233. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in GitLab Enterprise Edition up to 17.7.6/17.8.4/17.9.1. Affected by this issue is some unknown functionality. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-8402. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IrfanView. Affected is an unknown function of the component PNT File Parser. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-5874. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IrfanView. Affected by this vulnerability is an unknown functionality of the component PIC File Parser. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-5877. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been declared as critical. This vulnerability affects unknown code of the component SHP File Parser. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-5875. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been rated as critical. This issue affects some unknown processing of the component PSP File Parser. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-5876. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in 7-Zip. This issue affects some unknown processing. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-11612. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Вот он — самый быстрый метод поиска путей в истории.

A vulnerability was found in Tumder Component 2.1 on Joomla. It has been classified as critical. This affects an unknown part of the file category/. The manipulation of the argument PATH_INFO leads to sql injection. This vulnerability is uniquely identified as CVE-2018-5984. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Typesetter 5.1. This issue affects some unknown processing of the component Password Reset. The manipulation as part of Host Header leads to code injection (Cache Poisoning). The identification of this vulnerability is CVE-2018-6889. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Enalean Tuleap Software Engineering Platform up to 9.17. Affected is an unknown function of the component Tracker. The manipulation leads to sql injection. This vulnerability is traded as CVE-2018-7538. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.