Aggregator

未来属于那些能够预测威胁而非仅仅应对威胁的企业。

一朝被蛇咬十年怕井绳

当两种材料接触时，其表面上的带电实体会受到轻微推动。这就是气球在皮肤上摩擦产生静电的原因。同样流过某些​​​​表面的水也会获得或失去电荷。现在研究人员利用这种现象，根据流经管道的雨状液滴进行发电。他们展示了一种新型流动模式，其产生的功率足以​​​​​​点亮 12 个 LED。当流水推动涡轮机时，就会发电。但水力发电仅限于水量充沛的地方，例如河流。对于流量较小且流速较慢的水，另一种选择是利用电荷分离，这是一种水在通过具有导电内表面的通道时产生电荷的现象。然而电荷分离效率极低，因为这仅限于水流过的表面。此前，科学家们曾试图通过微纳尺度通道为连续的水流提供更多表面积，从而提高其效率。但是，水不会自然通过如此微小的通道，如果采用泵送方式，则所需能量比产生的能量还要多。研究团队设计了一个简单​​装置，使水可以通过金属针从塔底流出，将雨水大小的水滴喷入 ​​​​32 厘米​高、2 毫米宽的垂直​聚合物管的开口中。液滴与管顶正面碰撞​​产生了塞流：短水柱中夹杂着气阱。当水顺着管内流下时，电荷会分离。这些水随后收集在管下方的杯中。放置在管顶和杯中的电线负责收集电力。 塞流系统将管道流水 10% 以上的能量转化为电能。而且与连续流动的水相比，塞流产生的电力要多出 5 个数量级。由于所测液滴速度比降雨速度慢得多，研究人员认为该系统可用于从落下的雨滴中收集电力。

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets. […]

Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use

A vulnerability classified as problematic was found in Premium Addons for Elementor Pro Plugin up to 2.9.12 on WordPress. This vulnerability affects unknown code of the component Widget Link. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-1996. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Database for Contact Form 7, WPforms, Elementor Forms up to 1.3.3 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2030. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WPKoi Templates for Elementor Plugin up to 2.5.6 on WordPress. Affected is an unknown function of the component Advanced Heading Widget. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2136. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Otter Blocks Pro Plugin up to 2.6.3 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Field CSS Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1684. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Online Flight Booking Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Feedback Form. The manipulation of the argument airline leads to cross site scripting. The identification of this vulnerability is CVE-2022-46091. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Page Builder Plugin up to 1.8.3 on WordPress. This affects an unknown part of the component Custom Attributes Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2127. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. This vulnerability was named CVE-2024-2266. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a public warning following reports of possible unauthorized access to a legacy Oracle Cloud environment. While the full scope and impact of the incident remain under investigation, CISA’s alert underscores serious concerns about the risk of credential compromise — a threat that could affect organizations and […]

The post CISA Warns of Potential Credential Exploits Linked to Oracle Cloud Hack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or

MITRE will be able to keep running the CVE program for at least the next 11 months

On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]

Может, он и был чудом своего времени, но его создатели явно где-то просчитались…

Тайный никнейм ведёт охоту на протестующих.