Aggregator

作者：Tian Dong, Yan Meng, Shaofeng Li, Guoxing Chen, Zhen Liu, Haojin Zhu 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2507.16372v1 摘要 大型语言模型（LLMs）越来越多地融入日常生活中，但它们引发了重大的隐私和安全问题。近期的研究提出了协作推理，将早期层推理外包以...

文章介绍了如何通过自托管方式运行 Firefox 同步服务及账户管理系统。用户可通过 Mozilla 官方文档搭建 Sync-1.5 服务器（用于数据同步）和 Firefox 账户服务器（用于身份验证），实现完全掌控个人数据的存储与同步。

人工智能 GPT-5 将推出多个版本以适应不同领域需求，并通过 GitHub Models 平台提供在线访问和 API 调用。OpenAI 计划于 2025 年 8 月发布 GPT-5 系列模型，包括常规版、轻量化版、优化版和对话版。开发者和消费者可通过 GitHub 和 ChatGPT 等渠道使用 GPT-5 功能。

Пока другие системы отказываются от старого железа, NetBSD расширяет совместимость.

这篇文章讨论了欧盟《网络与信息系统安全指令》（NIS 2）及其在意大利的实施情况，并将其与《数字运营弹性法案》（DORA）进行了比较。NIS 2旨在提升欧盟范围内的网络安全水平，并通过一系列措施如风险管理和事件报告来实现这一目标。而DORA则专注于金融部门的数字运营弹性，并提供了更为详细的规定和指导。分析显示，尽管两者目标相似，但DORA在细节和结构上远超NIS 2，并可作为实施后者的参考依据。

OpenAI即将发布GPT-5模型，并由微软确认相关细节。该模型分为多个版本，包括基础版、轻量版、纳米版及专为自然对话设计的聊天版。GPT-5在推理能力、代码质量和用户体验方面有显著提升，并提供免费版本及付费高级功能选项。

Единица информации, которая одновременно существует в состояниях 0 и 1, открывает эру квантового превосходства.

A vulnerability, which was classified as problematic, was found in SuiteCRM up to 7.14.6. This affects an unknown part of the component Email Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-54784. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in SuiteCRM up to 7.14.6. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is handled as CVE-2025-54783. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TianoCore EDK2 up to stable202505. Affected by this vulnerability is an unknown functionality of the component BIOS. The manipulation leads to protection mechanism failure. This vulnerability is known as CVE-2025-3770. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical has been found in TAGFREE X-Free Uploader XFU. Affected is an unknown function. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2025-29866. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in raszi node-tmp up to 0.2.3. It has been rated as critical. This issue affects some unknown processing of the component Temporary File Handler. The manipulation leads to link following. The identification of this vulnerability is CVE-2025-54798. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Seiko Epson/Fujifilm Product. It has been declared as problematic. This vulnerability affects unknown code of the component SNMP. The manipulation leads to use of weak credentials. This vulnerability was named CVE-2025-35970. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Akamai Ghost. It has been classified as problematic. This affects an unknown part of the component Request Body Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2025-32094. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TAGFREE X-Free Uploader XFU and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-29865. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SuiteCRM up to 7.14.6/8.8.0 and classified as critical. Affected by this vulnerability is the function unserialize. The manipulation leads to improper input validation. This vulnerability is known as CVE-2025-54785. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SuiteCRM up to 7.14.6/8.8.0. Affected is an unknown function of the component iCal Service. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-54786. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in SuiteCRM up to 7.14.6. This issue affects some unknown processing of the component InboundEmail Module. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-54788. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in simbo1905 thinbus-srp-npm up to 2.0.0. This vulnerability affects unknown code. The manipulation leads to insufficient entropy. This vulnerability was named CVE-2025-54885. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in go-acme lego up to 4.25.1. This affects an unknown part of the file github.com/go-acme/lego/v4/acme/api of the component ACME Protocol Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2025-54799. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.