Aggregator

CVE-2025-1676 | hzmanyun Education and Training System 3.1.1 /pdf2swf file os command injection

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. This vulnerability is known as CVE-2025-1676. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

2024 年大气二氧化碳浓度增幅创新高

Solidot
9 months 2 weeks ago
日本卫星的观测记录显示,2024 年大气二氧化碳浓度较上年的增幅达到 3.5ppm,创开始观测以来的最高纪录。大气二氧化碳浓度 2024 年平均为421.3ppm,是观测以来的最高值。2010 年二氧化碳浓度为 388ppm,之后持续上升。相较上年的增幅平均为每年 2.4ppm,此前最高纪录是 2016 年的 3.1ppm。欧盟(EU)气候检测机构的数据显示,2024 年平均气温比工业革命前的水平高出 1.6度,创最高纪录。从太空的持续观测也反映出全球气候变暖的倾向。

CVE-2024-10545 | Photo Gallery, Sliders, Proofing Plugin up to 3.59.8 on WordPress Image Setting cross site scripting

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability classified as problematic has been found in Photo Gallery, Sliders, Proofing Plugin up to 3.59.8 on WordPress. Affected is an unknown function of the component Image Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10545. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-22210 | HikaShop Component up to 5.1.4 on Joomla Category Management Area sql injection

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability was found in HikaShop Component up to 5.1.4 on Joomla. It has been rated as critical. This issue affects some unknown processing of the component Category Management Area. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-22210. The attack may be initiated remotely. There is no exploit available.
vuldb.com

中国主要电视机品牌出货量首超韩国

Solidot
9 months 2 weeks ago
Omdia 发布的数据显示,2024 年中国电视机品牌 TCL、海信、小米的合计出货量在全球市场所占份额为 31.3%,首次超过三星电子和 LG 电子(28.4%)。中国电视厂商的出货量份额 2020 年为 24.4%,之后逐年上升,去年首次突破 30%。韩国厂商 2020 年为 33.4%,之后逐年下降,直至去年的 28.4%。中国电视厂商的销售额份额也突飞猛进。以去年销售额为准,三星电子虽连续 19 年在全球电视市场排名第一,LG 电子连续 12 年在全球 OLED 电视市场排名第一,但与中国的差距在不断缩小。从2020年到2024年,韩国(三星、LG)与中国品牌(TCL、海信)的销售额份额差距从 48.4% 对 13.5% 缩小至 44.4% 对 22.9%。在售价 2500 美元以上的高端产品市场,三星电子以 49.6% 的市场份额排名第一,LG电子以 30.2% 排名第二。TCL 和海信分别为 1.6% 和 0.9%。

Avoiding vendor lock-in when using managed cloud security services

Help Net Security
9 months 2 weeks ago

In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked threats that can put organizations at risk.

The post Avoiding vendor lock-in when using managed cloud security services appeared first on Help Net Security.

Mirko Zorz

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

The Hackers News
9 months 2 weeks ago
Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday
The Hacker News

微软推出广告版 Microsoft Office

Solidot
9 months 2 weeks ago
微软悄悄推出了广告版 Microsoft Office,但功能非常有限,甚至不能编辑文档保存到本地。广告版 Microsoft Office 可免费使用,广告会永久性展示在屏幕上,只能编辑文档保存到微软的云端服务 OneDrive。广告版只提供最基本的功能,包括打开、查看和编辑文档,类似 Web 版 Office,它的右侧会显示一个永久性的广告横幅。软件的高级功能都锁定在订阅或付费版中。广告版目前还只在部分地区测试,尚未公开提供,微软也没有正式宣布。

The CISO’s dilemma of protecting the enterprise while driving innovation

Help Net Security
9 months 2 weeks ago

CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud to support remote teams, security teams must secure data without slowing down productivity. Finding the right balance means implementing security controls like continuous monitoring and identity management without creating friction for business operations. The modern CISO’s responsibilities have transcended traditional technical oversight, encompassing strategic leadership, risk management, and regulatory compliance. … More →

The post The CISO’s dilemma of protecting the enterprise while driving innovation appeared first on Help Net Security.

Help Net Security

Managed ad