Aggregator

A vulnerability classified as problematic was found in MPlayer 13.0.1. This affects the function read_meta_record in the library mplayer/libmpdemux/asfheader.c. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2022-38851. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in MPlayer 13.0.1. The impacted element is the function config of the file llibmpcodecs/vf_scale.c. The manipulation leads to divide by zero. This vulnerability is referenced as CVE-2022-38850. Remote exploitation of the attack is possible. No exploit is available.

阿里巴巴及其美国子公司共同以美国国防部为被告，向加州联邦地区法院递交诉状，请求法院宣告美国国防部 6 月 8 日公布的对阿里巴巴的认定决定无效。阿里巴巴在美国设有分支机构，在美国开展电商与云计算业务。即便被列入该名单，企业理论上仍可同美国企业开展合作，但美国国防部有权对与名单内中企合作的美国企业采取解约等限制措施。阿里巴巴在诉状中主张，此次认定缺乏事实依据、相关流程不合规。该认定致使公司无法继续聘用游说机构等，自身合法权益遭受侵害，此举同时违反美国宪法。

Flyer за $20 млн поможет планировать полёты на сверхзвуке и обучать военный ИИ.

周鸿祎正式发布360 AI安全两大核心能力：漏洞自动化挖掘智能体“图龙锋”和网络安全自动化防御系统“仪天阵”。同时，360联合飞腾、麒麟等信创、安全、云计算、大模型和算力等产业伙伴，共同发起“磐石之盾”安全协作计划。

A fresh wave of scam websites is targeting gamers worldwide, using the massive hype around Grand Theft Auto VI to trick people into handing over their money. These fake pages promise something millions of players desperately want: early access to GTA 6 before its official release. The offers sound tempting, but every single one is […]

The post GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers appeared first on Cyber Security News.

根据发表在 PNAS Nexus 期刊上的一项研究，心率同步程度可判断社交投入程度。当人与人在身体与情感层面彼此亲近时，双方心率会逐渐同步。研究团队依托 72 名学生参与音频工程竞赛、赴纽约市期间采集的数据集开展研究。学生借助可收录环境噪音的助听器、监测心率的手环以及记录定位信息的手机采集各类数据。研究规定，人与人相距 20 米以内即为物理近距离接触。受试者共处时心率同步性更强，近距离互动、共同关注同一外界刺激（例如一同听课）时同步效应尤为明显。出行前便彼此熟悉的受试者，心率同步水平显著更高。

Compare crypto payment gateways for ecommerce, including checkout tools, stablecoin payments, fiat settlement, plugins, APIs and business payouts.

A large-scale, ongoing credential-harvesting campaign dubbed “FortiBleed” has silently compromised more than 430,000 FortiGate firewalls globally, siphoning over 110 million credentials directly from live network traffic since at least February 2026. The campaign came to light after security researcher Volodymyr “Bob” Diachenko discovered an exposed directory on 85.11.187[.]8:9999. FortiBleed is not a single intrusion; it […]

The post FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials appeared first on Cyber Security News.

Qodo has announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and Skill Review Standards. These new capabilities address a set of governance gaps that have emerged as AI-generated code reaches enterprise scale. AI agents have fundamentally changed how software is built. Code that once required developers to write, test, and review is now generated and pushed by agents operating with increasing autonomy across the development lifecycle. The governance systems that enterprises created … More →

The post Qodo expands platform to help teams govern AI-generated code and engineering standards appeared first on Help Net Security.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. This vulnerability affects the function set_track_prepare of the component slub. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-39843. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. It has been rated as critical. This vulnerability affects the function ocfs2_delete_osb. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-39842. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16.5/6.17-rc4. It has been classified as critical. Affected by this issue is the function audit_compare_dname_path. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2025-39840. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.17-rc4. It has been declared as critical. This affects an unknown part of the component scsi. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-39841. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17-rc4 and classified as critical. Affected by this vulnerability is the function batadv_nc_skb_decode_packet. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-39839. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4 and classified as critical. This vulnerability affects the function __cifs_sfu_make_node of the component cifs. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2025-39838. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.16.5/6.17-rc4. The impacted element is the function asus_wmi_register_driver. Executing a manipulation can lead to race condition. The identification of this vulnerability is CVE-2025-39837. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

Автоматизация обещала снять рутину, но первой под нож попала сама структура бизнеса.