Aggregator

Mozilla 警告针对 Firefox 扩展开发者的钓鱼攻击，督促开发者对冒充 Mozilla 或 AMO (addons.mozilla.org) 发件人的邮件提高警惕。攻击者可能是利用钓鱼邮件劫持开发者的账号，然后向 Firefox 用户推送包含恶意代码的扩展更新，发动供应链攻击。安全研究人员称，目前针对 Firefox 的恶意插件旨在窃取加密货币钱包的凭证。

A vulnerability was found in Red Hat Ansible Automation Platform 2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-5988. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Intelbras RX 1500 and RX 3000. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WiFi Network Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-26065. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Imagination Graphics DDK up to 24.2 RTM2. It has been classified as critical. Affected is an unknown function of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is traded as CVE-2025-8109. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Austrian Archaeological Institute OpenAtlas 8.11.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-51536. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in Dell Unity up to 5.5.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-36605. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dell PowerProtect Data Domain. This affects an unknown part of the component DDSH CLI. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-30097. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Domain. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-30096. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in Dell PowerProtect Data Domain. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-30099. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical has been found in Dell PowerProtect Data Domain. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-30098. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in DrayTek AP903, AP912C and AP918R. It has been rated as problematic. This issue affects some unknown processing of the file clients.conf of the component Setting Handler. The manipulation of the argument secret leads to weak password requirements. The identification of this vulnerability is CVE-2025-44643. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Dell Unity up to 5.5.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-36604. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell PowerProtect Data Domain. It has been classified as critical. This affects an unknown part. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-36594. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Dell Unity up to 5.5.0 and classified as critical. Affected by this issue is some unknown functionality of the component svc_nfssupport. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-36606. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Dell Unity up to 5.5.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component svc_nas. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-36607. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

根据发表在柳叶刀期刊上的一则评论，专家警告全球塑料危机，认为塑料每年造成的健康相关损失达到至少 1.5 万亿美元。自 1950 年以来，塑料产量增长了 200 多倍，到 2060 年塑料产量将达到每年 10 亿吨以上。结果是整个地球从从珠穆朗玛峰顶到最深的海沟都被塑料污染，全世界目前的塑料垃圾重达 80 亿吨。而不到 10% 的塑料被回收。塑料会导致空气污染和接触有毒化学物质，而微塑料则能渗透进人体。塑料污染甚至会增加携带疾病的蚊子，因为散落各地的塑料捕获的水为蚊子提供了良好的繁殖场所。石油公司和塑料行业认为，对抗塑料污染的重点应放在回收塑料而不是削减产量上。

CTM360 has discovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds. [...]

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]

Пароли, карты, криптовалюта — ничто не ускользает от их алгоритмов.

最近大模型（LLMs）除了被单独用作聊天机器人之外，还因为其卓越的通用能力，被人们进一步集成到各种系统里。 这些以 LLM 作为核心执行引擎的系统有更丰富的功能，也进一步推动了 LLM 系统的快速发展与部署，如配备各种工具、插件的 OpenAI GPT-4、豆包等等。