Aggregator

在科技飞速发展的当下，蓝牙设备凭借“一键连接”带来的便捷优势，已广泛应用于日常工作和生活。然而，这些提升效率的“神器”，可能潜藏安全风险。不法分子可能利用蓝牙技术漏洞，非法获取个人信息甚至实施窃密行为，威胁公民隐私与国家秘密安全。

人工智能应用的全生命周期均伴随着大规模、多维度、高敏感度的个人信息处理活动，其处理边界、使用范围、风险传导均突破了传统信息处理模式的范畴，个人信息保护面临前所未有的挑战。因此，亟须通过更有效的评估机制识别潜在安全风险，切实保护个人合法权益。

Threat actors are executing a sophisticated malvertising campaign targeting macOS users via poisoned Google Ads and deceptive artificial intelligence applications. Researchers recently uncovered an operation that redirects victims to fraudulent landing pages via sponsored search results. By combining trusted hosting platforms with the notorious “Clickfix” social engineering tactic, attackers are successfully distributing MacSync payloads and […]

The post macOS Malware Leverages Google Ads and Legitimate Claude.ai Shared Chats to Deliver Malware appeared first on Cyber Security News.

“CCF-INFORSEC网络空间安全前沿创新论坛”将于5月23日（周六）在中国科学院计算技术研究所举办。目前论坛正式日程已发布，欢迎大家报名参会！

悬镜安全、易安联、魔方安全等集中推出AI智能体安全方案，产业加速布局下一代安全。

cPanel Perl注入|Android ADB零点击RCE|Grav CMS未认证RCE|PHP unserialize 21年UAF|共4条高危漏洞

A vulnerability marked as critical has been reported in Red Hat JBoss 1.0/6.0. This issue affects some unknown processing of the component Overlord Runtime Governance for JBossAS. Performing a manipulation as part of MVEL Expression results in code injection. This vulnerability is reported as CVE-2013-6469. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in Toshibacommerce 4690 Point Of Sale Operating System 6.2 and classified as problematic. Impacted is an unknown function of the component Default Configuration. This manipulation causes cryptographic issues. This vulnerability is registered as CVE-2014-0361. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in IBM Sterling Selling and Fulfillment Foundation and classified as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2014-0932. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Pimcore 1.4.9/1.5.0/2.1.0/2.2.0. It has been classified as critical. The impacted element is the function getObjectByToken of the file Newsletter.php. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2014-2921. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Pimcore 1.4.9/1.5.0/2.1.0. It has been declared as critical. This affects the function getObjectByToken of the file Newsletter.php. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2014-2922. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Asus RT-AC68U -/3.0.0.4.374.4755/3.0.0.4.374 4561/3.0.0.4.374 4887. It has been rated as critical. This impacts an unknown function of the file Main_Analysis_Content.asp of the component Firmware. The manipulation leads to os command injection. This vulnerability is traded as CVE-2013-5948. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in json-c up to 0.11. Affected is an unknown function. The manipulation results in memory corruption. This vulnerability is known as CVE-2013-6370. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in json-c up to 0.11. Affected by this vulnerability is an unknown functionality. This manipulation causes cryptographic issues. This vulnerability is handled as CVE-2013-6371. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Automattic Jetpack. Affected by this issue is some unknown functionality. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2014-0173. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in FitNesse Wiki 20131110/20140201. This affects an unknown part. Performing a manipulation of the argument pageContent results in command injection. This vulnerability was named CVE-2014-1216. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in vTiger CRM 6.0.0. This vulnerability affects unknown code. Executing a manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2014-2269. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-Secure Scam Intelligence & Impacts Report 2026. Most common channels for scam attempts (Source: F-Secure) The United States recorded the highest exposure levels among surveyed markets. Younger consumers reported higher scam activity … More →

The post The scam economy has found its AI upgrade appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - Bio.Entrez in Biopython through 186 allows doctype XXE.