Aggregator

A vulnerability was found in Zeus Technologies Zeus Web Server 3.3.1/3.3.2. It has been classified as critical. Affected is an unknown function of the component Search Engine. The manipulation of the argument filename leads to improper privilege management. This vulnerability is referenced as CVE-1999-0883. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Zeus Technologies Zeus Web Server 3.3.1/3.3.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Administration Interface. The manipulation results in missing encryption of sensitive data. This vulnerability is identified as CVE-1999-0884. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BlueFace Falcon Web Server 1.0.1006. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes path traversal. This vulnerability is tracked as CVE-1999-0881. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Исследователи показали, как режим Express Transit помогает обойти обычную защиту и провести платеж без разблокировки смартфона.

A vulnerability classified as critical was found in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserialization. The identification of this vulnerability is CVE-2025-0974. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

在周日（4 月 19 日）举行的 2026 北京亦庄人形机器人半程马拉松赛上，机器人首次跑赢了人类半马世界纪录，前三名成绩全部优于人类纪录。荣耀旗下的齐天大圣队、雷霆闪电队、星火燎原队分别夺得冠军、亚军、季军，净用时分别为 50 分 26 秒、50 分 56 秒、53 分 01 秒，均优于乌干达名将基普利莫在今年 3 月里斯本半程马拉松赛中创造的 57 分 20 秒人类男子半马世界纪录。这一成绩与去年相比进步显著：一年前在亦庄举行的首届人形机器人半程马拉松上，天工队的人形机器人以 2 小时 40 分 42 秒的成绩夺冠。一年后，参赛队伍数量从 20 支增至百余支，是去年的五倍。整体完赛成绩大幅提升，人形机器人续航更稳、步态更顺、算法更稳。途中仍有部分机器人摔倒，或撞上赛道护栏。技术层面同样有进步：去年工程师们还可以跟着机器人一路小跑“陪跑"，今年很多机器人的速度大幅提升，工作人员不得不改坐高尔夫球车跟在后面。去年，天工是赛场上唯一采用"半自主"方式参赛的选手，其余几乎全部依赖遥控。今年，约四成队伍已实现自主导航。为鼓励这一趋势，赛事规则规定遥控操作组成绩须乘以 1.2 加权系数，变相惩罚依赖人工遥控的队伍。

深度解析Prompt注入攻击原理，通过真实复现案例揭示攻击者如何劫持AI Agent

第三方 SDK 重大漏洞曝光：超 3000 万加密

跨租户Teams服务台钓鱼到数据外传：一次

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack   Fake Claude site installs malware that gives attackers access to your computer   Malware Analysis Static SKILL for Codex   JanelaRAT: a financial threat targeting users in Latin […]

硅谷科技巨头斥资数千亿美元建造 AI 数据中心，然而大规模的数据中心建设面临巨大的施工和电力挑战。卫星无人机图像显示美国近四成数据中心项目可能无法按计划在今年内完工。分析显示，微软、甲骨文和 OpenAI 等公司的数据中心项目很可能延期三个月以上完工。数据中心项目延误的原因包括劳动力、电力和设备长期短缺，以及获得必要许可的繁琐流程。参与 OpenAI 项目的建筑公司高管提到，他们缺乏足够的技工如电工和管道工去同时开展多个数据中心项目。因巨大的电力需求，科技巨头甚至在建自己的发电厂，大量使用安装在半挂式卡车上的移动式燃气发电机，以及最初为飞机和军舰设计的涡轮发动机。

A vulnerability, which was classified as problematic, was found in Cactus Software Shell-Lock. Affected by this issue is some unknown functionality. Executing a manipulation can lead to symlink following. The identification of this vulnerability is CVE-1999-1541. The attack can only be executed locally. There is no exploit available.

A vulnerability has been found in Red Hat Linux 6.0 and classified as critical. This affects an unknown part of the component RPMMail. The manipulation of the argument MAIL FROM as part of Metacharacter leads to improper privilege management. This vulnerability is referenced as CVE-1999-1542. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.