Aggregator

Имплант из наносетки открывает путь к регенерации спинного мозга.

SecWiki周刊（第593期) by ourren

更多最新文章，请访问SecWiki

Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia's financial service institutions. Learn about its advanced evasion tactics and stealthy attacks.

Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]

Currently trending CVE - Hype Score: 1 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Name: DownUnderCTF 2025 (an DownUnderCTF event.)
Date: July 18, 2025, 9:30 a.m. — 20 July 2025, 09:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://2025.duc.tf/
Rating weight: 91.66
Event organizers: DownUnderCTF

OpenAI решил не делиться своим самым умным ИИ — пока.

Debian 发布团队宣布 Debian 13.0 "Trixie"计划于 8 月 9 日释出，7 月 27 日完全冻结。Debian Trixie 代表了为期两年的开发历程，内核采用 Linux 6.12 LTS，包含桌面环境 GNOME 48 、GCC 14.2 编译器、Python 3.13 等大量软件更新。Debian Trixie 将首次正式支持 64 位 RISC-V 架构。

Шпионский инструмент из Китая работает с 2019 года.

对数据库 Dimensions 的分析发现，与 AI 相关的研究论文数量已从 2000 年的不到 8500 篇增长到 2024 年的 5.7 万多篇。2000 年，中国学者仅发表了 671 篇 AI 论文，但到 2024 年，他们发表了 23695 篇与 AI 相关的论文，超过了美国（6378篇）、英国（2747篇）和欧盟（10055篇）的总和。中国产生的海量AI论文也推动了创纪录的专利申请。2024 年中国研究人员提交了 35423 项与 AI 相关的专利申请，是美国、英国、加拿大、日本、韩国5国提交的专利申请总数（2678项）的 13 倍多。研究还显示，中国的 AI研 究正变得越来越独立。过去几年中，美国、英国和欧盟的科学家与中国学者共同撰写论文的频率比他们彼此间合著的频率更高。但在 4 个地区中，中国学者的国际合作率最低。随着中国庞大的 AI 研究队伍的成熟，国际合作可能会进一步减少。研究发现，中国拥有约 3 万名各个年龄段的 AI 研究人员，而美国约有 1 万名。中国的 AI 研究队伍也明显更年轻。

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. [...]

A vulnerability has been found in Linux Kernel up to 6.14.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component rtsx_usb_ms. The manipulation leads to use after free. This vulnerability is known as CVE-2025-22020. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. It has been classified as problematic. Affected is an unknown function of the file kernel/locking/mutex.c. The manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2025-21824. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2. This affects the function cdns_uart_isr of the component xilinx_uartps. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-21820. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2/6.14-rc1. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

国际研究团队首次确定了太阳以外的恒星周围开始形成行星的时刻，这是人类首次观察到行星系统形成的早期阶段，并为我们探索自身太阳系的起源提供全新视角。这颗诞生中的行星系统围绕着一颗名为 HOPS 315 的原恒星运转，HOPS 315 距离我们约 1,300 光年，与新生的太阳类似。在太阳系中，最早在地球目前绕太阳位置附近凝结的固体物质被发现藏在古老的陨石中。天文学家对这些原始岩石进行年代测定，以确定太阳系形成的起始时间。这些陨石富含一氧化硅(SiO) 的晶体矿物，可以在年轻行星盘的极高温度下凝结。随着时间的推移，这些新凝结的固体会结合在一起，随着它们的体积和质量的增加，为行星的形成播下了种子。太阳系中第一批几千米大小的行星，最终发展成像地球或木星核心这样的行星，正是在这些晶体矿物凝结后形成的。天文学家在新的发现中，找到了这些热矿物在 HOPS-315 周围的圆盘中开始凝结的证据。研究结果显示，SiO 以气态存在于这颗宝宝恒星周围，也存在于这些结晶矿物中，这表示它才刚开始凝固。研究人员表示这个过程从未在原行星盘，甚至在我们太阳系以外的任何地方出现过。

A vulnerability was found in Pro-face Pro-Server EX up to 1.23.000. It has been classified as problematic. This affects an unknown part of the file ProServr.exe of the component C Runtime. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-3795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2. Affected by this vulnerability is an unknown functionality of the file ptp_s390.c of the component ptp. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21814. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been rated as critical. Affected by this issue is the function ax25_setsockopt of the component ax25. The manipulation leads to deadlock. This vulnerability is handled as CVE-2025-21812. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.