Aggregator

研究称加工肉没有食用的安全量

Solidot
8 months 2 weeks ago
根据发表在《Nature Medicine》期刊上的一项研究,加工肉没有食用的安全量,即只要食用加工肉就会增加患病风险。研究人员分析了逾 60 项研究,涉及人类饮食加工肉、含糖饮料和反式脂肪酸与患 2 型糖尿病、结直肠癌和缺血性心脏病风险之间的关系。结果显示,即使食用少量的加工肉、含糖饮料和反式脂肪酸,也会增加患病风险。数据显示,与不吃任何热狗的人相比,每天只吃一只热狗的人患 2 型糖尿病的风险高 11%,患结直肠癌的风险高 7%。每天喝约 12 盎司苏打水,2 型糖尿病风险增加 8%,缺血性心脏病风险增加 2%。所谓加工肉指的是将肉加工成香肠、培根和汉堡等形式。

“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation

Cyber Security News
8 months 2 weeks ago

Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” allows […]

The post “CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation appeared first on Cyber Security News.

Guru Baran

CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password (EUVD-2025-20136)

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. This vulnerability is traded as CVE-2025-7080. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com

CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35 / EUVD-2025-20137)

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.3.9 cross-site request forgery (EUVD-2025-20135)

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-7078. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

Cyber Security News
8 months 2 weeks ago

Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. The primary suspect, a 36-year-old resident […]

The post Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-7077 | Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 /appy.cgi config_3g_para username_3g/password_3g buffer overflow (EUVD-2025-20133)

VulDB Recent Entries
8 months 2 weeks ago
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-7077. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

微软 XBox 业务高管建议被裁员的员工用 AI 管理情绪

Solidot
8 months 2 weeks ago
微软本周宣布裁员逾九千人,其中 XBox 游戏业务深受影响,有工作室被关闭,多个游戏项目被取消。对此情况,XBox 高管 Matt Turnbull 提出了一项建议:被裁的员工应该用 AI 管理情绪。他的建议发表在 LinkedIn 上,帖子已删除,但内容已被人保存了下来。他表示自己已经试验用 LLM AI 工具(如 ChatGPT 或 Copilot)帮助减少失业带来的情绪和认知负担,称如果不尽力提供最好的建议将是自己的失职。

Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone

Cyber Security News
8 months 2 weeks ago

Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims […]

The post Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad