Aggregator

A vulnerability has been found in Linux Kernel up to 6.15.2 and classified as problematic. Affected by this vulnerability is the function netfs_retry_write_stream in the library lib/iov_iter.c. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-38139. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Сколько стоит предательство, если ты знаешь цену выкупа?

地球上的大部分水资源都是海水，由于盐分过高而无法饮用。海水淡化厂可将海水淡化处理成饮用水，然而该过程需要消耗大量能源。香港研究团队在《ACS Energy Letters》发表研究成果，其研发出一种具有长链微气囊结构的海绵结构材料，结合阳光照射与简易塑料罩，成功实现盐水资源向淡水的转化。一项户外原理验证实验成功在自然光照条件下产出可直接饮用的淡水，标志着实现低能耗可持续海水淡化技术的重大进展。在户外测试中，研究人员将这种材料置于盛有海水的蒸发容器中，上方覆盖弧形透明塑料罩。阳光加热海绵结构材料顶部时，仅会将水分蒸发为水蒸气（盐分会被阻隔）。蒸气在塑料罩内壁凝结为液态水，沿罩壁汇集至边缘，最终滴入蒸发容器下方的漏斗中，以另一容器盛放。经过 6 小时自然光照，该系统最终产出约 3 汤匙的饮用水。

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]

A vulnerability was found in Azure AD Plugin up to 303.va_91ef20ee49f on Jenkins. It has been classified as problematic. Affected is an unknown function. The manipulation leads to session expiration. This vulnerability is traded as CVE-2023-24426. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Rack Gem on Ruby. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Content-Disposition Parser. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-44571. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft .NET 6.0. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-21538. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in XpressEngine XE3. It has been rated as critical. This issue affects some unknown processing of the component Image File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2021-26642. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in rancher wrangler and classified as problematic. This vulnerability affects unknown code of the component Git Credentials Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2022-43756. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in visualexpert Plugin up to 1.3 on Jenkins. It has been rated as critical. Affected by this issue is some unknown functionality of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is handled as CVE-2023-24455. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in pyload up to 0.5.0b3.dev42 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2023-0509. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Rancher. This vulnerability affects unknown code of the component cattle-token Handler. The manipulation leads to insufficiently random values. This vulnerability was named CVE-2022-43755. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

13 岁少年成微软最年轻安全研究员

快来参与活动～京东59元包邮，欢迎下单！

看雪论坛作者ID：yirucandy

Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust. […]

天文学家最近发现一颗名为 HIP 67522b 的系外行星，跟它的母恒星 HIP 67522 的互动关系非常不寻常。这颗行星靠母星非常近，导致恒星表面频繁发生激烈的耀斑，也让行星的大气层持续受热膨胀。HIP 67522 是一颗年轻的 G 型恒星，位于半人马座，距离地球约 417 光年，年龄大约只有 1,700 万年。这颗恒星拥有两颗行星，其中 HIP 67522b 是一颗「热木星」——体积接近木星，由于公转轨道非常靠近母星，绕转一圈只需 7 天的时间。研究团队发现，这颗行星似乎能与母恒星的磁场产生某种奇特的连结，进而引发恒星表面出现剧烈的耀斑活动。这些耀斑朝向行星爆发时，又把大量能量「反馈」到行星身上，使它的大气层像吹气球一样不断膨胀。长期下来，行星的大气可能会被严重剥离，甚至从一颗巨大的热木星，缩小成像「热海王星」或「亚海王星」那样的体积。这类母星与行星之间的强烈互动，早就在理论上被预测过，但直到现在才首次被实际观测到。

华云安、无糖信息、亿格云获融资，行业各厂商聚焦AI平台化与前沿技术。

一图读懂《2025年护航新型工业化网络安全专项行动方案》

近日，中央网信办发布通知，决定在全国范围内启动为期两个月的“清朗·优化营商网络环境——整治涉企网络‘黑嘴’”专项行动，重点整治恶意抹黑诋毁攻击企业、对企业进行敲诈勒索、恶意营销炒作、泄密侵权等四类突出...