Aggregator

​海外营销这门生意，也许等来了它的「AI版滴滴」。

最新发布的《世界海洋评估》报告警告，气候变化、污染、过度开发等多重压力正在持续削弱海洋健康，而海洋的未来与人类的未来紧密相连。报告指出，即便远离海岸，海洋依然深刻影响着每个人的生活。海洋吸收了地球大部分额外热量和温室气体，在减缓气候变化方面发挥关键作用。海洋还为全球数十亿人口提供食物、氧气和药物资源，并支撑着全球贸易、旅游业和大量就业岗位。报告强调，海洋环境恶化不仅会影响沿海地区，还将波及粮食安全、供应链稳定以及全球经济发展。评估显示，海洋变暖和海平面上升正在加速。由于冰盖融化和海水热膨胀，全球海平面上升速度已从 2015 年前每年最高 1.9 毫米增加到 2023 年的 4.3 毫米。北极升温速度达到全球平均水平的四倍。与此同时，海洋缺氧区面积已扩大至约 450 万平方公里，大量海洋生物生存空间受到挤压。自 1970 年代以来，加勒比地区约 80% 的珊瑚礁已经消失。如果全球升温超过工业化前水平 1.5 摄氏度，全球 90% 的珊瑚礁可能面临消失风险。报告显示，每年约有 5200 万吨塑料垃圾进入海洋，形成约 24 万亿个微塑料颗粒，已影响 4000 多种海洋生物。

An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,…

A vulnerability labeled as problematic has been found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0. This affects an unknown part of the component File System Handler. Such manipulation leads to unchecked input for loop condition. This vulnerability is referenced as CVE-2026-41986. The attack can be executed directly on the physical device. No exploit is available.

A vulnerability identified as critical has been detected in Huawei HarmonyOS 6.1.0. Affected by this issue is some unknown functionality of the component Package Management Module. This manipulation causes improper access controls. The identification of this vulnerability is CVE-2026-41985. The attack can only be executed locally. There is no exploit available.

A vulnerability categorized as critical has been discovered in HMBRAND DBI up to 1.647 on Perl. Affected by this vulnerability is an unknown functionality of the component Error Message Handler. The manipulation of the argument RaiseError/PrintError/HandleError results in out-of-bounds write. This vulnerability was named CVE-2026-9698. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Глава Минтруда рассказал, кого заменят роботы, а кому придется переучиваться.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.3.0. It has been rated as critical. Affected is the function l2cap_chan_le_recv_seg of the file subsys/bluetooth/host/l2cap.c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2026-5068. The attack can only be initiated within the local network. No exploit exists.

A vulnerability was found in QNAP QuMagie up to 2.9.0. It has been declared as problematic. This impacts an unknown function. Executing a manipulation can lead to authorization bypass. This vulnerability is handled as CVE-2026-44083. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page

Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique opportunity to get an inside look at how these operations are run at a powerhouse R1 institution, the University of Massachusetts Boston.    We sat down with Daniel Mayer, Endpoint […]

The post Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston appeared first on ANY.RUN's Cybersecurity Blog.

7天系统学习，掌握通用方法论。

一行判断写反，容器秒变宿主。

第八届游戏安全行业峰会圆满落幕，《2025游戏安全白皮书》成功发布！

看雪论坛作者ID：sysNow

微软下线了数十个托管在 GitHub 上的开源项目，原因是安全公司发现这些项目被入侵植入了窃取密码等敏感凭证的恶意代码。微软在一份声明中表示，它正对此展开调查，部分下线的项目在审核之后已恢复上线，作为调查的一部分，它通知了下载受影响项目的一小部分用户。调查显示，至少 73 个项目受到影响。这是过去一个月微软第二次开源项目库遭到入侵。

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and

Что нужно знать администраторам сетей Ubiquiti — и почему проверить систему нужно до обновления.