Aggregator

A vulnerability has been found in israelb1 Management App for WooCommerce Plugin up to 1.2.0 on WordPress and classified as critical. Impacted is the function nouvello_upload_csv_file. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2024-1205. It is possible to initiate the attack remotely. There is no exploit available.

皮尤研究中心去年十月进行的调查显示，美国人仍然偏爱阅读纸质书。调查显示，约三分之二的成年人表示过去 12 个月内阅读过纸质书，纸质书阅读比例从 2011 年的 72% 降至 2025 年 10 月的 64%；31% 的成年人过去一年阅读过电子书，高于 2011 年的 17%；有声读物的收听比例也在同期翻了一番以上。调查还凸显了教育水平和种族等方面的差异。大学毕业生比非大学毕业生更可能过去一年读过书；拥有学士学位成年人中 88% 表示过去 12 个月读过书；有大学学习经历的人群中这一比例降至 78%，高中及以下学历的人则为 60%。50 岁以下美国人比年长者更倾向于阅读电子书和有声读物。年长群体只有三分之一或更少的人表示读过电子书。美国白人最倾向于阅读纸质书，亚裔则在电子书的使用方面表现突出。三分之二的白人成年人表示过去一年读过纸质书，黑人、西班牙裔和亚裔的比例较低。42% 的亚裔表示过去一年读过电子书，而白人、西班牙裔和黑人成年人中这一比例约为 30%。

Что известно о новой утечке у создателей GTA VI.

A vulnerability was found in OpenClaw up to 2026.3.21. It has been declared as critical. This affects an unknown function. Executing a manipulation can lead to incorrect behavior order. This vulnerability is tracked as CVE-2026-35637. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenClaw up to 2026.3.21 and classified as problematic. This affects an unknown part. The manipulation leads to uncontrolled memory allocation. This vulnerability is referenced as CVE-2026-35633. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.21. This issue affects some unknown processing of the component Configuration Handler. The manipulation results in incorrectly-resolved name. This vulnerability was named CVE-2026-35635. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.22. The impacted element is the function authorizeCanvasRequest. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2026-35634. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical has been found in OpenClaw up to 2026.3.21. The affected element is an unknown function of the component DM Handler. The manipulation leads to incorrect behavior order. This vulnerability is uniquely identified as CVE-2026-35627. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.21. This impacts an unknown function. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-35631. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in OpenClaw up to 2026.3.21. Impacted is an unknown function. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is handled as CVE-2026-35622. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.21. Affected by this issue is some unknown functionality of the component Voice Call Handler. Executing a manipulation can lead to asymmetric resource consumption. The identification of this vulnerability is CVE-2026-35626. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.21. This vulnerability affects unknown code. The manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is uniquely identified as CVE-2026-35624. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in OpenClaw up to 2026.3.22. This affects an unknown part of the component Signature Verification. Executing a manipulation can lead to authentication bypass by capture-replay. This vulnerability is handled as CVE-2026-35618. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.3.21. It has been rated as problematic. This affects an unknown part of the component Path Validation Handler. This manipulation causes improper resolution of path equivalence. This vulnerability is tracked as CVE-2026-34510. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no

A vulnerability described as problematic has been identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2026-2516. The attack needs to be performed locally. Additionally, an exploit exists. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

币安创始人赵长鹏自费出版了自己的中英文自传《Freedom of Money: A Memoir of Protecting Users, Resilience, and the Founding of Binance》。赵长鹏在书中讲述了币安与美国监管机构的长期对抗，币安因助长洗钱活动而支付创纪录的 43 亿美元和解金，他在加州服刑四个月期间开始撰写本书，以及去年底获得特朗普总统的赦免——他此前被永久禁止涉足加密货币银行业务，赦免意味着他可以继续从事这项业务。他创办的币安是全球最大的加密货币交易所，与特朗普家族的加密货币业务 World Liberty Financial 有深度合作。本书最有意思的可能是他的监狱生活。赵长鹏写道，他一度担心在狱中会被人勒索，因为媒体报道他是美国监狱关押的最富有的人，结果是根本没人认识他，因为监狱关押的人没人会去看华尔街日报或彭博社。他与一名因杀害两人而被判 30 年监禁的男性关住一间牢房，他发现狱友最致命的不是他杀过人而是他雷鸣般的鼾声。他还在书中提到了 FTX 创始人 Sam Bankman-Fried，币安曾持有 FTX 五分之一的股份，以及 5.8 亿美元的 FTT 代币。2022 年 FTX 濒临破产之际 Bankman-Fried 曾打电话给他索取数十亿美元，他的语气漫不经心，仿佛是要一份三明治。

Исследователи описали технику sockpuppeting, которая помогает обходить ограничения 11 крупных языковых моделей через подставное «согласие» ассистента.

彭鑫老师观点文章：驾驭AI的能力决定了我们能走多快，敬畏复杂性的智慧决定了我们能走多远