Aggregator

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

Wi-Fi client isolation，一个美丽的谎言

На смену грубой силе пришёл холодный расчёт.

数十年来，卫星、无人机与人工侦察员，始终是战争中监视与侦察体系的核心工具。

GLP-1 减肥药已经改变了无数肥胖者的生活，但停用减肥药的人通常会恢复大部分减轻的体重。GLP-1 减肥药价格不菲，如果需要终身服药那么这就给服用者带来了经济上的巨大负担。发表在《Obesity》的一项研究探讨了如何在减肥的同时减少减肥药支出的可能性。小规模实验发现，减少 GLP-1 减肥药的服用间隔仍然维持减肥效果。30 名服用减肥药的人参与了研究，23 人将服药间隔改为两周或至少 10 天，另外 7 人服药间隔更长。研究人员发现，几乎所有人减肥后的 BMI 指数都保持稳定，只有 5 人体重略有回升。有 4 人在体重再次增加后恢复到了原来的服药方案。研究人员表示需要扩大规模验证这项发现。

A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for March 2026.

The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry.

Иногда для грандиозного провала хватает обычной лени.

EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program. [...]

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]

最近修订的参议院授权法案（Senate authorization bill）将国际空间站的寿命从 2030 年延长到 2032 年，同时要求 NASA 转向商业空间站，加速用商业空间站取代国际空间站。法案要求在批准 60 天内 NASA 必须公开近地轨道商业空间站的需求；90 天内发布最终的征求建议书征求行业的回应；180 天内与两家或两家以上的商业供应商签订合同。Axiom Space、Blue Origin、Vast 和 Voyager 等私营公司正在敲定商业空间站的设计方案，它们都希望 NASA 提供更多需求信息，包括宇航员在空间站驻留时间、所需的科学设备类型等等。

Власти 14 государств провели задержания участников форума LeakBase.

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second

This week’s threat landscape highlights the evolving sophistication of threat actors, who are increasingly targeting newly disclosed and unpatched vulnerabilities. […]

The post Weekly Threat Landscape Digest – Week 10 appeared first on HawkEye.

Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders. [...]