Aggregator

Submit #769652 / VDB-351073

Submit #769430 / VDB-351072

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been declared as critical. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. This vulnerability is registered as CVE-2026-4164. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is recommended to upgrade the affected component.

Submit #768294 / VDB-351071

Submit #768293 / VDB-351071

Submit #768292 / VDB-351071

Пентагон автоматизировал войну с помощью системы Maven.

An identity-based microsegmentation deployment at Main Line Health in Philadelphia is helping to control how its roughly 60,000 devices communicate across the network in order to protect clinical operations and limit the impact of potential cyberattacks, said Main Line Health CISO Aaron Weismann.

Bold Plan Raises Hard Questions About Execution, Liability and Oversight
The Trump administration's national cyber strategy calls for a stronger partnership between the federal government and private companies, heralding a shift in the ways private enterprise could participate in offensive operations against nation-state adversaries, ransomware gangs and cybercriminals.

Also: the Pentagon-Anthropic AI Legal Showdown, the New Reality of Document Fraud
In this week's panel, four ISMG editors discuss the cyber activity tied to the U.S.-Israel-Iran conflict, the Pentagon's standoff with AI firm Anthropic and a new report that reveals how document fraud reflects deeper weaknesses in verification systems.

New Startup Says Cloud-Heavy Models Do Not Scale for Large Enterprises
Bold Security exited stealth with $40 million to build an endpoint platform for the artificial intelligence era. CEO Nati Hazut said companies can no longer rely on older controls as employees and AI agents access data locally, creating new blind spots around apps, files and device activity.

Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine […]

Currently trending CVE - Hype Score: 1 - A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making ...

YouTube будет искать украденные лица так же, как ворованную музыку.

关键词漏洞2026年3月的安全圈，注定不太平。思科一次性修复48个漏洞，微软发布83个CVE，Chrome又被曝零日……这是什么概念？

就在刚刚，CISA出手了。3月13日，美国网络安全和基础设施安全局（CISA）直接将两个Chrome漏洞加入已知利用漏洞（KEV）目录。这意味着什么？

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

Frida17.8引入的大招：基于eBPF的系统调用跟踪模块技术原理解析

В новом Chrome 146 устранили критическую уязвимость, позволяющую выполнить вредоносный код.