Aggregator

2026 年 3 月 10 日，美国参议院投票。 71 比 29 。一位叫约书亚 · 门罗 · 鲁德（ Jo

2026年4月13日，东京防卫省，一场几乎没有仪式感的"新设"悄然完成。

A list of topics we covered in the week of April 13 to April 19 of 2026

The post A week in security (April 13 – April 19) appeared first on Security Boulevard.

点击蓝字｜关注我们近日，在济南高新区国家网络安全教育技术产业融合发展试验区的统筹指导下，山东省网络安全保险创新实验室在全

RSA Conference 2026大会，旧金山——每年，SANS研究人员都会在RSA Conference大会上公布五大攻击技术。

High turnover and burnout are reshaping the 2026 cybersecurity landscape, forcing leaders to prioritize compensation, AI integration, and mental health to retain top talent.

The post Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders appeared first on Security Boulevard.

研究团队对 7032 名生活在以色列南部内盖夫沙漠地区的偏头痛患者进行了平均 10 年的随访，分析其每日暴露于交通、工业及沙尘暴带来的空气污染情况以及气象条件，并与患者因急性偏头痛就医时间进行对比，同时追溯发作前 7 天内的环境变化。研究还通过药房记录统计了曲坦类药物（专门用于缓解偏头痛发作的药物）的使用情况。结果显示，约 32% 的参与者至少因急性偏头痛就医一次，47% 的人曾购买曲坦类药物。在偏头痛就诊人数最多的日子，PM10、PM2.5 及二氧化氮（NO2）浓度均显著高于平均水平；而就诊人数最少时，污染水平也相对较低。短期暴露于高水平 NO2 的人群，因偏头痛就医的概率增加 41%；暴露于较强紫外线辐射的人群，就医概率增加 23%。从长期来看，持续暴露于高 NO2 和 PM2.5 水平的人群，偏头痛药物使用率分别增加 10% 和 9%。进一步分析表明，高温、低湿环境会增强 NO2 对偏头痛的影响，而寒冷潮湿条件则会加剧 PM2.5 的作用。

Взгляды США на главные сетевые угрозы резко изменились.

近日微软在Patch Tuesday例行更新中修复了Microsoft Defender反恶意软件平台中的一个高危零日漏洞BlueHammer，该漏洞技术细节在微软官方修复发布前即被公开披露，攻击者可能已掌握漏洞利用代码，随后安全研究员公开了针对同一安全平台的另一未修补漏洞RedSun

贝佐斯（Jeff Bezos）旗下的 Blue Origin 公司于上周日执行了 New Glenn 重型火箭的第三次飞行，火箭第一级顺利回收，但上面级未能成功将 AST SpaceMobile 的蜂窝宽带通信卫星送入正确的轨道，这次发射被认为失败了。New Glenn 是直径 7 米的两级构型火箭。其第一级火箭由 7个 BE-4 发动机提供动力，它被设计为可重复使用。第二级/上面级则为一次性使用。New Glenn 于 2025 年 1 月 16 日执行了首次发射。去年 11 月的第二次飞行成功回收了第一级。此次发射使用的第一级就是去年底回收的，它被命名为 Never Tell Me The Odds。AST SpaceMobile 的 6 吨重通信卫星原计划发射到高度 460 公里倾角为 49 度的轨道，但被送入了一个低得多的轨道，无法靠自带的推进器维持运行。

A vulnerability marked as critical has been reported in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. This vulnerability is registered as CVE-2026-6652. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-6651. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

The problem with how we monitor identity risk today For years, dark web monitoring has been positioned as the frontline defense against compromised credentials and identity exposure. If your data showed up on the dark web, you got an alert. If it didn’t, you assumed you were safe. That model no longer reflects reality. The […]

The post Why Dark Web Monitoring Is No Longer Enough (And What Comes Next) appeared first on Security Boulevard.

Submit #794186 / VDB-358286

Submit #793806 / VDB-358285

A vulnerability identified as critical has been detected in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2026-6650. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

欧盟委员会将鼓励远程办公，并为公共交通提供补贴，以减少化石燃料使用；目前，各国正艰难应对中东战事引发的能源价格冲击。欧委会将于本周向成员国提出一系列措施，以降低能源需求、提高能效，并推动向清洁电力转型。这些举措旨在为高企的能源价格提供“即时缓解”。这些建议基于俄罗斯入侵乌克兰后引发的上一轮能源危机期间实施的各项措施。它们旨在减少对化石燃料的依赖，并鼓励使用绿色能源。

A vulnerability categorized as critical has been discovered in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-6649. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

DANE (DNS-Based Authentication of Named Entities) uses DNSSEC and TLSA records to secure TLS certificates and prevent man-in-the-middle attacks on email and the web. Here's how it works.

The post What is DANE? DNS-Based Authentication of Named Entities Explained (2026) appeared first on Security Boulevard.

鱼类中有“清洁鱼”——即帮助清洁大鱼身上寄生虫的小鱼，蚂蚁中也有给大蚂蚁清洁身体的小蚂蚁。根据发表在《Ecology and Evolution》期刊上的一项研究，昆虫学家观察到体型巨大的收获蚁涌到体型很小的锥蚁（cone ants）巢穴入口，双腿伸开，大颚张开，静静等待小蚂蚁爬上它们身上，舔舐啃啃。一只收获蚁身上有时会有五只小锥蚁。收获蚁会彼此清理身上的垃圾和寄生虫，但可能这种清洁并不彻底，因此需要小蚂蚁进行更深入的清理工作。但其他科学家提出了不同的意见，有昆虫学家认为它们是在交换信息素彼此安抚，或者交换有益的微生物为两种蚂蚁创造更健康的微生物群落。