Defence24.pl…
- Polska nie powinna przekazywać Ukrainie pocisków PAC-3 MSE przeznaczonych do systemu Patriot – uważa Krzysztof Bosak, wicemarszałek Sejmu i jeden z liderów Konfederacji. W programie „Kulisy Siły” Defence24 polityk jednoznacznie stwierdził, że Polska nie posiada wystarczających zapasów najnowocześniejszych rakiet przechwytujących.
- Tylko u nas, specjalny wywiad dla Defence24. Krzysztof Bosak w programie „Kulisy Siły” u Michała Steli komentuje przekazanie rakiet Patriot z Polski na Ukrainę i jego skutki dla NATO oraz bezpieczeństwa kraju. Czy donacje rakiet Patriot realnie wzmacniają obronę Ukrainy przed Rosją, czy rozbrajają Polskę?
- Holandia osiągnęła granicę swoich możliwości w zakresie bezpośredniej pomocy wojskowej dla Ukrainy – poinformowała minister obrony Dilan Yeşilgöz-Zegerius podczas szczytu NATO. Amsterdam nie zamierza jednak kończyć wsparcia dla Kijowa. Zamiast kolejnych dużych dostaw własnego sprzętu chce skupić się na finansowaniu zakupów, produkcji uzbrojenia i przekonywaniu innych sojuszników do większego zaangażowania.
- Lockheed Martin i Rheinmetall podpisały porozumienie, na mocy którego pociski ATACMS będą produkowane w Europie.
- Jak odbierać ostatnie słowa szefa kancelarii prezydenta Ukrainy Kyryła Budanowa, który nie tylko zapowiedział, że Polskę i Ukrainę czeka dalsza eskalacja, ale też przyrównał nasz kraj do Rosji? Czy można jeszcze mówić o nadziei na zdrowe relacje międzypaństwowe, czy jednak jesteśmy skazani na ciągłe przepychanie się z powodu ukraińskiej polityki historycznej?
- Prezydent Stanów Zjednoczonych Donald Trump przeprowadził niemal 90-minutową rozmowę telefoniczną z prezydentem Rosji Władimirem Putinem. Według informacji przekazanych przez Kreml jednym z głównych tematów była wojna w Ukrainie oraz możliwości zakończenia trwającego konfliktu. Tego samego dnia amerykański przywódca odbył również rozmowę z prezydentem Ukrainy Wołodymyrem Zełenskim.
- Szczytowi NATO w tureckiej Ankarze towarzyszy forum przemysłu obronnego Sojuszu. Defence24.pl zaprosił do rozmowy Konrada Gołotę, wiceministra Aktywów Państwowych, by zapytać o polską zbrojeniówkę.
- IRGC zaatakował dwa statki przepływające przez Cieśninę Ormuz. Statki zostały w znaczącym stopniu zniszczone.
- W trakcie szczytu w Ankarze wicepremier, minister obrony narodowej Władysław Kosiniak-Kamysz wypowiedział się na temat wsparcia obrony powietrznej Polski.
- To nie był złom. To był czas, ogień, mobilność i szansa przetrwania dla Ukrainy w pierwszej fazie wojny. Problem polega na tym, że strona polska zbyt długo pozwalała opowiadać o własnej pomocy językiem magazynowego sprzątania, a nie strategicznego wkładu w bezpieczeństwo Ukrainy i Polski.
- Sąd apelacyjny wydał długo wyczekiwany wyrok w sprawie Marine Le Pen – jednej z najbardziej rozpoznawalnych i wpływowych polityczek we Francji oraz wieloletniej liderki prawicowego ugrupowania Front Narodowy. Choć sąd podtrzymał wyrok skazujący, jednocześnie złagodził część wcześniejszych sankcji, co oznacza, że Le Pen nie została definitywnie wykluczona z wyścigu o fotel prezydenta Francji w 2027 […]
- Spółka Emitel, nawiązała strategiczną roczną współpracę z Siecią Badawczą Łukasiewicz – Instytutem Lotnictwa (Łukasiewicz-ILOT) w celu przyspieszenia rozwoju ogólnopolskiej infrastruktury dla bezzałogowych statków powietrznych (BSP).
- Europejskie NATO uruchomi flotę samolotów transportowych opartą na samolocie Airbus A400M Atlas – poinformował sekretarz generalny NATO Mark Rutte na trwającym szczycie Sojuszu w Ankarze. Do inicjatywy dołączyła m.in. Polska. Zakupione zostaną też ciężkie bezzałogowce rozpoznawcze i samolot tankowania powietrznego.
- W trakcie szczytu NATO w Ankarze Mark Rutte poinformował o zacieśnieniu współpracy pomiędzy USA a Europą.
- Członkowie NATO zainwestują w ciągu najbliższych pięciu lat ponad 40 mld dolarów w swoje zdolności obronne przed dronami i zamierzają wyszkolić pięciokrotnie większą liczbę operatorów dronów do końca 2027 r. – poinformował we wtorek w Ankarze sekretarz generalny Sojuszu Mark Rutte.
- Dziennik „New York Times” poinformował, powołując się na czterech wysokich rangą urzędników, że oczekuje się, iż prezydent USA Donald Trump oznajmi prezydentowi Recepowi Tayyipowi Erdoganowi, że jest gotowy zezwolić Turcji na powrót do programu myśliwców stealth F-35 – przekazała we wtorek agencja Reutera.
- Tylko u nas: Specjalny wywiad dla Defence24: Krzysztof Bosak w „Kulisach Siły” u Michała Steli o rakietach Patriot dla Ukrainy, potrzebnym murze na granicy (z bardzo nieoczywistym sąsiadem Polski) i stanie polskiej armii – mówi, że „nie możemy się domyślać, musimy wiedzieć”
- Wiemy, jak państwo wydawało pieniądze na obronność w 2025 roku. Defence24.pl poznał wyniki kontroli NIK, w której opisano dokładnie, ile pieniędzy przeznaczono na inwestycje, ile na wydatki bieżące, a ile na remont sprzętu.
- Rodríguez Castro, z którym negocjuje sekretarz stanu USA Marco Rubio, zapowiedział wypuszczenie więźniów politycznych i gotowość do rozmów z Donaldem Trumpem. Tyle, że nie on rządzi Kubą.
- W tym roku USA obchodzą swoje 250-lecie. Część tych wydarzeń objęła również Polskę, gdzie stacjonują amerykańscy żołnierze. Co więcej, istnieje realna szansa, że dojdzie do kolejnych przewartościowań w specyfice obecności U.S. Army w naszym kraju. Tym bardziej warto podkreślić, że relacje wojskowe obu państw są wypadkową olbrzymiej pracy żołnierzy, dyplomatów i polityków, która nie zaczęła […]
TVN wiadomości…
Błąd RSS: Retrieved unsupported status code "403"
Wyborcza Kraj…
Wystąpił błąd, co prawdopodobnie oznacza, że kanał nie działa. Spróbuj ponownie później.
Wyborcza Świat…
Wystąpił błąd, co prawdopodobnie oznacza, że kanał nie działa. Spróbuj ponownie później.
The Hacker News…
- A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking logins, and capture the one-time codes that protect their accounts. Zimperium's zLabs, which found the operation, says it looks like a new variant of […]
- A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a […]
- A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into […]
- A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access […]
- U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say […]
- Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. "An outsider could go from having no access to taking over any Writer AI
- Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk […]
- A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,
- Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process
- BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below – CVE-2026-40138 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the
- An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research
- A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the […]
- Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get […]
- A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI […]
- Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data […]
- A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
- Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode. But TrojPix works only once malware […]
- Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for
- Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no […]
- Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested more than 90% of the time, and the same […]
SANS Internet Storm Center…
- Yesterday, I talked about NAPTR records and how they are related to RCS. But there is another "odd" record that shows up in my DNS logs. This one isn't new, but I don't think I ever covered it: NIMLOC. At least that is what Zeek calls it. But let's see what it is all about.
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was "bolted on" […]
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them[2].
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time.
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- I'm in the throes of target host recon for another pentest, and thought I'd share some workflow / automation stuff. In the past, I've discussed using historic DNS "mining" to collect target hosts in the domain.
Cybersecurity Avast…
- A call saying someone you love has been arrested and needs money ASAP can feel so real that you act before you think. Learn how bail bond scams work and what to watch for to help protect you and your family from falling for the scheme.
- Latest news We launched a new Avast One experience in 2026. Discover what’s new, see how it compares to the previous version, and learn how it makes your digital life simpler and more secure. In the ever-evolving landscape of the digital world, safeguarding your online presence has become more a necessity than a choice. […]
- If you've ever mentioned something in passing and then seen an ad for it shortly after, you're not imagining things. Learn how ads can sometimes follow you from real life to your screen, and how secure browsers with built-in ad blockers can help you take back control of what you see online.
- Spring break scams are out to ruin your vacation, but they don't have to. With a little awareness and Avast Free Antivirus protecting your devices, you can hit the beach without handing criminals an opening.
- You just sold a stack of old books for $100 on Facebook Marketplace. The buyer seemed eager, messaged instantly, and offered to pay extra. Sounds too good to be true? It probably is. Learn how to spot fake buyers before you lose both your money and your stuff.
- Scammers are using deepfake technology to replicate your child's voice in a kidnapping hoax, catfish with AI-generated video dates, and impersonate executives to steal millions. Learn how to spot deepfake fraud, and use Avast Deepfake Guard to help verify what's real before it's too late.
- Adoption fraud can blindside even the most prepared families, especially when emotions run high. Understanding common adoption scams and how to stay safe can help you move forward with more peace of mind.
- Facebook may feel like a safe place to connect, but scammers are increasingly using its ads, posts, and messages to deceive users. Here’s how cybercriminals are turning your feed into a gateway for fraud and what you can do to stay protected.
- If someone is blackmailing you with private photos or threats, do not pay. We know it's scary, but you don't need to comply. Learn how to handle sextortion threats, and discover how Avast can help secure your privacy.
- How a simple “I found your photo” message can quietly take over your account
Cybersecurity Kaspersky…
Błąd RSS: WP HTTP Error: cURL error 52: Empty reply from server
We Live Security…
- AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps
- Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026
- Your inbox is an identity system all of its own: whoever owns it may own a lot more
- Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience.
- ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
- ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights
- ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen
- Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks.
- ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness
- A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages
- A shift in operational pattern of the infamous Vietnam-aligned APT group
- A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment
- Every organisation gets audited. The question is who does the auditing.
- Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe.
- In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit
- An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
- Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe.
- The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
- Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
- ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal