Defence24.pl…
- Mimo dominacji w powietrzu sił amerykańsko-izraelskich nie oznacza to, że irańska obrona przeciwlotnicza przestała być jakimkolwiek zagrożeniem. Rozproszona i osłabiona, ale ukryta w podziemnych schronach i oparta na systemach pasywnych (termowizyjnych) oraz przenośnych naramiennych krótkiego zasięgu, wciąż jest zdolna do kąśliwych kontrataków i zasadzek powietrznych, które szczęśliwie dla sojuszników nie przyniosły – jak dotąd – […]
- Zakończyły się dostawy wszystkich zamówionych do tej pory, pływających kołowych transporterów opancerzonych, przeznaczonych dla Korpusu Piechoty Morskiej USA.
- Brazylijskie Siły Powietrzne (Força Aérea Brasileira – FAB) wraz z firmami Saab i Embraer zaprezentowały pierwszego Gripena w wersji E (F-39E) wyprodukowanego w Brazylii. Uroczystość miała miejsce 25 marca w kompleksie przemysłowym brazylijskiej firmy w Gavião Peixoto w stanie São Paulo.
- Na terenie kluczowego rosyjskiego portu w Noworosyjsku nad Morzem Czarnym, w tym znajdującego się tam terminalu naftowego Szesharis, w poniedziałek wybuchł pożar po nocnym ataku dronów. Strona ukraińska dodatkowo zaatakowała okręt Admirał Grigorowicz, podczas jego postoju w porcie Noworosyjsk.
- Powódź na Dolnym Śląsku w 2025 roku obnażyła potrzebę działania wszystkich służb we wspólnym środowisku zarządzania kryzysowego. Dzięki Jaśminowi wojewoda i generał mówią jednym językiem, dzięki temu działają szybciej i skuteczniej. SZK JAŚMIN to „profesjonalny, kompletny, zintegrowany, wielośrodowiskowy, zautomatyzowany, spójny system zarządzania kryzysowego”.
- Włochy mają przekazać Ukrainie artyleryjskie zestawy przeciwlotnicze SIDAM 25. Miałyby one wspomóc Kijów w obronie przeciwko rosyjskim dronom.
- Według władz rosyjskich, terytoria Rosji i Białorusi stały się jednolitą przestrzenią obronną, z czego wynika zobowiązanie do wspólnej obrony swoich granic.
- Rozsądne jest założenie, że gdy wojna z Ukrainą w końcu się zakończy, Rosja rozszerzy swoje zdolności wojskowe w tym regionie – podkreśla w drugiej części wywiadu z Defence24.pl generał rezerwy Timo Kivinen, były szef obrony Finlandii. W rozmowie mówi o kluczowych zakupach sił zbrojnych, w zakresie wozów bojowych, artylerii, obrony powietrznej i lotnictwa. Ujawnia także, […]
- Marynarka wojenna irańskiego Korpusu Strażników Rewolucji Islamskiej (IRGC) stanowczo odrzuciła żądanie Donalada Trumpa dotyczące otwarcia cieśniny Ormuz. Wcześniej prezydent USA w pełnej przekleństw wypowiedzi zagroził eskalacją ataków w razie utrzymania blokady cieśniny.
- To właśnie na styku państwa, elit, biznesu, pośredników i niejawnych przepływów finansowych rodzi się praktyczna zdolność Rosji do wpływania na inne państwa, podtrzymywania własnych operacji i podważania ładu międzynarodowego. W tym sensie badanie nielegalnych finansów nie jest pobocznym zagadnieniem z zakresu przestępczości gospodarczej, lecz jednym z kluczy do zrozumienia współczesnej polityki Kremla, o czym w […]
- Południowokoreańska Narodowa Służba Wywiadowcza (NIS) wskazuje na gwałtowne przyspieszenie działań Pjongjangu mających na celu legitymizację córki Kim Dzong Una, Ju-ae, jako przyszłej liderki reżimu. Kluczowym elementem tej narracji stała się jej niedawna obecność na poligonach, gdzie m.in. zasiadła za sterami nowego północnokoreańskiego czołgu podstawowego.
- Jak podaje Kiyv Post, prezydent Wołodymyr Zełenski ujawnił, że Moskwa dzieli się z Teheranem danymi z rozpoznania satelitarnego i doświadczeniem z pola walki, aby ułatwić ataki na cywilną infrastrukturę Izraela.
- Co najmniej trzy osoby, w tym dziecko, zginęły, a 10 zostało rannych w wyniku zmasowanego rosyjskiego ataku z powietrza na Odessę na południu Ukrainy.
- USA, Iran i regionalni mediatorzy prowadzą rozmowy w sprawie 45-dniowego zawieszenia broni, które ma zapobiec eskalacji wojny – podał portal Axios, powołując się na źródła. To ostatnia próba osiągnięcia porozumienia przed upływem ultimatum prezydenta USA Donalda Trumpa.
- Codzienny przegląd mediów sektora bezpieczeństwa i obronności.
- Amerykanie podczas operacji uratowania pilotów samolotu F-15E mieli zniszczyć poważnie uszkodzony samolot HC-130J oraz MC-130J wraz z dwoma śmigłowcami MH-6M. Ich załogi zostały ewakuowane innymi maszynami.
- Prezydent USA Donald Trump poinformował o uratowaniu drugiego pilota samolotu F-15E, który został zestrzelony nad Iranem.
- Obok programu większych pojazdów rodziny ACV, Korpus Piechoty Morskiej prowadzi równolegle program mniejszych wozów rozpoznawczych ARV, które mają zastąpić obecnie eksploatowane wozy rodziny LAV.
- Francja złożyła zamówienie w stoczni Naval Group na piątą fregatę typu FDI, kończąc tym samym planowaną serię tych jednostek dla marynarki wojennej.
- Program pozyskania przez Słowację kołowych transporterów opancerzonych Vydra (Patria AMV XP) zalicza opóźnienie. Czym jest ono spowodowane?
TVN wiadomości…
Błąd RSS: Retrieved unsupported status code "403"
Wyborcza Kraj…
Wystąpił błąd, co prawdopodobnie oznacza, że kanał nie działa. Spróbuj ponownie później.
Wyborcza Świat…
Wystąpił błąd, co prawdopodobnie oznacza, że kanał nie działa. Spróbuj ponownie później.
The Hacker News…
- An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. "The campaign is […]
- Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF
- Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform. For security leaders, this creates a
- This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New bugs, faster use, less time to react. That’s this […]
- The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on
- Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named "msimg32.dll,"
- Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 […]
- Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the
- Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,
- Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. "An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an
- A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity included multiple
- Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
- The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of […]
- The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. Cynomi's new guide, Securing the Modern Perimeter: The Rise of […]
- Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
- Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the&
- A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as
- Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. "This
- The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws
- A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic
SANS Internet Storm Center…
- In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused…
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 005 covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz's post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM's release resumption after Mandiant's forensic audit. […]
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [https://github.com/vitejs/vite].
- (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use the registry as an alternative storage location.
- This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026.
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss of control of the stolen data with all the consequences (PII, CC numbers, …).
Cybersecurity Avast…
- Spring break scams are out to ruin your vacation, but they don't have to. With a little awareness and Avast Free Antivirus protecting your devices, you can hit the beach without handing criminals an opening.
- You just sold a stack of old books for $100 on Facebook Marketplace. The buyer seemed eager, messaged instantly, and offered to pay extra. Sounds too good to be true? It probably is. Learn how to spot fake buyers before you lose both your money and your stuff.
- Scammers are using deepfake technology to replicate your child's voice in a kidnapping hoax, catfish with AI-generated video dates, and impersonate executives to steal millions. Learn how to spot deepfake fraud, and use Avast Deepfake Guard to help verify what's real before it's too late.
- Adoption fraud can blindside even the most prepared families, especially when emotions run high. Understanding common adoption scams and how to stay safe can help you move forward with more peace of mind.
- Facebook may feel like a safe place to connect, but scammers are increasingly using its ads, posts, and messages to deceive users. Here’s how cybercriminals are turning your feed into a gateway for fraud and what you can do to stay protected.
- If someone is blackmailing you with private photos or threats, do not pay. We know it's scary, but you don't need to comply. Learn how to handle sextortion threats, and discover how Avast can help secure your privacy.
- How a simple “I found your photo” message can quietly take over your account
- Holiday shopping is in full swing, and so is the hunt for great deals. As online shopping becomes the default for many, a shadowy industry of fake e-shops is growing right alongside it.
- Scammers are using deepfake technology to replicate your child's voice in a kidnapping hoax, catfish with AI-generated video dates, and impersonate executives to steal millions. Learn how to spot deepfake fraud, and use Avast Scam Guardian to help verify what's real before it's too late.
- ‘Tis the season… for scams The holidays are a time for goodwill, warmth, and connection. Unfortunately, it’s also the perfect moment for scammers to strike. Between last-minute shopping, travel plans, and a flurry of digital distractions, it’s easy to overlook red flags. That’s exactly what scammers count on, whether they’re running slick fake shopping sites […]
Cybersecurity Kaspersky…
- How to enrich data, fine-tune AI-powered systems, and update corporate policies to mitigate open-source supply chain risks.
- How the popularization of AI and the simplification of development are creating new risks for corporate security.
- CrystalX RAT: a Trojan for pranks, remote access, and cryptocurrency theft | Kaspersky official blogThe new CrystalX remote access Trojan combines pranks with full control over the victim’s computer. It also spies on its victims, steals their cryptocurrency and accounts, and uses advanced methods to bypass protection. We explain how it works, and how to avoid infection.
- Ransomware is increasingly targeting home backups on NAS, cloud storage, and external drives. Here’s how these attacks work, and how to keep your family photos and documents safe.
- The IronCurtain project offers a new approach to AI agent security: virtual machine isolation and action control via security policies.
- Spammers are disguising fraudulent links within legitimate survey platforms — emails containing these links easily bypass standard spam filters. We analyze the scheme, highlight the red flags, and provide defensive strategies.
- How Trivy and CheckMarx open-source solutions became the starting point for a massive TeamPCP attack on other applications, and what organizations using them should do.
- A deep dive into how Intellexa’s Predator spyware interferes with iOS mechanisms to hide camera and microphone activity.
- The IndonesianFoods campaign saw attackers flood the npm registry with junk packages. We explore how it works, and how to safeguard enterprise development.
- A 36-year-old American man took his own life after two months of interacting with Gemini, with the chatbot reportedly pushing the concept of digital immortality. We explore why scenarios straight from Black Mirror are becoming a reality, and how to push back.
We Live Security…
- Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.
- The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan
- This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with
- Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them
- Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves
- As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning
- What you do – and how fast – after an account is compromised often matters more than it may seem
- ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers
- ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026
- The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses.
- The resurgence of one of Russia’s most notorious APT groups
- The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed
- We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses
- The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative?
- In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools
- Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.
- Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers.
- ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
- Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches.
- When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech.