Aggregator

被列涉军中企名单 移远通信起诉五角大楼中国无线设备制造商移远通信在周一起诉五角大楼，原因是其被列入涉军中企名单，指该公司协助中国军方。美国国防部在一月份将移远通信列入涉军中企名单。然而，移远通信强烈否

Компания откажется от небольших команд в дорогих юрисдикциях

We’ve received some feedback from those who read the Patch Blog that they would like something similar for macOS updates. Unfortunately, Apple doesn’t schedule these for a particular day, but we can provide our thoughts and analysis on the days they do release their latest patches.

For May 2026, Apple released 82 unique CVEs across the three macOS versions: 79 for macOS Tahoe 26.5, 45 for macOS Sequoia 15.7.7, and 42 for macOS Sonoma 14.8.7. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. However, there are a couple that stand out.

-              CVE-2026-28819 (Wi-Fi) stands out as the strongest candidate for the most severe as it states, “An app may be able to execute arbitrary code with kernel privileges.” The combination of arbitrary code execution at the kernel level is about as bad as it gets on a severity scale. Plus, it affects all three macOS versions (Tahoe, Sequoia, and Sonoma).

-              CVE-2026-43668 (mDNSResponder) also piques my interest since, “A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.” The remote attack vector with kernel memory corruption on all three OS versions makes this a serious one, especially since mDNSResponder is always running.

-              CVE-2026-28972 (Kernel) This one states that “An app may be able to cause unexpected system termination or write kernel memory.” An out-of-bounds write directly into kernel memory on all three OS versions. This one may also have implications in the upcoming Pwn2Own Berlin contest.

Here’s a look at all the bugs released by Apple this month:

82Unique CVEs 79macOS Tahoe 26.5 45macOS Sequoia 15.7.7 42macOS Sonoma 14.8.7 CVE ID Component Impact macOS Tahoe 26.5 macOS Sequoia 15.7.7 macOS Sonoma 14.8.7 CVE-2026-28991 Accelerate An app may be able to cause a denial-of-service Yes No No CVE-2026-28988 Accounts An app may be able to bypass certain Privacy preferences Yes No No CVE-2026-28959 APFS An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28995 App Intents A malicious app may be able to break out of its sandbox Yes No No CVE-2026-1837 AppleJPEG Processing a maliciously crafted image may lead to a denial-of-service Yes No No CVE-2026-28956 AppleJPEG Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Yes Yes Yes CVE-2026-39869 Audio Processing an audio stream in a maliciously crafted media file may terminate the process Yes Yes Yes CVE-2026-28922 CoreMedia An app may be able to access private information Yes Yes Yes CVE-2026-28936 CoreServices Processing a maliciously crafted file may lead to unexpected app termination Yes No Yes CVE-2026-28918 CoreSymbolication Parsing a maliciously crafted file may lead to an unexpected app termination Yes No No CVE-2026-28878 Crash Reporter An app may be able to enumerate a user's installed apps No Yes No CVE-2026-28915 CUPS An app may be able to gain root privileges Yes Yes Yes CVE-2026-43659 FileProvider An app may be able to access sensitive user data Yes Yes Yes CVE-2026-28923 GPU Drivers A malicious app may be able to break out of its sandbox Yes Yes Yes CVE-2026-28925 HFS An app may be able to cause unexpected system termination or write kernel memory Yes Yes Yes CVE-2025-43524 Icons An app may be able to break out of its sandbox No Yes Yes CVE-2026-43661 ImageIO Processing a maliciously crafted image may corrupt process memory Yes No No CVE-2026-28977 ImageIO Processing a maliciously crafted file may lead to unexpected app termination Yes Yes Yes CVE-2026-28990 ImageIO Processing a maliciously crafted image may corrupt process memory Yes Yes Yes CVE-2026-28978 Installer A malicious app may be able to break out of its sandbox Yes Yes Yes CVE-2026-28992 IOHIDFamily An attacker may be able to cause unexpected app termination Yes Yes Yes CVE-2026-28943 IOHIDFamily An app may be able to determine kernel memory layout Yes Yes Yes CVE-2026-28969 IOKit An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-43655 IOSurfaceAccelerator An app may be able to cause unexpected system termination or read kernel memory Yes No No CVE-2026-43654 Kernel An app may be able to disclose kernel memory Yes Yes Yes CVE-2026-28908 Kernel An app may be able to modify protected parts of the file system Yes Yes Yes CVE-2026-28954 Kernel A maliciously crafted disk image may bypass Gatekeeper checks Yes Yes Yes CVE-2026-28897 Kernel A local user may be able to cause unexpected system termination or read kernel memory Yes Yes Yes CVE-2026-28952 Kernel An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28951 Kernel An app may be able to gain root privileges Yes Yes Yes CVE-2026-28972 Kernel An app may be able to cause unexpected system termination or write kernel memory Yes Yes Yes CVE-2026-28986 Kernel An app may be able to cause unexpected system termination Yes Yes Yes CVE-2026-28987 Kernel An app may be able to leak sensitive kernel state Yes Yes Yes CVE-2026-28983 LaunchServices A remote attacker may be able to cause a denial of service Yes No No CVE-2026-28929 Mail Drafts Replying to an email could display remote images in Mail in Lockdown Mode Yes Yes Yes CVE-2026-43653 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes No Yes CVE-2026-28985 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes No No CVE-2026-43668 mDNSResponder A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Yes Yes Yes CVE-2026-43666 mDNSResponder An attacker on the local network may be able to cause a denial-of-service Yes Yes Yes CVE-2026-28941 Model I/O Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents Yes Yes No CVE-2026-28940 Model I/O Processing a maliciously crafted image may corrupt process memory Yes Yes No CVE-2026-28961 Network Extensions An attacker with physical access to a locked device may be able to view sensitive user information Yes No No CVE-2026-28906 Networking An attacker may be able to track users through their IP address Yes Yes Yes CVE-2026-28840 PackageKit An app may be able to gain root privileges No Yes Yes CVE-2026-43656 Quick Look Parsing a maliciously crafted file may lead to an unexpected app termination Yes Yes Yes CVE-2026-43652 Sandbox An app may be able to access protected user data Yes No No CVE-2026-39870 SceneKit Processing a maliciously crafted image may corrupt process memory Yes Yes Yes CVE-2026-28846 SceneKit A remote attacker may be able to cause unexpected app termination Yes Yes Yes CVE-2026-28993 Shortcuts An app may be able to access user-sensitive data Yes Yes Yes CVE-2026-28848 SMB A remote attacker may be able to cause unexpected system termination Yes Yes No CVE-2026-28930 Spotlight An app may be able to access protected user data Yes No No CVE-2026-28974 Spotlight An app may be able to cause a denial-of-service Yes Yes No CVE-2026-28996 Storage An app may be able to access sensitive user data Yes Yes Yes CVE-2026-28919 StorageKit An app may be able to gain root privileges Yes Yes Yes CVE-2026-28924 Sync Services An app may be able to access Contacts without user consent Yes Yes Yes CVE-2026-39871 TV App An app may be able to observe unprotected user data Yes Yes Yes CVE-2026-28976 UserAccountUpdater An app may be able to gain root privileges Yes No No CVE-2026-43660 WebKit Processing maliciously crafted web content may prevent Content Security Policy from being enforced Yes No No CVE-2026-28907 WebKit Processing maliciously crafted web content may prevent Content Security Policy from being enforced Yes No No CVE-2026-28962 WebKit Processing maliciously crafted web content may disclose sensitive user information Yes No No CVE-2026-43658 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28905 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28847 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28904 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28955 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28903 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28953 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28902 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28901 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28913 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28883 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28958 WebKit An app may be able to access sensitive user data Yes No No CVE-2026-28917 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28947 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28946 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28942 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes No No CVE-2026-28971 WebKit A malicious iframe may use another website's download settings Yes No No CVE-2026-28944 WebRTC Processing maliciously crafted web content may lead to an unexpected process crash Yes No No CVE-2026-28819 Wi-Fi An app may be able to execute arbitrary code with kernel privileges Yes Yes Yes CVE-2026-28994 Wi-Fi An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets Yes Yes Yes CVE-2026-28914 zip A maliciously crafted ZIP archive may bypass Gatekeeper checks Yes No No CVE-2026-28920 zlib Visiting a maliciously crafted website may leak sensitive data Yes Yes Yes CVEs marked with the scarab logo were reported through the TrendAI Zero Day Initiative program.

We’ll continue these macOS updates if people find them useful. Stay tuned for the regularly schedule Patch Tuesday blog covering Adobe and Microsoft.

We’ve received some feedback from those who read the Patch Blog that they would like something si

2026年5月12日，腾讯安全发现知名LLM框架guardrails-ai遭供应链攻击。黑客植入恶意代码，旨在窃取多云凭据及敏感文件，并进行持久化控制。

当地时间周二，eBay公司表示，其董事会拒绝了GameStop主动提出的560亿美元收购提议。在致GameStop首席执行官瑞恩·科恩的信中，eBay写道：“我们得出的结论是，你们的提议既不可信，也没

欧盟委员会主席 Ursula von der Leyen 周二表示欧盟将在今年晚些时候对 TikTok 和 Instagram 等平台上的成瘾性设计功能采取行动。此类功能包括了无限滚动、自动播放和推送通知。欧盟委员会最早将在今年夏天公布一项法律提议，目前正在等待 Special Panel of experts on Child Safety Online 的调查报告。

Почему троян Mamont до сих пор остаётся грозой подъездов.

As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.

Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently

Threat Detection / AI SecurityWhy do the Riskiest SOC Alerts Go Unanswered?Security operations te

Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.

欧洲肥胖大会公布的一项研究比较了 1990-2022 年间 33 个经合组织国家的工作模式和肥胖率。结果发现，美国、墨西哥和哥伦比亚等年工作时间较长的国家肥胖率也更高，即使北欧国家的平均能量和脂肪摄入量高于拉美国家。年工作时间减少 1% 与肥胖率下降 0.16% 相关。研究人员认为，工作压力和缺乏锻炼时间可能是工作时长更多的人容易发胖的原因。研究主要作者、澳大利亚昆士兰大学的 Pradeepa Korale-Gedara 博士表示，压力增加会提高皮质醇激素水平，导致人们在无法消耗能量的工作中储存更多脂肪。研究人员强调这一发现是相关性的，并不代表因果关系。但它促使专家再次呼吁推行四天工作制，四天工作制有助于人们在饮食、运动和睡眠方面做出更健康的选择，有助于促进整个社会的健康。

近期，深信服千里目安全技术中心监测到一起Linux后门事件、经过深度分析排查发现该事件与UTG-Q-008团伙存在关联，该家族是针对Linux平台的威胁行为者，主要针对中国政府机构和企业实体，利用庞大的僵尸网络进行间谍活动。