Apple’s security releases page has been updated with additional information regarding the security issues resolved in iOS 18, iOS 26, and other OS versions.

The company added new details about the vulnerabilities patched in iOS 26, iPadOS 26, visionOS 26, and watchOS 26. Also updated was the security information concerning iOS 18.7, iPadOS 18.7, macOS 14.8, and macOS 14.8.2.

On Tuesday, Apple added a Siri vulnerability to the list of issues resolved with iOS 26. The now-patched security issue allowed access to Private Tabs without proper authentication, and it was fixed by improving state management.

The security page detailing iOS 18.7 and iPadOS 18.7 security fixes now says that Apple patched a call history issue that let apps fingerprint the user. Improved redactions of sensitive information were used to address this vulnerability.

Multiple macOS 14.8 fixes were added by Apple as well, including those that resolved two CoreServices and FaceTime issues, a Phone vulnerability, and a StorageKit security issue.

One now-resolved CoreServices issue let apps modify protected parts of macOS. It was resolved with additional restrictions. Another CoreServices logic vulnerability that allowed apps to access sensitive user data was addressed through improved validation.

Apple also patched a FaceTime issue that made incoming calls appear on a locked Mac with notifications disabled. Through improved data redaction, the company also fixed a Phone issue that gave apps access to sensitive user data.

The most serious issue patched with macOS 14.8 was a StorageKit vulnerability that let apps gain root privileges. Apple fixed it through improved checks. macOS 14.8.2 security details were updated with an entry detailing a vulnerability in SQLite, an issue resolved by a third party.

Overall, the updates to Apple’s security releases page won’t be of much use to the average user running newer OS versions. The company added information regarding older iOS and macOS releases, and not the latest iOS 26.5, iOS 18.7.9, or macOS 14.8.7.

This sponsored article is brought to you by Master Bond.

Outgassing is the release of volatile substances from a cured adhesive over time. These released materials, which may include residual solvents, unreacted monomers, or other chemical species, can deposit on nearby surfaces, causing contamination that interferes with sensitive components.

What Is Outgassing and How Is It Measured?

The industry standard for measuring outgassing is ASTM E595, developed by NASA. This test exposes a cured sample to 125 °C at high vacuum (10⁻⁵ to 10⁻⁶ torr) for 24 hours, measuring Total Mass Loss (TML) and Collected Volatile Condensable Materials (CVCM). To meet NASA low outgassing requirements, materials must exhibit less than 1 percent TML and less than 0.1 percent CVCM.

Optical assemblies need contamination-free bonding and prevention of fogging the optics to maintain clarity. High-vacuum scientific equipment, semiconductor manufacturing tools, and aerospace electronics also demand low outgassing materials.

Key Applications

Low outgassing adhesives are essential wherever contamination could compromise performance and this is particularly relevant for space and satellite systems. Optical assemblies, including cameras, telescopes, and laser systems, need contamination-free bonding and prevention of fogging the optics to maintain clarity.

High-vacuum scientific equipment, semiconductor manufacturing tools, and aerospace electronics also demand low outgassing materials. Even terrestrial optical devices benefit from reduced outgassing to ensure long-term reliability.

EP30-2 is a versatile system can be used in a variety of applications in aerospace, electronic, optical and specialty OEM industries, especially when optical clarity and low outgassing are important criteria.Master Bond

Ensuring Low Outgassing Performance Through Proper Handling

Achieving specified outgassing performance requires attention to storage, mixing, and curing. For two-part systems, use the correct mix ratio and mix thoroughly to ensure complete reaction. Follow recommended cure schedules — adding heat, even at modest temperatures of 150-200 °F, significantly improves cross-linking and reduces outgassing. For UV-curable adhesives, ensure complete cure by using the correct lamp wavelength (typically 365 nm), adequate intensity, and proper exposure time with no shadowed areas.

Troubleshooting Outgassing Issues

If contamination appears on optical surfaces or outgassing test results are higher than expected, an incomplete cure might be one of the root causes. The first step is to verify that the adhesive has fully hardened to its specified Shore hardness. The next step is to consider adding or extending heat cure to improve cross-linking.

Master Bond Product Recommendations

Master Bond offers a range of adhesives meeting NASA low outgassing requirements. EP30-2 and EP21TCHT-1 are some examples of two-part epoxy systems that have been successfully deployed in demanding vacuum applications, including ultra-high vacuum environments.

For applications requiring UV cure, Master Bond provides specialty UV formulations such as UV16 meeting ASTM E595, as well as dual-cure systems (UV plus heat) such as UV22DC80-10F for assemblies where shadows prevent complete UV exposure. These dual-cure products initiate with UV light and complete curing with heat as low as 180 °F (80 °C).

American Airlines passengers could begin to connect to in-flight Wi-Fi through SpaceX’s Starlink satellite network next year. The airline announced Tuesday that it signed a deal with Elon Musk’s aerospace company to install Starlink internet across its Airbus fleet in 2027, which includes more than 500 narrowbody aircraft.

Commercial flights drive heavy internet usage, as passengers work on cloud-based documents or stream movies and TV shows, activities that require substantial data and reliable Wi-Fi connectivity.

Starlink is among the fastest in-flight internet options, with reported speeds nearly twice those of the next-closest competitor and comparable to or faster than some terrestrial broadband services. More than 10,000 satellites in low Earth orbit drive the system’s performance. By operating much closer to Earth than traditional satellites, they reduce latency — the time it takes for data to travel.

CNET senior writer Jeff Carlson tested Starlink’s in-flight internet on United Airlines and was impressed by the internet experience. “Honestly, I’d think I was at home on my high-speed fiber internet if not for the cabin noise and the occasional tight banking turn,” he wrote.

Which airlines have Starlink service

American is one of the world’s largest carriers by passenger volume, making it a significant contract win for SpaceX, which previously announced Starlink partnerships with United Airlines, Southwest Airlines and Alaska Airlines. Once American outfits the planes with Starlink technology, SpaceX’s service will be operating on more than 2,300 commercial aircraft. 

Despite partnering with many of the largest international airlines, SpaceX doesn’t have a Starlink deal with airline giant Delta Air Lines, which is instead partnering with Amazon for its in-flight Wi-Fi service, which is expected to go into service later this year. Delta CEO Ed Bastian told Bloomberg that Amazon Leo is cheaper than SpaceX’s Starlink and includes a suite of streaming content. 

The American-Starlink partnership comes just days after SpaceX’s filing for an initial public offering. SpaceX’s scope of operations recently expanded after a merger with another one of Musk’s companies, xAI. Analysts value the company at nearly $2 trillion and expect it could raise as much as $75 billion when it goes public, setting an IPO record and making Musk the world’s first trillionaire.

Representatives for SpaceX and American Airlines did not immediately respond to requests for comment.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems from the use of a shared hardcoded machine key in the web portal configuration across all KnowledgeDeliver customer deployments.

ViewState deserialization

Threat actors obtained the machine key and used it in ViewState deserialization attacks to sign malicious ViewState payloads and achieve remote code execution at the operating system level.

Mandiant in late 2025 responded to an attack on a KnowledgeDeliver server and says that initially, the vulnerability was exploited as a zero-day to inject a malicious script into the web platform.

Exploitation was possible due to the use of “identical pre-shared ASP.NET machine keys across multiple customer deployments,” the researchers said.

“KnowledgeDeliver installations deployed before Feb. 24, 2026 relied on a standardized web.config file provided by the vendor. This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads,” Mandiant explains.

According to the researchers, the malicious code on the platform “convinced users to download a fake installer,” which led to the machine getting infected with a Cobalt Strike beacon, essentially planting a backdoor.

“The payload was encrypted using a key that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Mandiant says in a report today.

Godzilla web shell delivery

Mandiant says the threat actor deployed the .NET-based in-memory web shell, Godzilla (a.k.a. BlueBeam), which has also been used in similar attacks observed by Microsoft in late 2024.

In August 2024, researchers at cybersecurity company ASEC had also reported that Godzilla was being deployed in ASP.NET environments in ViewState deserialization attacks targeting companies in the financial sector.

Mandiant notes that the threat actor compromising KnowledgeDeliver instances executed commands to escalate their control over the web server’s file system.

This allowed them to modify an application JavaScript file with code that prompted users to install a “security authentication plugin” and to load a malicious script from a domain under the attacker’s control.

Over the past year, hackers have used improperly secured machine keys in ViewState deserialization attacks targeting web platforms for various products.

In March last year, threat actors abused a hardcoded machine key to craft a malicious payload that allowed access to Gladinet CentreStack’s secure file-sharing servers.

In July 2025, hackers compromised 85 Microsoft SharePoint servers after stealing the machine key to create signed malicious ViewState payloads.

State-sponsored actors also used ViewState deserialization attacks to deploy a reconnaissance tool named WeepSteel on Sitecore servers that exposed the ASP.NET machine key.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

Baum Audio is not the first instrument maker to wander into headphone territory. Marshall and Fender have already made that crossover feel almost normal. But the Aarhus-based company, founded in 2015 and best known for its custom electric and acoustic guitars, electric basses, and related gear, is taking a more restrained Danish route with the Baum Audio Ellipse, its first premium closed-back wired headphone for 2026.

The Ellipse is aimed at studio users, music professionals, and critical listeners who care less about lifestyle noise and more about long-term comfort, tonal balance, and a natural musical presentation. In keeping with Baum’s guitar-building background, the new headphones emphasize craftsmanship and material choices rather than gimmicks, combining aluminium, velour, and brass detailing with a Scandinavian design language that feels more refined than the louder visual approach taken by some American and British rivals.

Performance Design

The Ellipse uses custom-tuned 50mm dynamic drivers designed to deliver clarity, tonal balance, and a sense of scale without pushing the presentation into artificial brightness or excess warmth. Baum is positioning the Ellipse for listeners who want a natural presentation across vocals, rock, jazz, and orchestral recordings, though any final assessment of its tuning will have to wait until we spend proper time with it.

Despite its closed-back design, Baum says the Ellipse has been engineered to sound more open and spacious than many sealed headphones. That matters because closed-back headphones usually offer better isolation and everyday practicality, but often at the expense of air, width, and openness.

Baum’s design focuses on controlling air pressure inside the ear cups so the drivers can move more freely. The goal is to reduce the closed-in quality that can affect some sealed headphones while preserving the isolation and versatility that make closed-back designs useful for studio work, travel, office listening, and late-night sessions.

Build & Comfort

The over-ear headphones weigh 320 grams, which keeps it on the lighter side for a premium closed-back wired model. That should help with longer listening sessions at home, in the office, or while traveling, though comfort will still depend on clamp force, pad shape, heat buildup, and how the headband distributes weight.

Baum also says the Ellipse uses rear venting to help support a more natural low-frequency response. That is a useful design detail because closed-back headphones can sometimes sound overly pressurized or thick in the bass if the ear cup is not managed properly.

The ultra-soft velour ear pads and padded headband are intended to improve long-term comfort and reduce fatigue during extended listening. The use of velour is also notable because it can feel more breathable than synthetic leather, although it may not provide the same level of passive isolation.

Wired Connectivity

The Ellipse does not offer wireless connectivity, so there is no Bluetooth, ANC, app control, or battery-powered feature set to discuss. This is a wired closed-back headphone, and Baum is clearly aiming it at listeners who prefer a direct connection over another device that needs charging before it can play Steely Dan.

With a 32-ohm impedance, the Ellipse should be compatible with a wide range of sources, including hi-fi systems, desktop headphone amplifiers, laptops, and many smartphone setups when used with the proper adapter or dongle. As always, source quality and output power will still matter, but the impedance figure does not suggest a headphone that requires exotic amplification.

The dual cable inputs add some useful flexibility. Users can connect the supplied cable to either the left or right ear cup, which can make desktop, studio, or travel use a little less annoying. The same dual-input arrangement also allows two Ellipse headphones to be linked together in a daisy-chain configuration, letting two listeners hear the same source without needing a splitter or separate headphone amp outputs.

Replaceable Parts

Designed in Denmark, the Baum Audio Ellipse reflects the company’s focus on clean industrial design, long-term usability, and a more considered approach to product ownership. The use of replaceable components, including the ear pads and cables, gives the headphones a practical advantage over many sealed consumer models that become far less useful once the pads wear out or the cable fails.

That approach brings Baum closer to companies like Meze Audio, which has built much of its reputation around headphones designed for long-term serviceability, with many parts made to be replaced rather than discarded. Baum is not alone in treating headphones as durable audio tools instead of sealed lifestyle accessories with an expiration date. That is a good thing.

For a wired headphone aimed at studio users, music professionals, and critical listeners, serviceability matters. If Baum supports replacement parts over time, the Ellipse has a better chance of remaining useful for years rather than becoming another attractive object headed for the electronics graveyard.

Ellipse Headphones Specifications

The Bottom Line 

The Baum Audio Ellipse enters the wired headphone market with a very specific pitch: a closed-back design for studio users, musicians, and critical listeners who want isolation without giving up comfort, serviceability, or connection flexibility. Designed in Denmark by a company better known for custom electric and acoustic guitars, the Ellipse is not chasing the wireless headphone crowd. There is no Bluetooth, no DSP, no companion app, and no rechargeable battery system.

What makes the Ellipse more interesting is its practical design. The headphones feature dual-sided cable entry, support daisy-chain connectivity for shared listening, use replaceable ear pads and cables, and include rear venting intended to deliver a more natural low-end response inside a closed-back enclosure. That combination gives Baum a useful angle in a category where comfort, isolation, and long-term durability matter as much as tuning.

The competition will not be polite. Lower-priced models such as the Beyerdynamic DT 770 PRO X and DT 990 PRO X already have strong studio credibility, while more premium rivals like the Final DX3000CL and Meze Audio Strada target listeners willing to spend more for build quality, refinement, and brand identity. 

Price & Availability

Baum Ellipse over-ear wired headphones are available for $499 at baumaudio.com.

Related Reading:

Floppy disks are several decades old—many of the disks are degrading and the data stored on them is at risk of being lost. In response, Leontien Talboom, a technical analyst at Cambridge University Libraries and Archives, led a roughly year-long project preserving floppy disks called “Future Nostalgia,” which concluded in January.

IEEE Spectrum spoke to Talboom about her work preserving data from Cambridge’s collection of floppy disks and collecting knowledge about the disks themselves.

Why is it important to preserve floppy disks now?

Leontien Talboom: Two reasons. First, the physical media is starting to degrade. Floppy disks are made from plastic, but they’ve got a magnetic layer of iron oxide, and that’s deteriorating. A lot of floppy disks are found in attics or garages, which means they also suffer from mold.

Second, a lot of people who developed floppy disks and systems that use floppy disks are starting to retire or pass away, which means that a lot of tacit knowledge is disappearing.

Whom did you go to for that tacit knowledge?

Talboom: I went to the retro computing community. Their work is more around preserving these machines to keep them running [than] the data that lives on the floppy disk. But they know their stuff about floppy disks.

For example, they know that in a lot of the older disks, the inside of the disk—the doughnut—gets stuck to the top. So if you flex the casing, the doughnut falls down again. If I hadn’t known that, I would have assumed that those disks in our collection were broken or corrupt.

What is the most difficult part of working with floppy disks?

Talboom: Accessing the files can be quite challenging if we don’t understand the file system. Within libraries and archives, we get a lot of material from machines that are not as well loved. Many of the personal computers that you had at home, such as the Amstrad or ZX Spectrum or BBC Micro, are very well documented. But a bunch of our material comes from business or research systems. They’re not as nostalgic for people, so there’s not as big a community preserving this type of material.

Do you have a favorite type of floppy disk?

Talboom: Five and a quarter. The weirder the system, the more frustrating and fun it is. I quite like doing that detective work.

The Amstrad disk has also really stolen my heart. The popularity of floppy disks is very geographically dependent. Our library, for example, has these Amstrad 3-inch disks. But if you go to the U.S., they’re really uncommon. They weren’t able to manufacture enough of these drives, and [3.5-inch disks] took over at a certain point. But they’re really cute.

What’s the best method for sustainably storing data?

Talboom: The main thing is actively looking after it. A lot of the floppy disks we get in the library haven’t been accessed for 20 or 30 years, which means that you need certain special hardware to actually read them, and then work with emulators or other tools to make these file formats accessible.

Now that we’ve done that work and transferred it, we can monitor it and make sure it’s not suffering from anything like bit rot. We can also make decisions around migrating it to other file formats or working on specific file systems or unknown file formats in more detail.