Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Nearly 300 GitHub repos pose as legit software to push malware

Bleeping Computer - 54 min 13 sek zpět
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [...]
Kategorie: Hacking & Security

Microsoft releases Windows 10 KB5099539 extended security update

Bleeping Computer - 1 hodina 20 min zpět
Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes. [...]
Kategorie: Hacking & Security

Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

Bleeping Computer - 2 hodiny 7 min zpět
Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. [...]
Kategorie: Hacking & Security

Windows 11 KB5101650 & KB5099414 cumulative updates released

Bleeping Computer - 2 hodiny 28 min zpět
Microsoft has released Windows 11 KB5101650 and KB5099414 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Kategorie: Hacking & Security

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

The Hacker News - 3 hodiny 16 min zpět
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. "Once deployed, it can profile the host, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

Bleeping Computer - 4 hodiny 43 sek zpět
Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. [...]
Kategorie: Hacking & Security

Siri AI steals the show as the iOS 27 public beta lands

Computerworld.com [Hacking News] - 4 hodiny 1 min zpět

Apple has released the first public betas of its “27” series of operating systems, and feedback so far suggests they’re already very stable builds, even at this early end of the release cycle. 

For most intrepid public beta testers, the big attractions here are Siri AI and the heavily improved Apple Intelligence tools – though Siri AI is not yet available in Europe due to regulatory problems there. Overnight social media commentary has been highly positive, with Siri widely seen as delivering on what we always thought it should be rather than the limited product it became.

Caveat emptor

Once installed, the new operating system is fast and better performing on the iPhone, though there are some limitations anyone considering the beta should consider first:

  • This is beta software; things can and sometimes do go wrong. So don’t install it on your primary device unless you know how to restore your device and its data.
  • Some critical apps such as banking tools, VPNs and some smart home management software are reported to be unstable at times.
  • Once the public beta is first installed, there’s a lengthy period during which your device will rebuild its database; this can take many hours and performance will be affected.
  • As the OS beds in, users might experience sudden battery drain or the device might seem warmer than usual.
  • You’ll need to join a lengthy Siri waitlist before you can install the updated Siri AI.
  • Siri AI requires significant hardware capabilities and only runs on iPhone 15 Pro, iPhone 16 and iPhone 17 models. Alternatively, you must have an M1 or later Mac or an iPad running an M1 chip or later, or A17 Pro (iPad mini).
Siri AI is a big improvement

Siri AI is the big reward here. Joanna Stern called it “significantly better.” It will provide you with much better responses than its predecessor, and its contextual understanding is sophisticated and advanced. 

That’s because Siri can search across your messages, emails, photos and more to help you find what you’re looking for and has some understanding of where you are and what you are doing to help it make even more accurate decisions. It is faster than it’s ever been with a dedicated app (which includes logs of your interactions) and a new glowing design when activated. 

The assistant can now hold an ongoing conversation with you, understands what’s on screen, and take some actions in apps. One way that might be useful is if you are looking at a recipe online, you can ask Siri to write up a shopping list for the recipe ingredients and paste it in a Note. Siri has become much more knowledgeable than in the past thanks to its expanded and updated world knowledge database.

Apple Intelligence has been beefed up, too, with keyboard tools much improved on the last version. Siri can even reflect your personal tone and style based on the person you’re communicating with when sending a Mail or Messages post. 

Apple and the image

The Camera app now has a new Siri mode; it can do things like identify objects and people, or import event details from a leaflet. You can easily search or ask questions about what’s around you, and there are useful new actions you can take, such as getting nutritional insights about a plate of food.

Image Playground wasn’t terribly impressive when it first appeared, and a lot of people did little with it. It seems much better now, capable of generating photo-realistic images in virtually any style from natural language prompts or editing existing images. It’s a useful step up.

Another impressive feature is Spatial Reframing. This lets you shift the composition of a photo after you’ve taken it, using AI to create accurate renditions of what is outside the frame. A new Extend tool lets you expand images, which is useful for adjusting aspect ratios or creating Lock Screen wallpapers.

The future on your wrist

If you use an Apple Watch, you’ll be impressed, as the contextual AI extends to that device. So, you can have context-savvy conversations with your watch and ask it to do tasks on your behalf. It makes it feel like a bona fide computer on your wrist and bodes well for other future wearable products from the company

There are lots of other interesting features in the beta. Call Context can automatically surface the information you need, like a confirmation code or reservation number, when calling up a business. And a new Notify Me feature in Safari lets you know when a web page changes, so you can watch for stock availability or ticket sales.

How to install the beta

If you’re interested in installing the new OSes, Apple’s Beta Software Program website should be your first port of call. You’ll need to sign in to access the betas using your Apple Account. Once you’ve done that, open Settings and go to Software Update; there you can select Beta Updates and choose the 27 series Public beta. Tap Update Now and the installation will begin.

You can follow me on social media! Join me on BlueSkyLinkedInMastodon, and subscribe to The Core.

Kategorie: Hacking & Security

LastPass, Bitwarden users targeted with fake security alerts

Bleeping Computer - 4 hodiny 37 min zpět
LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. [...]
Kategorie: Hacking & Security

GhostLock Exposes an Uncomfortable Truth About Open Source Security

LinuxSecurity.com - 5 hodin 1 min zpět
When researchers announced GhostLock, many people focused on the exploit. What stood out to me wasn't just what the vulnerability could do, but how long it had remained hidden. The flaw had lived in the Linux kernel for roughly 15 years before it was publicly identified by researchers. That means the flaw survived hundreds of kernel releases and years of upstream development before it was publicly documented. It raises an uncomfortable question about one of open source's oldest assumptions. O...
Kategorie: Hacking & Security

You Don't Have to Run an Exploit to Know If You're Vulnerable

Bleeping Computer - 6 hodin 9 min zpět
Many vulnerabilities cannot be safely validated with live exploits, either because no exploit exists or the affected systems are too critical to test. Picus explains how TTP chaining helps organizations determine exploitability by validating the attack techniques an exploit depends on, without launching the exploit itself. [...]
Kategorie: Hacking & Security

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

The Hacker News - 6 hodin 1 min zpět
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How Linux Security Teams Spot Vulnerabilities Before CVEs Are Published

LinuxSecurity.com - 6 hodin 57 min zpět
Most of us don't hear about a kernel vulnerability until a CVE lands in our inbox or the vulnerability scanner starts complaining. By then, the patch isn't new anymore. Kernel developers may have been passing it around for review, arguing over the implementation, or revising it for days before anyone outside that community noticed it. None of those discussions are secret. They're sitting in mailing list archives, Git commits, and patch reviews where they've been the whole time. The strange pa...
Kategorie: Hacking & Security

Microsoft Entra ID gets passkeys default authentication starting September

Bleeping Computer - 7 hodin 19 min zpět
Microsoft has announced that passkeys will become the default authentication method for the Entra ID enterprise identity service starting September 2026. [...]
Kategorie: Hacking & Security

New phishing kits target Microsoft 365 accounts, evade MFA

Bleeping Computer - 7 hodin 20 min zpět
Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using techniques that defeat multi-factor authentication (MFA). [...]
Kategorie: Hacking & Security

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

The Hacker News - 7 hodin 23 min zpět
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware," Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

The Hacker News - 8 hodin 14 min zpět
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SAP warns of critical flaws in NetWeaver and Commerce Cloud

Bleeping Computer - 8 hodin 27 min zpět
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
Kategorie: Hacking & Security

How Pentera Turns AI Security Workflows into Validation Engines

The Hacker News - 8 hodin 39 min zpět
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one [email protected]
Kategorie: Hacking & Security

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

The Hacker News - 8 hodin 47 min zpět
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

With its latest layoffs, Microsoft goes all in on AI

Computerworld.com [Hacking News] - 9 hodin 9 min zpět

Microsoft’s big lead over AI competitors like Google and others has vanished, and the company is now playing catch-up. As a result, Microsoft’s stock has tanked in the last year — down roughly 23% compared to a year ago, due mainly to its massive AI spending and an inability to monetize Copilot. 

The company clearly needs to do something. And last week it did, though not what you might expect. It laid off 4,800 people, a little more than 2% of its worldwide workforce, with its Xbox division hit hardest. And it’s not reducing its massive spending on AI data centers or other AI-related costs.

The New York Times explained the cuts this way: “It is Microsoft’s latest employee culling as it plows tens of billions of dollars into the infrastructure for building artificial intelligence.”

Was cutting back on gaming (while still going all-in on AI) the right move for Microsoft? To answer that, let’s take a look at the details of the company’s July layoffs.

A year of layoffs

The recent cuts come in the wake of larger Microsoft workforce reductions over the last year or so. In May 2025, the company laid off 6,000 employees, about 3% of its workforce. Then a few months later, it laid off 9,000 more, about 4% of its workers. In both rounds of cuts, the company’s gaming division was hit — though it wasn’t the primary target.

This year, in April and May, the company rolled out its first voluntary retirement program for US employees. Approximately 3,000 people took the money and ran.

Then came last week, when Microsoft primarily targeted gaming. When the cuts take full effect over the next year, 2,850 gaming employees will be let go. In addition, Microsoft is cutting loose several of its gaming studio brands, which will become independent companies or be sold to buyers.

The layoffs hit the two remaining gaming studios, Activision Blizzard, which makes the big-selling games Call of Duty and Candy Crush, and ZeniMax Media, which publishes series including Fallout and The Elder Scrolls. Three years ago, in 2023, Microsoft bought Activision Blizzard for $69 billion. That followed its purchase of ZeniMax Media in 2020 for $7.5 billion. Both seemed like sizable acquisitions at the time. 

Compared to Microsoft’s AI spending now, they’re chump change.

Follow the money

A memo sent to employees about the July layoffs by Amy Coleman, Microsoft executive vice president and chief people officer, made clear the layoffs were more about AI than they were about gaming

Of the cuts, she wrote: “The “why” is this: our business is changing because the world around it is changing. The way technology is built, deployed, and used is transforming faster than at any point in my time here. Our customers’ needs are shifting, the business models that serve them are shifting, and that means the work itself — what we do, where we focus, and how we’re organized — has to transform, too.

“Our customers are navigating this same shift, and they’re counting on us to help them through it.”

That last sentence is an oblique reference to the early July launch of the Microsoft Frontier Company, which will embed 6,000 engineers inside customers’ businesses to help them more effectively deploy AI. The cost: $2.5 billion.

That sounds like a substantial amount of money. But it’s only a drop in the bucket of how much money the company plans to spend on AI. In April, Microsoft told investors it would spend $190 billion on data centers and other AI infrastructure this year, a 60% increase over what it spent last year. At the same time, Microsoft said it would shrink its workforce.

Its latest layoffs are clear-cut evidence of that. It’s also evidence that the company recognizes how badly Xbox has performed, and that it needed to do something about it. 

In early June, Microsoft sent a memo to everyone in its Xbox division entitled “Next 100 Days: XBOX Reset.” The memo laid out the problems with its ailing game business and pulled no punches. It noted that beyond the $69 billion the company spent three years ago to buy Activision, “Over the past five years, we have spent over $20 billion on ongoing investments in our content, platform, and hardware subsidy, but our annual revenue has declined nearly half a billion during that time. Going forward, this cannot continue.” 

The layoffs and spinoffs were the first steps. They won’t be the last.

There’s no doubt this is just the beginning of Microsoft’s disinvestment in gaming. The issue isn’t just that the company’s investments haven’t paid off. It’s that Microsoft’s AI ambitions are so large and expensive that it can no longer afford to seriously fund gaming.

Ultimately, it was the right thing to do, at least from a business perspective. The future is AI. It’s not in gaming.

So, for the foreseeable future at Microsoft, when it comes to AI — the sky’s the limit. But when it comes to gaming, things look much less rosy.

Kategorie: Hacking & Security
Syndikovat obsah