Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Hackers exploit Roundcube flaw to spy on academic researchers

Bleeping Computer - 11 min 16 sek zpět
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
Kategorie: Hacking & Security

Microsoft hopes to cut its genAI costs by focusing on its own models

Computerworld.com [Hacking News] - 47 min 12 sek zpět

Microsoft plans to focus more on in-house AI models in an effort to reduce its costs for generative AI (genAI), Bloomberg reports. The company has begun using its own MAI models to handle some user AI requests in Word and Excel rather than relying solely on models from OpenAI and Anthropic.

The company still uses third-party models, but has invested increasingly in its own AI solutions over the past year. At the Build developer conference in June, Microsoft unveiled seven new MAI models, including an AI code assistant and an image-generation model.

As the costs of advanced genAI models have risen, several tech companies — including Amazon, Meta, and Accenture — have reportedly been trying to find ways to reduce their expenses.

Kategorie: Hacking & Security

Test Article

LinuxSecurity.com - 1 hodina 17 min zpět
Testing new article creation
Kategorie: Hacking & Security

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

The Hacker News - 2 hodiny 5 min zpět
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack. Decrypting browser credentials, listing what sits in Windows' credential store, Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Entra passkey enrollment vishing targets Microsoft 365 users

Bleeping Computer - 2 hodiny 19 min zpět
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
Kategorie: Hacking & Security

The $2,000 club: Apple, Samsung, Google bet on foldables

Computerworld.com [Hacking News] - 2 hodiny 56 min zpět

Apple, Samsung, and Google are all expected to introduce their takes on folding smartphones in the coming weeks. 

All three competitors work together on some things; Samsung allegedly makes displays for iPhone; Google makes an OS for Samsung; and Apple works with Google Gemini for AI. That proximity suggests that we might experience some synchronicity between these devices when they finally arrive.

Samsung and Google move first — but September belongs to Apple

Bloomberg agrees: the publication claims Samsung’s forthcoming Galaxy Unpacked event in London on July 22 will feature the Galaxy Z Fold 8, which will have a short, wide design “that resembles Apple Inc.’s planned folding iPhone.”

It is expected to cost around $1,999 for the 256GB model. The late July introduction is widely seen as an attempt to steal a little thunder from the upcoming launch of the iPhone Fold/Ultra, Apple’s first foldable device.

Google is also chasing the looming Apple thundercloud with its own “Made by Google” event in New York on Aug. 12. This is expected to be a Pixel family update, likely including a successor to the Pixel 11 Pro Fold. Leaks suggest these devices will have more RAM (for AI), more storage — with a 256GB minimum — and be priced at an estimated $1,999 – or maybe even more.

Both of these devices will be great. Both will likely be compelling; but what we don’t know yet is how the decade or so Apple has spent designing and developing its own folding smartphones will crystallize into the final result. 

A decade in development, but will it blend?

Apple has its reputation on the line – will its phone stand out for its combination of high-tech and high design, or will the company fail in its bid to stand apart? We’ll find out in September when Apple’s folding smartphone finally appears, and the oxygen once again starts circulating around this part of the room.

We do know that the iPhone Ultra has entered mass production, with MacRumors seemingly rebutting recent claims by Ming-Chi Kuo that the device might ship later than expected and be in short supply once it appears. Citing Chinese supply chain sources, the report says manufacturing has begun. Other reports indicate Apple has increased initial manufacturing orders to 10 million units. Somewhere in between the truth lies.

The iPhone Ultra is expected to be a book-style foldable with a 7.8-in. inner display and a 5.5-in. cover display, Touch ID, an Apple C2 modem and an A20 processor. It will run iOS 27, which has already been found to be capable of changing display layout and resolution to seamlessly switch between different views; moving from the outer to the inner display should seem almost instantaneous, with smooth transitions between both states. 

The hinges need to do the talking

Apple has paid particular attention to the hinge design, which is thought to be near invisible to the eye and extremely robust. (It needs to be robust; the hinge will inevitably be put to some very tough tests by hungry vlogging tech influencers everywhere.)

Those same influencers will also be putting Siri AI to the test, with most potential customers very curious about the extent to which Apple Intelligence can turn the folding iPhone into a viable replacement for Macs or iPads. What happens when you use an iPhone Ultra with an external mouse and keyboard, for example? Will competing devices match the user experience for productive tasks?

At $2,000 a pop, a lot of potential customers for any of these foldable devices will be looking for a solution that ticks more boxes than simply being a giant smartphone. They will certainly want the luxury finish we can expect in all three devices, but they will also be hoping for a tool fit for a range of use cases smartphones don’t generally meet. 

Samsung’s existing Fold range, for example, is celebrated for its advanced multitasking features and media content and consumption features, even as its ability to connect to a monitor, keyboard, and mouse (Samsung DeX) makes it a convenient PC replacement.

Resetting the high-end smartphone price point

You can expect much the same from all three devices: a focus on display resolution, color gamut, brightness and screen refresh rates. But for all three, the really critical point will be the resilience of the hinge. Because once the novelty of the fold fades, the winner will be the one that succeeds in becoming something more useful than the smartphone we already know. 

In the end, these things must deliver more, not less, if they are to persuade consumers to reset their price-driven comfort zones. All of the manufacturers have a vested interest in driving shoppers to spend even more money on their devices. 

Join me on social media at BlueSky,  LinkedIn, or Mastodon,and do please subscribe to The Core for your daily collection of human-curated Apple News lovingly assembled by yours truly.

Kategorie: Hacking & Security

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

The Hacker News - 3 hodiny 59 min zpět
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user's Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

The Hacker News - 4 hodiny 29 min zpět
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows - CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attackerRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

3 Ways AI Powers Service Desk Attacks and How to Prevent Them

Bleeping Computer - 5 hodin 6 min zpět
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. [...]
Kategorie: Hacking & Security

US rare earths flow to Asia as domestic demand is slow to emerge

Ars Technica - 5 hodin 1 min zpět

US rare earths produced by Washington-backed companies are flowing to Japan and South Korea, as American demand has yet to materialize despite the Trump administration’s push to develop a national supply chain.

Rare earths products produced by MP Materials, Energy Fuels and Phoenix Tailings—which together have won billions of dollars in US government support—are being sold to companies in Asia, where the scale of magnet manufacturing remains larger than the nascent production in the US.

China’s lock on global supplies of rare earths and critical minerals has become a national security concern in the US and other Western nations, since Beijing started restricting access to them. The metals are crucial to 21st-century technology and are used in the manufacturing of everything from weapons guidance systems to electric vehicle batteries.

Read full article

Comments

New Ghost Phishing Wave Is Breaking Traditional Email Security

The Hacker News - 6 hodin 7 min zpět
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time [email protected]
Kategorie: Hacking & Security

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

The Hacker News - 6 hodin 15 min zpět
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbedRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Locking Down Your Linux Network and a Guide to Private Routing

LinuxSecurity.com - 7 hodin 2 min zpět
Linux runs a huge portion of today's infrastructure because it gives administrators an unusual amount of control over the system. That control extends to networking, where almost every aspect of packet flow, routing, filtering, and interface behavior can be customized. The trade-off is that very little of that hardening happens automatically. A fresh installation is usually built to communicate, not to isolate.
Kategorie: Hacking & Security

DuckDuckGo browser now blocks YouTube video ads

Bleeping Computer - 7 hodin 7 min zpět
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. [...]
Kategorie: Hacking & Security

Locking Down Linux Network Security with Private Routing Techniques

LinuxSecurity.com - 7 hodin 10 min zpět
Linux runs a huge portion of today's infrastructure because it gives administrators an unusual amount of control over the system. That control extends to networking, where almost every aspect of packet flow, routing, filtering, and interface behavior can be customized. The trade-off is that very little of that hardening happens automatically. A fresh installation is usually built to communicate, not to isolate.
Kategorie: Hacking & Security

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

The Hacker News - 7 hodin 15 min zpět
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified." Everything a reviewer would check matches. The commit's hash does not. That matters Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

The Verification Step Is the New ATO Battleground in 2026

The Hacker News - 7 hodin 37 min zpět
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not because attackers gave up, but because the front door finally got harder to kick in. Passkeys are now mainstream. [email protected]
Kategorie: Hacking & Security

Telco giant KDDI says data breach affects over 12 million people

Bleeping Computer - 7 hodin 43 min zpět
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. [...]
Kategorie: Hacking & Security

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code

The Hacker News - 7 hodin 46 min zpět
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested through Copilot, Claude from Anthropic, and Gemini from Google, refused Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah