Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

OpenClaw becomes a nonprofit foundation as it seeks to be ‘the Switzerland of AI’

Computerworld.com [Hacking News] - 13 Červenec, 2026 - 23:09

OpenClaw’s announcement that it has become a nonprofit foundation is generating IT excitement because of the potential for governance and development consistency that the popular platform has thus far lacked. Still, some worry about the risks created by the move. 

“Our ambition is for OpenClaw to be the Switzerland of AI. Neutral ground where every model and every lab can plug into the technology and collaborate on standards in the era of agents,” OpenClaw said in a post. “That work is already underway in Foundation-convened councils on agent identity, agent profiles, evals, and enterprise deployment.”

The statement, co-authored by OpenClaw creator Peter Steinberger, pointed out, “the great open source projects of our time — Linux, Apache, Mozilla — endure because a neutral steward stands behind them. That is the role we are taking on to keep OpenClaw MIT licensed, open, and independent so that everyone building on it can trust it will be here for the long term.”

But it reassured users that the original OpenClaw leadership is still in charge.

“Peter built this thing and Peter keeps making the calls, especially the technical ones. Since joining OpenAI earlier this year, he has continued to steward OpenClaw as an open and independent project, and OpenAI has made a commitment to keep it that way,” the post said. “The foundation is here to serve: good governance, stable funding, and paying the people who keep the claws alive.”

However, some analysts and consultants were skeptical about how much true independence Steinberger would have, given his salaried role with OpenAI. 

Neutrality claim in question

“The Switzerland of AI neutrality claim collapses under its own announcement,” said Noah Kenney, principal consultant at Digital 520. “OpenAI runs a team [at OpenAI] called Claw Labs that Peter leads and OpenAI is a major donor to OpenClaw. The ‘neutral steward’s’ chief technical decision maker is employed by one of the competing labs it is supposed to be neutral with.” To OpenAI, he said, OpenClaw is closer to a tax-exempt nonprofit subsidiary than it is to a neutral ‘Switzerland of AI.’

He pointed out that, in addition, Microsoft is shipping the enterprise version of OpenClaw, and Nvidia is shipping the hardware bundle. “This is being called the Switzerland of AI, but Switzerland does not have its central bank run by France,” he observed.

Kenney said that what the new OpenClaw has actually built is “a shared dependency that several competitors fund, staff, and steer, wrapped in a nonprofit structure. Enterprise IT should understand that structure, because treating OpenClaw as neutral is a mistake,” adding that CIOs need to look at this development devoid of the emotional component. 

“There is a strategic irony here that CIOs should sit with,” Kenney said. “If OpenClaw succeeds at becoming the universal agent substrate, then every model plugs into the same identity layer, the same profiles, and the same deployment plumbing. The thing every vendor is racing to own becomes a commodity that nobody owns.” He pointed out that, in the short term, that is genuinely good news for buyers because it means less lock-in and more portability.

“But,” he said, “when the connective tissue is free and natural, the only labs that benefit are the ones with the best models and the deepest distribution. Commoditize the layer below you and you compete on the layer where you are already strongest. The foundation is not a charity. It is the biggest players agreeing to stop fighting over the plumbing so they can fight over the water, and the enterprise is the one paying the water bill either way.”

Good news, bad news

Jason Andersen, principal analyst at Moor Insights & Strategy, liked the potential consistency that could emerge from the structural change, given the complexity of agent development today. 

“We are seeing a lot of OpenClaw variants hit the market, such as those from Nvidia as well as competing products from cloud and SaaS vendors. A common base helps solidify the common parts,” Andersen noted. “That said, a common challenge is the sustainability of these open source foundations over time. In addition to releasing code, these foundations need funding to evolve and grow. And that funding needs to come from continued momentum to incentivize existing members to increase investment and recruit new members to join.”

Andersen stressed that IT buyers need to keep an eye on the roadmap for any OpenClaw variant they choose to deploy, “as that will directly impact the foundation, and the momentum of the foundation and common base. If the common base loses momentum, it can lead to forks, or just a loss of innovation. When that happens, members tend to back away, which puts customers in limbo.”

But not everyone sees the promised structure as entirely good for IT.

Ishraq Khan, CEO at coding productivity tool vendor Kodezi, said, “most CIOs do not want to bet their future entirely on a single model vendor. They want Claude for some workloads, GPT for others, open models for sensitive environments, and potentially internally fine-tuned systems for specific use cases. The problem is that every vendor currently brings its own identity system, tool interfaces, permissions model, and operational assumptions. That fragmentation does not scale.”

He said, “the risk if standards fail is straightforward: every vendor builds its own closed ecosystem, enterprises become locked into individual stacks, and security becomes dramatically harder. The opportunity if OpenClaw succeeds is equally significant: enterprises get portable agents, common identity standards, interoperable tooling, and a healthier competitive market around models rather than ecosystems.”

Will it remain a nonprofit?

However, said Justin Greis, CEO of consulting firm Acceligence, one of the key details that IT executives will want to keep in mind is that OpenAI also began as a nonprofit, but it was quickly seen as not adhering to nonprofit objectives

“OpenAI’s transition from a nonprofit research organization into a more complex structure highlighted the challenge of maintaining mission alignment while scaling technology, capital, partnerships, and commercial operations,” Greis said. “OpenClaw has the opportunity to address some of those governance questions earlier by establishing clear principles around neutrality, transparency, and decision-making before the ecosystem becomes even larger and more valuable.”

He noted, “we have seen this pattern before with technologies like Linux and Kubernetes. The strongest open ecosystems succeeded because they created trusted foundations that enterprises could build upon. The technology was important, but the governance model that underpinned it was equally critical.”

Risks are ‘squarely in IT’s lap’

Consultant Brian Levine, executive director of FormerGov, echoed Greis’ concerns. 

“CIOs shouldn’t assume that this nonprofit will always be a nonprofit, or confuse being a nonprofit with actually being neutral or unbiased,” he said. “The risks are squarely in IT’s lap: autonomous agents ‘with their own identity’ acting on a user’s behalf blow straight through traditional IAM assumptions. Issues, such as agent identity, auditability, secret handling. Identity boundaries have not yet been reliably solved. Until they are, enterprises should treat OpenClaw agents like privileged service accounts, not like a browser plugin.”

Independent cybersecurity and risk advisor Steven Eric Fisher pointed to another IT exposure that might come from this OpenClaw transition: Cost.

“OpenClaw currently has a very high token burn rate in usage, which presents a significant cost consideration for large-scale enterprise adoption,” he said. “The skills marketplace introduces a new supply chain threat that enterprises will need to manage. Threat management, and specifically handling external marketplace elements, can be highly challenging for open-source operations. Ultimately, at scale, enterprise adoption could become a difficult balancing act between managing high operational costs and securing an expanded security surface.”

Kategorie: Hacking & Security

The US government warns that Russia state hackers are coming after your router

Ars Technica - 13 Červenec, 2026 - 23:03

The federal government is warning users of home and small office routers to secure their devices as Russia state hackers continue to mass-compromise them for use in obscuring nefarious actions against sensitive organizations in the public and private sectors.

Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war to wrest control of devices the other has already commandeered. The US government has occasionally issued covert commands and taken other steps to disinfect routers. Google and other companies have also worked to disrupt the massive botnets that control compromised routers in lockstep. The actions to date are little more than whack-a-mole exercises as the operators simply replace their botnets with new ones.

Proxy networks: The go-to tool

“Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks,” the Cybersecurity and Infrastructure Security Agency said Monday. The hacking groups are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. The advisory was co-issued by governments from around the world, including Australia, Denmark, New Zealand, and the UK.

Read full article

Comments

Japan's largest taxi operator shuts systems after cyberattack

Bleeping Computer - 13 Červenec, 2026 - 22:18
Japan's largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. [...]
Kategorie: Hacking & Security

Hackers backdoor Jscrambler npm package with infostealer malware

Bleeping Computer - 13 Červenec, 2026 - 21:44
The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. [...]
Kategorie: Hacking & Security

New CrashStealer malware poses as Apple crash reporting tool

Bleeping Computer - 13 Červenec, 2026 - 21:04
A new macOS information-stealing malware called CrashStealer pretends to be Apple's crash-reporting tool to steal credentials, keychain data, and crypto wallets. [...]
Kategorie: Hacking & Security

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

The Hacker News - 13 Červenec, 2026 - 19:36
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. "It validates the victim's login password locally before Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

AI is killing low cost smartphones

Computerworld.com [Hacking News] - 13 Červenec, 2026 - 19:25

Except for the second user/refurbished smartphone markets, AI means the days of cheap phones are over, with huge price pressures putting low-end vendors out of business. 

Omdia data confirms that Apple and Samsung are undisputed kings of the hill, combining for 42% of the market even as smartphone sales overall have seen a 4% average decline. 

The two companies increased market share by 4% (Apple) and 2% (Samsung) compared with 2Q25. Meanwhile, the situation is becoming much worse for smaller vendors as memory prices spiral, leaving their businesses under immense strain. Data from Counterpoint Research tells a similar story, indicating Apple growth against a background of market decline. 

It’s important to put the impact of raised RAM costs into perspective. While Apple and Samsung make products at the kind of scale that enables them to cut better deals, smaller makers don’t have the same advantage, leaving them far more exposed to memory price driven pressures.  

Memory prices are crushing the low end

And they really are exposed; not only are sales declining, but Omdia analyst Runar Bjorhovde notes that vendors at that end of the market are dealing with hugely destructive DRAM price hikes over just the past year — up to four or five times higher in some cases. That degree of increase is the kind of business-focused tsunami that drives people out of the market altogether and certainly leaves companies exposed to M&A activity.

Right now, memory and storage can account for more than 60% of the product cost, Bjorhovde said. And as costs continue to increase, what profitability that does exist in the low-cost, high competition lower end smartphone space is being utterly mauled. Omdia forecasts a 22% decline in the sub-$400 smartphone segment as a result.

“Samsung Electronics and Apple — the two market leaders — made huge market share gains…, whereas most players beyond went through steep volume declines,” Bjorhovde said.

From volume to value

Apple’s decision to expand its addressable market with the iPhone ‘e’ series just adds pressure, while Samsung’s enduring popularity helps make it difficult for smaller vendors to generate profit through market scale. “To adapt, vendors are shifting their strategies from volume to value by reoptimizing portfolios and adjusting retail pricing,” he said. 

“Although memory and storage costs are the biggest challenges for vendors, they are far from the only challenge,” Bjorhovde said. “New semiconductor bottlenecks, such as within foundries, are adding further cost pressures.”

With the cost of manufacturing set to continue to rise, it’s generally accepted that we’ll see the average selling price of smartphones climb in the coming 12 months, with Apple set to lead the market toward higher cost builds with the new Pro and Ultra iPhones this September.

Apple’s decision to hold smartphone prices so far has added another price pressure to low-end vendors; the longer it holds its prices down, the longer and more painful will smaller vendors hang onto their own low-price structure to compete.

Future shock: AI hardware

A further wild card is in Apple’s recent lawsuit against OpenAI, which accuses the ChatGPT maker of “illegal reliance on misappropriated trade secrets” in its hardware plans. OpenAI is thought to be planning an AI-driven iPhone competitor.

We’ve heard speculation about these plans before, of course. But what seems to be emerging in the wake of Apple’s litigation are hints OpenAI intends to introduce its first AI hardware product at some point in 2027.

Assuming that schedule remains on track, OpenAI will likely impose further component pricing pressure across the whole industry. After all, Apple’s customer loyalty leads the industry, and Samsung has built something similar. So, the companies with the most to lose to OpenAI will be the same set of smaller vendors who are already struggling with component price-driven market complexity.

OpenAI products will demand the same memory, similar processors, manufacturing, and other components as other devices, prompting further pricing pressure. That’s likely to put some small vendors out of business entirely, even as standard smartphone prices increase. 

Fragmentation will be next

Those outcomes won’t be universal, as the desire for sovereign data services and growing mistrust of US tech companies suggest OpenAI’s products might see limited adoption in most markets. But they could serve to accelerate divergence in smartphone purchasing patterns worldwide, while adding to market pressure.

You can follow me on social media! Join me on BlueSkyLinkedInMastodon, and subscribe to The Core.

Kategorie: Hacking & Security

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

The Hacker News - 13 Červenec, 2026 - 19:17
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. The Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

CISA warns of actively exploited RCE flaws in Joomla extensions

Bleeping Computer - 13 Červenec, 2026 - 17:20
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads. [...]
Kategorie: Hacking & Security

Meta pulls Instagram AI feature amid privacy concerns

Computerworld.com [Hacking News] - 13 Červenec, 2026 - 17:14

Meta pulled a new AI feature on Instagram just days after its launch because of criticism about how the tool handled publicly posted photos.

The feature was part of the new AI image generator, Muse Image, and allowed AI-generated images to be created using content from public Instagram accounts. By specifying a public account with an @mention, users could let the AI ​​model use the person’s images as a reference without informing the account holder.

The launch quickly prompted concerns about privacy and the risk of abuse, with critics saying the feature could be used to create manipulated or offensive images based on other people’s public content.

Meta said its the goal was to give users a creative tool where they could decide for themselves whether their public content could be used. But it removed the feature after feedback that the feature did not meet expectations.

Kategorie: Hacking & Security

Now, defenders are embracing the prompt injection, too

Ars Technica - 13 Červenec, 2026 - 17:06

Prompt injections, the malicious commands attackers embed into content to entice large language models to follow them, have been attackers’ go-to tool for turning AI platforms against their users. A well-phrased command sneaked into an email or calendar invitation is often all it takes to cause the LLM to exfiltrate sensitive data or follow other harmful actions.

Now, defenders are embracing the prompt injection, too.

A strong, sharp effect

Researchers from Tracebit on Monday said they found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to perform an action forbidden by its guardrails, the safety barriers AI developers erect to prevent it from taking harmful actions. The LLM responds by shutting down.

Read full article

Comments

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

The Hacker News - 13 Červenec, 2026 - 17:05
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue tooRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Lidl discloses online shop breach after service provider hack

Bleeping Computer - 13 Červenec, 2026 - 16:19
German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider. [...]
Kategorie: Hacking & Security

Breach at the Beach: Play the Ultimate Entra ID CTF

Bleeping Computer - 13 Červenec, 2026 - 16:01
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. [...]
Kategorie: Hacking & Security

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

The Hacker News - 13 Červenec, 2026 - 15:49
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. The Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

UK charges suspects linked to Russian Coms call spoofing platform

Bleeping Computer - 13 Červenec, 2026 - 15:23
UK authorities charged five people following a National Crime Agency (NCA) investigation into Russian Coms, a major caller ID spoofing platform used by criminals to make over 1.8 million scam calls. [...]
Kategorie: Hacking & Security

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

The Hacker News - 13 Červenec, 2026 - 15:03
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling

The Hacker News - 13 Červenec, 2026 - 13:54
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using your phone. Some versions in the filing would listen all day; others would Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots

The Hacker News - 13 Červenec, 2026 - 13:37
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped out the broader architecture, something kept nagging at me. The design they were building [email protected]
Kategorie: Hacking & Security
Syndikovat obsah