Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Apple finally calls time on 15-year-old device support

Computerworld.com [Hacking News] - 55 min 25 sek zpět

For those who wonder what the support window is for Apple products, the company now has an answer: it’s quietly ended support for some of its oldest iPhones and iPads, cutting off restore access for devices that first went on sale more than a decade ago. 

While the move has prompted some complaints, the truth is that it underlines just how unusually long the company has kept aging hardware alive. Even today, it provides support in the form of access to signed software upgrades for non-cellular devices as old as some teenagers. 

What devices have been cut?

Among other things Apple has cut support for a range of older cellular-equipped devices, as it no longer supports the modems. Take the iPhone 4S, introduced about the same time iconic Apple CEO Steve Jobs died. Apple has stopped signing iOS versions for that device, which means if you’re still running one, you won’t be able to restore or downgrade to several older iOS versions on it. 

This isn’t the only older system for which Apple has stopped signing versions, but all these newly abandoned products are 12-years old, or older. Affected devices include the iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPad 2, iPad 3, iPad 4 and the original iPad mini. In each case, if you have an iPad without a cellular modem you should still be able to reinstall OS software, but cellular devices are abandoned. They’ll continue to work; you just can’t reinstall the operating system in the event of a problem.

The specifics are telling. The cut affects iOS builds like 6.1.3, 8.4.1, 9.3.5/9.3.6 and 10.3.3/10.3.4 — versions tied to the original iPad 2, iPad mini and iPhone 5c. One of those, iOS 10.3.4, was actually a special one-off patch Apple pushed out just for the iPhone 5 to fix a GPS bug tied to the GPS week rollover, underlining just how much engineering effort Apple still throws at older devices.

Why it kind of matters at the same time

The move to cut support is unlikely to cause any significant problems, as only a tiny number of these devices will be in active use. Some developers might use old devices for compatibility testing, though, and by making this move Apple is obviously telling developers to constrain their legacy device support. It’s also a reasonable piece of housekeeping: maintaining signing servers for decade-old, security-patched builds isn’t free. (Apple frames these moves as closing off outdated software that could expose old vulnerabilities.)

How does this compare with others?

Apple has always had a good reputation for product support; in part, this is why its devices maintain such strong resale values over time. That commitment became more explicit in 2024 following UK regulation, after which it now guarantees at least five years of security updates. Around the same time, Google and most big Android device manufacturers went a little further, committing to seven years of security and operating system updates. 

Smaller manufacturers don’t always match this commitment; in some cases, you might find similar support for budget Androids can be as short as two years. It’s also worth considering the user experience when working with older Android devices. While Apple’s tight software and hardware integration tends to support high-value user experiences, the more fragmented nature of the Android manufacturing process means some devices don’t offer the same degree of usability when older. Pixel’s Tensor have drawn criticism for struggling to run smoothly as they age, even if they’re still technically supported.

What this means is that Apple continues to under promise and overdeliver on its support commitment to older devices — so much so that it’s only now some customers who might still be running a 15-year-old iPhone have finally hit the support wall. 

Join me on social media at BlueSky,  LinkedIn, or Mastodon,and do please subscribe to The Core for your daily collection of human-curated Apple News lovingly assembled by yours truly.

Kategorie: Hacking & Security

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories

The Hacker News - 2 hodiny 1 min zpět
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives. The full ThreatsDay list is below. Global Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Forg365 phishing platform uses AI to target Microsoft 365 accounts

Bleeping Computer - 2 hodiny 30 min zpět
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. [...]
Kategorie: Hacking & Security

Linux Rootkits Explained: How They Hide and How Defenders Can Respond

LinuxSecurity.com - 2 hodiny 43 min zpět
Most of us think of Linux rootkits as ancient history—the stuff of 90s hacking forums and clunky malware that would crash your system if you looked at it the wrong way. But if you think they’ve gone away, you’re mistaken. They’ve just gotten smarter.
Kategorie: Hacking & Security

The Hidden Security Risks of Reduced Summer IT Coverage

Bleeping Computer - 3 hodiny 8 min zpět
Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]
Kategorie: Hacking & Security

AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up

The Hacker News - 4 hodiny 43 min zpět
AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert. That is the gap, and it is not your fault. The tools and runbooks most teams run on were built for attackers who work at human speed. AI-driven [email protected]
Kategorie: Hacking & Security

Physical AI will see the fusion of robotics and AI transform the world

Computerworld.com [Hacking News] - 5 hodin 58 min zpět

Historically, humans have solved their toughest tasks by creating tools capable of withstanding greater strain to undertake the job or augment their abilities. From levers to steam engines and beyond, the structural evolution of machines is almost as remarkable as their ability to improve operational cultures.

In recent times, we have seen machines attain their highest structural complexity, productivity, and best aesthetics yet. The most relevant new technologies today focus on creating high-throughput physical machines and software that ‘thinks’, and, more futuristically, a fusion of both.

From moving machines to intelligent humanoids

Evolving from ‘moving machines’ capable of handling repetitive tasks to intelligent machines is a century-long goal for robotics. The rapid growth in this sector over the past half-decade, with a $218 billion projection for 2031, is driven by expectations that advancements in AI will extend to robotics and expedite the development of intelligent robots.

Current prototypes are robots capable of taking initiatives or executing tasks more efficiently with less supervision. These have been applied in agriculture, industrial-grade production, and healthcare.

Humanoid robots have attracted the most attention due to the excitement around their potential as near-human machines and the signals their development sends for the future of human-machine coexistence.

Tech leaders around the world are contributing to advancing physical AI with optimism about the impact of robotics on humanity.

Physical AI is a department of artificial intelligence specializing in developing AI algorithms and models for locomotive systems. This includes every kind of robot and, at a more advanced level, humans.

Recent developments in this field include Figure AI’s humanoid robot deployments and Tether’s investment in the NEURA, leading the fundraising of up to $1.4 billion in one of the largest robotics and physical AI investment rounds on record.

Physical AI researchers are exploring future-proof strategies to develop intelligent, safe humanoid robots that can collaborate with humans, undertake humanly impossible tasks, and handle routine tasks more efficiently.

The strongest case for AI-powered humanoid robots is that they complement human power. A World Economic Forum (WEF) report projects shifts in work roles. Humanoid robots increase the workforce, take over repetitive, strenuous, and boring roles, allowing humans to pursue more interesting career paths.

This way, superintelligent humanoid robots will lead sector-wide transformations beyond current imagination and uniquely transform the world.

In theory, it creates the ideal conditions for an improved global economy and a higher quality of life. This theory is challenged by the dystopian vision of a machine-dominated world in which humans become less relevant. However, history suggests otherwise. Every major wave of automation, from the industrial revolution to the rise of computers, initially sparked fears of human redundancy. Yet each ultimately created more opportunities than it eliminated.

Super-human advancements with physical AI

In ideal operations, physical AI will serve as a lever for humans as well. While progress in robotics is loudest, efforts to directly augment human abilities with physical AI are also yielding remarkable results. Brain-computer interfaces can now accurately decode speech in paralyzed and speech-impaired individuals through intracortical implants that detect brain activity. And this is only a ‘start’. Projections from leaders in this space give insight into the trajectory of this technology.

In a recent fireside chat with NEURA Robotics CEO and founder David Reger, Tether CEO Paolo Ardoino noted, “the evolution of robotics that Neura is making is going to allow testing and building of a framework[…] where the real impact is in the real world. Everything starts digital, but to see the true potential, we will see robots roaming the streets, helping people, and being part of society. It has to happen safely, it has to be transparent.”

Physical AI products designed for direct human integration are being developed differently, with a focus on ergonomics, a minimalist aesthetic, and performance. EVO, Tether’s arm leading the charge for human advancement through intelligent technologies, also shared plans for non-invasive implants that maintain high productivity and offer greater composability.

Technologies like these will allow humans to leverage high-level physical AI technologies to attain the same technical abilities as humanoid robots and outperform them by combining machine and raw human intelligence.

AI robotics in non-user-controlled infrastructures

Resource efficiency, data sovereignty, and surveillance are some of the biggest ethical considerations of Physical AI after safety and responsibility. The infrastructure line-up for Software and Physical AI relies heavily on managed systems, blurring the lines of control and governance.

Who is really in charge? The end user, developer, or proprietors of the centralized infrastructure that powers the product? The result is a product with multiple points of failure, disruptions, and most importantly, operational risks.

Physical AI solutions will be used by billions of people worldwide; they should therefore not be built on limited, slow, and centralized infrastructures. This necessitates localized or truly decentralized AI solutions. Local-first AI solutions like Tether’s QVAC also prioritize resource efficiency, since users are expected to provide the core infrastructure. QVAC is a modular, highly efficient, local-first AI platform that runs anywhere. Tether regards it as the invisible intelligence engine of the 21st century.

Open-sourcing and aligning intelligent robots for co-existence with humans

Yann LeCun, Chief AI scientist at Meta, notes that open-sourcing AI development is the answer to the most pressing ethical challenges of AI applications. According to LeCun:

“The magic of open research is that you accelerate progress by involving more people[…] the biggest danger of AI isn’t ‘bad behavior’ […] It’s that every digital interaction in our future will be mediated by AI. In that world, diverse open-source systems let users choose their own biases.”

Open-sourced (systemic decentralization) and local-first (Infrastructural decentralization) solutions are the only path to developing ethically aligned Physical AI capable of co-existing with humans as intended. A successful physical AI solution is expected to tick the check boxes of safety, resource efficiency, true user control, and tamper-proofness. To do this, it must embrace transparent development procedures and function without gatekeepers.

Learn how Tether EVO is building resilient technology built on fairness, inclusivity, and systems with zero points of failure.

Kategorie: Hacking & Security

Microsoft to retire the OWA Light client in Exchange Server

Bleeping Computer - 6 hodin 10 min zpět
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Kategorie: Hacking & Security

Summer of Clearinghouses

The Hacker News - 6 hodin 10 min zpět
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,[email protected]
Kategorie: Hacking & Security

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

The Hacker News - 6 hodin 27 min zpět
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It's assessed to be a rebrand of the Beast ransomware, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SpaceXAI launches Grok 4.5, touts lower coding-task costs than AI rivals

Computerworld.com [Hacking News] - 6 hodin 44 min zpět

SpaceXAI has launched Grok 4.5, pitching the model to developers and enterprises trying to control the rising cost of AI-assisted software development.

In a statement, the company said the model is priced at $2 per million input tokens and $6 per million output tokens. It said the model is built for coding and agentic work, runs at 80 tokens per second, and uses fewer tokens than comparable models on some software engineering tasks.

Grok 4.5 is available through the SpaceXAI console and Grok Build. It is also available in Cursor, the AI coding tool made by Anysphere, giving SpaceXAI a route into a development environment already used by programmers rather than only competing through an API. SpaceXAI said EU availability is expected in mid-July.

In June, SpaceX, which owns SpaceXAI, said it was buying Anysphere, the startup behind Cursor, in a deal aimed at strengthening its position in enterprise AI tools. In a separate statement, Cursor said that Grok 4.5 was trained jointly with SpaceXAI and used trillions of tokens of Cursor data, including user interactions with codebases and software tools.

The launch addresses a growing realization among enterprise engineering teams that AI coding agents can become expensive once they move beyond simple prompts.

“Enterprises are hitting a wall with AI ROI,” said Neil Shah, vice president for research at Counterpoint Research. “The massive token consumption required by autonomous agents and coding is causing bill shocks, turning AI adoption into an expensive, one-way street.”

AI coding at half the cost

On Artificial Analysis’ Coding Agent Index, Grok 4.5 in Grok Build finished below Fable 5 in Claude Code and roughly level with GPT-5.5 in Codex. It estimated Grok 4.5’s cost at $2.49 per task, compared with $5.07 for GPT-5.5 in Codex and $11.80 for Fable 5 in Claude Code.

The figures give SpaceXAI a useful proof point, though analysts said companies will still need to test the model on their own codebases before relying on it widely.

“It is too early to say if Grok 4.5 is a game changer,” said Anand Joshi, managing director of market research firm JP Data. “The benchmarks are impressive, and the low token usage will be attractive to enterprises. The developer community will give a verdict in time if the coding output is superior to the competition.”

Cost per task, not cost per token

“Grok 4.5’s pricing is notable because it lowers the economics of running agentic coding workloads, but enterprise buyers should focus on cost per successful outcome rather than cost per token,” said Biswajeet Mahapatra, principal analyst at Forrester.

A cheaper model can still cost more in practice if it needs repeated attempts to produce working code, Mahapatra said. Enterprises should look at the full cost of a coding workflow, including developer review effort and whether the final output is usable, he said.

A bigger concern, according to Lian Jye Su, chief analyst at Omdia, is that token use has become too easy a proxy for value.

“We are living in the era where token consumption is seen as the ultimate value creation but the true value still lies in actual job completion,” Su said. “To most enterprises, the cost per job done remains the best approach to assess agent effectiveness.”

That makes Grok 4.5 less a simple pricing story than a test of whether SpaceXAI can lower the actual cost of AI-assisted development in real engineering environments, where corporate codebases often expose weaknesses that public benchmarks may miss.

Mahapatra said tests such as SWE-Bench Pro, DeepSWE, and Terminal Bench can offer early signals, but enterprises should also compare Grok 4.5 with other models on their own repositories before adopting it more widely. Su said A/B testing in real development environments, combined with cost monitoring over time, would give enterprises a clearer view of token efficiency and output quality.

Where Grok 4.5 may fit

Grok 4.5 is unlikely to displace broader enterprise AI platforms on price alone. Its more realistic near-term role is in software engineering workflows, particularly at companies already using more than one model and trying to route work based on cost, speed, and accuracy.

Cursor and Grok Build users are among the most likely to find this model useful, according to Su. Mahapatra said Grok 4.5 could become a primary coding assistant for some teams, especially where software engineering is the main workload, but larger enterprises are more likely to test it as part of a mixed-model strategy.

Shah said that the shift is already underway as enterprises become more cautious about relying on a single AI provider. High-risk or more complex tasks may still go to models such as Claude, he said, while Grok 4.5 could appeal to high-volume developer workflows and repetitive agentic tasks if its accuracy proves close enough to rival systems.

Cursor could give SpaceXAI another advantage, Shah added. By training with developer interaction data from Cursor, Grok 4.5 could benefit from a feedback loop based on how programmers actually write, review, and debug code.

The article originally appeared on InfoWorld.

Kategorie: Hacking & Security

Police arrests 5,800 suspects in global anti-fraud crackdown

Bleeping Computer - 7 hodin 23 min zpět
Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries. [...]
Kategorie: Hacking & Security

The next killer AI feature? No AI at all

Computerworld.com [Hacking News] - 7 hodin 25 min zpět

Chatting with readers and regular folks in the real world these days, I can’t help but notice a common theme anytime the topic of AI comes up.

It’s an almost amusingly extreme contrast: While the myopic world of tech people (and the type of mostly AI-powered “thought leaders” you see posting in turbo-speed on LinkedIn) are waxing endlessly about AI’s amazing impact on society and all the ways it’s, like, totally revolutionizing workflow, bruh, the average human’s take on AI can best be summed up with a single word:

Exasperation.

With shockingly little exception, almost every non-tech-obsessed organism I interact with reacts with something between an eye-rolling sigh and a fed-up facepalm whenever the prevalence of AI arises. It’s almost like having an on-demand in-person GIF gallery of “frustration” available at your fingertips — just mention AI, and you’ll get a meme-worthy reaction from anyone around you.

It’s such a dramatic divergence from the glowingly excited hype we hear left and right from the tech industry itself and the seemingly small but vocal group of overly enthusiastic evangelists who create an echo chamber around it. And that very contrast and the disparity between what tech companies are giving us and what tech users actually want these days led me to a bit of an epiphany this week:

AI may well be creating a killer feature that people will be willing to pay to possess. It’s just not the one most AI-fixated entities are focused on creating — quite the opposite, in fact.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter — practical tech talk by humans, for humans.]

The AI availability irony

I’ve said it before, and I’ll say it again: In many ways, Gemini — Google’s generative AI chatbot and overall AI layer — is the new Google+.

It’s a solution in search of a problem. No one is asking for it and most typical tech users increasingly seem to find its presence actively irksome and invasive — and yet Google continues to insist on shoving it into our faces at every possible opportunity. More and more with every passing week, the company’s adding AI elements into almost every app and service regardless of whether they’re actually helpful in that context. In many cases, in fact, they’re unnecessary, useless, even outright creepy and creating very real problems and liabilities for businesses and individuals alike.

It’s not just Google, of course. The same tale is taking place with practically every tech provider big and small right now. Everyone is cramming AI into every nook and cranny and thinking more about the idea of integrating artificial intelligence — mostly just for the sake of having it there — than creating an optimal experience for the people who actually use said services.

That, in turn, is creating a whole new category of productivity experience that people are actually lining up to pay for — a premium feature of sorts, related to AI and its presence in our lives.

Ready for the most delicious irony of all? The killer AI feature of which we speak is a lack of AI — or at least the ability to disable and avoid it and use it only if and when you want.

It’s not just an anecdotal feeling, either. It’s a measurable trend that may still be in its infancy but is absolutely taking shape around us.

Take, for instance, Kagi — an ad-free, privacy-centric search service that’s been quietly building a viable alternative to Google Search for several years already. The proposition is simple: You pay a monthly fee — five bucks a month for limited use or $10 for unlimited searching — and you get a search engine that’s designed to serve you instead of revolving around the interest of both advertisers and corporate AI initiatives.

The Kagi search experience is clean, simple, and effective — and, most notably for our current conversation, free from all the often accuracy-challenged AI-generated “answers” that are now plastered atop most Google searches. You just get the results you want, without any experience-harming interruptions or distractions — because you’re paying for the service. Those five or 10 smackeroos you send over each month restructure the entire relationship and ultimately change everything about the service’s trajectory.

When I wrote a profile piece about Kagi last February, the service boasted 38,000 paying subscribers. Today, according to Kagi’s public stats page, its subscriber base has nearly doubled — to 72,847 users, as of this writing.

It may still be a drop in the bucket — and it may always be a niche demand, in the grand scheme of the global tech picture — but it represents a rapidly growing demand. And Kagi isn’t the only player seeing both the demand and the resulting opportunity. Practically every time Google pushes AI further into its search setup, the privacy-focused (and AI-optional) search provider DuckDuckGo reports a surge in its adoption as well.

And search isn’t the only arena where this same sentiment is starting to boil over. I hear constantly from folks who are growing ever-more frustrated with all the unavoidable AI integration in other productivity tools, ranging from email to notes and even just plain ol’ document writing. Heck, I created my own custom interface for Google Docs on the desktop (with the help of Gemini, in another delightfully ironic twist) just to escape from all the over-the-top noise Google keeps adding into that environment. It’s a nerdy hack, to be sure — and it’s an opportunity for someone crafty to come in and create an actual solution, in the style of what Kagi has done with search, to more effectively address that same underlying desire.

More and more research is starting to reflect that yearning for practical, useful tech tools that aren’t larded down with AI for the sake of AI. A recent study by Automattic (the behind WordPress) found 60% of people say AI in a brand’s messaging is more of a turnoff than a feature. My own smaller (and much less scientific, though also more specifically focused) poll of folks who read my Android Intelligence newsletter found that only 9% of Android-owning animals said they generally loved the presence of AI results in regular web searches — with 26% outright hating it and 64% saying it depends on the situation but that they at least sometimes find it to be more annoying than useful.

So as company after company crams AI into everything and startup after startup jumps on that same steamy bandwagon, the question in my mind is less about what the next big advancement in AI will bring into our lives and more about what interesting opportunities the lack of AI — or at least the ability to limit its influence on a productivity experience and decide for yourself how and when you actually want to use it — will create.

It’s easy to imagine a scenario in which services like Kagi and DuckDuckGo start to offer AI-free or even just AI-optional alternatives to apps that are being overrun with irritating and countereffective AI integrations — things like Docs, Notion, Slack, and any number of design tools. And it’s equally easy to imagine plenty of people and places being enticed by that lack of AI as a premium feature worth paying to experience.

It may inevitably remain a relatively niche market compared to the more mainstream tech solutions. But for people and organizations woefully underwhelmed with the current direction tech’s taking and willing to shell out cash for quality, it’s an intriguing notion — and an area well worth watching as the AI invasion continues crashing into every last corner of our virtual lives.

Sick of AI for the sake of AI? Check out my free weekly Android Intelligence newsletter for original human thinking and actually-helpful ways to make the most of your devices.

Kategorie: Hacking & Security

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

The Hacker News - 8 hodin 1 min zpět
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

AssuranceAmerica data breach exposes records of 6.9 million drivers

Bleeping Computer - 9 hodin 23 min zpět
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year.  [...]
Kategorie: Hacking & Security

Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images

The Hacker News - 9 hodin 49 min zpět
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your images," the social media giant said in a post. "Whether you want to design a custom event invitationRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft patches RoguePlanet Defender zero-day vulnerability

Bleeping Computer - 11 hodin 27 min zpět
Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday. [...]
Kategorie: Hacking & Security

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

The Hacker News - 11 hodin 55 min zpět
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex when either is running in an autonomous mode that approves its own Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

The Hacker News - 12 hodin 43 min zpět
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

The Hacker News - 13 hodin 8 min zpět
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence firm Infoblox. Once such campaign, observed earlier this year, involved theRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah