Kategorie

Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. [...]

Moderní Windows mají dobře nastavenou ochranu. Pozornost věnujte přihlašování, šifrování, ochraně před ransomwarem a správě oprávnění.

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. [...]

Google oznámil , že koupí Wiz – firmu, která se zabývá kybernetickou bezpečností. Specializuje se na kybernetickou bezpečnost cloudových služeb, má špičkovou detekci hrozeb v reálném čase a ve svých algoritmech hojně využívá umělou inteligenci. Hodnota transakce je 32 miliard dolarů (735,4 ...

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. [...]

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this [email protected]

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A recent Windows 11 security update is causing unexpected issues for enterprise customers, including the unintentional removal of Microsoft’s Copilot AI assistant from affected systems, creating potential workflow disruptions for organizations that have integrated the AI tool into their operations.

The update, KB5053598 (OS build 26100.3476), released during March’s Patch Tuesday, applies to all editions of Windows 11 version 24H2 and was primarily intended as a security fix. However, Microsoft has acknowledged it contains a flaw that causes the Copilot app to be “unintentionally uninstalled and unpinned from the taskbar” on some devices.

“We’re aware of an issue with the Microsoft Copilot app affecting some devices. The app is unintentionally uninstalled and unpinned from the taskbar,” Microsoft said in an advisory.

Impact on enterprises

For organizations relying on Copilot integration, Microsoft recommends that affected users reinstall the app from the Microsoft Store and “manually pin it to the taskbar” while a permanent fix is developed.

The company clarified that the Microsoft 365 Copilot app remains unaffected by this issue, which may provide some relief to enterprise customers who have invested in the premium AI assistant version.

More concerning for enterprise IT administrators, the update conflicts with Citrix Session Recording Agent (SRA) version 2411, potentially removing January 2025 security updates from systems running this enterprise software.

This regression in security posture could leave systems vulnerable to already-patched exploits, creating additional workload for IT departments that must now carefully manage the update process.

“Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update,” the advisory added. Affected systems may initially apply the security update but fail during restart with an error message stating, “Something didn’t go as planned. No need to worry – undoing changes.”

This issue presents a significant challenge for enterprise customers who rely on Citrix virtualization solutions. IT departments must now choose between maintaining security patches and ensuring the operational continuity of critical business applications.

However, the software major stated that this issue likely affects a “limited number of organizations as version 2411 of the SRA application is a new version.”

The company emphasized that home users are unlikely to be affected by Citrix-related problems, as the software is primarily deployed in enterprise environments.

Broader implications

The incident highlights the ongoing challenges of maintaining operating system integrity while rapidly deploying new features and security patches. For enterprise customers, who often maintain strict change management protocols, unexpected application removals, and conflicts can cause significant operational disruptions.

Many organizations have been gradually adopting Copilot as part of their productivity strategy, with some still evaluating its enterprise value. This unintended removal may give pause to IT decision-makers considering broader deployment of AI assistants within their environments.

The bug also underscores the complexity of modern operating system updates, which must account for countless hardware configurations and third-party software interactions. Enterprise customers often delay updates precisely to avoid such issues, creating a delicate balance between security and stability.

Workarounds and solutions

For organizations affected by the Copilot removal, Microsoft’s temporary solution requires manual intervention, potentially creating additional work for IT support teams in large deployments. The company has not provided an estimated timeline for a permanent fix.

Regarding the Citrix compatibility issue, Microsoft recommends that enterprise customers running SRA version 2411 delay the installation of KB5053598 until a resolution is available. For organizations that have already deployed the update and encountered problems, a rollback to the previous version may be necessary.

The update also affects Windows on Arm users who play the Roblox game.

The Microsoft advisory said that such users will be unable to download and play the game from the Windows Store after installing this update, though Microsoft notes the game remains accessible via direct download from Roblox’s website.

While this may seem like a minor issue, it demonstrates how seemingly unrelated applications can be affected by operating system updates.

Microsoft indicated that it is “working on a resolution to address this issue.” The company typically addresses such conflicts through subsequent patches, though enterprise customers may need to implement temporary workarounds in the meantime.

This incident serves as a reminder for enterprise IT departments to maintain robust testing environments and phased deployment strategies for Windows updates, particularly when running specialized software like Citrix SRA. Organizations should also consider documenting their custom application configurations to better identify potential conflicts with future updates.

Finding and summarizing information may not sound like the sexiest task for generative AI — until you need an article you posted on social media but can’t remember the exact word or phrase you used, or you want to answer a quick how-to question without plowing through a lengthy software manual.

There are a lot of ways to set up large language models (LLM) to answer queries based exclusively on information you give them. One of the easiest, which involves no coding at all, is to use a service like Google’s NotebookLM or ChatGPT Projects.

Below I’ll take a look at four genAI web platforms, the strengths of each, and how they perform on sample tasks like searching through a software manual.

4 sample tasks

I tested several platforms on four different types of questions:

• Querying software documentation
• Searching my own LinkedIn posts
• Finding a variable ID for a specific topic
• Getting information about professional conferences

4 generative AI platforms

There are an increasing number of options for no-code “chat with your data.” I looked at four of the best known and most popular: Google’s NotebookLM, OpenAI’s ChatGPT Projects, Anthropic’s Claude Projects, and Perplexity Spaces.

NotebookLM is a dedicated app; the other platforms are more general chatbots that allow users to group and save chats, additional files, and custom instructions related to topics of their choice. These groups are called projects or spaces, depending on the service.

Google NotebookLM

NotebookLM has several advantages:

1. There’s a free version.
2. You don’t have to write special prompts for it to search specifically through the info you upload.
3. It returns citations along with its answers by default, so you can see the source text excerpts it used for its responses.
4. You can give it URLs to read as source material.

NotebookLM is probably best known for generating realistic audio podcasts from your notes, but it’s also quite good at answering questions.

Workflow: Upload your content into a notebook and start asking questions.

Users with free accounts can upload files of up to 500,000 words per source and 50 sources per notebook, or 200MB total for local uploads. And free accounts can have up to 100 notebooks and ask 50 questions per day. Paid Plus users get 500 notebooks, 300 sources per notebook, and 500 queries per day.

Privacy: Google says it won’t use your uploaded files or chat to train its models. Enterprise NotebookLM users via Google Cloud also won’t have their feedback reviewed by human reviewers. Regardless of any privacy policies, though, know your employer’s AI policies for any work-related items.

Sharing: Free users can share full notebooks, which include complete source documents, with specific users. Paid users can share either full notebooks or chat-only notebooks with specific users. Number of allowable shares depends on your account level.

How it performed: Tied for the top spot at 4.5 out of 5.

OpenAI ChatGPT Projects

ChatGPT Projects is available to all paid subscribers — Plus, Enterprise, and Pro. OpenAI says projects are good “for ongoing work, or just to keep things tidy.”

Until recently, projects could only use the GPT-4o LLM; but lately o3-mini and o3-mini-high have shown up as options. Free users without access to Projects can upload files to regular chats and bookmark those to get a somewhat similar experience.

Unlike NotebookLM, ChatGPT probably won’t give you links to see the original text cited in its answer unless you give it specific instructions to do so. (And even then, it might not.) In return, though, its answers will likely be more nicely formatted and arranged.

Workflow: Create a new project by finding Projects in the left nav (you’ll only see this if you’re a subscriber), hovering over it, and clicking the + sign. Give your project a name, and you’ll see a chat interface along with options to add files and custom instructions.

There is a limit to the number of files that can be uploaded, according to ChatGPT help files, but that limit isn’t specified.

Privacy: You can opt out of having your data used to train OpenAI models in account Settings > Data Controls.

Sharing: Projects aren’t shareable. Use Custom GPTs, which can use “instructions, extra knowledge, and any combination of skills,” instead. Those require paid accounts and can be made public or shared to anyone with the link.

How it performed: Tied for the top spot at 4.5 out of 5.

Anthropic Claude Projects

I’m a big Claude fan for a lot of use cases, as I like its writing style, its ability to write R code, and how it follows instructions. But Claude Projects, available only to paid subscribers, has some drawbacks for cases like this.

Anthropic says, “Each project includes a 200K context window, the equivalent of a 500-page book.” That sounds like a lot, but Claude projects have a smaller capacity than the other options I tested. And the answers can degrade if you push up against the limits. Claude Projects is only available for paid accounts.

If you program and use GitHub, Claude can connect to your GitHub account, making it easy to pull in coding or documentation files, which can be very handy. However, if you are interested in using online information in your queries, Claude Projects can’t yet access the internet beyond GitHub or your own Google Docs.

Update: A few days after this article was published, Anthropic announced that web search is available as a preview feature for paid users in the US. We haven’t tested it to see how that might work in Projects.

Alexey Shabanov at Testing Catalog reports that Anthropic is testing a feature called Harmony, which would let Claude access a local directory of files “allowing the AI to read, index, and analyze content within the directory.” How that might expand context for project queries isn’t clear.

Workflow: Create a new project by clicking on Projects toward the top of the left navigation — or going straight to claude.ai/projects — and then the Create Project button at the top right. Name the project, describe its purpose, click Create, and you’ll get a conventional chat interface on the left and an area to add project instructions and files on the right.

Privacy: Anthropic says its default is to not use your chats and data to train its models.

Sharing: There’s no sharing unless you’re a Claude Teams subscriber.

How it performed: 3 out of 5, largely because it got a 0 for one test when my data exceeded its project storage limit.

I’m not sure I would pay $20/month just for projects here, but I subscribe for other reasons and appreciate having them.

Perplexity Spaces

Perplexity also has a free version, which excels at targeted searches of information that’s already on the web, such as software or hardware documentation. You can give Perplexity a domain, for example https://help.vivaldi.com/desktop/, and it will search all the content there. (NotebookLM also accepts URLs but for individual pages, not a domain.) This is extremely useful when online software documentation is scattered across many small files on the web.

You need a paid subscription to upload your own files to Spaces and to use top-tier LLMs. If you don’t want to pay, you can upload files to a regular Perplexity chat (maximum of 10 per day).

Workflow: Create a new space by clicking on Spaces in the left nav — or by going directly to perplexity.ai/spaces — and clicking the Create a Space box. A dialog box pops up asking for a Space title, optional description, and optional custom instructions. There’s a chat interface on the left and context section on the right that includes your custom instructions, a files upload section, and a links upload section.

Privacy: You can opt out of having your data used to train Perplexity’s own models in your profile settings.

Sharing: Paid users can have up to 5 collaborators; Enterprise Pro, unlimited.

How it performed: 2.5 out of 5. To be fair, though, my tests didn’t look at Perplexity’s major strength: web search. If you want to combine you own data with web searching, Perplexity would do much better.

During testing, it also felt like Perplexity was least able to figure out what I wanted, at least when using its default “Auto” LLM. It’s always good to be as specific as possible with LLM queries, but I found this to be especially true with Perplexity.

Tests and results

Here’s a summary of how the tools performed in my tests. Read on for details.

TaskNotebookLMChatGPT ProjectsClaude ProjectsPerplexity SpacesSimple tech docs search1110.5Vague social media query10.510Variable ID lookup1101Find a conference0.510.51Find conference sessions110.50Ranking4.54.532.5 1 = correct response, 0.5 = partially correct, 0 = incorrect or no response Test 1: Simple tech documentation search

Question: “What’s the easiest way to get rid of extra white space in text?”

Info source: Documentation for the stringr package in the R programming. Stringr includes a handy str_squish() function to delete excess white space.

Results: Claude, NotebookLM, and ChatGPT answered with str_squish(), which I consider the correct answer. Perplexity assumed I only cared about space at the beginning and end of the text and not in the middle. After a follow-up question, it also found the best function.

Test 2: Somewhat vague search of my social media posts

This was a more difficult task, but something similar to what people might want help with in the real world.

Question: “I really liked an article about LLMs written by Lucas Mearian at Computerworld. Please tell me the specifics based on my LinkedIn posts that I uploaded.”

Info source: 2 years of my LinkedIn posts.

Results: NotebookLM and Claude nailed their responses, each offering two options including the one I wanted. ChatGPT gave me somewhat related articles, but not the one I wanted. (I’d been looking for “What are LLMs, and how are they used in generative AI?”)

Perplexity with its default Auto LLM didn’t give me anything useful, claiming “there is no specific mention of an article about Large Language Models (LLMs) written by Lucas Mearian.”

Test 3: Find a US Census table ID for a specific topic

A lot of businesses use the US Census Bureau’s American Community Survey (ACS) for demographic information. With thousands of available data variables, it can be hard to find one that has the information you want. This type of query could represent a lot of other data lookups businesses might want to do with their own data.

Question: “What is the best variable to use to find information about the percent of workers who work from home?”

Info source: I downloaded and filtered several listings of ACS table variable IDs (filtered because a couple of the lists were too large), along with a general explanation of ACS tables from the Census Bureau website. Since some of these platforms don’t accept CSV files in projects, I saved the variable data as tab-delimited .txt files.

Expected response: Kyle Walker, director of the Center for Urban Studies at Texas Christian University and author of the tidycensus R package, used the DP03_0024P variable in one of his examples, so that’s what I was expecting in a correct answer.

Results: NotebookLM, ChatGPT, and Perplexity all gave me results I could use. (Unexpectedly, I learned that there is more than one correct answer — ChatGPT and Perplexity both found other variables that include the percent of people working from home.)

Claude couldn’t compete on this one, since my three .txt files with data totaling less than 800KB exceeded its “project knowledge” limit.

Test 4: Ask about professional conferences

This test featured two questions for two different data sources: Ask about a conference that might fit my needs, and then ask about conference sessions at one specific conference.

Question 1: “I’m looking for IDG events that will talk about artificial intelligence. I’d like them to be within a 2-hour flight or so from Boston.”

Info source: The IDG global events calendar PDF.

Expected result: The most complete correct answer would cite FutureIT New York in July and FutureIT Toronto April 30 – May 1. Work+ in Nashville at a 2:50 flight would also be a reasonable suggestion.

Results: ChatGPT nailed it with both its more advanced o3-mini-high model and its general 4o LLM, returning the two events that exactly match the criteria.

Perplexity’s Sonar LLM returned both events as well as the CIO100 conference in Arizona, although acknowledging that one is beyond a 2-hour flight.

NotebookLM got it partially right, suggesting FutureIT New York and Work+ in Nashville (which it accurately said was “reasonably close to Boston” — true, it’s less than 3 hours away). However, it missed Toronto.

Claude with its older Sonnet 3.5 model returned both matching events, along with “UK Events for reference, though outside your travel range” — but did not include Nashville. Claude with its newer Sonnet 3.7 in its default setting was worse, finding only one that matched, a couple of others in the US, and two in Europe (noting that those were outside the travel range). When I changed Sonnet 3.7 from its default to “extended” reasoning, it gave a better response: both the New York and Toronto events as well as a virtual event.

Question 2: “Tell me all the sessions at the NICAR conference for people who are already proficient in spreadsheets — that is, they are not beginners, but they want to improve their spreadsheet skills.”

Data source: Text file of the full NICAR data journalism conference schedule.

Results: NotebookLM gave me more than a dozen interesting suggestions involving Google Sheets, Excel, and Airtable, with only one that might not have been relevant. It was definitely more than I would have found by simply searching the conference web page for “Excel” and “Sheets.” Plus, because I could click to zoom into the exact schedule text it cited, it was easy to check for hallucinations.

Brainstorming is one area where many experts say LLMs can shine. I plan to upload other conference schedules to NotebookLM in the future to make sure I don’t overlook potentially useful sessions.

ChatGPT also came up with 12+ sessions that could be of interest, arranged by date and time and more nicely formatted. Claude proposed slightly fewer, but all seemed to match.

Perplexity was disappointing, claiming: “While the provided information does not explicitly list sessions for those proficient in spreadsheets, several sessions at the NICAR 2025 conference could be beneficial for improving spreadsheet skills or learning advanced data analysis techniques.” It suggested only three.

Recommendations

Generative AI cloud services can be a helpful, no-code way to answer questions about your own information — both finding info you know exists and helping you discover new insights.

If you want a platform that’s easy, free, and cites sources so you can check for hallucinations, Google’s NotebookLM is an excellent choice.

If you already subscribe to ChatGPT, its projects are worth a test. They’re set up to handle a wider range of requests than simply Q&A, and ChatGPT’s responses are often better formatted and easier to read than NotebookLM’s. If you’re a free user, you can upload files to conventional ChatGPT chats and get similar capabilities.

Claude may be a good option if you don’t have large amounts of data per project and you’re already subscribing, especially if you want it to answer questions about data in a GitHub repository. If one response is unsatisfactory, try changing model settings.

I found Perplexity to be more compelling for answering questions about information on the web, especially for use cases like software help where the info is spread over a lot of different files within a domain such as slack.com/help. However, I’d probably go with NotebookLM or ChatGPT for local data.

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in