Agregátor RSS

If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is warning of a highly critical vulnerability in Drupal core that is serious enough for it to tell users ahead of Wednesday’s patch release to set aside time to install the fix immediately. The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the PSA noting that Drupal isn’t willing to share additional information until the announcement is made alongside the patch release. That, says Drupal, will happen at some point between 1700 and 2100 UTC on Wednesday, May 20. To reiterate, this vulnerability is found in Drupal core, the bare-bones version of Drupal designed for developers, and not Drupal CMS, the preconfigured version for those who want Drupal but don’t have coding skills. Drupal noted that sites using Drupal Steward, its paid web application firewall service, are protected against known attack vectors, though it still recommends Steward customers update their core instances in case additional exploit methods emerge. “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the advisory warns. Drupal also recommends users update to the latest supported release prior to Wednesday’s patch “so that you can address any other upgrade issues before the security window." While it won’t get specific on the nature of the vulnerability, Drupal did share its severity score based on NIST’s standard scoring methodology, and it’s not good: The bug scored 20 out of a max of 25 on that scale, as defined by Drupal’s own documentation. More specifically, it’s trivially easy to leverage, doesn’t require any privilege level to exploit, could make all non-public data on an affected site accessible to the attacker, and could allow an attacker to modify or delete whatever they wanted. The only two things preventing it from scoring a perfect 25/25 are the fact that a known exploit doesn’t exist yet and that it doesn’t affect all configurations, only those using “uncommon module configurations.” Drupal noted that security releases will be published on Wednesday for all currently supported core branches (11.3.x, 11.2.x, 10.6.x, and 10.5.x), as well as unsupported Drupal 11.1.x and 10.4.x branches for sites that have not yet upgraded from older 10.x and 11.x releases. Drupal users on 8.9 and 9.5 are also getting patches “given the potential severity of this issue,” though the advisory warns 8.9 and 9.5 users will need to install those updates manually, which “might introduce other bugs or regressions,” leading Drupal to recommend a full upgrade to a supported core branch. “Drupal 8 and 9 include numerous other, previously disclosed, security vulnerabilities that will not be addressed by either Drupal Steward or the best-effort patch files,” the advisory said. Drupal 7 users are safe. Given the fact that not all Drupal core environments will be affected, the advisory recommends all Drupal core users set aside time on Wednesday to determine whether they’re part of the vulnerable class, and take action immediately if so. Drupal’s security team didn’t respond to questions for this story. ®

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Na trhu je pět nových držáků AlzaErgo v cenách od 2490 do 4890 Kč. • Nejvyšší model má plynové pružiny, vysokou nosnost a unese dva monitory. • Tahákem je také integrovaná dokovací stanice v základně.

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. [...]

Bylo vydáno OpenBSD 7.9. Po dlouhé době opět se songem: Diamond in the Rough.

Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. [...]

Tyto filmy a seriály jsou teď na Oneplay (dříve Voyo) nejoblíbenější. Nerozlišujeme žánr, stáří ani hodnocení na filmových webech. Jde o souhrnnou oblíbenost za poslední týdny, kterou zjišťuje a počítá web FlixPatrol.

Dnes a zítra probíhá vývojářská konference Google I/O 2026. Sledovat lze na YouTube a na síti 𝕏 (#GoogleIO).

Byl vydán Mozilla Firefox 151.0. Přehled novinek v poznámkách k vydání a poznámkách k vydání pro vývojáře. Řešeny jsou rovněž bezpečnostní chyby. Nový Firefox 151 bude brzy k dispozici také na Flathubu a Snapcraftu.

Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. [...]

Dronový útok zapálil elektrický generátor blízko jaderné elektrárny Baráka • Při incidentu naštěstí nebyl nikdo zraněn a neunikla žádná radiace • K útoku se nikdo nepřihlásil, nicméně úřady podezřívají především Írán

Ministerstvo práce a sociálních věcí má hotovou analýzu dopadů superdávky. Výsledek? Bez některých úprav si značná část příjemců dávky pohorší.

O nejlevnějším elektrickém modelu značky Škoda víme už více než dva roky. Dnes je tu oficiálně, známe veškeré parametry, ceny firma zveřejní o den později (středa 20. května). Z českého pohledu je zajímavé i to, že se novinka bude vyrábět v továrně poblíž španělského města Navarra – společně s ...

IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. [...]

Skončil soudní spor, který v posledních týdnech hýbe Silicon Valley. Elon Musk v roce 2024 zažalovat společnost OpenAI a její spoluzakladatele Sama Altmana a Grega Brockmana. Podstatou sporu byl fakt, že OpenAI v roce 2015 vznikla jako nezisková organizace s cílem vyvíjet umělou inteligenci pro ...

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a [email protected]

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. [...]

Apple is realizing real business benefits as it builds a circular manufacturing process across the company. Manufactured using recycled materials and renewable energy, the popular new MacBook Neo is a great illustration of this.

Apple says the Neo is manufactured using 45% renewable electricity and holds 60% recycled materials by weight. That recycling includes 90% recycled aluminium and 100% recycled cobalt in the battery. 

e-Waste becomes input

The high-quality enclosure is made through a process in which durable recycled aluminum is pressed into near-final shape using just half the raw material of traditional machining. 

Apple even leaned into corporate social responsibility when it came to the A18 chip it puts inside these systems, as it originally used ‘binned’ processors originally intended for the iPhone 16 Pro to drive the five core A18. 

These were rejected processors Apple had in hand anyway, and while it has had to order additional chips to cope with demand for the MacBook Air, the original plan meant it got to sell a product based on chips it wouldn’t otherwise have been able to use. Apple has done this before, such as when it put A15 Bionic chips inside the iPhone SE.

Strategic environmentalism

Effectively, use of binned chips and recycled materials means Apple has been able to find a way to build a $599 laptop that is highly affordable, and it doesn’t compromise design or product quality. This is the power of circular manufacturing, which isn’t just ethically smart, but seems to deliver real business advantages.

The heavy use of recycled components and materials helps reduce Apple’s overall costs, enabling it to repurpose e-waste it is already recycling and proofing it against increasing raw materials costs. 

Resilient by design

Recycled materials also make Apple’s supply chain more resilient. 

Aluminum, for example, is currently at a four-year price high due to severe shipping and supply disruptions courtesy of the forever war in the Middle East. In that context, making heavy use of recycled materials means Apple is less exposed to those costs as it might otherwise be. It can also continue to make a high-quality laptop at prices other players probably can’t match — unless they also have strong return and recycling schemes.

Cobalt isn’t as directly exposed to the Middle East conflict, but the industry is critical to defense munitions production, which means the cost of cobalt is rising. Much of global cobalt supply comes from the Democratic Republic of the Congo amid forced labor claims. Because so much of it comes from one place, transportation costs for cobalt are increasing as a result of war, while demand grows, pushing prices higher. Apple’s move to use recycled cobalt protects it against these price fluctuations. While recycled cobalt has a cost, it is more predictable, and recycled cobalt is something Apple presumably already has on hand.

Sustainability is good for business

The opportunity Apple unlocked by pushing toward a circular supply chain by 2030 is the ability to introduce a compelling new Mac laptop at a highly attractive price. (It has introduced a system so good Microsoft compared it with PCs it in a white paper.)

Apple’s focus on sustainability in product provision also strengthens the company’s reputation. By visibly doing the right thing, Apple has also been able to build its relationship with consumers.

When demand exceeds circular supply

Apple’s circular manufacturing strategy can be seen as being both environmentally responsible and commercially effective. It means the MacBook Neo isn’t just a $599 Apple notebook, it’s also a living illustration of how circular production unlocks huge competitive advantage, supporting profitability, affordability, and brand value.

Is it all good? Probably not, after all – Apple has been forced to order millions of new A-series chips to put inside these devices due to high demand. The benefit of recycled materials doesn’t always automatically outweigh the impact of mass production. If a product sells strongly, you must still get those components somewhere. But it is also true that the application of strategic common sense has helped Apple achieve real business results while also doing the right thing.

Can your business claim the same?

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.