Agregátor RSS

Tradiční veletrh E3 je historií. O oznamování nových her a haldu traileru v průběhu léta ale nepřijdeme ani tentokrát. Tento článek budeme průběžně aktualizovat a velmi stručně v něm najdete vše, co bylo na největších akcích představeno.

Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. [...]

OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, including o3. [...]

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]

Polostátní podnik ČEZ čeká zestátnění. Popisujeme, jak by to mělo probíhat a co to znamená pro drobné akcionáře.

V minulém díle jsme si představili projekt Pingora a skončili kompilací první minimalistické proxy. Dnes se podíváme na její základní architekturu a ukážeme si, jak funguje životní cyklus požadavku a jak proxy rozšířit.

Sonda do světa otevřeného softwaru. Dnes si uspořádáme menší brainstorming, vyzkoušíme editor obrázků, přehrajeme a nastreamujeme si hudbu a vyzkoušíme kanbanovou tabuli.

Nabídku procesorů s V-cache rozšíří Ryzen 7 7700X3D v polovině července. Osmijádrové procesory s V-cache cenově posune o téměř 10 % níže, v ČR by mohl začít na ~7700 Kč…

Co může být elementárnějšího než foton, částice elektromagnetického záření s nulovou hmotností? Jenomže v říši kvant se nehraje podle nudných pravidel. Teoretičtí fyzici kuchli foton v důmyslném myšlenkovém experimentu a nestačili se divit. Bylo to jako kouzlo, a to teprve začali.

Even ransomware cartels make mistakes, and in this case, it was a biggie that could have landed the responsible crim in a Russian gulag: accidentally infecting a company located in a Commonwealth of Independent States country. In what threat-hunter Dominic Alvieri deemed the ransom “dumbass of the day,” Nova, the affiliate program for ransomware crew RAlord, on Tuesday issued an apology to Eriell Group, a major oilfield services company with headquarters in Uzbekistan and a corporate office in Moscow. Apparently, Eriell contacted Nova and notified the ransomware operators about an affiliate's mess-up. The affiliate has since been banned from the criminal operation, we’re told. In addition to issuing a “formal apology,” the ransomware gang promised to assist Eriell with the recovery process “free of charge.” The malware slingers claimed they didn’t encrypt any files, and pledged not to leak any of the stolen data. “Apparently, the first rule of ransomware club, you don't attack organizations in the Commonwealth of Independent States (CIS), is still very much in effect in 2026,” Recorded Future threat intelligence analyst Allan Liska told The Register. While cybercrime is technically illegal in Russia and other CIS countries, their governments often provide safe harbor for extortionists and other financially motivated crims - especially if they also happen to work day jobs as state-sponsored hackers - and local police look the other way unless the gangs infect any in-country organizations. Some crews, like the DragonForce cartel, VanHelsing ransomware-as-a-service group, and notorious LockBit operators, expressly prohibit their gang members and affiliates from hitting Russian and other CIS targets. We’re guessing that the Nova affiliate will be high up on all of these gangs’ do-not-hire lists for quite a while. Still, they aren’t the first cybercriminal, Russian-speaking or otherwise, to make seriously dumb mistakes. Earlier this year, notorious data-leak-and-extortion crew Scattered Lapsus$ Hunters claimed they had gained "full access" to Resecurity's systems and stolen "everything." Resecurity later offered its "congratulations" to the cybercrime crew, which had fallen into the threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Pro-Russian hacktivist crew CyberVolk got sloppy when they debuted a ransomware service late last year. They hardcoded the master keys - this same key encrypted all files on a victim's system - into the executable files, thus allowing victims to recover encrypted data without paying any extortion fees. While that mess-up worked in the victim orgs’ favor, another coding error committed by Sicarii malware developers makes it nearly impossible for companies to recover their files: the Sicarii encryptor generates a new cryptographic key pair during every execution - but then discards the private key, meaning there's no recoverable master key. Similarly, a programming mistake in Nitrogen ransomware prevents the gang's decryptor from recovering victims' files, again making paying up futile. Trellix VP of threat intel strategy John Fokker recently told us that he got so sick of seeing the security industry "glorifying threat actors,” that he and his team decided to troll the baddies, and started publishing the Dark Web Roast. “These are just individuals, they just use computers, and they just want to steal your data and make money,” Fokker told The Register. “They're not mythical. They don't have superpowers." And just like any other individual - or superhero - they sometimes slip up, and give the rest of us a moment of snarky joy. ®

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...]

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...]

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Bug hunting has become a whole lot more exciting in recent months with both Anthropic and OpenAI touting their latest models (that also happen to be super-scary exploit machines). On Tuesday, as Anthropic announced a fourfold expansion to its Mythos preview program, Cisco jumped into the fray, praising the transformative power of AI - but without disclosing how many bugs the latest frontier models found. Cisco SVP Anthony Grieco in a Tuesday blog said that the advanced AI systems, including Anthropic’s Claude Mythos Preview and OpenAI’s GPT 5.5-Cyber, scanned 1.8 billion lines of code in eight weeks looking for vulnerabilities in Cisco products - a task that otherwise would have taken the networking giant’s advanced security team eight years to accomplish. However, Grieco, who heads Cisco’s security and trust organization, didn’t say how many flaws Mythos and other frontier models uncovered, or if they have all been fixed. The company also did not respond to The Register’s questions about this. Grieco did say that “speed is only half the story,” calling the “real breakthrough” the “scale, quality, and impact” of the models’ findings. The 1.8 billion lines of code, written in more than 25 different languages, spanned Cisco’s portfolio, we’re told. Netzilla paired the models with a “human-guided harness,” and achieved a false positive rate of under 3 percent, Grieco wrote. “Rather than focusing on a specific scope for a security evaluation, we can assess entire code bases of a product. It’s like switching from a flashlight to a flood light to illuminate a dark room,” he said. “Because each finding is validated through a hybrid of AI and human expertise, our engineering teams are receiving actionable intelligence rather than a wall of warnings.” Meanwhile, Anthropic on Tuesday said it expanded Project Glasswing to about 150 additional organizations, bringing the total partner count to about 200. Project Glasswing is the AI giant’s controlled partner program for giving selected orgs access to Claude Mythos Preview. When it announced the new model and partner program in early April, Anthropic limited the preview to about 50 entities, claiming Mythos is so good at finding and exploiting security holes that all hell would break loose and the zombie apocalypse would hit should the model fall into the wrong hands. Since April, these select government agencies and corporate partners - including Cisco - have been using Mythos to find and fix bugs in their own products. Palo Alto Networks, one of the original Project Glasswing partners, said in May that after spending a month using frontier AI models, including Anthropic's Mythos, to scan more than 130 products across its three platforms, it uncovered 26 CVEs representing 75 underlying security issues. For comparison, the cybersecurity giant said it typically discloses fewer than five CVEs per month. At the time, a company exec forecast “a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm.” The newly expanded Project Glasswing spans more than 15 countries, and, while an Anthropic spokesperson declined to name them or the new partner companies, it’s a safe bet that these are likely Western and/or “friendly” nations. So not China and Russia. Rubrik, a data security and management vendor, said that it was among the new Glasswing partners. The expanded list also reportedly includes the Korea Internet and Security Agency (KISA), along with Samsung Electronics, SK hynix, and SK Telecom, among other Korean companies. “The group covers several industries that weren’t well-represented in our initial cohort, such as power, water, healthcare, communications, and hardware,” according to a Tuesday Anthropic blog. “And many of the new partners are vendors - companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments.” Each new partner must meet Anthropic’s security requirements before they gain access to Mythos, the company added. ®

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has developed a new AI agent that can run autonomously around the clock to complete tasks across Microsoft 365 applications.

Microsoft Scout, unveiled at the company’s Build event Tuesday, is a new type of always-on agent based on the OpenClaw agent framework that Microsoft calls “autopilots.”

These act on a user’s behalf with their own governed Entra identity, Omar Shahine, corporate vice president at Microsoft, said in a blog post.

“Autopilots stay active in the background, understand how work gets done across your apps and systems, and take action without needing to be prompted each time,” said Shahine, a Microsoft veteran who recently announced he is leading a new team to bring OpenClaw-based personal assistants to Microsoft 365 apps.

Microsoft Scout connects to apps such as Teams, Outlook, OneDrive, and SharePoint, and accesses data from chat, email, calendar, and contacts. Accessed via Teams, it can also interact with a user’s browser and with external apps via model context protocol (MCP). The tool functions across cloud, desktop, and the web.

Shahine said Scout can reduce mundane tasks that office workers face, such as coordinating and scheduling meeting times with colleagues, or blocking times in a user’s calendar based on upcoming work commitments. “It can also spot risks, like stalled decisions, so you can address them before they become blockers,” he said.

It’s available as an “experimental release” to customers of the company’s Frontier program, Microsoft said, and will require Intune policy configuration and “opt-in attestation.”

Scout is the latest in a range of agentic tools available in Microsoft 365 apps, including Agent Mode, where users can interact with Microsoft 365 Copilot inside apps such as Word and Excel to create content, and Copilot Cowork — Microsoft’s version of Anthropic’s Claude Cowork agent that can complete tasks independently.

Despite the company’s big AI push, Microsoft has struggled to convince businesses that Microsoft 365 Copilot is worth the additional cost; it’s advertised at $30 per user each month for large businesses. Around 3% of Microsoft 365 customers pay for the add-on subscription, the company said in January, with 15 million paid users. (Microsoft announced last month that that figure has now risen to 20 million.)

It’s not clear whether Scout will be included in Microsoft 365 Copilot subscriptions or charged separately. Microsoft did not immediately provide additional details about pricing.

The launch follows Google’s recent announcement of Spark, an autonomous agent that runs within the Google Workspace application suite. Spark can also be considered a response to the launch of OpenClaw last year, initially under the name “Clawdbot.”

OpenClaw has drawn scrutiny due to apparent security flaws, but Microsoft promises Scout is built with “enterprise-grade security and controls, so it can be trusted in your organization from day one.”

For organizations that have already deployed Microsoft 365 Copilot, Scout doesn’t introduce entirely new data risks, said Jeff Pollard, vice president and principal analyst at Forrester. But it “amplifies whatever data governance problems already exist. The difference this time: instead of surfacing sensitive data to users, it can potentially act on it.

“That makes it an active risk in terms of day to day operations,” Pollard said.

Potential security concerns echo those for AI agents and are exacerbated with personal agents such as Scout: amplified data exposure (since agents can interact with data and use tools autonomously); agent manipulation or prompt injection; unexpected actions, such as using tools or acting in ways that aren’t supposed to be allowed; and observability gaps related to understanding user and agent intent and the explainability of actions.

“However, these tools exist because they make AI far more useful for individuals, so security leaders can’t draw a line in the sand and say “no.” They have to adapt and figure out how to secure them,” said Pollard.

As with most new workplace technologies, Pollard expects adoption to start with “power users” who design and develop the use cases for the agent that can then expand more widely across users.

He warned that the accuracy of tools such as Microsoft Scout can fall short of user expectations. “LLM agents still struggle with goal alignment, multi-step reasoning drifts, and tool misuse,” he said. “Users aren’t always great at explaining what they want and LLM agents aren’t always great at providing what was requested. That’s a continuing problem.”