Agregátor RSS

CZC.cz prodává MacBook Neo s 512GB SSD a Touch ID za 16 236 Kč. • Běžně stojí 20 tisíc, dražší je i se studentskou slevou od Applu. • K dispozici je však jen omezený počet kusů, tak neotálejte.

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Přihlaste svou přednášku na další ročník konference LinuxDays, který proběhne 3. a 4. října na FIT ČVUT v pražských Dejvicích. Příjem témat poběží do konce prázdnin, pak proběhne veřejné hlasování a následně sestavení programu.

A US federal judge has ruled that the Trump administration’s $100,000 fee on new H-1B visa petitions was unlawful, giving technology companies temporary relief from a policy that threatened to raise the cost of hiring foreign skilled workers.

The decision removes, at least for now, a major cost burden for employers that use the H-1B program to fill roles in domains including software development, cloud computing, data science, and AI.

US District Judge Leo Sorokin in Boston found that the fee functioned as a tax that the administration did not have authority to impose without congressional approval. The ruling came in a lawsuit brought by 20 Democratic state attorneys general challenging the fee.

Standard employer costs for H-1B petitions typically range from about $2,000 to $5,000, making the proposed $100,000 payment a sharp increase for companies seeking foreign talent.

The ruling is unlikely to end uncertainty for employers, with the Trump administration expected to appeal. But it could allow companies that had paused international hiring plans to resume normal recruitment for the upcoming H-1B cycle, said Pareekh Jain, CEO of Pareekh Consulting. Still, he said, employers should remain cautious because the legal and policy concerns are likely to continue.

“This provides breathing room for CIOs, even though it’s temporary,” said Neil Shah, vice president for research and partner at Counterpoint Research. “They should make the necessary contingency plans, whether that means doing more with less by leveraging AI or relying more on local talent.”

How companies may rethink hiring

If higher H-1B costs return in another form, CIOs will have to be more selective about sponsorship, weighing the added cost against the strategic value of the role and the long-term potential of the employee, Shah said.

“Ultimately, the decision comes down to business unit P&L: whether the unit can absorb the cost of acquiring the talent for that role,” Shah added.

That uncertainty could also lead CIOs to compete for talent from other companies, potentially driving up salaries for skilled workers. Some CIOs may conclude that paying a one-time $100,000 fee, amortized over the employee’s tenure, is still more cost-effective than engaging in a bidding war for scarce local talent.

Danish Faruqui, CEO of Fab Economics, said that CIOs may reserve H-1B sponsorship for a narrower set of mission-critical roles if costs increase.

“If there is such a financial burden, CIOs will justify sponsoring very specific roles,” Faruqui said. “These would be principal enterprise architects, AI, ML, and deep-tech researchers, senior product managers, and regulatory and compliance experts.”

More routine or project-based roles are likely to be treated differently, Faruqui said.

“Junior to mid-level software engineers, entry-level business analysts, and entry-level data scientists would shift from H-1B to domestic hiring,” Faruqui said. “Cloud migration, DevOps, ERP, and CRM implementation could be done through contractors or consulting firms, while QA, product testing, tier-one help desk support, and legacy maintenance are roles that CIOs could prioritize for automation.”

Who would be most affected?

Startups, smaller companies, and enterprise IT departments would have faced the greatest pressure from the fee and stand to benefit most from the ruling, Jain said.

Large technology companies would have been better placed to absorb the $100,000 cost, he said. Meanwhile, companies with mature offshore delivery models may be less likely to increase their reliance on H-1B hiring.

The article originally appeared on CIO.

The patient tally from the Synnovis ransomware attack continues to grow two years later, with Mid and South Essex NHS Foundation Trust confirming it was caught up in the breach. The trust told The Register that the Synnovis breach affected about 2,380 records relating to patients who underwent specialist diagnostic testing. The disclosure follows a similar announcement by Bedfordshire Hospitals NHS Foundation Trust, which earlier this month said that almost 33,000 patient records had been caught up in the same breach. According to Mid and South Essex, some of the compromised data cannot yet be directly linked to individual patients, meaning the trust is still unable to determine the final number of people affected. It also said the precise time period covered by the stolen records has yet to be established, although patients tested after June 3, 2024, the day of the attack, were not affected. "We are still waiting for confirmation on exact numbers," Dawn Scrafield, deputy chief executive of Mid and South Essex, told The Register. "Once we have established who those patients are, we will be in contact with any who have been affected." The disclosure highlights the drawn-out fallout from the attack. Synnovis told us it completed its forensic review by the end of last summer and said it had notified all affected organizations by November. However, Mid and South Essex said it was only informed in December 2025 and is still trying to work out exactly which patients are tied to the compromised records six months later. "Any decision on patient notification, including the number of patients to be notified, is made by the affected organization as part of their assessment," a Synnovis spokesperson said in a statement. "Synnovis, as the Processor of the data, is not involved in any of the assessments regarding if, when or how many patients a Controller determines necessary to notify." The company said it does not believe the stolen information presents a high risk to individuals because of its fragmented nature, but acknowledged that affected organizations are still assessing what was taken and whether patients should be contacted. The breach was one of the most disruptive cyber incidents ever to hit the NHS. The Qilin attack crippled pathology services across south east London, forcing hospitals to cancel thousands of appointments and operations while clinicians struggled with delays to blood testing and transfusion services. Patient data was later published online after the gang's extortion attempt failed. However, the fallout wasn't limited to canceled operations and delayed blood tests. Last year, King's College Hospital NHS Foundation Trust confirmed that delays caused by the outage contributed to the death of a patient, marking one of the first officially acknowledged fatalities linked to a ransomware attack. ®

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

O Ryzen 5 9600X3D slýcháme velmi dlouho. Je známo, že interně AMD s tímto označením pracuje přinejmenším od září 2024, ale ani po roce a půl takový produkt na trhu není. To se ale může změnit.

Asus je po TP-Linku druhým výrobcem, který představil router s dosud nedokončeným standardem 802.11bn alias Wi-Fi 8. Jeho novinka se jmenuje ROG Rapture GT-BN98 Pro a podle vzhledu i zveřejněných parametrů jde o vylepšený model ROG Rapture GT-BE98 Pro, který běží na Wi-Fi 7. Teoretická rychlost ...

Years ago, right-wingers coined the phrase “Trump Derangement Syndrome” (TDS) to describe people who hate US President Donald J. Trump. (I think it better describes the president’s outlandish, truth-challenged statements and the followers who think he can do no wrong.) What’s really deranged is his recent AI executive order.

First, a little history. As you may recall, Trump often (and loudly) trashed his predecessor’s Executive Order 14110, which had demanded “safe, secure, and trustworthy” AI. That Biden Administration order was replaced last year by Trump’s own “Removing Barriers to American Leadership in Artificial Intelligence” directive; it basically let US AI companies do whatever they wanted in the name of innovation.

Then, a little thing called Anthropic Mythos came along — and scared the pants off even AI’s biggest fans. Seemingly in response, someone in the federal government decided that letting AI companies do whatever they want might not be the brightest policy. 

Or, did they?

True, the new order creates a process under which AI companies can give US  government access to “covered frontier models” for up to 30 days before public release so experts can probe for vulnerabilities and test how the systems could be abused. It also directs agencies to set evaluation standards, establish an “AI cybersecurity clearinghouse,” and harden federal networks against rapidly advancing AI‑enabled attacks. 

Some people, like Graham Brookie, vice president for technology programs and strategy at the Atlantic Council, think the order is great. “The administration’s executive order on Advanced AI Innovation and Security is a serious policy with support from necessary stakeholders across party lines and industry to ensure the government is evaluating the cybersecurity risks posed by frontier AI models. It’s a policy that can be built on.”

Really? I’m not sure Brookie read the same document I did — if, indeed, he read it at all.

I quote:

“Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.

“In addition, ‘This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.’”

In other words, AI companies won’t be required to do much of anything. And if they do  submit a project for review, get the government’s blessing for it, and something goes badly wrong, it’s not the government’s fault. 

So, exactly why would AI companies even mess with this performative AI security theater?

Beyond those concerns, who exactly will be judging AI projects in 30 days? In theory, it would be a cybersecurity clearinghouse made up of people from the National Security Agency, the US Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA). Most likely, CISA would do the bulk of the heavy-lifting — it’s their job, after all. But there’s this wee problem; Trump’s so-called Department of Government Efficiency (DOGE) last year gutted CISA. There’s virtually no one left to do the work, and certainly not in 30 days.

There’s also the question of funding for the new initiative.  According to the order, “The Director of OMB, in coordination with the National Cyber Director and the Director of CISA, shall determine whether any Federal grant programs have available and relevant funding that can be directed toward applicants developing advanced AI vulnerability detection.”

Spoiler: There’s no money set aside for this purpose.

Leaving aside whether the Executive Order has any teeth at all — the Brennan Center for Justice argued that under the Constitution, it doesn’t; the closer you look at the document, the less substance you’ll find.

Besides, in an industry where success is all about releasing the latest Large Language Model (LLM) as fast as possible to garner attention and investor dollars, who exactly would want to put their AI models on ice for even 30 days? (Short answer: No one.) These companies are always going to be focused first on getting the word out about their latest model as fast as humanly — Uh, AI-ly — possible. 

Still, some people seem to think this executive order really will make a difference. For example, Paul Benda, the American Bankers Association executive vice president for risk, fraud, and cybersecurity, sees it “as a constructive step toward strengthening the nation’s approach to managing the cybersecurity risks and opportunities associated with advanced artificial intelligence [because it ] can help better protect critical infrastructure, including the financial sector.”

Oh, please. I’m so tired of people who skim the titles of Trump’s executive orders and then assume there’s anything real about them. 

This AI order is meaningless garbage, and anyone telling you otherwise is either lying or wants to be on the Trump regime’s good (?) side. Or, both — it could always be both. 

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on theRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nad západním obzorem září dvě nejjasnější planety Venuše a Jupiter • Obě planety budou v úterý 9. června velmi blízko od sebe • Pozorovat se vyplatí okolo 21:30

Na Computexu prezentoval Gigabyte základní desku s přelepenými nápisy, o které ani na výslovný dotaz neprozradil víc než že jde o „základní desku“. Novinka se socketem LGA-1954 překvapila napájením…