Agregátor RSS

Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. [...]

Microsoft’s GitHub has disabled over 70 repositories after they were reportedly compromised by a worm in the latest open source supply chain attack. The code shack took down 73 repos within the space of 105 seconds after its alarms were tripped on Friday, June 5, after detecting signs of the Miasma worm infecting its projects, according to StepSecurity’s co-founder and CTO, Ashish Kurmi. Users reported issues quickly on Friday, after visits to those repos all resulted in the same message displayed, indicating that they had been disabled due to terms of service violations. According to StepSecurity’s analysis, the attack kicked off after a compromised contributor account pushed a malicious commit to Azure/durabletask. The commit dropped configuration files that triggered remote code execution on machines when a developer opened the repo in an IDE or AI coding tool, such as Claude Code, Gemini CLI, and Cursor. Several developers soon reported broken CI/CD pipelines, a support thread showed, although a moderator said at the time this was due to “an internal management issue.” "The repo that most immediately caused issues was Azure/functions-action,” Kurmi wrote, used to deploy code to Azure. With it being taken down, every workflow that referenced Azure/functions-action@v1 stopped resolving. GitHub stepped in a few hours after the repos were infected by the malicious commit. Its automated detections kicked in and disabled the repos in under two minutes, in two separate waves. However, it was the borking of the durabletask family that hinted at the bigger picture, that the attack was indeed a re-opening of the previous Miasma worm attack that hit Microsoft last month. Microsoft’s durabletask PyPi package was a previous target of the Miasma worm on May 19. Within a 35-minute window, three versions of the package were uploaded to PyPi, which planted infostealers on developers’ machines, specifically sniffing out cloud secrets and developer tool configurations on Linux systems. Crucially, the re-targeting of durabletask suggests the tokens associated with the compromised developer account used to execute the PyPi attack were not fully rotated, allowing an attacker to gain access and push commits to GitHub, Kurmi said. It was either that, or the contributor was re-compromised through the worm's own propagation loop, or a different contributor's token was used but the attacker altered the metadata to make it look like a repeated attack. Security shop Snyk described Miasma as a descendant of the Mini Shai Hulud worm. It’s the same one that ravaged open source packages over at the npm registry, including Red Hat’s, earlier this month. Cybercrime group TeamPCP claimed responsibility for developing Mini Shai Hulud, which itself is named after an earlier worm of the same name, sans “mini.” However, because TeamPCP open-sourced Mini Shai Hulud, it’s difficult to tell whether it was also behind Miasma or if someone else took the reins on the follow-up project. StepSecurity also reported that two days before the Microsoft attack, the same worm was making a nuisance of itself at npm, compromising more than 50 packages, including a Vapi.ai SDK with more than 408,000 monthly downloads. The Register asked Microsoft for comment, but it did not immediately respond. ®

Ruský dron v noci na nedělí zasáhl budovu skladu vyhořelého paliva u Černobylu • V zasaženém objektu se naštěstí zrovna nenacházel žádný radioaktivní materiál • Monitorovací systémy nezaznamenaly žádné zvýšení radiace nad běžné hodnoty

Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As the queue grows, a credential theft attempt or malware delivery can easily

Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As the queue grows, a credential theft attempt or malware delivery can easily [email protected]

Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and

Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail andRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Otestovali jsme Samsung Galaxy A57 • Letošní střední třída od Samsungu nabízí větší výkon, IP68 a jasnější displej • Vadí hlavně čtečka otisků, makrofoťák a vyšší prodejní cena

Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]

Už od března víme, že OpenAI chystá sjednocenou aplikaci, která nahradí ChatGPT, agentický nástroj Codex a prohlížeč Atlas. Podle nejnovějších informací listu Financial Times by tato superaplikace měla dorazit už v nadcházejících týdnech a pravděpodobně se objeví coby další aktualizace ChatuGPT. ...

Meta has asked a federal judge to hold Israeli spyware maker NSO Group in contempt of court after claiming it caught the surveillance vendor targeting WhatsApp users again despite a permanent injunction ordering it to stop. In a blog post on Monday, Meta said it had disrupted "NSO-linked social engineering attempts" after investigating reports from users. According to the company, the activity involved attempts to lure targets into clicking malicious links that redirected them to websites outside WhatsApp, as well as the creation of test accounts and groups on the messaging platform. "We successfully disrupted NSO-linked social engineering attempts after investigating user reports," Meta said. "They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO." WhatsApp also published a handful of domains it linked to the campaign, including ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com, and said it was releasing indicators to help organizations identify related activity. The move marks the latest chapter in the long-running legal battle between Meta and the Israeli spyware maker. A US court found NSO liable in December 2024 for hacking WhatsApp users via its Pegasus spyware. In May 2025, a jury awarded Meta roughly $168 million in damages, but the judge later cut that to $4 million while issuing a permanent injunction barring NSO from targeting WhatsApp or its users. Meta, however, says NSO didn't get the memo. "Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group ... from targeting WhatsApp and its users ever again," the company wrote. "Today, we're asking the court to hold them in contempt of that order." The company provided few technical details about the activity, such as when it occurred, how many users were targeted, whether any compromises were successful, or how it attributed the operation to NSO. Meta did not respond to The Register’s questions. However, the blog post adopts a hard line on the spyware industry than previous updates, repeatedly describing commercial spyware as a national security issue. "When a malicious company on the US government's Entity List continues to defy US courts, existing restrictions must remain firmly in place," WhatsApp wrote. "Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk." If Meta's allegations are accurate, the episode suggests that a court loss is not enough to persuade a spyware vendor to leave a high-value target alone. ®

Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It's real creativity,

Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It's real creativity, [email protected]

The European Commission published its tech sovereignty package last week, including the clearest signal yet of its intention to strengthen European cloud sovereignty and reduce its dependence on US hyperscalers.

It’s a response to growing concerns among European organizations and regulators about the reliance on US tech firms and legislation such as the US CLOUD Act, which could give US officials access to data — even if it is stored in Europe.

But any shift toward local, sovereign cloud providers will necessarily be gradual, analysts, said as the Cloud and AI Development Act (CADA) proposals leave plenty of room for US providers to continue supplying cloud computing services to European public sector customers.

“The direction is right. The execution will be slow,” said Fernando Pereiro, senior director analyst at Gartner.

While the Commission has correctly identified areas where the EU is most dependent on foreign providers, delivering on its ambitions is another challenge, he said. Scaling alternatives to US suppliers “takes time, capital, and coordination at a level that is difficult to sustain in Europe.”

Dario Maisto, senior analyst at Forrester, played down the prospect of a major short-term shift towards European cloud providers as a result of the CADA proposals, even after recent interest in local European vendors for mission-critical workloads and highly sensitive data.

“I do not expect an immediate impact on the cloud infrastructure market,” Maisto said. “Full-blown migrations are costly and take several years. They are not going to happen in the near future.”

Instead, Pereiro expects the gradual emergence of “sovereign enclaves” or controlled environments for sensitive workloads, particularly in government and regulated sectors. “Outside of those areas, the market will remain global, but increasingly shaped by European rules,” he said.

Nevertheless, the three US hyperscalers that account for around 70% of the European cloud market – Amazon Web Services (AWS), Google, and Microsoft —  will likely see a more competitive environment.

“The real shift is symbolic and structural: hyperscalers move from being the default choice to one option among others, and their competitiveness will increasingly depend on how well they align with European control requirements, not just on technology or price,” said Pereiro.

What is CADA and what could it mean for Europe’s cloud market? 

CADA is part of a range of policy and legislative proposals — known as the Tech Sovereignty Package — published by the Commission, alongside Chips Act 2.0, the Open Source Strategy, and Strategic Roadmap for Digitalization and AI in Energy.

CADA includes measures to boost European tech sovereignty. Among other things, it aims to triple data center capacity in the next five to seven years by easing restrictions on new infrastructure projects across the EU, as well as efforts to support research and development of cloud and AI technologies.

It also includes a sovereignty framework that, if enacted, would require EU public bodies to assess sovereignty risks and procure cloud services that meet four assurance levels.

The various levels portray “a political vision with many open questions,” said Maisto. In more detail:

• Level 1 requirements are achievable by hyperscalers, Maisto said, with requirements focused mostly on data residency. 
• Level 2 is “more controversial,” he said, as it includes requirements around third-country access to data and disruption of services.
• Level 3 leaves room for US providers to win procurement contracts — particularly where they enter a joint venture with a European cloud provider such as S3NS, a Thales subsidiary that has partnered with Google.
• Level 4 applies to only a small proportion (1%) of the most sensitive workloads.

The first two levels could be open to US hyperscalers, said Maisto, with 70% of existing EU public sector workloads falling under Level 1 and 20% at Level 2, according to Commission’s own impact assessment. Just 9% of the workloads would require Level 3. 

The most stringent Level 4 would require cloud providers that “have full transparency and control over their software supply chain and no interference from a third country,” the Commission said.

For public sector organizations, the CADA rules could create more clarity around procurement, said Pereiro. “Today, the concept of ‘sovereign cloud’ is often vague and inconsistently applied in providers’ marketing and messaging,” he said. “This package standardizes what sovereignty must look like in practice, effectively ending the era of ‘sovereign washing.’”

The proposals give public sector organizations a “stronger set of requirements with which to assess risk, especially around jurisdiction and access to data,” he said.

“For enterprises, it’s less about regulation and more about leverage,” said Pereiro. “They gain clearer benchmarks and more viable alternatives, particularly through open source and emerging European providers.”

European cloud industry sees ‘a step in the right direction’

The Cloud Infrastructure Services Providers in Europe (CISPE) — a nonprofit trade group — welcomed the “strong definitions” of Levels 3 and 4, and said that, if implemented well, the proposed rules could “help to challenge the commercial dominance of established foreign cloud and AI vendors.”

However CISPE also called the current Level 1 and 2 criteria “confusing and non-sensical,” and said they should not be designated as “sovereign” since US hyperscalers can meet the requirements. “This will continue to confuse the market, both public and private customers, and encourage more sovereignty washing attempts,” CISPE said in a blog post Thursday.

CISPE also said the proposals fail to require public authorities to check whether a European service exists before opting for a foreign supplier. “We see a significant risk that assessments become a ‘rubber-stamp’ exercise that allow IT departments to continue to buy non-sovereign services out of convenience,” the organization said.

French firm OVHcloud — one of the leading European cloud computing and web hosting companies — welcomed the proposals, though it said any rules must be carefully scoped to ensure they are effective.

“This text is a step in the right direction and represents an opportunity to strengthen European strategic autonomy — something unthinkable just a few years ago,” an OVHcloud spokesperson said. “It provides a useful framework, but one that must not leave too much room for exceptions and workarounds. 

“Europe must and can move much faster, with very clear rules and a genuine European preference. Beyond this text, the Commission has demonstrated with its sovereign procurement call that it is possible to act right now to reduce critical dependencies. The time for waiting is over. We must accelerate. We must clarify. We must own it. 

“Europe has the players and the expertise,” the spokesperson said. “It is time to turn political ambition into European industrial capability.”

The overall tech sovereignty package “marks the overdue shift from diagnosis to treatment,” said a spokesperson at Ionos, a German cloud and hosting company. Ionos pointed to the EC’s claims that more than 80% of digital products, services and infrastructures in the EU originate from non-European providers, while 264 billion euros flow from EU organizations into predominantly US-based IT products.

“This is a strategic failure that must now be corrected,” the spokesperson said. While the company applauded the Commission’s focus on “secure and sovereign cloud and AI infrastructure for highly critical use cases,” it argued the CADA proposals fall short. “The central weakness of the package: the approach remains predominantly supply-side. The decisive lever — the demand side – is missing. Public procurement is the most powerful instrument for digital sovereignty. The public sector as anchor customer is critical for scaling sovereign cloud and AI solutions.

“Europe will remain dependent on Nvidia and AMD for GPU computing, the spokesperson said. “What matters is not whether to cooperate, but on what terms: data under European law, operations by European providers, no extraterritorial access. …If EU funding earmarked for ‘sovereign cloud’ ends up with the European subsidiaries of US hyperscalers, the package will have failed its objective.”

The real impact on hyperscalers

The proposed rules could require hyperscalers to change tactics to cater to European customers, or to at least ramp up existing sovereign cloud strategies. “For vendors, this is essentially a shift in what ‘competitive’ means,” said Pereiro. “For the last decade, scale and hyperscaler alignment were enough. That’s no longer the case.”

Cloud providers will need to demonstrate real control over data, infrastructure, and operations, he said, and not just label solutions as “sovereign.”

“The bar has been raised, and some existing offerings simply won’t clear it,” he said.

While the CADA rules are designed to favor European providers in some cases, the proposals stop short of barring US providers from public sector contracts. “It doesn’t shut them out,” said Pereiro, “but it changes competitive conditions substantially.”

The proposed procurement requirements make sovereignty a “gating factor” for sensitive workloads, said Pereiro, and “create real friction for providers whose operating models depend on centralized control or non-EU jurisdiction.”

US tech firms tout support

US hyperscalers publicly welcomed the proposals, and indicated plans to work with policy makers and ensure the importance of customer choice in cloud service procurement.

“We look forward to reviewing the proposed rules and continuing to work alongside our partners to ensure European organizations have the power of choice and sovereign control,” a Google spokesperson said.

An AWS spokesperson said the company has invested ”tens of billions of euros” in European cloud infrastructure, which it claims has “already advanced the continent’s competitiveness, helped organizations innovate and grow, and supported the development and resilience of both public and private services that Europeans now rely on every day.

“European organizations deserve access to the best technology available from trusted providers, chosen on the basis of security, performance, verifiable controls, and value,” the AWS spokesperson said. “We look forward to working with policymakers to ensure the Cloud and AI Development Act promotes technology choice and rewards long-term investment in Europe’s digital future.”

A Microsoft spokesperson said the company shares the EU’s “ambition to strengthen technological sovereignty and global competitiveness in AI, grounded in openness, partnership and fair competition.

“Achieving this will depend on access to world-class infrastructure and technologies at scale,” the Microsoft spokesperson said. “That means enabling European companies and public administrations to make procurement choices based on a broad, risk-based assessment in an open and competitive market.

“Microsoft offers secure and sovereign cloud solutions that put customers in control, and we stand ready to help build a strong, resilient and globally connected AI ecosystem in Europe.”

While the proposals present potential hurdles for US hyperscalers, those that adapt to the new regulatory direction — and concerns of European organizations — will benefit, said Pereiro. “If your offering aligns with sovereignty requirements, your company will be likely to see more opportunities, not fewer,” he said.

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]

Byly vyhlášeni vítězové a zveřejněny vítězné zdrojové kódy (YouTube, GitHub) již 29. ročníku soutěže International Obfuscated C Code Contest (IOCCC), tj. soutěže o nejnepřehlednější (nejobfuskovanější) zdrojový kód v jazyce C.

Evropská komise předložila evropský balíček pro technologickou suverenitu, tedy soubor opatření, která mají posílit kapacity EU v oblasti polovodičů, umělé inteligence, cloudu a open source. To Evropě pomůže stát se lídrem v oblasti umělé inteligence, posílit její digitální autonomii a vytvářet podmínky pro udržitelnější digitální budoucnost.

Projekt Virtual OS Museum nabízí téměř 600 historických operačních systémů • Historik Andrew Warkentin buduje tuto unikátní sbírku více než dvacet let • Plná verze skanzenu vyžaduje 174 GB volného místa na disku, existuje ale i verze Lite

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),