Agregátor RSS

Která klasická webová mapa se vám líbí nejvíce? • Srovnali jsme sedm velkých služeb v několika situacích. • Jak si vedou Apple, Google, Microsoft, Here, OSM a české Mapy.com a Locus?

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]

The anonymous security researcher who has already maliciously exposed three Windows zero-days this year has revealed two more, dropping them just after Microsoft's monthly Patch Tuesday update. Nightmare-Eclipse, or Chaotic Eclipse, depending on which of their aliases you prefer, released details about YellowKey and GreenPlasma - respectively a BitLocker bypass and a privilege escalation flaw, handing SYSTEM access to attackers. Experts speaking to The Register warned that both vulnerabilities present serious security concerns, especially since Nightmare-Eclipse released substantial technical information about exploiting them. Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine. When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that BitLocker acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files. Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification." Despite the physical access requirement, Gavin Knapp, cyber threat intelligence principal lead at Bridewell, told The Register that YellowKey remains "a huge security problem for organizations using BitLocker." Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse hinted at YellowKey also acting as a backdoor, allegedly injected by Microsoft, although the people we spoke to said this was impossible to verify based on the information available. The researcher also published partial exploit code for GreenPlasma, rather than a fully formed proof of concept exploit (PoC). Ferguson noted attackers need to take the code provided by the researcher and figure out how to weaponize it themselves, which is no small task: in its current state it triggers a UAC consent prompt in default Windows configurations, meaning a silent exploit remains a work in progress. Knapp warned that these kinds of privilege escalation flaws are often used by attackers after they gain an initial foothold in a victim's system. "These elevation of privilege vulnerabilities are often weaponized during post-exploitation to enable threat actors to discover and harvest credentials and data, before moving laterally to other systems, prior to end goals such as data theft and/or ransomware deployment," he said. "Currently, there is no known mitigation for GreenPlasma. It will be important to patch when Microsoft addresses the issue." Four, five… and more? YellowKey and GreenPlasma are the latest in a series of five Microsoft zero-day bugs the researcher has exposed this year. When Nightmare-Eclipse released BlueHammer (CVE-2026-32201, 6.5) - patched by Microsoft in April - they were described as a disgruntled researcher who has since been rumored to be a former Microsoft employee. According to their maiden blog post under the Chaotic Eclipse alias, the bug leak began after an alleged violation of trust. "I never wanted to reopen a blog and a new GitHub account to drop code," they wrote. "But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine." In early April, the researcher leaked proof-of-concept code for Windows Defender exploits they called RedSun and UnDefend - another admin privilege escalation bug and denial-of-service flaw, respectively - as well as BlueHammer. Both RedSun and UnDefend remain unfixed, and according to Huntress, the proof-of-concept code released was quickly picked up and abused in real-world attacks. Ferguson described the exposure of YellowKey and GreenPlasma as the latest in an escalating, retaliatory campaign against Microsoft, and warned of more coming. "Prior releases include BlueHammer and RedSun, both of which attracted serious community attention and real forks," he said. "The same post linking yesterday's releases warns of another Patch Tuesday surprise and hints at future RCE disclosures. They claim to have a dead man's switch with more ready to go. This researcher has followed through on every prior threat." ®

Tomorrow's webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how organizations combine security, backups, and recovery planning to improve cyber resilience after attacks. [...]

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. [...]

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information.

This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely to be the last. Criminals understand the value of the information it has and see it as a prime target. That it is an industrial company actively deploying smart factory infrastructure across its premises just makes it an even more interesting challenge; what happens if the machinery itself is attacked?

Industrial defenses have improved; so have attacks

In practice, most large industrial facilities are moving to secure their own internal factory networks using technologies such as SD-WAN, private 5G networks, network segregation, isolation of production environments from the corporate network, and active monitoring against threats to factory machinery. All the same, attackers always hope that complex, well-planned combination exploits will find some way into even those most private and secure portions of corporate systems.

What happened at Foxconn

In this particular case, it doesn’t look as if the attack was made against connected industrial equipment at Foxconn. Wired reports a little of the events that took place:

• The attack was identified on May 1.
• Foxconn’s network collapsed.
• Wi-Fi failed first, then the disruption extended to core plant infrastructure.
• As the attack unfurled, workers were told to switch off their computers.
• They were also instructed not to log back in under any circumstances.
• There were previous attacks on other Foxconn facilities and subsidiaries, suggesting regular assaults on the company.

The attackers claim to have stolen key confidential data belonging to Foxconn clients, though sample files published by them don’t seem to include any Apple-related materials.

While it is easy to get lost in the shock value of what seems to be a successful attack against an Apple supplier, the underlying story should be a warning to every company as it highlights the febrile nature of the current threat environment.

The data is clear: factories are targets now

Recent security analyses have confirmed that attacks against the manufacturing sector are particularly severe. The IBM X-Force Threat Intelligence Index 2025 described manufacturing as the most targeted industry across four successive years. Dragos claims 70% of ransomware attacks have affected the sector, and the ENISA Threat Landscape raises similar alarms.

Attackers are highly focused on this sector for many reasons. They see the money potential of ransomware attacks and the reality that industrial operations can’t afford downtime, which means they become more likely to pay their way out of trouble. (That’s not to imply Foxconn has done so, but is more of a general observation.)

Attackers also recognize the fragmented nature of industrial cybersecurity as the industry goes through rapid digital transformation, leaving overall security only as strong as its weakest partner or parts.

Attacks are evolving quickly

It isn’t likely that the threat window will close any time soon. Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering warns, “Attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.”  

With new breed AI-augmented attacks expected to increase in volume and capacity in the coming years, the entire sector needs to put the strongest possible mitigations in place now. The continued evolution of nation state-adjacent attackers, likely equipped some day with access to quantum computers to power their exploits, is a real threat to industry and national infrastructure.

Put it all together and the recent attack against Foxconn is less of a story about Apple security and more a klaxon to everyone in the sector that the intensity and proficiency of these attacks is accelerating.

Plan for impact, not perfection

This also means larger entities such as Apple will probably need to introduce and/or enhance their mandatory supplier security guidelines to ensure supply chains have sufficient protection in place against such exploits — and the recognition that even when they do, successful attacks will still take place. 

Foxconn clearly had its own mitigation strategy, as it put this into effect the moment the attack took place then moved to threat analysis and dispatched mitigation teams. But even smaller operators should already know what they will do when attacked. Has your business got plans in place for this? Because the moral of today’s tale is that you should develop them immediately.

First they come for Foxconn. Then, they come for you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

PimEyes funguje podobně jako vyhledávače používané FBI či jinými orgány. • Nahrajete fotku a on najde danou osobu na veřejně dostupných webech. • Je opravdu přesný, a proto je také snadno zneužitelný ke stalkingu.

Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. [...]

Před pár týdny jsme provedli zátěžový test a pitvu jedné z nejprodávanějších USB-C nabíječek na českém trhu. AlzaPower G610CCA Fast Charge 67W nedopadla vůbec špatně, při své kapesní velikosti si totiž bez problému poradí i s menším notebookem a má solidní konstrukci, která vám při zkratu nevypálí ...

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Linux runs the internet. More than 96% of the world’s top one million web servers operate on Linux-based systems. That makes every linux server a target by default. Attackers do not go where defenses are strongest; they go where the infrastructure is exposed.

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated.

The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the Windows Attack Research and Protection group.

The platform will enter private preview for enterprise customers next month, Microsoft said in a blog post announcing the system.

The vulnerabilities were patched as part of Microsoft’s May 12 Patch Tuesday release.

“Cyber defenders are facing an increasingly asymmetric battle,” Microsoft added in the blog post. “Attackers are using AI to increase the speed, scale, and sophistication of attacks.”

Critical Windows components affected

The four critical vulnerabilities affected core Windows components broadly deployed across enterprise environments, Microsoft said in the blog.

Among them was CVE-2026-33827, a remote unauthenticated use-after-free flaw in the Windows IPv4 stack reachable through specially crafted packets carrying the Strict Source and Record Route option, Microsoft said.

Another flaw, CVE-2026-33824, involved a pre-authentication double-free issue in the IKEEXT service affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.

Two additional critical flaws affected Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8.

The remaining 12 vulnerabilities rated “Important” included denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws affecting components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe, according to Microsoft.

How MDASH orchestrates AI agents

According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models, with each agent assigned to a different stage of the vulnerability discovery pipeline.

Some agents scan source code for potential flaws, others validate whether findings are genuine, and another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review.

“The model is one input. The system is the product,” Taesoo Kim, Microsoft vice president for agentic security, wrote in the blog.

Microsoft said the architecture was intentionally designed to remain largely model-agnostic, allowing the company to swap underlying AI models without rebuilding the broader orchestration pipeline.

That detail matters because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic’s Claude Mythos Preview model.

“Microsoft is now operating as platform owner, security vendor, AI infrastructure player, OpenAI partner, Mythos integrator, and agentic security supplier,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “That is a formidable position. It is also a concentration of influence that security leaders must examine with clear eyes.”

AI vs AI vulnerability race

The announcement also highlights growing concern that AI-driven vulnerability discovery could accelerate offensive operations as well as defensive research.

Anthropic has previously said its Mythos Preview model identified thousands of high-severity vulnerabilities, including a decades-old OpenBSD flaw and a long-undetected FFmpeg issue that traditional fuzzing tools failed to uncover despite millions of attempts.

“We’ve entered an AI-versus-AI vulnerability discovery race,” said Sunil Varkey, advisor at Beagle Security. “The winners won’t be the organizations with the best static scanners anymore. They’ll be the ones who can run these agentic systems fastest against their own code and remediate at machine speed.”

Varkey said enterprises should pursue early access to systems such as MDASH where possible rather than waiting for broader commercial availability.

“Early access isn’t just nice-to-have,” he said. “It’s becoming a defensive necessity in the AI era.”

For CISOs, the broader implication may be that vulnerability management is shifting from periodic scanning toward continuous, AI-assisted discovery and remediation.

“The future belongs to security teams that can find, validate, contain, and fix in one governed motion,” Gogia said.

Benchmarks show progress, but analysts urge caution

To support its claims, Microsoft published benchmark results showing MDASH identified all 21 deliberately planted vulnerabilities in an internal Windows test driver without false positives. The company also said the system successfully recovered nearly all historical Microsoft Security Response Center cases tested against older Windows component snapshots.

On the public CyberGym benchmark for vulnerability reproduction tasks, Microsoft said MDASH achieved a score of 88.45%, topping the public leaderboard at publication time.

Gogia said the results show the category is maturing but warned against treating benchmark scores as direct proof of enterprise value.

“CyberGym is a signal, not a buying decision,” he said. “The machinery around the model is beginning to resemble a serious security research workflow.”

He added that many enterprises still lack the governance maturity required to operationalize machine-generated vulnerability discovery effectively.

“Discovery without remediation discipline is theatre,” Gogia said. “It produces dashboards, not resilience.”

This article originally appeared in CSO.

Sovereign Tech Agency (Wikipedie) prostřednictvím svého fondu Sovereign Tech Fund podpoří KDE částkou 1 285 200 eur.