Agregátor RSS

Nouze o DDR5 a HBM nejspíš v příštím roce rozšíří nouze o GDDR7 a LPDDR5X. Výroba AI systémů Nvidia Rubin totiž bude vyžadovat více LPDDR5X čipů než celá spotřeba firem Apple a Samsung dohromady…

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching for victims’ password managers so it can steal all of their credentials and access cryptocurrency wallets such as MetaMask and Phantom. The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload to execute the malware, according to SentinelOne research engineer Phil Stokes, who documented the attack in a Monday blog. But unlike earlier SHub versions and similar macOS stealer campaigns that rely on ClickFix social engineering tactics to trick the user into pasting a ScriptEditor command into Apple’s Terminal command-line interface, Reaper bypasses Terminal altogether and therefore defeats defenses Apple added to Tahoe 26.4. The attack starts with fake WeChat and Miro installer websites, hosted on a domain designed to instill trust in users by typo-squatting a Microsoft URL: mlcrosoft[.]co[.]com. When a user visits these pages, hidden JavaScript collects a ton of information about their system and browser, including IP address, location, WebGL fingerprinting data, and indicators of virtual machines or VPNs. The attack stops if the victim is located in Russia. Assuming that the machine is located elsewhere and the user clicks on the fake tool installer, they open Apple’s Script Editor app via a sneaky link that’s heavily padded with ASCII art and fake terms to push the malicious command far below the visible portion of the window when it loads. When the victim clicks “Run” in Script Editor, the hidden command executes the malicious AppleScript and displays a popup message purporting to be a security update for Apple’s XProtectRemediator tool. Instead of updating the security tool, however, it calls a curl command to silently download the shell script and it asks the victim to enter their login details – which are scraped and used to decrypt various credentials – and then displays a fake error message. Earlier SHub versions harvested users’ browser data, cryptocurrency wallets, developer-related configuration files, macOS Keychain and iCloud account data, and Telegram session data. Reaper does all of this and more. It includes a filegrabber that searches for files that contain business or financial info in the user’s Desktop and Document folders. That approach is similar to the document-theft functionality seen in Atomic macOS Stealer (AMOS). The script also searches for several desktop cryptocurrency tools including Exodus, Atomic Wallet, Ledger Wallet, Ledger Live, and Trezor Suite. If it finds any, it injects the wallet with malware to ensure continued funds theft. And then, to ensure persistence, it backdoors the infected device by creating a directory structure designed to mimic Google Software Update: ~/Library/Application Support/Google/GoogleUpdate.app/Contents/MacOS/. “The LaunchAgent executes the target script GoogleUpdate every 60 seconds,” Stokes explains. “The script functions as a beacon, sending system details to the C2’s /api/bot/heartbeat endpoint.” This ensures the attacker can remotely execute code on the backdoored machine. If the attacker-controlled server sends a “code” payload, the script decodes it, writes it to a hidden file and executes the code with the users’ privileges before deleting the file. The backdoor gives the malware operators “more ways to steal data or pivot to other malicious installs after the initial compromise,” the threat hunter warns. About the only thing it doesn't do is implore the band to add more cowbell. ®

More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. [...]

A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums. The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai-Hulud, which TeamPCP published last week on GitHub after poisoning more than 170 npm packages with the credential-stealing malware as part of the ongoing supply chain attacks targeting open source dev tools. Plus, the same scumbag that uploaded the worm to chalk-tempalte also published three other malicious npm packages - @deadcode09284814/axios-util, axois-utils, and color-style-utils - containing infostealer code, according to Ox security researchers, which detected and reported the malware over the weekend. “The four malwares are inherently different, as the collected data varies between them, including exfiltrated IP addresses, cloud configurations, crypto wallets, environment variables, and even one malware turning the victim’s machine into a DDoS botnet – all from the same npm user,” researcher Moshe Siman Tov Bustan wrote on Sunday. Anyone installing any version of the packages is affected, he added, noting the total number of weekly downloads is 2,678. On Monday, the researchers told The Register that the npm user behind all four new stealer infections ran the supply-chain campaign from a home computer or local server farm. "The use of lhr.life is a clear indicator of a reverse proxy used to expose an internal network to the internet," they wrote in an email, adding that the miscreant(s) seem to be financially motivated as the code targets victims' cryptocurrency wallets and accounts. Plus, the DDoS botnet component "could indicate affiliation with anarchy groups looking to take down infrastructure and services, or intent to sell it as DDoS-as-a-service," they added. If you are running any of the four, immediately uninstall the malicious package and delete any related malicious configuration from IDEs and Claude Code or other coding agents. You should also rotate your keys on any affected machines, and check for GitHub repositories containing the string “A Mini Sha1-Hulud has Appeared,” the application security shop cautions. The Shai-Hulud copycat, like the original worm, steals secrets, credentials, crypto wallets, accounts, and other sensitive data, and sends all of this to a remote command-and-control server: 87e0bbc636999b[.]lhr[.]life. It also uploaded the stolen credentials to a new GitHub repository. The @deadcode09284814/axios-util malware collects and exfiltrates SSH keys, environment variables, and cloud credentials to 80[.]200[.]28[.]28:2222, and the color-style-utils stealer hoovers up IP addresses, IP geo-locations, and crypto wallets and sends them to edcf8b03c84634[.]lhr[.]life. The fourth malicious npm package (axois-utils) calls its payload a “phantom bot.” The code is written in Go, and contains a DDoS botnet that floods websites with HTTP, TCP, UDP and Reset requests. Persistence mechanisms also ensure it remains on the infected machine even after the package has been deleted. All four of these are from the same npm user, and Bustan warns that this influx of infostealers spreading across npm is “just the first phase of an upcoming wave of supply chain attacks coming.”®

Počet seniorů, kteří se neobejdou bez péče druhých, bude v příštích letech dál růst. Už nyní se přitom tradiční sociální služby potýkají s nedostatkem pracovníků. „Komerční sektor se musí zapojit a pomoci tenhle problém vyřešit,“ myslí si zakladatelé digitální platformy Viola pečuje. Jak konkrétně se o pomoc snaží jejich startup, jsme probrali v rozhovoru.

Realitka schovala ujednání o tom, že klient nesmí od smlouvy odstoupit, do formálních prohlášení, které laici moc nečtou. Pak po klientovi vymáhala smluvní pokutu za neplnění smlouvy.

TDF pozastavila členství přibližně třiceti zaměstnancům společnosti Collabora. Neznamená to vyloučení z vývoje, ale ztrátu hlasu při rozhodování o směřování projektu, do jehož kódu Collabora za rok dodala 43 procent změn.

Dnes se seznámíme se základními vlastnostmi knihovny mpmath určené pro ekosystém jazyka Python. Nabízí provádění numerických výpočtů s hodnotami s (teoreticky) neomezeným rozsahem a přesností.

Ovladače AMD Adrenalin Edition 26.5.2 přinášejí podporu pro Microsoft Advanced Shader Delivery, které zrychluje nahrání hry a snižuje cukání hry, ke kterému dochází v důsledku kompilace shaderů…

Vědečtí nekromanti Colossal Biosciences usilují o de-extinkci vymřelých druhů, včetně ptáků jako je ikonický novozélandský moa Dinornis robustus. V případě takto gigantických ptáků by pro vývoj zárodků a vylíhnutí mláďat potřebovali umělé vejce, které už teď mají k dispozici. Kdy se asi dočkáme ptáka moa?

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained.

This issue affects devices with limited free space available — typically 10MB or less — on the ESP. “On affected devices, the installation might proceed through the initial phases but fail during the reboot phase at approximately 35-36% completion,” Microsoft said in an advisory. It recommended changing a Windows registry setting to force the update, or to roll back changes and wait for a future update to fix the problem.

Consultants said it was a potentially serious issue given the unexpected exposure and the time the destined-to-fail patch takes to fail to install.

This is the kind of failure that keeps IT leaders up at night, said cybersecurity consultant Brian Levine, who serves as executive director of FormerGov. “When a security update cannot install because the operating system misjudges the state of its own boot partition, the problem isn’t only storage. The real problem is trust in the update process,” he said. “This is a basic hygiene failure dressed up as a technical issue. An update that cannot reliably detect available space on the EFI System Partition is not a small miss. It is a reminder that even mature platforms still struggle with dependency awareness and pre-flight validation.”

Eric Grenier, senior director analyst at Gartner, recommended increasing the size of the disk partition to 1.5GB so that the update can go ahead. “This should not hamper business needs in terms of the size of usable space for an end user”, he said, adding that it will also enable updating of the Windows Recovery Environment. He warned that Microsoft’s own recommendation could lead to trouble. “I would recommend that if an organization wanted to use the modified registry fix that they not only backup the registry beforehand but also test it on some pilot devices before rolling out to the rest of the environment and even then, I would do a slow phased rollout to be sure nothing breaks,” he said. “This type of fix in a production environment should be done with extreme caution because if done incorrectly, fixes will require hands on the keyboard.”

Ishraq Khan, CEO of coding productivity tool vendor Kodezi, says there is a blame on both IT teams and Microsoft.

“Most IT teams reasonably assume that if Windows Update passes its prechecks and starts installation, Microsoft has already validated the system state well enough to avoid a reboot-stage failure. If ESP space is critical to the update succeeding, the updater should have detected and blocked that condition earlier with a clear remediation message,” Khan said. “So while IT environments may contribute to partition pressure over time, Microsoft still owns the orchestration and validation logic that allowed the update to proceed.”

Khan added that this can become a very expensive enterprise IT headache. “That is a design problem for enterprise IT because failure during reboot is much more disruptive than blocking the update before installation begins. From a software maintenance perspective, this is exactly the kind of edge case that becomes expensive at enterprise scale. A small partition constraint on a subset of machines can turn into help desk tickets, rollback cycles, delayed patching, and security exposure.”

David Neuman, COO of consulting firm Acceligence, agreed that this is a substantial IT headache.

“The update appears to pass the early phases but then fails during the reboot phase, which means IT may not find out until the endpoint has already burned through the maintenance window time and rolled back. In an enterprise, it becomes a fleet hygiene problem rather than a one-off help desk problem,” he said. “Affected endpoints may remain unpatched while IT burns time diagnosing a failure that should have been explained earlier. The bigger lesson is that boot, recovery, and firmware-adjacent partitions are now part of patch-management hygiene. Mature IT teams should add ESP size and free-space checks to endpoint health reporting, update gold images so new deployments have adequate ESP capacity and treat boot-partition cleanup or resizing as lifecycle engineering rather than break-fix scripting.”

Microsoft said that it had resolved the issue automatically for consumer devices and non-managed business devices, but that leaves enterprises managing their own devices to sort things out for themselves. “We recommend IT administrators follow guidance within the known issues documentation, to mitigate this issue and re-deploy the latest May Security Updates to be protected,” a Microsoft representative said via email. The company plans to update documentation when it has resolved the problem.

This article first appeared on CSO.

Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. [...]

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. [...]

INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, aiming to investigate and neutralize malicious infrastructure, arrest perpetrators behind these