Agregátor RSS

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below - Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The UK’s competition regulator has launched a broad antitrust investigation into Microsoft’s business software ecosystem, opening a new front in growing regulatory scrutiny of how cloud platforms, productivity software, and embedded AI capabilities may affect competition in enterprise technology markets.

UK’s Competition and Markets Authority (CMA) said in a statement that it had opened a Strategic Market Status (SMS) investigation into Microsoft’s business software operations under the country’s new digital markets regime.

The regulator said it will assess whether Microsoft has “substantial and entrenched market power” and a “position of strategic significance” in business software markets.

“The investigation will assess whether Microsoft is using its position in business software to limit competition in cloud services, cybersecurity, communications, and AI,” the regulator said in a statement.

The case is the fourth strategic market status (SMS) investigation the regulator has opened since the UK’s digital markets competition regime came into force in January 2025, following earlier SMS cases into Google search, Apple’s mobile platform, and Google’s mobile platform.

A designation decision is due by February 2027, the statement added.

“Our aim is to understand how these markets are developing, Microsoft’s position within them and to consider what, if any, targeted action may be needed to ensure UK organisations can benefit from choice, innovation and competitive prices,” CMA chief executive Sarah Cardell said in the statement.

The scope covers productivity software, PC and server operating systems, database management, and security software, the CMA said, naming Windows, Word, Excel, Teams, and Copilot. Microsoft has more than 15 million commercial users across its UK ecosystem.

AI integration central to the case

The CMA will examine how AI competitors integrate with Microsoft’s business software and whether customers can mix AI tools from rival suppliers within Microsoft environments, the regulator said, citing the rapid embedding of AI functionality and a shift towards agentic AI in workplace tools.

Microsoft has pushed Copilot across Microsoft 365 tiers and expanded agentic features inside Office and Teams over the past year.

That AI overlay has not yet reset the lock-in question, but soon will, said Dario Maisto, senior analyst at Forrester. “Copilots have the potential to make employees and organizations more dependent on existing vendors, as any other feature embedded in the suites,” Maisto said. “At this stage, they do not change the enterprise lock-in conversation but will in the near future as adoption scales.”

For CIOs, switching away is no easier than swapping any other layer of the stack, Maisto added, describing diversification as as difficult as finding enterprise-grade alternatives to other Microsoft products.

What the CMA will examine

The investigation will assess whether Microsoft has SMS in business software and whether it uses that position to limit customer choice, the CMA statement added. It will look at product bundling, interoperability limits, and default settings that may stop customers from switching or weaken competitive pressure from rivals.

UK customers may not always be able to combine Microsoft software with products from other providers, the regulator said, limiting access to the best products at competitive prices.

An SMS finding would also let the CMA act on an unresolved concern from its earlier cloud market investigation, which found that Microsoft’s software licensing was reducing competition in cloud services. AWS previously told the regulator that Microsoft’s 2019 and 2022 licensing changes made it harder to run Microsoft products on Google Cloud, AWS, and Alibaba.

Wider scope than previous SMS cases

The case is wider in scope than any previous SMS investigation, covering productivity tools, operating systems, database management, and security software in a single ecosystem-level review. The previous three designations each targeted a narrower set of activities.

The SMS status does not assume wrongdoing, the CMA said. If Microsoft is designated, the regulator can impose conduct requirements or pro-competition interventions, subject to the relevant legal tests.

The probe runs alongside the CMA’s ongoing engagement with AWS and Microsoft on cloud egress fees and product interoperability, announced in March after the regulator decided not to pursue SMS designation on cloud services.

Sovereignty push runs in parallel

For enterprise customers, the investigation comes as many organizations pursue multi-cloud strategies while simultaneously consolidating technology stacks around a smaller number of strategic vendors.

Maisto said interoperability is likely to become an increasingly important — and difficult issue for regulators and enterprise buyers.

“Interoperability is a big topic these days, but it is easier said than done,” he said. “What works on paper in a policy may not work in reality.”

Maisto also pointed to growing European discussions around “tech sovereignty”.

“The European Commission is considering rules to restrict use of US cloud platforms to process sensitive government data,” he said. “The Commission is expected to present its ‘Tech Sovereignty Package’ on May 27 to define sectors that have to be hosted on European cloud capacity.”

At the same time, Maisto said he does not expect regulatory intervention alone to significantly alter market concentration trends.

“We do not foresee a massive decrease in market concentration,” he said.

Microsoft did not immediately respond to a request for comment.

Přesnou lidarovou navigaci mají i robotické vysavače pod pět tisíc. • Většina robotů nabízí velkou dokovací stanici se soběstačným režimem. • Praní a sušení mopů je standardem i v nižší třídě.

Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. [...]

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis [email protected]

CiviCRM (Wikipedie) bylo vydáno v nové verzi 6.14.0. Podrobnosti o nových funkcích a opravách najdete na release stránce. CiviCRM je robustní open-source CRM systém navržený speciálně pro neziskové organizace, spolky a občanské iniciativy. Projekt je napsán v jazyce PHP a licencován pod GNU Affero General Public License (AGPLv3). Český překlad má nyní 45 % přeložených řetězců a přibližuje se milníku 50 %. Potřebujeme vaši pomoc, abychom se dostali dál. Pokud máte chuť přispět překladem nebo korekturou, přidejte se na platformu Transifex.

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Upscalovací technologie FSR 4.1 zamíří i na Radeony RX 6000 a 7000. • Čtvrtá generace FSR se už kvalitativně téměř dotáhla na konkurenční DLSS 4. • Hráči si však ještě pár měsíců počkají.

Další lokální zranitelností Linuxu je ssh-keysign-pwn. Uživatel si může přečíst obsah souborů, ke kterým má právo ke čtení pouze root, například soubory s SSH klíči nebo /etc/shadow. V upstreamu již opraveno [oss-security mailing list].

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider "Mini Shai-Hulud" campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised. OpenAI said the incident happened during a phased rollout of new supply chain security controls introduced after a previous Axios-related incident. According to the company, the two compromised employee devices had not yet received updated package management protections that would have blocked the malicious dependency. The attackers carried out "credential-focused exfiltration activity" against a limited set of internal repositories reachable from the affected employee machines, according to OpenAI. It said "only limited credential material was successfully exfiltrated from these code repositories." That was apparently enough to trigger a precautionary reset across multiple products. OpenAI is rotating the certificates used to sign macOS versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is requiring users to update the affected software by June 12. The incident ties OpenAI to the increasingly messy supply chain campaign that has spent the past several weeks worming through npm ecosystems, CI/CD infrastructure, and GitHub Actions workflows. Security firm Socket linked the TanStack compromise to the broader "Mini Shai-Hulud" operation, which abused poisoned automation workflows and stolen publishing credentials to push malicious package updates into trusted software pipelines. Researchers tracking the wider Mini Shai-Hulud campaign have connected the activity to a threat group known as TeamPCP, which appears to have developed an unhealthy interest in poisoning npm ecosystems and rifling through developer credentials. TanStack confirmed this week that 84 malicious package versions spanning 42 @tanstack/* packages had been published after attackers compromised parts of its release infrastructure. The poisoned packages were designed largely to steal credentials, including GitHub tokens, cloud secrets, npm credentials, and CI/CD authentication material. The campaign appears linked to earlier Mini Shai-Hulud attacks involving SAP-related npm packages, suggesting the same credential-stealing operation is spreading across multiple developer ecosystems. OpenAI said it is continuing to investigate the incident and monitor for any downstream abuse tied to the stolen credentials. The reassuring news is that OpenAI says no production systems were breached. The less reassuring news is that attackers keep getting deeper into the software assembly line before anybody notices. ®

Donald Trump zhruba před rokem ohlásil jeden ze svých „zlatých“ projektů Golden Dome. Vícevrstevnou obranu celého území USA proti balistickým a hypersonickým raketám, střelám s plochou dráhou letu a dalším hrozbám. Bílý dům tehdy spočítal, že k vybudování Golden Dome bude potřeba 175 miliard ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]

Dostaňte záplavu informací pod kontrolou a vytvořte si vlastní digitální noviny.

British MPs are urging the government to tighten online safety laws, arguing social media companies should face the same kind of scrutiny as other products linked to serious harm. In a letter to Liz Kendall and Kanishka Narayan, shared with The Register, the UK's Science, Innovation and Technology Committee said there is now "strong and consistent evidence" linking social media use to harms affecting young people and warned that "no action is not an option." The committee, chaired by Chi Onwurah, said the current system leaves social media companies free to grow their youth user bases while avoiding meaningful responsibility for the subsequent fallout. "The status quo, where social media companies are neither accountable nor responsible for preventing harms, isn't acceptable," Onwurah said. "If any other consumer product caused these harms, it would've been recalled or changed." The intervention forms part of the government's "Growing up in the online world" consultation and follows a March evidence session examining arguments for and against restricting social media access for under-16s. The committee said it heard evidence from clinicians, bereaved parents, academics, child safety groups, and experts studying Australia's social media age limits, as well as accounts from young people and families concerned about harmful content and the effect social media is having on children's wellbeing. While the MPs stopped short of explicitly endorsing a blanket social media ban for teenagers, the letter makes clear the committee thinks ministers have spent too long relying on voluntary action from platforms whose business models still reward engagement above pretty much everything else. The committee said existing age restrictions should be properly enforced using "effective and privacy-preserving" age verification systems – rather than checks that can be bypassed by a drawn-on mustache – and called for stronger legal obligations requiring companies to filter illegal content and to block children from viewing harmful material. The letter also revisits the committee's earlier concerns about recommendation algorithms and how platforms deal with harmful and illegal posts, areas where MPs say previous proposals for reform went nowhere. MPs are now urging ministers to revisit those recommendations and bring forward fresh online safety legislation in the next parliamentary session. Particular attention was paid to algorithms and addictive design features. The committee argued that infinite scrolling and similar engagement mechanics should be designed out of platforms entirely, and warned that social media companies cannot keep pretending they are passive hosts while their recommendation systems actively shape what users see. The letter also warned that gaps in the UK's Online Safety Act mean some AI chatbots operating on closed databases currently fall outside the regime, something MPs said must be fixed before the next generation of online platforms disappears into yet another regulatory blind spot. ®

Květnové slevy a velké překvapení od Goodoffer24.com – je zde Office 2024! Kromě toho můžete koupit OEM licence na Windows 11 Pro, Office 2019 a další kancelářský software, nebo i hry!

AMD oficiálně potvrdila termín dostupnosti FSR 4.1 pro (před)minulou architektonickou generaci Radeonů. Kupodivu plánuje i podporu pro RDNA 2, která si však vyžádá více času…