Agregátor RSS

Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem.

The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was.

NASy už nejsou jen obyčejné síťové disky, výrobci je propagují jako osobní datové cloudy. • Synology, QNAP a Asustor jsou dlouhodobě nejoblíbenější značky. • Zavařit jim ale chtějí Ubiquiti a hlavně dravý čínský Ugreen.

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years. Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious,"

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat asRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

The European Union has now published a set of measures aimed at boosting Europe’s tech industry to help reduce reliance on US and Chinese suppliers for AI, cloud, and semiconductors. The proposals include rules to restrict the use of US hyperscalers for certain public sector procurement purposes, but stop short of banning them outright.

“Technological sovereignty does not mean protectionism. Europe remains grounded in openness, partnership, and fair competition,” Henna Virkkunen, executive vice president for Tech Sovereignty, Security and Democracy, said in a statement Wednesday. “At the same time, Europe wants to be in the position to make its own choices, avoiding dependence on single dominant suppliers, especially from non-like-minded countries.”

The European Technological Sovereignty Package — released after several delays — includes two legislative proposals: the Cloud and AI Development Act and Chips Act (CAIDA) 2.0 and the Open Source Strategy and Strategic Roadmap for Digitalization and AI in Energy.

CAIDA aims to triple data center capacity in the next five to seven years by easing restrictions for deployments across the EU. It also includes rules that, if enacted, would require EU public bodies to meet certain sovereignty criteria for cloud service procurement related to certain sensitive workloads.

Amid ongoing trans-Atlantic tensions and a long-time deep reliance on US tech providers, European organizations have become increasingly wary of a “kill switch” that would cut off access to digital services. There are also concerns that US hyperscalers could be compelled to share data with US government under the CLOUD Act and Foreign Intelligence Services Act (FISA), even when data centers are located in Europe.

The CAIDA proposals include four levels of criteria for suppliers; the most basic includes data center infrastructure located and operated in the region – something  many US cloud suppliers already provide – with stricter rules around supplier ownership, full control over the software stack, and more stringent cybersecurity certification.

The majority of existing EU public sector workloads (70%) fall under the first level, with 20% at level 2, and 9% at level 3. Only a small proportion (1%) of the most sensitive workloads would require level 4.

Other proposals include the Chips Act 2.0, a follow-up to the 2023 legislation that sought to improve semiconductor production capabilities; the updated version now aims to boost research and spur demand for domestically produced processors. 

The legislative proposals must be negotiated by the European Parliament and Council of the European Union before adoption.

Rodina produktů Surface od Microsoftu zahrnuje notebooky a tablety, výjimkou byl netradiční All-in-one Surface Studio, kde byl počítač v základně stojanu velkého monitoru. Letos se do řady Surface zařízení i miniaturní stolní počítač Surface RTX Spark Dev Box. Z názvu snadno odvodíte, že jej ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit [email protected]

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt. Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Microsoft na konferenci Build odhalil několik nových AI modelů, a zejména snahu nespoléhat se ve vývoji umělé inteligence jen na partnery, ale být jim také rovnocenným soupeřem. Ve svých produktech nyní využívá velké jazykové modely GPT a Claude, ale v budoucnu ještě uslyšíme o jeho MAI (Microsoft ...

UPDATED Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to “an old contact” at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have compromised separately, to push malicious VS Code extensions via its Workspace Recommendations feature, which then steal OAuth tokens they can then use to read/write public and private GitHub repos. It affects anyone who has ever used github.dev, a feature that allows users to open a GitHub repo in a browser-based version of VS Code. Askar said that the feature is enabled by github.com passing an OAuth token over to github.dev and, crucially, this token is not limited to the repo from which github.dev was spun up. It means that this token can hand an attacker access to any other repo – public or private – to which the target also has access. The exploit is contingent on an attacker being able to modify a repo’s .vscode/extensions.json file and recommending an attacker-controlled extension for the browser-based VS Code instance. In normal scenarios, a pop-up would appear asking for a user to accept the installation of this extension, potentially tipping them off to foul play. However, because of the way in which the attacker delivers the repo to the target, they already have a Jupyter Notebook file running in the target’s github.dev before the extension is installed. The attacker must initially get the target to open their repo using a github.dev link that points to this ipynb file, which VS Code immediately opens inside a Webview. Inside the Jupyter Notebook is a hidden HTML snippet inside a Markdown cell, which when loaded allows attacker-controlled JavaScript code to run. This code fires a simulated keyboard shortcut, which VS Code bubbles up to the main editor, tricking the system into automatically accepting the malicious extension popup. The attaker-controlled extension is then running with access to the browser environment, and steals the OAuth token, which can be used to read and change any public or private repo. Askar said past negative experiences with Microsoft Security Response Center (MSRC) influenced his decision not to go through the typical responsible disclosure process, publishing the PoC roughly an hour after tipping off his GitHub contact. “To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug I pointed out without any credit,” he wrote. “They also marked it as not having any security impact. As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode. Taking a look at a recent report by Starlabs on a VSCode XSS bug marked as ineligible and low severity, it doesn’t look like MSRC has gotten any better about VSCode bugs. “I’m sure the VSCode team would have appreciated a longer heads up on this to come up with solutions. There is legitimately a UI/UX balance here that needs to be struck with the security concerns. To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode. Finding and fully developing security bugs into proof-of-concepts like this takes time and effort on the part of security researchers that should not be disrespected or taken for granted.” Askar’s approach is reminiscent of a researcher who goes by Nightmare Eclipse, a suspected former Microsoft employee who has attracted a great deal of attention in recent weeks for leaking zero-days without informing Microsoft beforehand. The researcher has so far released six zero-days, three of which were quickly confirmed to be exploited by attackers in the wild. As regards their motivation for launching this attack on Microsoft, Nightmare Eclipse previously alluded to being stabbed in the back and being left homeless after an agreement that was not honored – all very vague. After the sixth zero-day, Microsoft vaguely threatened the researcher with its Digital Crimes Unit, which works closely with law enforcement, before quickly backing down after an outpouring of negative responses. ® Updated to add on June 4: Microsoft has been on touch with a statement: "We value the critical role that the security research community plays in strengthening the security of our products, services, and the broader technology ecosystem. "While independent researchers determine when and how to publish their findings, we remain committed to rapidly assessing reported issues, mobilizing the appropriate engineering and security response resources, and delivering mitigations, guidance, and protections as quickly as possible to help safeguard our customers." A Microsoft spokesperson also told us that the issue that Askar pointed out "has been mitigated and no customer action is required."

A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. [...]