Agregátor RSS

Při koupi počítače za více než 50 000 Kč se pečlivě ujistěte, jaké komponenty vlastně kupujete. Jak jejich mix odpovídá vašim požadavkům, může rozhodnout o správnosti koupě a ani nemusí záležet na tom, zda půjde o desktop, nebo laptop.

Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. [...]

Linux admins hoping Dirty Frag was a one-off horror from the kernel networking stack are about to have a considerably worse week. Researchers at Wiz have published an analysis of "Fragnesia," a Linux kernel local privilege escalation flaw discovered by William Bowling of the V12 security team that allows unprivileged users to gain root by corrupting page cache memory. The bug, tracked as CVE-2026-46300, has public proof-of-concept exploit code documented by V12 on GitHub that demonstrates the vulnerability being used against /usr/bin/su to spawn a root shell. According to Google-owned Wiz, the flaw sits in the Linux kernel's XFRM subsystem, specifically ESP-in-TCP processing tied to IPsec support. By carefully triggering the bug, attackers can modify protected file data in memory without changing the original files stored on disk. Wiz describes Fragnesia as part of the broader "Dirty Frag" bug family rather than a completely separate class of issue. Dirty Frag itself only surfaced days ago and was already attracting attention thanks to public exploit code, incomplete patch coverage, and unusually reliable privilege escalation. According to researcher Hyunwoo Kim, who uncovered Dirty Frag, "Fragnesia" emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities, adding yet another entry to the long tradition of security fixes accidentally creating new security problems. As The Register previously reported, Dirty Frag followed hot on the heels of Copy Fail, another Linux kernel privilege escalation flaw that abused page cache handling to overwrite supposedly read-only files. Historically, local Linux privilege escalation bugs had a reputation for being unreliable, crash-prone, or fiddly enough that attackers needed good timing and a fair bit of luck to pull them off cleanly. Fragnesia looks different, as Wiz and V12 both say the exploit avoids race conditions entirely, making it far more predictable than older Linux root exploits like Dirty COW. That makes the bug much more useful after an initial compromise. An attacker who gains access to a system through phishing, stolen credentials, or a vulnerable cloud workload suddenly has a cleaner path to full root access. The V12 proof-of-concept repository is already public, while Linux vendors have started pushing out advisories and mitigation guidance. AlmaLinux warned that all supported releases are affected and urged administrators to patch quickly or disable unused ESP-related functionality where possible. Similar advisories have also been issued by Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu as distributors scramble to assess exposure across supported kernel versions. Microsoft also urged organizations to patch quickly, noting that though it had not observed in-the-wild exploitation so far, Fragnesia "can modify any file readable by the user, including [/]etc[/]passwd." The Linux networking stack is starting to look less like infrastructure and more like a root exploit vending machine. ®

Web nizozemských vědců prozradí dávnou zeměpisnou polohu vašeho bydliště • Model využívá k trasování tektonických desek data z magnetických minerálů • Nástroj pomůže paleontologům při mapování rozvoje biodiverzity během pravěku

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. [...]

Novela zákona usnadní život řidičům a omezí návštěvy úřadů. • Vznikne online depozit a zániky vozů budou automatizované. • Zjednoduší se nákup a prodej vozů, SPZ a techničáky půjde posílat do boxů.

RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not.

RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not.

For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem.

For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem.

Red Hat na své výroční konferenci Red Hat Summit v Atlantě tento týden oznámil hned několik novinek zaměřených na požadavky vývoje a provozu AI agentů. Red Hat Desktop a vylepšená sada Red Hat Advanced Developer Suite mají usnadnit přechod od agentů běžících lokálně na vývojářských pracovních stanicích k produkčnímu nasazení v hybridním cloudu.

Společnost Zyphra oznámila strategické partnerství s AMD, jehož cílem je vybudování 15MW AI cloudové infrastruktury postavené na akcelerátorech AMD Instinct MI355X…

Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory.

Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory.

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]