Agregátor RSS

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information.

This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely to be the last. Criminals understand the value of the information it has and see it as a prime target. That it is an industrial company actively deploying smart factory infrastructure across its premises just makes it an even more interesting challenge; what happens if the machinery itself is attacked?

Industrial defenses have improved; so have attacks

In practice, most large industrial facilities are moving to secure their own internal factory networks using technologies such as SD-WAN, private 5G networks, network segregation, isolation of production environments from the corporate network, and active monitoring against threats to factory machinery. All the same, attackers always hope that complex, well-planned combination exploits will find some way into even those most private and secure portions of corporate systems.

What happened at Foxconn

In this particular case, it doesn’t look as if the attack was made against connected industrial equipment at Foxconn. Wired reports a little of the events that took place:

• The attack was identified on May 1.
• Foxconn’s network collapsed.
• Wi-Fi failed first, then the disruption extended to core plant infrastructure.
• As the attack unfurled, workers were told to switch off their computers.
• They were also instructed not to log back in under any circumstances.
• There were previous attacks on other Foxconn facilities and subsidiaries, suggesting regular assaults on the company.

The attackers claim to have stolen key confidential data belonging to Foxconn clients, though sample files published by them don’t seem to include any Apple-related materials.

While it is easy to get lost in the shock value of what seems to be a successful attack against an Apple supplier, the underlying story should be a warning to every company as it highlights the febrile nature of the current threat environment.

The data is clear: factories are targets now

Recent security analyses have confirmed that attacks against the manufacturing sector are particularly severe. The IBM X-Force Threat Intelligence Index 2025 described manufacturing as the most targeted industry across four successive years. Dragos claims 70% of ransomware attacks have affected the sector, and the ENISA Threat Landscape raises similar alarms.

Attackers are highly focused on this sector for many reasons. They see the money potential of ransomware attacks and the reality that industrial operations can’t afford downtime, which means they become more likely to pay their way out of trouble. (That’s not to imply Foxconn has done so, but is more of a general observation.)

Attackers also recognize the fragmented nature of industrial cybersecurity as the industry goes through rapid digital transformation, leaving overall security only as strong as its weakest partner or parts.

Attacks are evolving quickly

It isn’t likely that the threat window will close any time soon. Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering warns, “Attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.”  

With new breed AI-augmented attacks expected to increase in volume and capacity in the coming years, the entire sector needs to put the strongest possible mitigations in place now. The continued evolution of nation state-adjacent attackers, likely equipped some day with access to quantum computers to power their exploits, is a real threat to industry and national infrastructure.

Put it all together and the recent attack against Foxconn is less of a story about Apple security and more a klaxon to everyone in the sector that the intensity and proficiency of these attacks is accelerating.

Plan for impact, not perfection

This also means larger entities such as Apple will probably need to introduce and/or enhance their mandatory supplier security guidelines to ensure supply chains have sufficient protection in place against such exploits — and the recognition that even when they do, successful attacks will still take place. 

Foxconn clearly had its own mitigation strategy, as it put this into effect the moment the attack took place then moved to threat analysis and dispatched mitigation teams. But even smaller operators should already know what they will do when attacked. Has your business got plans in place for this? Because the moral of today’s tale is that you should develop them immediately.

First they come for Foxconn. Then, they come for you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

PimEyes funguje podobně jako vyhledávače používané FBI či jinými orgány. • Nahrajete fotku a on najde danou osobu na veřejně dostupných webech. • Je opravdu přesný, a proto je také snadno zneužitelný ke stalkingu.

Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. [...]

Před pár týdny jsme provedli zátěžový test a pitvu jedné z nejprodávanějších USB-C nabíječek na českém trhu. AlzaPower G610CCA Fast Charge 67W nedopadla vůbec špatně, při své kapesní velikosti si totiž bez problému poradí i s menším notebookem a má solidní konstrukci, která vám při zkratu nevypálí ...

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated.

The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the Windows Attack Research and Protection group.

The platform will enter private preview for enterprise customers next month, Microsoft said in a blog post announcing the system.

The vulnerabilities were patched as part of Microsoft’s May 12 Patch Tuesday release.

“Cyber defenders are facing an increasingly asymmetric battle,” Microsoft added in the blog post. “Attackers are using AI to increase the speed, scale, and sophistication of attacks.”

Critical Windows components affected

The four critical vulnerabilities affected core Windows components broadly deployed across enterprise environments, Microsoft said in the blog.

Among them was CVE-2026-33827, a remote unauthenticated use-after-free flaw in the Windows IPv4 stack reachable through specially crafted packets carrying the Strict Source and Record Route option, Microsoft said.

Another flaw, CVE-2026-33824, involved a pre-authentication double-free issue in the IKEEXT service affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.

Two additional critical flaws affected Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8.

The remaining 12 vulnerabilities rated “Important” included denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws affecting components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe, according to Microsoft.

How MDASH orchestrates AI agents

According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models, with each agent assigned to a different stage of the vulnerability discovery pipeline.

Some agents scan source code for potential flaws, others validate whether findings are genuine, and another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review.

“The model is one input. The system is the product,” Taesoo Kim, Microsoft vice president for agentic security, wrote in the blog.

Microsoft said the architecture was intentionally designed to remain largely model-agnostic, allowing the company to swap underlying AI models without rebuilding the broader orchestration pipeline.

That detail matters because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic’s Claude Mythos Preview model.

“Microsoft is now operating as platform owner, security vendor, AI infrastructure player, OpenAI partner, Mythos integrator, and agentic security supplier,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “That is a formidable position. It is also a concentration of influence that security leaders must examine with clear eyes.”

AI vs AI vulnerability race

The announcement also highlights growing concern that AI-driven vulnerability discovery could accelerate offensive operations as well as defensive research.

Anthropic has previously said its Mythos Preview model identified thousands of high-severity vulnerabilities, including a decades-old OpenBSD flaw and a long-undetected FFmpeg issue that traditional fuzzing tools failed to uncover despite millions of attempts.

“We’ve entered an AI-versus-AI vulnerability discovery race,” said Sunil Varkey, advisor at Beagle Security. “The winners won’t be the organizations with the best static scanners anymore. They’ll be the ones who can run these agentic systems fastest against their own code and remediate at machine speed.”

Varkey said enterprises should pursue early access to systems such as MDASH where possible rather than waiting for broader commercial availability.

“Early access isn’t just nice-to-have,” he said. “It’s becoming a defensive necessity in the AI era.”

For CISOs, the broader implication may be that vulnerability management is shifting from periodic scanning toward continuous, AI-assisted discovery and remediation.

“The future belongs to security teams that can find, validate, contain, and fix in one governed motion,” Gogia said.

Benchmarks show progress, but analysts urge caution

To support its claims, Microsoft published benchmark results showing MDASH identified all 21 deliberately planted vulnerabilities in an internal Windows test driver without false positives. The company also said the system successfully recovered nearly all historical Microsoft Security Response Center cases tested against older Windows component snapshots.

On the public CyberGym benchmark for vulnerability reproduction tasks, Microsoft said MDASH achieved a score of 88.45%, topping the public leaderboard at publication time.

Gogia said the results show the category is maturing but warned against treating benchmark scores as direct proof of enterprise value.

“CyberGym is a signal, not a buying decision,” he said. “The machinery around the model is beginning to resemble a serious security research workflow.”

He added that many enterprises still lack the governance maturity required to operationalize machine-generated vulnerability discovery effectively.

“Discovery without remediation discipline is theatre,” Gogia said. “It produces dashboards, not resilience.”

This article originally appeared in CSO.

Sovereign Tech Agency (Wikipedie) prostřednictvím svého fondu Sovereign Tech Fund podpoří KDE částkou 1 285 200 eur.

Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. [...]

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While [email protected]

Pro sledování obsazení RAM musíte nejdříve aktivovat nabídku pro vývojáře • Snadno odhalíte všechny aplikace s nečekaně vysokými nároky • Zbytečné programy raději rovnou odinstalujte, nucené ukončování nic nevyřeší

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear [email protected]

Google na včerejší akci The Android Show | I/O Edition 2026 (YouTube) představil celou řadu novinek: Gemini Intelligence, notebooky Googlebook, novou generaci Android Auto, …