Agregátor RSS

Fedora - Local Privilege Escalation

LangChain Core 1.2.4 - SSTI/RCE

Atlona ATOMERX21 - Authenticated Command Injection

Blíží se termín pro elektronické podání daňového přiznání k dani z příjmů. Projděte si s námi, co si předem připravit a na co nezapomenout. V galerii si můžete prohlédnout, jak vypadá vyplnění přiznání v aplikaci MOJE daně.

Mladý bezpečnostní analytik opakovaně hlásí chybné zranitelnosti. Po sérii falešných poplachů mu kolegové přestanou věřit. Pak přijde skutečný problém. Poučení o důvěře a zodpovědnosti v kyberbezpečnosti.

Prozkoumáme detailní parametry grafické karty, automatizujeme instalaci herních kompatibilních vrstev, budeme spravovat písma z příkazové řádky a synchronizujeme přepínání zařízení Logitech mezi počítači.

O kosmologii a odpovědi na otázky z ní je velký zájem, proto v poměrně krátkém časovém sledu zařazuji další, v pořadí již pátý díl, našeho seriálu. I dnes se můžete těšit na pět otázek a odpovědí z oblasti kosmologie a fyziky.

Experiment ARA (Askaryan Radio Array) poprvé detekoval Askaryanovo záření, specifické rádiové signály, které vznikají, když vysokoenergetické částice vletí do hustého dielektrika. Detektory umístěné až 200 metrů pod ledem Antarktidy před časem zachytily celkem 13 událostí, u nichž téměř není pochyb.

Zatímco Intel hovoří o profesionálních řešeních postavených na grafické architektuře Celestial, herní grafické karty od loňska nezmiňuje. Podezření se potvrdilo: Zrušil je již loni, v tichosti…

Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. [...]

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208. [...]

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]

When Apple rolled out hardware chief John Ternus as the CEO to replace Tim Cook, the reaction was kind but muted. That’s because Ternus has said nothing yet to indicate he has a specific plan to position Apple for the future. (To be fair, he’s said next to nothing about anything — no easily found social media posts, no big speeches about anything beyond hardware, no major interviews showcasing his vision. 

I have long been a fan of Apple, but the “i” people have a lot of problems. Their failure to make Apple an AI leader — not the leader, just a leader — has dominated headlines for two years now. But the truth is that Apple has spent years without the passion and drive that marked the second coming of Steve Jobs as CEO.

The clearest example involves the iPhone and the Apple Watch. I used to routinely upgrade my devices once a year, or at least every two years. I am sitting here now with an iPhone 13 Pro Max and an Apple Watch Series 7–the same devices I’ve had for almost five years. 

Each year, I’d get excited about Apple’s new devices and look for just one clean reason to upgrade. I didn’t find it. The promise of AI was intriguing, but Apple didn’t deliver. The iPhone camera kept getting better, but my photos look just fine already. 

Apple did deliver one feature that would have made me upgrade: allowing an iPhone to record and quickly transcribe calls. But the company then rolled it out to all devices, meaning it offered little to push new iPhone sales. (Of course, Apple never bothered to tell users the transcription feature has a roughly 30-minute limit. For a guy who often does hour-long interviews, that’s a problem; I’m forced to stop a recording at the 25-minute mark and reactivate it. *Sigh*)

As for AI, I would love for the iPhone to actually be intelligent about all of the data swimming within its case. For example, as a reporter, I have apps for a large number of news organizations. On one election night, I got 16 alerts that a Senate race had been called. I don’t need 16; I just need one. If Apple Intelligence were really intelligent, it would understand that. It should also understand that when I’m driving to an appointment, I don’t need a calendar alert 15 minutes before my meeting when the phone should know — based on my destination and routing in Apple Maps — that I’m on the way.

All those little missteps add up. One of the critical talents a CEO at a company as large as Apple needs is either vision or a passion that can pass for vision. 

This brings us to the inevitable comparison between Jobs and Cook. Jobs was passionate, persuasive, inspirational and he truly had a plan for future products based on his gut feeling of what users would want or need. But Jobs was also undisciplined, harsh, and abrupt and someone who wasn’t always worried about the truth.

He was, therefore, a great business leader, but he had help. (Keep reading for more.) 

Cook was nearly the opposite of Jobs. He was precise, methodical, detail-oriented and he for the most part treated people well and with respect. But his speeches were lackluster and I have yet to meet anyone who dubbed him electric or inspirational. He was privately passionate about his work, but that passion rarely surfaced in public. 

Here’s my point about Jobs’ success: He did so well because he had Cook as a senior deputy. Having the ultimate technocrat in place allowed Jobs to focus on the bigger-picture future. 

There’s been chatter on LinkedIn suggesting that Cook was a weaker CEO than Jobs. There’s a valid argument for that, but many do not give credit to Cook for helping Jobs perform as well as he did. 

Earlier in Cook’s tenure, he did have one executive with a healthy chunk of the Jobs passion: Jony Ive. But Ive got tired of the technocratic nature of his boss and left in 2019 to work elsewhere. Turns out the best leadership duo is a visionary CEO with a technocrat deputy. It doesn’t seem to work the other way around. 

Customers and employees also want to see passion and vision from a CEO directly. And that brings us to the upcoming change.Can Apple under CEO Ternus get its AI act together? That is the big mystery. 

Apple certainly has the money and the clout to make AI work from either side of the buy/build path. But does it have a vision of what customers want — or more precisely, what they need?. Jobs had the knack for correctly guessing what customers would want once they got it, even if they didn’t yet know they needed it. 

Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey, sees Ternus as an executive “who has also [along with Cook] been heads down on execution mode his entire career and he’s an insider. He knows how to keep (Apple) in its lane.”

Greis goes with the crowd in pinning most of his Apple hopes on AI. “If you look at the big AI companies, Apple is not on the map. Everybody is outpacing them. Siri simply doesn’t have the power that is needed to be valuable for their end-users.”

The AI magic is really not about simply using AI on-device. It’s about the value that can be delivered by a sophisticated integration of literally every piece of information coursing through a phone, your watch, a Mac or an iPad. 

A few years ago, people saw Apple as a gatekeeper controlling access to Siri. Back then, the assumption was that access to Siri would be worth tons of money. No longer. Plenty of people now use their iPhone to access generative AI offerings from a variety of Apple’s AI rivals. 

Apple can still win the AI mindshare battle, but only if it can truly deliver intelligent integration of everything that interacts with the phone. That package could be offered solely through Siri, allowing Apple to again control the almighty gateway. Sure, an iPhone user can access Claude or Perplexity — but if only Apple’s knighted partner can analyze your calendar, your contacts, your call history, your travel plans, your bank account, your photos, etc.— companies will again be willing to pay for access. 

That’s where Apple gold lies. The question is whether Ternus can mine it.

Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB. Vect's leak site lists 25 organizations since January, and four since March, which is when the extortions from the supply chain attacks began. It's unclear, however, how many - if any - of the listed orgs are tied to Trivy and LiteLLM-related compromises. "On April 15, the group claimed two larger victims, Guesty (700GB) and S&P Global (250GB), allegedly tied to earlier TeamPCP compromises," Eli Smadja, group manager at Check Point Research, told The Register. "However, these claims cannot be independently verified, and there is no confirmed visibility into how many of these cases resulted in successful ransom payments versus data being leaked without payment." Neither Guesty nor S&P Global responded to The Register's inquiries. Vect is one of the crime crews partnering with TeamPCP to leak data and extort victims of the ongoing attacks that infected Trivy, LiteLLM, Checkmarx, and Telnyx.  After initially compromising the security and developer tools, infecting them with self-propagating credential-stealing malware, TeamPCP and Vect announced their new partnership on BreachForums, bragging: "we will pull off even bigger supply chain operations. We will chain these compromises into devastating follow-on ransomware campaigns." Plus Vect announced a partnership with the data leak site itself, and said that every registered BreachForums user can use Vect's ransomware, negotiation platform, and website. So Check Point researchers opened a BreachForums account, got access to the panel and ransomware builder, and analyzed the gang's malware. They quickly determined that the ransomware-as-a-service group also isn't very good at writing code - "not technically sophisticated" and "amateur execution" are how Check Point's research team describes the crims - and they appear to have accidentally written a data wiper.  Instead of encrypting large files, which is what ransomware is supposed to do, Vect 2.0 ransomware permanently destroys any files larger than 131,072 bytes (128 KB). "Full recovery is impossible for anyone, including the attacker," the security analysts wrote. "At a threshold of only 128 KB, this effectively makes VECT a wiper for virtually any file containing meaningful data, enterprise assets such as VM disks, databases, documents and backups included. CPR confirmed this flaw is present across all publicly available VECT versions." The ransomware, as advertised, includes Windows, Linux, and ESXi variants. All share the same encryption design built on libsodium, the same file-size thresholds, the same four-chunk logic, and the same flaw: The encryption implementation discards three of four decryption nonces for every file larger than 128 KB. In addition to the nonce-handling flaw, the malware analysts say they spotted "multiple" other bugs and design failures across all ransomware variants, suggesting that even criminals can't vibe code their way to a successful operation. As the researchers note: "The authors know what features a professional ransomware tool should have, but demonstrably struggled to implement them correctly or at all." ®

'Full recovery is impossible for anyone, including the attacker'

Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB.…

The ongoing shift from generative AI (genAI) to agentic AI provides an opportunity for enterprises to move to more nimble and less expensive forms of computing, according to analysts.

Early AI models were largely built on expensive GPUs from Nvidia and AMD that offered raw processing power. But newer agentic AI tools, rooted in business process and workflow management, can run on more efficient, cost-effective hardware.

As a result, IT decision-makers who still think they require GPUs for anything AI-related need to reconsider their hardware options in terms of both cost and capabilities, analysts said.

“A better way of thinking about this is the cost of AI compute and now agentic AI platform services or systems,” said Leonard Lee, principal analyst at Next Curve. “’AI computing’ or ‘accelerated computing’ has clearly transcended the GPU as an inference accelerator.”

The new hardware options include CPUs and specialized AI chips, also known as ASICs in semiconductor parlance. Although these chips have been around for years, they are now showing real utility as agentic AI goes mainstream.

For one, the CPU — the main chip in any computer — is seeing something of a revival. “The CPU is reinserting itself as the indispensable foundation of the AI era. The CPU now serves as the orchestration layer and critical control plane for the entire AI stack,” Lee said.

CPUs are both power efficient and well-suited for AI on the edge, although specialized low-power chips are more capable depending on the task, said Jim McGregor, principal analyst at Tirias Research. “It will still be more efficient to use an ASIC instead of a CPU, and in most cases it will be less expensive over the life of a platform,” he said.

The growth of inference provides an opening for optimized AI accelerators, which can handle those jobs more efficiently than GPUs, said Mike Feibus, principal analyst at FeibusTech. “…The relative importance of [the] CPU is rising.”

Nvidia — sensing that it needed a low-power chip beyond its power-hungry GPUs — has already introduced an ASIC for inferencing in its hardware stack. And it recently licensed AI chip technology from Groq for $20 billion.

Because Agentic AI involves a different computing model than genAI training on GPUs, enterprises need to consider the hardware options and pricing models available through cloud providers. “It’s more about model management than about model building — and the CPU is critical in providing workflow management,” said Jack Gold, principal analyst at J. Gold Associates.

Pricing variations continue to be an issue. Straight CPU compute is not billed the same as heavy GPU use, making it difficult to nail down costs, Gold said. “GPUs in training use more electricity generically due to near 100% utilization in a training workload, whereas in general-purpose compute, servers and CPUs run more like 40% to 60% utilization,” he said. “But it’s highly variable depending on what the agent is doing.”

Gold predicts that 80% to 85% of AI workloads will move to inference in the next two to three years, especially as tools become more agentic. (Inference means moving away from GPUs, which are better used for training, to CPUs, which are more efficient for simpler AI tasks.)

“CPUs take on a major significance in making everything work. It’s why all the hyperscalers are now loading up on CPUs, not just GPUs,” Gold said.

Major cloud providers Google, Amazon and Microsoft , for instance, have their own CPUs and low-power ASICs for inferencing.

What looks at the moment like a resurgence in CPU demand is actually pointing to a larger issue: the growing complexity of AI infrastructure, said Gaurav Shah, vice president of business development and strategic partnerships at NeuReality.

The overhead around data movement, orchestration and networking is exploding, Shah said. “That’s what’s driving demand — not CPUs doing more AI, but systems struggling to keep up with AI,” Shah said.

Beyond enterprises, genAI companies, AI-native companies and neoclouds all will need to rethink their architecture. “The winners will be the architectures that deliver the most inference per watt, not the most cores per server,” Shah said.

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieveRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Může strategie, ve které se na konflikt místo vojáků díváte pohledem mediků a lékařů v týlu, vůbec bavit? Je zachraňování životů stejně atraktivní jako jejich ničení? Přesvědčit vás o tom, že i správa polní nemocnice může být zábava, se pokouší česká hra Medix.

Češi si s digitálními technologiemi vedou lépe než většina Evropanů. Alespoň základní digitální dovednosti má podle dat Českého statistického úřadu sedm z deseti lidí a nad průměrem EU se pohybujeme také v používání internetového bankovnictví nebo online nákupů.