Agregátor RSS

Na světě je nové vydání Ubuntu, které je současně pravidelnou LTS verzí, tedy tou, která nechává svého uživatele v klidu nejméně 10 let od vydání. Nové Ubuntu je podařeným mixem novinek evolučních i revolučních.

Quaise Energy míří za obnovitelnou energií do zemských hlubin. Spoléhají na to, že superhorké horniny, jejichž teplota překračuje 300 °C, mohou poskytnout spoustu geotermální energie. V současné době již staví pilotní projekt Obsidian, který by měl v roce 2030 dosáhnout výkonu 50 MW.

Po kritice podpory OC pouze na deskách s čipsetem Z890 a oficiálním příslibu cenově dostupnější procesorů s podporou přetaktování se dozvídáme, že taktování nabídnou dva čipsety pro Nova Lake…

Legit-looking website, camera-on interviews, jokes about backdoors ... it worked

EXCLUSIVE  It all started with a LinkedIn message, as so many employment scams do these days.…

Posted by Thomas Brunner, Yu-Han Liu, Moni Pande

At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top priority for the security community, anticipating it as a primary attack vector for adversaries to target and compromise AI agents. But while the danger of IPI is widely discussed, are threat actors actually exploiting this vector today – and if so, how?

To answer these questions and to uncover real-world abuse, we initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. 

The threat of indirect prompt injection

Unlike a direct injection where a user "jailbreaks" a chatbot, IPI occurs when an AI system processes content—like a website, email, or document—that contains malicious instructions. When the AI reads this poisoned content, it may silently follow the attacker's commands instead of the user's original intent.

This is not a new area of concern for us and Google has been working tirelessly to combat these threats. Our efforts involve cross-functional collaboration between researchers at Google DeepMind (GDM) and defenders like the Google Threat Intelligence Group (GTIG). We have previously detailed our work in this area and researchers have further highlighted the evolving nature of these vulnerabilities.

Despite this collective focus, a fundamental question remains: to what degree are real-world malicious actors currently operationalizing these attacks?

Proactive monitoring at GoogleThe landscape of IPI on the web

There are many channels through which attackers might try to send prompt injections. However, one location is particularly easy to observe - the public web. Here, threat actors may simply seed prompt injections on websites in hope of corrupting AI systems that browse them.

Public research confirms these attacks are possible; consequently, we should expect real-world adversaries to exploit these vulnerabilities to cause harm.

Thus, we ask a basic question: What outcomes are real attackers trying to achieve today?

For ease of access and reproducibility, we chose to use Common Crawl, which is a large repository of crawled websites from the English-speaking web. Common Crawl provides monthly snapshots of 2-3 billion pages each. These are mostly static websites, which includes self-published content such as blogs, forums and comments on these sites, but as a caveat it does not contain most social media content (e.g., LinkedIn, Facebook, X, …) as Common Crawl skips websites with login walls and anti-crawl directives.

This means that, while prompt injections have been observed on social media, we reserve these for an upcoming separate study. For a first look, we can observe prompt injections even in standard HTML, for which Common Crawl conveniently provides not just the source, but also the parsed plaintext.

The challenge of false positives

The task of scanning large amounts of documents for prompt injections may sound simple, but in reality is hindered by an overwhelming number of false positive detections.

Early experiments revealed a significant volume of "benign" prompt injection text, which illustrates the complexity of distinguishing between functional threats and harmless content. Many prompt injections were found in research papers, educational blog posts, or security articles discussing this very topic. 

False positives: Most prompt injections in web content tend to be education material for researchers. (Source: GitHub/swisskyrepo)

When searching for prompt injections naively, the majority of detections are benign content – false positives in our case. Therefore, we opted for a coarse-to-fine filtering approach:

• Pattern Matching: We initially identified candidate pages by searching for a range of popular prompt injection signatures, like “ignore … instructions”, “if you are an AI”, etc.

• LLM-Based Classification: These candidates were then processed by Gemini to classify the intent of the suspicious text, and to understand whether they were part of the overall document narrative or suspiciously out of place.

• Human Validation: A final round of manual review was conducted on the classified results to ensure high confidence in our findings.

While this approach is not exhaustive and might miss uncommon signatures, it can serve as a starting point for understanding the quality of prompt injections in the wild. 

What we found

Our analysis revealed a range of attempts that, if successful, would try to manipulate AI systems browsing the website. Most of the prompt injections we observed fall into these categories:

• Harmless pranks

• Helpful guidance

• Search engine optimization (SEO)

• Deterring AI agents 

• Malicious

• Data exfiltration

• Destruction

Harmless Prank

This class of prompt injection aims to cause mostly harmless side effects in AI assistants reading the website. We found many instances of this – consider the source code of this website, which contains an invisible prompt injection that instructs agents reading the website to change their conversational tone:

Helpful Guidance

We also observed website authors who wanted to exert control over AI summaries in order to provide the best service to their readers. We consider this a benign example, since the prompt injection does not attempt to prevent AI summary, but instead instructs it to add relevant context.

We note that this example could easily turn malicious if the instruction tried to add misinformation or attempted to redirect the user to third party websites.

Search Engine Optimization (SEO)Some websites include prompt injections for the purpose of SEO, trying to manipulate AI assistants into promoting their business over others:
While the above example is simple, we have also started to see more sophisticated SEO prompt injection attempts. Consider the intricate prompt below, which was seemingly generated by an automated SEO suite and inserted into website text:Deterring AI agents

Some websites try to prevent retrieval by AI agents via prompt injection. There exist many examples of “If you are an AI, then do not crawl this website”. However, we also observed more insidious implementations: 

This injection tries to lure AI readers onto a separate page which, when opened, streams an infinite amount of text that never finishes loading. In this way, the author might hope to waste resources or cause timeout errors during the processing of their website.

Malicious: Exfiltration

We were able to observe a small number of prompt injections that aim at theft of data. However, for this class of attacks, sophistication seemed much lower. Consider this example:

As we can see, this is a website author performing an experiment. We did not observe significant amounts of advanced attacks (e.g. using known exfiltration prompts published by security researchers in 2025). This seems to indicate that attackers have yet not productionized this research at scale.

Malicious: Destruction

Finally, we observed a number of websites that attempt to vandalize the machine of anyone using AI assistants. If executed, the commands in this example would try to delete all files on the user’s machine:

While potentially devastating, we consider this simple injection unlikely to succeed, which makes it similar to those in the other categories: We mostly found individual website authors who seemed to be running experiments or pranks, without replicating advanced IPI strategies found in recently published research. 

What does this mean?

Our results indicate that attackers are experimenting with IPI on the web. While the observed activity suggests limited sophistication, this might be only part of the bigger picture.

For one, we scanned only an archive of the public web (CommonCrawl), which does not capture major social media sites. Additionally, even though sophistication was low, we observed an uptick in detections over time: We saw a relative increase of 32% in the malicious category between November 2025 and February 2026, repeating the scan on multiple versions of the archive. This upward trend indicates growing interest in IPI attacks. 

In general, threat actors tend to engage based on cost/benefit considerations. In the past, IPI attacks were considered exotic and difficult. And even when compromised, AI systems often were not able to execute malicious actions reliably.

We believe that this could change soon. Today’s AI systems are much more capable, increasing their value as targets, while threat actors have simultaneously begun automating their operations with agentic AI, bringing down the cost of attack. As a result, we expect both the scale and sophistication of attempted IPI attacks to grow in the near future.

Moving forward

Our findings indicate that, while past attempts at IPI attacks on the web have been low in sophistication, their upward trend suggests that the threat is maturing and will soon grow in both scale and complexity.

At Google, we are prepared to face this emergent threat, as we continue to invest in hardening our AI models and products. Our dedicated red teams have been relentlessly pressure-testing our systems to ensure Gemini is robust to adversarial manipulation, and our AI Vulnerability Reward Program allows external researchers to participate. 

Finally, Google’s established ability to process global-scale data in real-time allows us to identify and neutralize threats before they can impact users. We remain committed to keeping the Internet safe and will continue to share intelligence with the community.

To learn more about Google’s progress and research on generative AI threat actors, attack techniques, and vulnerabilities, take a look at the following resources:

• Google Workspace’s continuous approach to mitigating indirect prompt injections (blog post) from Google’s GenAI security team

• Mitigating prompt injection attacks with a layered defense strategy (blog post) from Google’s GenAI security team

• Beyond Speculation: Data-Driven Insights into AI and Cybersecurity (RSAC 2025 conference keynote) from Google’s Threat Intelligence Group (GTIG)

• AI Threat Tracker (report) from Google’s Threat Intelligence Group (GTIG)

• Google's Approach for Secure AI Agents (white paper) from Google’s Secure AI Framework (SAIF) team

• Advancing Gemini's security safeguards (blog post) from Google’s DeepMind team

• Lessons from Defending Gemini Against Indirect Prompt Injections (white paper) from Google’s DeepMind team

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]

Akcionáři americké mediální společnosti Warner Bros. Discovery dnes schválili převzetí firmy konkurentem Paramount Skydance za zhruba 110 miliard dolarů (téměř 2,3 bilionu Kč). Firmy se na spojení dohodly v únoru. O část společnosti Warner Bros. Discovery dříve usilovala rovněž streamovací platforma Netflix, se svou nabídkou však neuspěla. Transakci ještě budou schvalovat regulační orgány, a to nejen ve Spojených státech, ale také například v Evropské unii. Proti spojení podniků se staví řada herců, režisérů, scénáristů a dalších lidí z filmového a televizního průmyslu. Otevřený dopis odmítající fúzi podepsaly přes čtyři tisíce lidí. „Výsledkem bude méně příležitostí, méně pracovních míst, vyšší náklady a menší výběr pro diváky ve Spojených státech a po celém světě. Je znepokojivé, že by tato fúze snížila počet velkých amerických filmových studií na pouhá čtyři“ píše se v dopisu.

Canonical vydal (email, blog, YouTube) Ubuntu 26.04 LTS Resolute Raccoon. Přehled novinek v poznámkách k vydání. Vydány byly také oficiální deriváty Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu Studio, Ubuntu Unity a Xubuntu. Jedná se o 11. vydání s dlouhodobou podporou (LTS).

Global IT spending is expected to rise this year to $6.31 trillion, according to a new forecast from Gartner, a 13.5% increase compared to 2025.

According to the research firm, AI is the single most important driver behind the growth, with investments in AI infrastructure, in particular, driving the trend. The data center systems segment is expected to grow by a whopping 55.8% during the year, by far the fastest growing of all categories.

At the same time, IT services continue to account for the largest share of total spending and are expected to exceed $1.87 trillion this year. Software is also showing strong growth, particularly in generative AI.

Growth is also expected in the device market, though at a significantly slower pace. Overall, the market is expected to reach approximately $856 billion, though Gartner says this growth is being slowed by rising memory prices.

Chinese market research firm Sigmaintell expects Apple to be the only company to see growth in the laptop market this year.

Overall, Sigmaintel predicts global notebook shipments will reach 181.1 million units this year, a decline of 8%. That drop will, in part, be caused by memory and component shortages and also by slowing market demand. That’s going to damage all of the notebook vendors, bar Apple,. 

Apple laptop sales expected to rise more than 20%

Sigmaintell calculates Apple will ship 28 million laptop in the year, up 21.7% from 2025. This puts Apple in third place in laptop shipments, a demand the company will be able to meet despite component shortages because of the efficient use of memory inherent to its systems. That memory efficiency acts as a protection against the impact of climbing costs, even as competitors struggle with the affects on their business.

Apple’s incoming CEO, John Ternan, is being presented as a hardware man, so he will no doubt be pleased to experience the benefit of MacBook Neo’s massive attack on the lower echelons of the market. The Neo is already generating millions of additional sales, something Apple’s diversified revenue engine, including services, can further capitalize on.

PC makers face steep decline

There’s quite stark news for PC manufacturers. The report predicts Lenovo, Dell, HP, and ASUS will see sharp sales declines and warns that the entire industry will need to quickly transition from hardware-based sales toward full ecosystem plays. 

That’s going to be extraordinarily difficult for most PC makers. Not only do most of them use operating systems they don’t build themselves, but most lack a successful range of services customers will happily choose to use. 

For the most part, while Apple offers Apple Music, competitors only offer Spotify, a situation that generates far less revenue for them. That lack of successful monetization in terms of attached income across the customer base meant less when the PC market was growing, but in an environment buffeted by multiple business challenges it becomes a vulnerability that cannot be ignored. It exposes the inherent weakness of a strategy in which hardware manufacturers rely on third parties for operating systems and services, as the lion’s share of income doesn’t reach those hardware makers. 

You can go your own way

There’s little doubt that part of the reason Apple is in such a strong position is because of its highly strategic outgoing CEO, Tim Cook, who led efforts to build a strong services business, accompanied by a wide ecosystem of complementary accessories. You don’t just buy an iPhone, you buy a Mac, AirPods, and Apple Music. You don’t just get an iPad, but you likely also acquire Apple Arcade. 

To a great extent, Apple’s strength now owes a big debt to the many years in which the company was marginalized. Forced to follow its own path, Apple deliberately developed its own unique platform-based approach. That approach meant the company remained profitable even when it held just a few percentage points of the PC market; as its market share improves, we can also see its profitability climb. 

The way that you do it

This good news may not matter as much as you might think to Apple’s leadership team. To them, while becoming the industry’s fastest-growing notebook manufacturer is nice, what matters more is crafting a platform experience that means something to the people using it. That, after all, is how to generate the high user satisfaction Apple’s platform loyalty and word-of-mouth recommendations come from.

That 16% of everyone purchasing a notebook this year will choose a Mac suggests a watershed moment for all Apple’s platforms.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

 If you spend enough time looking at a monitoring dashboard, you start to see a comforting pattern. Green lights mean the servers are up, the logs are flowing, and everything feels under control. But if you look closer, you realize that linux logging is often more of a formal archive than a security tool. There is a quiet gap between seeing that a system is running and actually knowing what it is doing.

If you spend enough time looking at a monitoring dashboard, you start to see a comforting pattern. Green lights mean the servers are up, the logs are flowing, and everything feels under control. But if you look closer, you realize that linux logging is often more of a formal archive than a security tool. There is a quiet gap between seeing that a system is running and actually knowing what it is doing.

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it’s different from UAC. I’ll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I’ll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional update KB5067036) or as subsequent security bulletins. Note: As of 1st December 2025 the Administrator Protection feature has been disabled by Microsoft while an application compatibility issue is dealt with. The issue is unlikely to be related to anything described in this blog post so the analysis doesn’t change.

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local privilege escalation bugs. The BigWave driver was no exception - across a couple hours of auditing the code, I discovered three separate bugs, including one that was powerful enough to escape the mediacodec sandbox and get kernel arbitrary read/write on the Pixel 9.

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I’ve spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey’s Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric and I reported CVE-2025-54957. This vulnerability is likely in the 0-click attack surface of most Android devices in use today. In parallel, Seth Jenkins investigated a driver accessible from the sandbox the decoder runs in on a Pixel 9, and reported CVE-2025-36934.

KYBERCENTRUM vydalo knihu ceského kryptologa a popularizátora Pavla Vondrušky, která dokazuje, jak muže veda o kódech a šifrách být fascinující a dobrodružná.
Kniha byla v drívejším vydání v edici OKO zcela vyprodána a nebylo ji možné získat.
Nyní je tedy možnost ji zakoupit v e-shopu KYBERCENTRA. Ale pozor k prodeji touto cestou bylo uvolnen pouze omezený pocet 200 kusu .

Kniha p?edního ?eského popularizátora kryptologie dokazuje, jak fascinující a dobrodružná m?že v?da o kódech a šifrách být.
Kniha vyšla v 2006 v nákladu 8000 ks a byla brzy zcela vyprodána.
Kniha nyní vyjde pomocí Crowdfundingu v rámci projektu Centra kybernetické bezpe?nosti, z. ú. (KyberCentrum).
Podpo?te tento projekt a stanete se vlastníci této knihy.

Kniha P.Vondrušky - Kryptologie, šifrování a tajná písma op?t vyjde.
Knihu lze získat v rámci projektu Kybercentra (Crowdfunding).

NIST has posted an update on their post-quantum cryptography program:

• Update


• NISTIR 8309 Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process