Agregátor RSS

Samsung v nedávno oficiálně představil v prostorách Žižkovské televizní věže nové prémiové televizory na rok 2026. Hlavním bodem programu byla technologie Micro RGB.

Businesses tend to eye AI spending as a way to reduce headcount, but firms that cut staffers as a result of AI are doing no better than those who don’t, according to new Gartner research.

Gartner recently surveyed 350 global business leaders at large organizations already using AI agents and intelligent automation tools and found that 80% of them reported a lowered headcount as a result of AI initiatives — in some cases by up to 20%. 

But those layoffs appear to be less beneficial than senior leaders might assume. 

“There’s no connection or correlation between people who are achieving ROI and layoffs,” said Helen Poitevin, distinguished vice president analyst at Gartner, adding that labor reduction is “not the best” ROI metric. Other factors such as revenue, growth, and time to market are more effective in achieving a strong ROI. 

“Those who only look to the workforce tend to be the ‘laggards,’ because they’re not going after the broader set of value that they can get to,” she said. This approach can also be “very disruptive more broadly,” she said, noting that some organizations who cut staff were forced to quickly rehire employees soon after.

That’s not to say companies aren’t cutting jobs, said Poitevin, but doing so isn’t the main route to solid ROI. Instead, organizations with higher levels of return on their spending looked beyond workforce reductions and saw AI as a way to improve employee productivity.  

These organizations are more likely to upskill staff to use AI tools, link employee hiring and performance criteria to AI proficiency, and set “transition paths” for skill sets and roles that will be affected by automation plans, said Poitevin.

“You have to plan for layoffs where they happen, but, more importantly, you have to plan for workforce transformation, and you have to go after broader forms of value through your AI investment portfolio than just labor cost,” she said.

For those panicking at the prospect of an AI-led jobs apocalypse, Gartner offers some hope: The analyst firm predicts that by 2029 the number of jobs created by AI will outpace those that are lost. 

Between 2023 and 2029, approximately 6 million roles will be automated globally, as businesses deploy AI agents and other intelligent automation technologies, according to Gartner; that’s a small proportion of the roughly 2 billion jobs available to workers. 

The prediction adds to a growing expectation among industry watchers that AI will reshape the workplace rather than replace workers en masse, at least for the foreseeable future. “AI is not leading to a jobs apocalypse, but it’s unleashing job chaos, changing the shape of what people do,” said Poitevin.

That doesn’t mean disruption can be avoided entirely. A larger portion of the workforce — around 32 million workers each year — will see their roles transformed with the introduction of AI and intelligent automation, forcing them to “rethink what they do, how they do it, what ‘good’ looks like,” said Poitevin. 

At the same time, the deployment of AI is expected to generate new labor demand in 2027 and 2028, with that demand offsetting AI-related job cuts the following year.

The AI-led job gains will include higher demand for existing roles boosted by AI-driven productivity gains, as well as the creation of new roles related specifically to the deployment and management of AI systems – change management and business transformation, for example. 

Wider adoption of AI tools will also lead to the emergence of new business models, according to Gartner – similar to higher demand for logistics systems and delivery drivers after the e-commerce boom or the increase in financial analysts after Excel replaced old-fashioned bookkeeping.

Strategies for deploying AI technology.

Gartner

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Your MFA doesn't stop it. And when an attacker gets hold of one, they don't need a password. OAuth

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Your MFA doesn't stop it. And when an attacker gets hold of one, they don't need a password. OAuth [email protected]

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Romance fraudsters scammed Britons out of £102 million ($138 million) last year, according to the latest police figures. That works out to roughly £280,000 ($379,000) a day, the City of London Police said Tuesday. The average victim loses around £9,500 ($12,866) per scam, though individual cases have reached £1 million ($1.35 million). The figures come from Report Fraud, a City of London Police service that logged 10,784 romance scam reports in 2025, a 29 percent year-on-year bump. "Romance fraud is particularly harmful because it targets trust and emotional connection," said Detective Superintendent Oliver Little at the City of London Police.  "Offenders will often spend significant time building what appears to be a genuine relationship before attempting to exploit their victim financially," he added. "While the monetary losses can be substantial, the emotional impact is often just as damaging. This crime can affect anyone, and by reporting it, victims help us build intelligence, disrupt offenders, and protect others from harm." The scams disproportionately hit older victims, with almost half of 2025's total losses coming from those aged 55-74. Men submitted the highest number of reports, but women incurred the greatest financial losses. The playbook is well-established: criminals build fake profiles on social media, cultivate rapport with targets – often expressing strong feelings early – then request money for various reasons, including travel, medical expenses, and other invented needs. City of London Police has urged the public to look out for common tactics used by fraudsters: unsolicited affection from strangers online, excuses to avoid video calls or in-person meetings, and sudden investment pitches. A second opinion from a friend or family member can help. Confidence/romance scams are an even bigger problem in the US, where they rank as the fifth most costly form of cybercrime. An annual report from the FBI's Internet Crime Complaint Center (IC3) estimated total losses in 2025 at $929.4 million, ahead of data breaches, phishing, extortion, and ransomware. In the UK, romance fraud sits at the lower end of the cybercrime spectrum. Advance fee fraud, banking fraud, investment fraud, and online shopping scams all generate far more reports. Total fraud losses in the UK reached £3.4 billion ($4.6 billion) in 2025 across 388,895 reports, according to data, a figure that puts romance fraud's toll in stark perspective. Underreporting is also thought to be widespread, with many victims staying silent out of shame. ®

Victims losing £280K a day to fake profiles and sob stories

Romance fraudsters scammed Britons out of £102 million ($138 million) last year, according to the latest police figures.…

Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. [...]

I've recently developed a daily habit—perhaps one I should cut back on—of visiting several subreddits to keep up on things like audio production and the Russian invasion of Ukraine. But I was surprised this weekend to suddenly find myself cut off; Reddit simply would not let me visit the site on my mobile phone.

Instead, a new overlay popped up, saying, "Get the app to keep using Reddit."

There was no way to skip, bypass, or close the overlay. It did not provide any instructions or alternatives for continuing to use the mobile web version. What it did offer was a large button I could press to get the app. If I did so, the overlay told me, I would be able to "search better" and "personalize your feed"—two things I don't care to do.

Read full article

Comments

Vyšetřování ukázalo, že někdo úmyslně vypnul přívod paliva do obou motorů • Letadlo následně přešlo do prudkého pádu a během dvou minut havarovalo • Čínské úřady dosud nevydaly finální zprávu a detaily zůstávají nejasné

Homebridge pro integraci chytrých domácích zařízení byl vydán ve verzi 2.0.0. Nově vedle protokolu HomeKit Accessory Protocol (HAP) podporuje standard chytré domácnosti Matter.

A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems.

The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials and potentially capture authentication codes synced from a user’s smartphone, Talos researchers Alex Karkins and Chetan Raghuprasad wrote in a blog post.

“According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time passwords (OTPs),” the researchers wrote.

The attack does not target the mobile device itself. Instead, it exploits the trust relationship between phones and Windows PCs by monitoring data mirrored through the Phone Link application, the blog post said.

CloudZ “utilizes the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application, allowing the plugin to continuously scan for active Phone Link processes and potentially intercept sensitive mobile data like SMS and OTPs without deploying malware on the phone,” the Talos report said.

The technique sidesteps the need to compromise the mobile device itself, which the researchers said makes the intrusion notable to enterprise defenders.

It adds to a growing body of attacker tradecraft aimed at bypassing SMS- and app-based MFA by extracting authentication codes from compromised Windows systems where mobile data is synced.

Microsoft did not immediately respond to a request for comment.

Phone Link data becomes an attack surface

Microsoft Phone Link, previously known as Your Phone, is a built-in Windows feature that connects a PC to a smartphone and mirrors messages, notifications, and calls on the desktop.

Pheno is designed to locate the Phone Link data stored locally on the Windows system. According to the advisory, the attacker using CloudZ “can potentially intercept the Phone Link application’s SQLite database file on the victim machine, potentially compromising SMS-based OTP messages and other authenticator application notification messages.”

Because this data resides on the endpoint, the technique shifts risk from mobile devices to enterprise-managed Windows systems, potentially bypassing controls focused on securing smartphones.

Multi-stage infection chain

The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.

The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.

Persistence is established through a scheduled task named “SystemWindowsApis” that runs at startup with elevated privileges using the legitimate regasm.exe utility, the researchers wrote in the blog.

The .NET loader runs anti-analysis checks before unpacking CloudZ. It performs multiple checks to detect security tools and sandbox environments before executing the payload in memory, the report said.

It “calculates the actual elapsed time of a sleep command to detect if it is executed in the analysis environment,” and scans for tools such as Wireshark, Fiddler, Procmon, and Sysmon. “The .NET loader exits the execution if these are detected in the victim environment,” the blog post added.

The CloudZ payload is then decrypted in memory and executed, it said.

RAT enables credential theft and plugin delivery

CloudZ establishes an encrypted connection to a command-and-control server and supports a range of functions, including credential harvesting, file operations, and remote command execution, Talos said.

The malware also retrieves secondary configuration data from attacker-controlled infrastructure.

The Talos researchers wrote that the RAT downloads configuration data from remote servers and “extracts the C2 server IP address … and port number … establishing connections through TCP sockets.”

It also rotates user-agent strings to blend its traffic with legitimate browser activity, the researchers noted.

Pheno plugin monitors active device sync

The Pheno plugin is responsible for identifying active Phone Link sessions and enabling data interception.

It “scans all running processes for specific keywords such as ‘YourPhone,’ ‘PhoneExperienceHost,’ or ‘Link to Windows,’” and logs results locally, the report said.

The plugin then checks for evidence of a proxy connection used by Phone Link to relay data between devices.

“The presence of ‘proxy’ … indicates that the Phone Link session is actively routing traffic through its relay channel,” the researchers wrote.

When such activity is detected, the plugin flags the system as connected, which “eventually allows the attacker … to potentially monitor SMS or OTP requests that appear on the Phone Link application,” according to the report.

Talos has released detection signatures and indicators of compromise, including malware hashes, command-and-control infrastructure, and Snort rules associated with the activity.

Cisco Talos did not attribute the activity to a known threat actor.

The article originally appeared on CSO.

Konkurence mezi konverzačními chatboty (ChatGPT nebo Google Gemini) je značná. Uložená historie může uživatelům bránit v přechodu ke konkurenci. Google se rozhodl s tímto omezením vypořádat.

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the [email protected]

A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. [...]

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. [...]

Tyto filmy a seriály jsou teď na českém Netflixu nejoblíbenější. Nerozlišujeme žánr, stáří ani hodnocení na filmových webech. Jde o souhrnnou oblíbenost za poslední týdny, kterou zjišťuje web FlixPatrol.