Agregátor RSS

Most information security best practices are built on a single, comfortable assumption: that we have control over what software is running on our hardware, and that the underlying system behaves exactly as we expect. We assume that the memory management happening under the hood is a solved problem''a silent utility that stays within its lines.

Elektricky polohovatelný stůl Di volio Amone stojí jen 2590 Kč. • V ceně jsou i pracovní deska, držák na sluchátka, pevné nožičky, případně i kolečka. • Panel používá fyzická tlačítka a má paměť na tři polohy.

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]

Nearly half of UK businesses are still getting breached, and in many cases, the attacker's big breakthrough is an employee clicking "sure, why not" on a fake login page. The UK government's latest Cyber Security Breaches Survey, released on Thursday, puts the hit rate at 43 percent of businesses and 28 percent of charities reporting a cyber incident in the past year, equating to approximately 612,000 UK businesses and 57,000 UK charities, numbers that have barely budged since the last time it asked. Most of these breaches do not start with anything especially cutting-edge. Phishing leads "by far," usually via impersonation emails that send staff to fake login pages or get them to click links, open attachments, or hand over sensitive information. Everything else barely gets a look-in. Around 85 percent of businesses that reported a breach or attack said it involved phishing, leaving malware, ransomware, and unauthorized access trailing some distance behind. Among businesses that report break-ins, about a quarter say they occur at least once a week, with a smaller share reporting daily occurrences. Charities are seeing attacks land more often, with the share reporting weekly incidents rising from 18 percent to 26 percent over the past 12 months.  Against that backdrop, there are signs that organizations are trying to get a grip of the problem. Around six in ten medium and large businesses report having a formal cybersecurity policy in place, and incident response planning and cyber insurance have both ticked up year on year. Larger organizations are consistently more likely to have these measures in place than smaller ones. Policies on ransomware are still a bit of a mixed bag. Around half of businesses (49 percent) and a third of charities (34 percent) say they have a rule not to pay up, about the same as last year. Plenty are still in the dark, with roughly a quarter of businesses and a fifth of charities saying they do not know what their policy is. Most are covering the basics – at least two-thirds of organizations say they have things like updated malware protection, cloud backups, password rules, firewalls, and restricted admin access in place – but after that, it starts to tail off. Fewer report using measures such as two-factor authentication, formal data backup rules, policies on personal data storage, VPNs, or user monitoring. What's more, among small businesses, some of the basics have slipped compared with last year. The proportion carrying out cyber security risk assessments has dropped to around four in ten, reversing earlier gains and suggesting those improvements have not stuck. Supply chains remain another weak spot. Only around one in seven businesses say they review the risks posed by their immediate suppliers, and fewer go any further. The survey puts it at 15 percent checking direct suppliers and just 6 percent looking at the wider chain. Charities are lower again, at 9 percent and 4 percent, respectively. Then there is the data itself. Around 14 percent of businesses and 22 percent of charities say they hold personal data that is not protected by measures like encryption or anonymization, which means if someone does get in, there is a decent chance they will find something useful. Overall, breach rates remain high, and phishing continues to do most of the work. The basics exist, they're just not applied everywhere they should be. ®

Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'

Nearly half of UK businesses are still getting breached, and in many cases, the attacker's big breakthrough is an employee clicking "sure, why not" on a fake login page.…

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO) [email protected]

A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers. [...]

EXCLUSIVE A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month. In a report shared exclusively with The Register, TrendAI researchers say the new group, which they track as Shadow-Earth-053, targeted government agencies, defense contractors, technology firms, and the transportation industry. The Chinese spies typically gain initial access to victim environments via vulnerable Microsoft Exchange Servers.  In "multiple" of these intrusions, they compromised victim organizations up to 8 months before deploying ShadowPad, a custom backdoor used by China's APT41 for almost a decade, and shared among multiple China-aligned groups since 2019. About half of the victims were also compromised by a related group, Shadow-Earth-054, which exploited the same vulnerabilities and shared identical tool hashes and overlapping techniques with Shadow-Earth-053. The 054 group has some network overlaps with Chinese crews tracked as CL-STA-0049 by Palo Alto Networks' Unit 42, REF7707 by Elastic Security Labs, and Earth Alux. Tom Kellermann, TrendAI VP of AI security and threat research, likened the new Chinese groups to Salt Typhoon and Volt Typhoon.  Salt hacked telecommunications and government agencies to gain stealthy, long-term access to victim organizations going back as far as 2019. And Volt followed in mid-2021, burrowing deep into critical US networks to preposition for future destructive attacks. Neither of these hacking campaigns came to light until late 2023.  "Shadow-Earth-053 followed Shadow-Earth-054, conducting reconnaissance and borrowing into the defense industries and defense ministries of nation states that are aligned with the US and also supportive of Taiwan's independence," Kellermann said in an exclusive interview with The Register.  "I'm concerned about what they are leaving behind: What type of C2 on a sleep cycle is still lingering in these environments? Whether or not they have already prepositioned wipers or destructive capabilities," Kellermann continued. "They're following in the footsteps of the Typhoon campaigns, they look like the younger brother and sister of the Typhoon campaigns, and they're island-hopping through the defense sectors and ministries of those nations for a reason." Shadow-Earth-053's victims spanned at least eight countries, according to TrendAI's investigation. Most of the observed targets were located in Pakistan, Thailand, Malaysia, India, Myanmar, Sri Lanka, and Taiwan, with at least one target - a defense-sector organization - in Poland.   Kellermann also suggested that the network intruders are paying close attention to next month's summit between US President Trump and Chinese President Xi. "Volt essentially had unrequited access to critical infrastructures, energy sector, etc., and it was all for the purposes of ongoing espionage, but most importantly, maintaining sabotage capability, like destructive attacks, should geopolitical tension exacerbate," Kellermann said in an exclusive interview with The Register. "Here we are, leading up to the May 14 and 15 meeting between President Trump and President Xi and, God forbid, the 15th goes sideways." Exchange server bugs: the gifts that keep on giving Shadow-Earth-053 typically exploits external services to hack into targeted networks. The years-old ProxyLogon (CVE-2021-26855), which can be chained with other Microsoft Exchange Server bugs (CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) to achieve remote code execution, is a favorite.  Salt Typhoon and other Chinese government snoops also abused ProxyLogon to breach critical US networks back in 2021, when it was first disclosed, and it's remained a top-exploited vulnerability ever since. So if you haven't already: patch these Exchange server bugs. After compromising the sever, Shadow-Earth-053 installs web shells - Godzilla is a commonly used one with this and other China-based crews - and then deploys the ShadowPad backdoor. In one instance, the snoops delivered ShadowPad malware via legitimate, and popular, remote desktop tool AnyDesk. TrendAI says this suggests the attacker either used a prior compromise or abused stolen credentials. "The limited visibility into this intrusion prevents us from determining whether this represents an alternative initial access method or a later-stage deployment following an unobserved entry point," the authors wrote.  Shadow-y malware and legit Windows tools In a separate instance, the incident responders found Linux NoodleRat backdoors - also widely used by Chinese espionage and cybercrime groups - deployed after Shadow-Earth-053 exploited another widely-abused Microsoft security hole: React2Shell (CVE-2025-55182), a critical flaw in React Server Components that can allow attackers to run arbitrary code on vulnerable servers. The group takes measures to avoid being detected on networks and make their malicious traffic appear legitimate. In one victim's environment, TrendAI detected RingQ, an open-source tool developed in China and available on GitHub that can be used to pack malicious binaries to evade detection by security solutions. The intruders also use domain names that impersonate products, security companies, or are related to the DNS protocol. In some instances, the group renamed legitimate Windows system binaries to evade process-based detection.  "They're using tools that we've seen before, and I think they are doing that on purpose, just to get lost in the noise," Kellermann said.  To move laterally through victim environments, Shadow-Earth-053 uses Windows Management Instrumentation Command-line (WMIC) and installs backdoors onto additional hosts. In one environment, the group propagated web shells to additional internal Exchange servers by using existing administrative credentials - and they continue collecting credentials as they travel through compromised systems, using tools like Evil-CreateDump. Targeting Poland, a NATO country, "highlights how cyber espionage and a cyber warfare is burgeoning," Kellermann said. "And not only is it burgeoning, but this is the direct prepositioning of these assets to colonize these infrastructures for the purpose of not just espionage, but long term sabotage, if need be." ®

Just in time for the Trump-Xi summit

Exclusive  A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.…

Venture funding of AI companies in 2026 will easily smash funding records set in 2025, with some heavy deals already consummated in the first quarter, according to market researchers.

Data from Crunchbase shows that $300 billion poured into 6,000 startups worldwide during the first quarter of 2026. That’s a quarterly record for venture funding in AI companies, a Crunchbase news report said.

A study from S&P Global measured generative AI funding reaching over $140 billion in the first quarter of 2026, outpacing all of 2025, according to a story published on the company’s website. Amid economic concerns, inflation, and the war in Iran, there were fewer deals overall, but the funding rounds were large in scope compared to any made in 2025.

X.AI, for example, kicked off 2026 with a series-E round of $20 billion. OpenAI received $122 billion in a massive funding round in March, with a valuation of $852 billion. Anthropic received $30 billion in one round of funding that valued the company at $380 billion.

Chip maker Nvidia invested in both OpenAI and Anthropic, in the process striking deals to use Nvidia’s GPUs for their genAI models. Nvidia also invested in genAI startup Thinking Machines Lab, which was founded by Mira Murati, the former CTO (and temporarily CEO) of OpenAI.

Venture capitalists are ramping up investments as enterprises across every sector add to their AI portfolios.

“I can say investment velocity for 2026 is fast and on pace or ahead of 2025,” said John Mannes, partner at venture capital firm Basis Set, which focuses solely on AI investments.

“For VCs, it’s a gold rush,” said Jack Gold, principal analyst at J. Gold Associates. “There is lots of potential capital floating around out there in search of the next big thing. AI is the next supposed killer investment, and no one wants to be left behind.”

Gold sees clear signs of an AI bubble, starting with the murky path to profitability for AI firms. “Does AI have the potential to generate lots of revenues? Yes, but with the current spend rate on infrastructure, it’s hard to see how [AI vendors] can be revenue-positive in the short term (two to three years),” he said.

Another sign of the bubble is the “circular financing” that happens when, for example, Nvidia invests in a new company that promises to buy Nvidia products, Gold said.

“As long as people are willing to throw money at AI, then the bubble will remain. But if we hit a point where investors say, ‘We’ve put enough into the field; now show us how our investments will pay off’ (other than through inflated IPO stock prices), then the bubble will likely burst,” Gold said.

“We’re not at that point yet, but it could happen if the economy goes south,” he added.

Clear winners and losers will emerge in the AI sector, said Brad Harrison, founding partner at Scout Ventures. His firm does not invest in large-language models; its AI investments are largely directed toward military and defense, particularly AI technologies for deterrence on the battlefield.

“Without a doubt, we’re in an AI bubble,” Harrison said.

Many AI companies will fail because platforms from large AI vendors will be used to create agents that solve what the other AI companies were trying to do, Harrison said. Breakthrough tools like Claude Code are already improving developer productivity.

“You’re going to see a lot of SaaS companies get a lot smaller… If you don’t need all these people doing all the work, then you don’t need all those software licenses,” Harrison said.

Additionally, he noted, infrastructure and energy demands have reached unsustainable levels, which has raised questions about the resources available for AI.

“Is it good to devote these resources to feeding AI? … Do you think [citizens] want us to spend trillions of deficit that we don’t have on building AI infrastructure and energy? Or do you think they’d rather have some food?” Harrison asked.

Related reading:

• How to prepare for an AI bubble burst
• AI needs a course correction, say World Economic Forum speakers
• The AI bubble will burst for firms that can’t get beyond demos and LLMs

Alza cílí na kanceláře se dvěma ergonomickými myšmi. • Mají tichá tlačítka, kovové kolečko a čtyři připojení najednou. • Lákají i na bohatou výbavu a možnosti nastavení.

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it. Given that cPanel and WebHost Manager (WHM) control panel help manage properties for  70 million domains, by some estimates, and the critical severity of CVE-2026-41940 (9.8), the vulnerability is being considered a disaster by those in the security scene. It also affects every single supported version of the software prior to the patch. For the uninitiated, cPanel and WHM are both Linux-based control panels. The former is used to manage websites, databases, file transfers, email configurations, and domains, while WHM is used for servers. They are both backbones of the internet. Breaking into them would provide an attacker with unfettered access to all the secrets associated with these functions. Or, as watchTowr put it: "Think of it as the keys to the kingdom, and then the keys to every individual apartment inside the kingdom. If the kingdom were the internet and the apartments were websites. For everything." Perhaps the worst part is that early signals from defenders, such as KnownHost CEO Daniel Pearson, suggest it may have been exploited as a zero-day for at least 30 days. Or maybe worse still is the nature of the vulnerability itself – that attackers can gain root access while bypassing all kinds of authentication – a feat worthy of the near-maximum CVSS. The vulnerability also affects WP Squared, a WordPress hosting platform owned by cPanel. Successfully exploiting CVE-2026-41940, which can be summarized as a carriage return line feed (CRLF) flaw – meaning the application that was attacked does not properly sanitize user-supplied input – involves just a few steps.  An attacker creates a session cookie by completing a failed login attempt and then sends a request with a specially crafted header with an instruction to change privileges to root. They can then use that cookie to log into cPanel and WHM as root. In normal scenarios, cPanel would encrypt attacker-supplied values, but in unpatched versions, attackers can remove a hex value and stop this process from running, allowing the plaintext make-me-root commands to pass through like any other trusted code. Above is a high-level, concise summary of the procedure. Those looking for a winding tale of how the experts figured out the attack path, watchTowr published its workflow in its typical tongue-in-cheek style. The prevailing advice is that if you run cPanel and WHM, get patching ASAP. This is a bad one, and given the likelihood of zero-day exploitation, running cPanel's detection script can help defenders understand whether it's just a patch they need, or if it's pull the cables out time. watchTowr also published its own detection artefact generator to help defenders sniff out signs of compromise. ®

Emergency patches out now for those managing the millions of domains assumed to be affected

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…

Před 30 lety, tj. v úterý 30. dubna 1996, byl spuštěn Seznam.cz.

Byly zpracovány a zveřejněny všechny videozáznamy, které stojí za zveřejnění, z konference FOSDEM 2026.

Inovativní letecký elektromotor váží 94 kilogramů a nabízí výkon 750 kW • Stator rozdělený na čtyři samostatné sekce zvyšuje celkovou bezpečnost • Projekt AMBER propojí tento motor s vodíkovými palivovými články