Agregátor RSS

OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

OpenKM 6.3.12 - Multiple

GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)

JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution

FacturaScripts 2025.43 - XSS

Xibo CMS 4.3.0 - RCE via SSTI

Fedora - Local Privilege Escalation

LangChain Core 1.2.4 - SSTI/RCE

Atlona ATOMERX21 - Authenticated Command Injection

Blíží se termín pro elektronické podání daňového přiznání k dani z příjmů. Projděte si s námi, co si předem připravit a na co nezapomenout. V galerii si můžete prohlédnout, jak vypadá vyplnění přiznání v aplikaci MOJE daně.

Mladý bezpečnostní analytik opakovaně hlásí chybné zranitelnosti. Po sérii falešných poplachů mu kolegové přestanou věřit. Pak přijde skutečný problém. Poučení o důvěře a zodpovědnosti v kyberbezpečnosti.

Prozkoumáme detailní parametry grafické karty, automatizujeme instalaci herních kompatibilních vrstev, budeme spravovat písma z příkazové řádky a synchronizujeme přepínání zařízení Logitech mezi počítači.

O kosmologii a odpovědi na otázky z ní je velký zájem, proto v poměrně krátkém časovém sledu zařazuji další, v pořadí již pátý díl, našeho seriálu. I dnes se můžete těšit na pět otázek a odpovědí z oblasti kosmologie a fyziky.

Experiment ARA (Askaryan Radio Array) poprvé detekoval Askaryanovo záření, specifické rádiové signály, které vznikají, když vysokoenergetické částice vletí do hustého dielektrika. Detektory umístěné až 200 metrů pod ledem Antarktidy před časem zachytily celkem 13 událostí, u nichž téměř není pochyb.

Zatímco Intel hovoří o profesionálních řešeních postavených na grafické architektuře Celestial, herní grafické karty od loňska nezmiňuje. Podezření se potvrdilo: Zrušil je již loni, v tichosti…

Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. [...]

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208. [...]

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]

When Apple rolled out hardware chief John Ternus as the CEO to replace Tim Cook, the reaction was kind but muted. That’s because Ternus has said nothing yet to indicate he has a specific plan to position Apple for the future. (To be fair, he’s said next to nothing about anything — no easily found social media posts, no big speeches about anything beyond hardware, no major interviews showcasing his vision. 

I have long been a fan of Apple, but the “i” people have a lot of problems. Their failure to make Apple an AI leader — not the leader, just a leader — has dominated headlines for two years now. But the truth is that Apple has spent years without the passion and drive that marked the second coming of Steve Jobs as CEO.

The clearest example involves the iPhone and the Apple Watch. I used to routinely upgrade my devices once a year, or at least every two years. I am sitting here now with an iPhone 13 Pro Max and an Apple Watch Series 7–the same devices I’ve had for almost five years. 

Each year, I’d get excited about Apple’s new devices and look for just one clean reason to upgrade. I didn’t find it. The promise of AI was intriguing, but Apple didn’t deliver. The iPhone camera kept getting better, but my photos look just fine already. 

Apple did deliver one feature that would have made me upgrade: allowing an iPhone to record and quickly transcribe calls. But the company then rolled it out to all devices, meaning it offered little to push new iPhone sales. (Of course, Apple never bothered to tell users the transcription feature has a roughly 30-minute limit. For a guy who often does hour-long interviews, that’s a problem; I’m forced to stop a recording at the 25-minute mark and reactivate it. *Sigh*)

As for AI, I would love for the iPhone to actually be intelligent about all of the data swimming within its case. For example, as a reporter, I have apps for a large number of news organizations. On one election night, I got 16 alerts that a Senate race had been called. I don’t need 16; I just need one. If Apple Intelligence were really intelligent, it would understand that. It should also understand that when I’m driving to an appointment, I don’t need a calendar alert 15 minutes before my meeting when the phone should know — based on my destination and routing in Apple Maps — that I’m on the way.

All those little missteps add up. One of the critical talents a CEO at a company as large as Apple needs is either vision or a passion that can pass for vision. 

This brings us to the inevitable comparison between Jobs and Cook. Jobs was passionate, persuasive, inspirational and he truly had a plan for future products based on his gut feeling of what users would want or need. But Jobs was also undisciplined, harsh, and abrupt and someone who wasn’t always worried about the truth.

He was, therefore, a great business leader, but he had help. (Keep reading for more.) 

Cook was nearly the opposite of Jobs. He was precise, methodical, detail-oriented and he for the most part treated people well and with respect. But his speeches were lackluster and I have yet to meet anyone who dubbed him electric or inspirational. He was privately passionate about his work, but that passion rarely surfaced in public. 

Here’s my point about Jobs’ success: He did so well because he had Cook as a senior deputy. Having the ultimate technocrat in place allowed Jobs to focus on the bigger-picture future. 

There’s been chatter on LinkedIn suggesting that Cook was a weaker CEO than Jobs. There’s a valid argument for that, but many do not give credit to Cook for helping Jobs perform as well as he did. 

Earlier in Cook’s tenure, he did have one executive with a healthy chunk of the Jobs passion: Jony Ive. But Ive got tired of the technocratic nature of his boss and left in 2019 to work elsewhere. Turns out the best leadership duo is a visionary CEO with a technocrat deputy. It doesn’t seem to work the other way around. 

Customers and employees also want to see passion and vision from a CEO directly. And that brings us to the upcoming change.Can Apple under CEO Ternus get its AI act together? That is the big mystery. 

Apple certainly has the money and the clout to make AI work from either side of the buy/build path. But does it have a vision of what customers want — or more precisely, what they need?. Jobs had the knack for correctly guessing what customers would want once they got it, even if they didn’t yet know they needed it. 

Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey, sees Ternus as an executive “who has also [along with Cook] been heads down on execution mode his entire career and he’s an insider. He knows how to keep (Apple) in its lane.”

Greis goes with the crowd in pinning most of his Apple hopes on AI. “If you look at the big AI companies, Apple is not on the map. Everybody is outpacing them. Siri simply doesn’t have the power that is needed to be valuable for their end-users.”

The AI magic is really not about simply using AI on-device. It’s about the value that can be delivered by a sophisticated integration of literally every piece of information coursing through a phone, your watch, a Mac or an iPad. 

A few years ago, people saw Apple as a gatekeeper controlling access to Siri. Back then, the assumption was that access to Siri would be worth tons of money. No longer. Plenty of people now use their iPhone to access generative AI offerings from a variety of Apple’s AI rivals. 

Apple can still win the AI mindshare battle, but only if it can truly deliver intelligent integration of everything that interacts with the phone. That package could be offered solely through Siri, allowing Apple to again control the almighty gateway. Sure, an iPhone user can access Claude or Perplexity — but if only Apple’s knighted partner can analyze your calendar, your contacts, your call history, your travel plans, your bank account, your photos, etc.— companies will again be willing to pay for access. 

That’s where Apple gold lies. The question is whether Ternus can mine it.

Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB. Vect's leak site lists 25 organizations since January, and four since March, which is when the extortions from the supply chain attacks began. It's unclear, however, how many - if any - of the listed orgs are tied to Trivy and LiteLLM-related compromises. "On April 15, the group claimed two larger victims, Guesty (700GB) and S&P Global (250GB), allegedly tied to earlier TeamPCP compromises," Eli Smadja, group manager at Check Point Research, told The Register. "However, these claims cannot be independently verified, and there is no confirmed visibility into how many of these cases resulted in successful ransom payments versus data being leaked without payment." Neither Guesty nor S&P Global responded to The Register's inquiries. Vect is one of the crime crews partnering with TeamPCP to leak data and extort victims of the ongoing attacks that infected Trivy, LiteLLM, Checkmarx, and Telnyx.  After initially compromising the security and developer tools, infecting them with self-propagating credential-stealing malware, TeamPCP and Vect announced their new partnership on BreachForums, bragging: "we will pull off even bigger supply chain operations. We will chain these compromises into devastating follow-on ransomware campaigns." Plus Vect announced a partnership with the data leak site itself, and said that every registered BreachForums user can use Vect's ransomware, negotiation platform, and website. So Check Point researchers opened a BreachForums account, got access to the panel and ransomware builder, and analyzed the gang's malware. They quickly determined that the ransomware-as-a-service group also isn't very good at writing code - "not technically sophisticated" and "amateur execution" are how Check Point's research team describes the crims - and they appear to have accidentally written a data wiper.  Instead of encrypting large files, which is what ransomware is supposed to do, Vect 2.0 ransomware permanently destroys any files larger than 131,072 bytes (128 KB). "Full recovery is impossible for anyone, including the attacker," the security analysts wrote. "At a threshold of only 128 KB, this effectively makes VECT a wiper for virtually any file containing meaningful data, enterprise assets such as VM disks, databases, documents and backups included. CPR confirmed this flaw is present across all publicly available VECT versions." The ransomware, as advertised, includes Windows, Linux, and ESXi variants. All share the same encryption design built on libsodium, the same file-size thresholds, the same four-chunk logic, and the same flaw: The encryption implementation discards three of four decryption nonces for every file larger than 128 KB. In addition to the nonce-handling flaw, the malware analysts say they spotted "multiple" other bugs and design failures across all ransomware variants, suggesting that even criminals can't vibe code their way to a successful operation. As the researchers note: "The authors know what features a professional ransomware tool should have, but demonstrably struggled to implement them correctly or at all." ®