Agregátor RSS

telnetd 2.7 - Buffer Overflow

Ghost CMS 6.19.0 - SQLi

LuaJIT 2.1.1774638290 - Arbitrary Code Execution

Bludit CMS 3.18.4 - RCE

NocoBase 2.0.27 - VM Sandbox Escape

ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)

Jaké povinnosti máte, pokud způsobíte škodu na zaparkovaném autě a jaký postih hrozí? A jaké máte možnosti, když přijdete ke svému vozu, které zřídil neznámý viník?

Provoz tramvaje je nebezpečný sám o sobě. Proto musejí dopravní podniky sražené chodce zásadně odškodnit, i když si úraz způsobili svou nepozorností.

Fond Open Source Endowment je americká nezisková organizace, která chce financovat kritické open‑source projekty trvalými dary. Funguje jako univerzitní nadační fondy a liší se od běžných grantových modelů.

Dnes se budeme zabývat popisem jedné z nejužitečnějších programových technik, které nabízí osmibitová Atari. Jedná se o DLI (display list interrupt), který umožňuje zvýšit počet barev na obrazovce, rozšířit znakovou sadu a podobně.

Je to záhada. Jak potvrdily důmyslné experimenty, ptáci žijící ve městech, různých druhů a v různých zemích, nějak rozeznají ženy od mužů a prchají, když jsou od nich ženy v průměru o metr dál než muži. Nějaké spekulace sice jsou, ale v zásadě není jasné, co jde. Fascinující fenomén si zaslouží další výzkum.

Rostoucí segment Agentic AI nezaměstnává jen výrobní linky akcelerátorů, ale katapultoval i poptávku po serverových procesorech. Počet cloudových instancí s Epycem meziročně stoupl o 50 %…

A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. [...]

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Google Chrome can automatically download a local AI model that takes up to 4 gigabytes of hard drive space on a computer when certain AI features are enabled, according to The Verge.

The file, called weights.bin, is used by Google’s Gemini Nano AI model to provide writing assistance, autocomplete, and fraud protection directly on the device. (Nano has been around since Gemini was introduced in late 2023.)

Since the model runs locally, the AI data is stored on the computer instead of in the cloud, which can provide better privacy, but also takes up storage space. Users can check whether the file is present by looking for the OptGuideOnDeviceModel folder in Chrome’s system files.

To free up the space, users need to disable the on-device feature in Chrome’s settings under Settings > System.

There is no formula for predicting the future. No formula for dealing with change. No formula for living a good life, for success, for great art, for writing a great book, or for producing a great film. Every time we reach one of those, even when following a formula, we have to break the pattern […]

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]

Cybersecurity vendor Arctic Wolf has laid off 250 workers in a restructuring that it says is designed to position the company to invest more in AI through its superintelligence platform and agentic Security Operations Center (SOC), a company spokesperson told The Register. “We recently made an organizational restructuring to better align the company’s structure and investments with our long‑term strategy,” a spokesperson said. “While these decisions are difficult, they position Arctic Wolf to operate more efficiently, continue investing in our Superintelligence platform and Agentic SOC, and deliver strong value to customers. We remain confident in our direction and momentum.” The layoffs appear to represent less than 10 percent of the total workforce. Arctic Wolf is a privately held company and does not publish a current headcount, but in December 2024, the company said it employed more than 2,600 workers, according to a press release it issued at the time. According to the website PitchBook, Arctic Wolf has 3,323 employees. The job cuts appeared to fall across several categories including sales, product development, and marketing. Some had been with the company for four years or more in revenue-generating roles such as sales engineer. One senior systems engineer with experience in datacenter infrastructure and cyber threat detection said on LinkedIn he was let go after more than a year with the company. “Wow! I was not expecting to have such a swing in posts this week from super positive to negative. Today I was laid off by Arctic Wolf due to restructuring,” wrote one sales engineer the day after he wrote a post about the success they had experienced last year. Alongside its five global SOCs, Arctic Wolf has offices in Waterloo, Ontario; San Antonio, Texas; Eden Prairie, Minnesota; Bengaluru, India, and other locations worldwide. Arctic Wolf operates in crowded endpoint detection and response (EDR) and managed detection and response (MDR) markets alongside CrowdStrike, Rapid7, and SentinelOne. It also competes for channel partners and customers with the likes of Huntress and Blackpoint Cyber. The company has bet on its Aurora Superintelligence Platform that combines security data, a “Swarm of Experts” AI agents and humans in the loop to protect customers' systems. ®