Agregátor RSS

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted to arXiv on Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Tyto filmy a seriály jsou teď na českém Max (dříve HBO Max) nejoblíbenější. Nerozlišujeme žánr, stáří ani hodnocení na filmových webech. Jde o souhrnnou oblíbenost za poslední týdny, kterou zjišťuje a počítá web FlixPatrol.

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to [email protected]

Byla vydána nová verze 9.1.0 správce sbírky fotografií digiKam (Wikipedie). Přehled novinek i s náhledy v oficiálním oznámení (NEWS). Vypíchnout lze vylepšené vyhledávání nebo podporu Pixel Motion Photos. Nejnovější digiKam je ke stažení také jako balíček ve formátu AppImage. Stačí jej stáhnout, nastavit právo ke spuštění a spustit.

French officials are investigating a compromise of the government’s encrypted messaging service Tchap after attackers hijacked an account and gained access to public chat rooms. The incident came to light on June 7 when France's National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government's homegrown messaging service used across ministries and public sector organizations. The French Digital Affairs Directorate (DINUM), which operates the platform, said it immediately began investigating the compromise and moved to block the affected account. French officials insist the damage was limited and said the attacker could only see messages posted in public chat rooms, which are accessible to all Tchap users. Private conversations, the government says, are encrypted, and their contents remain inaccessible even when an account is compromised. Not everyone is buying that version of events. A cyber criminal has claimed responsibility for the attack and said they were able to gain access after they “social engineered” a valid agent account associated with Tchap's education environment. The alleged hacker claims they accessed more than 73,000 user accounts, 643,000 messages, nearly 60,000 media files, and hundreds of chat rooms. The post, shared by Dark Web Intelligence, also claimed user enumeration was possible through a directory search function and suggested the data included references to documents marked "Diffusion Restreinte," a French government restricted-distribution classification. None of those claims have been independently verified, and DINUM's statement makes no mention of user directory exposure, restricted documents, or the volumes of data cited by the hacker. What French officials have confirmed is that investigators are still working through logs to determine exactly which conversations were accessed and whether any data was exfiltrated. The agency has also notified France's data protection watchdog, CNIL, after determining that personal information may have been exposed through content shared in conversations accessible to the attacker. “A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted,” French officials added. “In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms.” Whether the incident amounts to a limited exposure of public chat rooms or something considerably larger will depend on what investigators find in the logs, but for now, the government and the attacker are telling very different stories. ®

Jedničkáři mezi našimi čtenáři si z hodin biologie jistě dobře pamatují, že všechna embrya obratlovců začínají svůj vývoj s nápadně podobným tělním plánem včetně faryngových oblouků a ocasu. Příroda nestaví nové organismy na zelené louce, ale je to spíše bioinženýr, který modifikuje a rozšiřuje ...

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]

CZC.cz prodává MacBook Neo s 512GB SSD a Touch ID za 16 236 Kč. • Běžně stojí 20 tisíc, dražší je i se studentskou slevou od Applu. • K dispozici je však jen omezený počet kusů, tak neotálejte.

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Přihlaste svou přednášku na další ročník konference LinuxDays, který proběhne 3. a 4. října na FIT ČVUT v pražských Dejvicích. Příjem témat poběží do konce prázdnin, pak proběhne veřejné hlasování a následně sestavení programu.

A US federal judge has ruled that the Trump administration’s $100,000 fee on new H-1B visa petitions was unlawful, giving technology companies temporary relief from a policy that threatened to raise the cost of hiring foreign skilled workers.

The decision removes, at least for now, a major cost burden for employers that use the H-1B program to fill roles in domains including software development, cloud computing, data science, and AI.

US District Judge Leo Sorokin in Boston found that the fee functioned as a tax that the administration did not have authority to impose without congressional approval. The ruling came in a lawsuit brought by 20 Democratic state attorneys general challenging the fee.

Standard employer costs for H-1B petitions typically range from about $2,000 to $5,000, making the proposed $100,000 payment a sharp increase for companies seeking foreign talent.

The ruling is unlikely to end uncertainty for employers, with the Trump administration expected to appeal. But it could allow companies that had paused international hiring plans to resume normal recruitment for the upcoming H-1B cycle, said Pareekh Jain, CEO of Pareekh Consulting. Still, he said, employers should remain cautious because the legal and policy concerns are likely to continue.

“This provides breathing room for CIOs, even though it’s temporary,” said Neil Shah, vice president for research and partner at Counterpoint Research. “They should make the necessary contingency plans, whether that means doing more with less by leveraging AI or relying more on local talent.”

How companies may rethink hiring

If higher H-1B costs return in another form, CIOs will have to be more selective about sponsorship, weighing the added cost against the strategic value of the role and the long-term potential of the employee, Shah said.

“Ultimately, the decision comes down to business unit P&L: whether the unit can absorb the cost of acquiring the talent for that role,” Shah added.

That uncertainty could also lead CIOs to compete for talent from other companies, potentially driving up salaries for skilled workers. Some CIOs may conclude that paying a one-time $100,000 fee, amortized over the employee’s tenure, is still more cost-effective than engaging in a bidding war for scarce local talent.

Danish Faruqui, CEO of Fab Economics, said that CIOs may reserve H-1B sponsorship for a narrower set of mission-critical roles if costs increase.

“If there is such a financial burden, CIOs will justify sponsoring very specific roles,” Faruqui said. “These would be principal enterprise architects, AI, ML, and deep-tech researchers, senior product managers, and regulatory and compliance experts.”

More routine or project-based roles are likely to be treated differently, Faruqui said.

“Junior to mid-level software engineers, entry-level business analysts, and entry-level data scientists would shift from H-1B to domestic hiring,” Faruqui said. “Cloud migration, DevOps, ERP, and CRM implementation could be done through contractors or consulting firms, while QA, product testing, tier-one help desk support, and legacy maintenance are roles that CIOs could prioritize for automation.”

Who would be most affected?

Startups, smaller companies, and enterprise IT departments would have faced the greatest pressure from the fee and stand to benefit most from the ruling, Jain said.

Large technology companies would have been better placed to absorb the $100,000 cost, he said. Meanwhile, companies with mature offshore delivery models may be less likely to increase their reliance on H-1B hiring.

The article originally appeared on CIO.

The patient tally from the Synnovis ransomware attack continues to grow two years later, with Mid and South Essex NHS Foundation Trust confirming it was caught up in the breach. The trust told The Register that the Synnovis breach affected about 2,380 records relating to patients who underwent specialist diagnostic testing. The disclosure follows a similar announcement by Bedfordshire Hospitals NHS Foundation Trust, which earlier this month said that almost 33,000 patient records had been caught up in the same breach. According to Mid and South Essex, some of the compromised data cannot yet be directly linked to individual patients, meaning the trust is still unable to determine the final number of people affected. It also said the precise time period covered by the stolen records has yet to be established, although patients tested after June 3, 2024, the day of the attack, were not affected. "We are still waiting for confirmation on exact numbers," Dawn Scrafield, deputy chief executive of Mid and South Essex, told The Register. "Once we have established who those patients are, we will be in contact with any who have been affected." The disclosure highlights the drawn-out fallout from the attack. Synnovis told us it completed its forensic review by the end of last summer and said it had notified all affected organizations by November. However, Mid and South Essex said it was only informed in December 2025 and is still trying to work out exactly which patients are tied to the compromised records six months later. "Any decision on patient notification, including the number of patients to be notified, is made by the affected organization as part of their assessment," a Synnovis spokesperson said in a statement. "Synnovis, as the Processor of the data, is not involved in any of the assessments regarding if, when or how many patients a Controller determines necessary to notify." The company said it does not believe the stolen information presents a high risk to individuals because of its fragmented nature, but acknowledged that affected organizations are still assessing what was taken and whether patients should be contacted. The breach was one of the most disruptive cyber incidents ever to hit the NHS. The Qilin attack crippled pathology services across south east London, forcing hospitals to cancel thousands of appointments and operations while clinicians struggled with delays to blood testing and transfusion services. Patient data was later published online after the gang's extortion attempt failed. However, the fallout wasn't limited to canceled operations and delayed blood tests. Last year, King's College Hospital NHS Foundation Trust confirmed that delays caused by the outage contributed to the death of a patient, marking one of the first officially acknowledged fatalities linked to a ransomware attack. ®

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]