Agregátor RSS

Příští generace procesorů Intelu byla zachycena na první fotografii. Zatímco shora se prakticky neliší od Arrow Lake, rozhraní LGA na spodní straně zabírá viditelně větší plochu…

Na všech herních platformách je každou chvíli nějaká slevová akce. Každý týden proto vybíráme ty nejatraktivnější, které by vám neměly uniknout. Pokud chcete získat hry zdarma nebo s výhodnou slevou, podívejte se na aktuální přehled akcí!

Byla nalezena a 9. června opravena kritická zranitelnost ve FreeBSD v Kernel TLS (KTLS). Pojmenována byla Bumsrakete (FreeBSD-SA-26:26.ktls, CVE-2026-45257). Lokální neprivilegovaný uživatel může přepisovat soubory, ke kterým má právo pouze pro čtení. Přepsáním setuid binárky a jejím spuštěním může získat roota. Na všech verzích od verze 13.0 vydané v dubnu 2021.

Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]

A German court has sparked a legal controversy by ruling that Google is responsible for defamatory comments generated by its own AI system. The search giant had argued that it couldn’t be blamed for the false results, but a Munich court has deemed that not to be the case and has ruled in favor of the two unnamed plaintiffs, both publishing companies, who the Google AI Overview inaccurately said engaged in shady business practices.

Google is required to remove the comments and ensure that they are not repeated. The case is certainly going to raise some questions globally. Will this mean that other courts are going to rule against AI vendors?

Bernhard Buchner, a partner at Lausen Rechtsanwälte, the legal firm that acted for the plaintiffs, said, “I believe it shows that online providers such as Google cannot hide behind the fact that a statement was generated by AI, but rather that they can be held liable for its output. It is an important step towards ensuring that providers of AI systems have to take responsibility for their outputs.”

So, does this mean that the decision could be replicated in the US or elsewhere? Alex Shahrestani, managing partner at Austin-based Promise Legal, said, “the short answer is ‘yes’:  the Munich ruling travels, because US courts are already making the same move.”

He explained that Section 230 of the US Communications Decency Act, which has been applied to protect online service providers like social media companies from lawsuits based on their decisions to transmit or take down user-generated content, was built for computer bulletin boards, “not for a model that writes its own answers. Once the AI is the author, the company is the publisher.”

This means, he said, “businesses now need named humans at accountability nodes, verification gates before AI output ships, and audit trails that survive discovery, because ‘the model recommended it’ is a legally empty sentence.”

Does the decision mean that other AI providers could find themselves in the same position? Buchner believes it’s possible, although, he said, the situation in this case is unusual; it does not involve a classic chatbot scenario, but one where the AI-generated statements are published as an ‘AI overview’ of a search query.

“Google’s liability here is based not so much on the fact that it operates the underlying AI, but rather on the publication of its output. However, it seems entirely conceivable to me that this could also be applied generally to inaccurate or defamatory AI,” he pointed out.

Nonetheless, said Carolyn Shelby, head of SEO at Yoast, the German ruling should ensure that companies will be more circumspect in how they handle AI in the future, to protect themselves from any legal action. The first thing they should do  is to separate low-risk use of AI from major decision-making.

“Using AI to summarize meeting notes, brainstorm campaign ideas, or create a first draft of something is very different from using it to make decisions about customers, employees, finance, compliance, health, legal claims, competitive positioning, or public communications,” she noted.

She pointed out that the effects of AI use could be devastating for companies. “The consequences could include customer complaints, reputational damage, regulatory attention, legal claims, correction costs, loss of trust, and internal disruption,” she said. “Even when a mistake does not become a lawsuit, the operational cost of correcting bad information can be significant.”

However, she noted, things may not change immediately.  “Many companies will wait until there is a high-profile court case, regulatory action, or major corporate embarrassment before they take this seriously. That is usually how governance catches up with technology. But the better-run organizations will start treating AI governance as part of normal business risk management now.”

And, said Shahrestani, after the Google decision, everything has changed. It will become more important to ensure that employees remain part of the process.

Webbův dalekohled objevil černou díru starší než její galaxie. Největší černé díry nevznikly obvyklým způsobem. Odříznutý kousek mořské okurky odmítl zemřít.

Na NZÚ Light dosáhnou pouze rodiny a jednotlivci s nízkými příjmy. Kdo konkrétně může o podporu žádat, co musí splnit a kolik dostane?

Hvězda Ubuntu už v posledních letech nezáří, jako v dobách před 15 lety. Je to přirozený cyklus, za dalších pět let to může být jinak, ale vedle toho Canonical schytává velmi ostrou kritiku. Oprávněně?

Letadla jsou továrny na emise. Co kdybychom ale vyráběli letecké palivo z něčeho, co se válí všude kolem? Nová metoda výroby leteckého palivo z plastového odpadu zahrnuje tandemový průtočný reaktor, v němž se nejprve plastový materiál rozkládá hydropyrolýzou a poté hydrogenací vzniká letecké palivo bohaté na cykloalkany.

Crosshair v názvu, chladiče zářivé – ale měď to není. €829 na štítku, měděný lesk – ale luxusní chlazení to není. Lakované radiátory, hliníkem nadívané – ale levná deska to není, jasný pane…

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

While we still can’t explain how AI works, algorithms are rapidly learning what makes us tick. And the gap is widening.

AI is becoming more powerful, and mysterious.

Despite years of work on “explainable AI,” today’s most advanced systems remain black boxes for the most part. Scientists can observe what they do but cannot fully explain how they arrive at their conclusions or predict when they’ll fail.

As large language models (LLMs), the algorithmic engines behind popular chatbots, permeate society, researchers are warning that the window for understanding AI “minds” is rapidly closing even as the technology’s influence expands.

Last week, Eric Horvitz, chief scientific officer at Microsoft, and Robert West at EPFL in Switzerland outlined the dangers of putting AI interpretability on the back burner. They call for new AI benchmarks and better tools for unpicking machine minds.

The challenge resembles efforts to understand our own minds. Some researchers have already taken a neuroscience-inspired approach, mapping AI’s internal networks to concepts, goals, and reasoning. Others borrow from psychology, treating AI as a participant of behavioral studies.

The stakes are rising. AI tools already shape how people search for information, make decisions, and form judgments. Their answers influence everyday users and the researchers who build them.

As AI capabilities grow, our understanding of them could fall behind. “Preserving human agency must therefore remain a central goal,” the authors write.

The Black Box Conundrum

LLMs are built on artificial neural networks (specifically, a design called the transformer). Inspired loosely by the brain, these networks connect vast numbers of artificial neurons into intricate architectures. The basic idea is straightforward. Data enters the network and passes through layers of computations, which transform it into an output like text or code.

At first, that output is often wrong. But with feedback and repeated training, the network adjusts the strengths of connections between neurons and gradually improves. It learns.

After initial training, engineers turn to reinforcement learning, where algorithms improve through trial and error and further hone their responses. Another method, inspired by how the brain etches memories during sleep, reduces the tendency to forget old knowledge while learning new tasks. And self-attention, the key innovation behind transformers, allows AI to selectively focus on various words, images, sounds, or video frames at different moments, boosting efficiency and performance. Today, attention underpins nearly every major AI system.

Yet the inner workings of finished algorithms remain hidden.

Early efforts to crack open AI’s black box examined how artificial neurons responded to images, revealing that neural networks build increasingly more sophisticated “ideas” of the world. Google Brain borrowed methods from cognitive psychology to study AI behavior, while others investigated whether LLMs could mimic aspects of “theory of mind”—the ability to infer what others are thinking and feeling.

These studies laid the foundation for a popular method called mechanistic interpretability. Anthropic, creator of Claude, is leading the field. Company researchers have linked patterns of algorithmic activity to specific concepts and reverse engineered parts of neural networks to expose how internal computations shape responses.

Other tech giants are joining the cause. OpenAI is training algorithms that work in more explainable steps and building reasoning models that pause, “think,” and justify their conclusions in plain language. DeepMind is building microscope-like tools for neural networks, helping researchers peer into their decision-making process. And Microsoft has released new tools aimed at responsible use of AI.

Understanding AI, the authors write, does not require tracing every line of code or every neural-network parameter. Just as neuroscience, psychology, and sociology offer different windows into human behavior, AI can be studied at multiple levels, from how individual circuits work to observing behavior in real-world scenarios.

The challenge is that AI capabilities may be advancing faster than our ability to explain them. And some researchers believe time is running out.

Race Against the Machine

Three trends are making AI more opaque.

The first is how we evaluate AI. Increasingly, LLMs we being used to train, benchmark, and improve other models. AI “judges” now score metrics like helpfulness, rank competing outputs, detect hallucinations, and assess new releases. In a system known as constitutional AI, for example, algorithms critique their own responses using reinforcement learning and generate explanations for their reasoning. Other researchers have proposed AI debate frameworks, where multiple models challenge each another’s conclusions before a human has the last say. Researchers are also exploring automated interpretability tools. Like digital neuroscientists, AI systems are used to analyze each other—describing neurons, circuits, and behavioral patterns—to explain increasingly complex models.

Using AI to solve an AI-induced problem introduces a paradox. If AI-generated explanations become too complex for humans to verify, opacity compounds.

A second trend is the rise of AI societies. Networks of interacting AI agents are becoming more common, particularly in complex tasks such as scientific research and drug discovery. Yet as they become more sophisticated, their communication could drift from human language and reasoning, making them harder to interpret.

Studying their interactions with methods adapted from sociology could unveil unexpected norms, hidden rules, and collective behavior. The authors argue that training in the future should not only reward effective collaboration among AI agents, but also ensure humans can understand their communication.

The last trend already permeates our lives. ChatGPT, Claude, Gemini, and other LLMs listen to our woes, offer recipes, and code websites. But they also learn about humanity. Through training data and interactions, they glimpse how people think, reason, and feel. In turn, they capture core aspects of life, such as fear, anxiety, happiness, and the need for social belonging.

To be clear, the systems don’t have intentions. They’re not examining us. But even as we struggle to understand them, AI systems are building more sophisticated models of who we are.

“A striking asymmetry follows: While human understanding of AI declines, AI understanding of humans deepens, producing new forms of behavioral opacity,” the authors write.

But complacency is perhaps even more insidious. AI assistants are often optimized to be agreeable, helpful, and reassuring. Studies have found that people generally prefer AI agents that support their opinions and decisions. As AI is woven into everyday life, curiosity and skepticism may gradually give way to trust. They work. Why question how?

The authors don’t have a solution for the long-standing problem. Instead, they call for better benchmarks to measure AI capabilities and stronger evaluation methods. And while open-source projects and crosstalk between commercial companies and academia are now frequent, they say we need lasting norms of responsible disclosure. Mechanistic interpretability and AI “psychology” could build on each other.

“The goal is not just more capable AI, but AI that is more intelligible, accountable, and aligned with human aims,” they write.

The post AI Is Advancing Faster Than Our Ability to Understand It, Researchers Warn appeared first on SingularityHub.

Data theft and extortion group ShinyHunters has exploited a critical Oracle PeopleSoft bug as a zero-day to compromise more than 100 organizations, including the University of Nottingham, across 300 vulnerable instances. A spokesperson for the cybercrime crew on Thursday told The Register that they exploited CVE-2026-35273 to break into the university’s PeopleSoft system and steal 40 GB of personal data and billing records belonging to hundreds of thousands of current and former students. ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand. “University of Nottingham on our leak site is one of the first publicly confirmed incidents,” a ShinyHunters spokesperson told us. “We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs.” They didn’t say when they planned to post the other 100 or so claimed victims. A Google threat intelligence report published Thursday afternoon corroborated ShinyHunters’ claims to have compromised more than 100 organizations. Google said it spotted malicious activity, “consistent with the exploitation of CVE-2026-35273,” between May 27 and June 9, and notified more than 100 global orgs “whose IP addresses correlated with potentially vulnerable endpoints." Most of these, we’re told, are based in the US and 68 percent are in the higher-education sector. PeopleSoft is a widely used enterprise software suite that large corporations and institutions use to manage their human resources, payroll and billing applications, supply chains, and student records. CVE-2026-35273 is a 9.8 CVSS-rated vulnerability that allows remote, unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools and fully take over the platform. On Wednesday, a day after ShinyHunters leaked the school’s data, the University of Nottingham confirmed the breach and Oracle issued an out-of-band security alert. It’s unclear, however, if the software provider has issued a patch to fix the security flaw. The Register reached out to Oracle, and did not receive any response to our questions. Google-owned Mandiant Chief Technology Officer Charles Carmakal, in a brief LinkedIn post on Thursday, warned that PeopleSoft was one of two zero-day vulnerabilities “actively being exploited in the wild.” “Oracle released mitigations,” Carmakal wrote. “Patches should come soon.” The other zero-day, for the record, is this Cisco Catalyst SD-WAN Manager vulnerability.®

Nightmare Eclipse, the prolific zero-day vulnerability hunter with an axe to grind against Microsoft, released yet another exploit late Wednesday that the researcher claims will spawn a command prompt that provides total access to the BitLocker volume. This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past. GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event. Redmond on Wednesday told The Register that it is aware of RoguePlanet, and “actively investigating the validity and potential applicability of these claims.” The Windows giant didn’t immediately respond to our inquiries about GreatXML, including when it planned to issue a patch. Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare’s earlier GitHub account, and seemingly threatened legal action before dialing back its rhetoric after steep backlash from the security community. Nightmare Eclipse, who some researchers suggest is an ex-Microsoft employee, harbors a very personal grudge against the Windows giant and its communications with bug hunters. They have promised to keep the zero-days coming, but waffle on the timing. Last month, the researcher pledged a big July 14 drop: “I will make sure your bones are shattered that day,” and then added, “nothing will be released this June (or maybe I will release smtg, depending on circumstances).” On Tuesday, they changed course. “I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg.” A day later, Nightmare released the “accidental” GreatXML BitLocker bypass. According to the researcher, the BitLocker bypass first requires copying “unattend.xml” and the “Recovery” directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. “If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn,” Nightmare wrote. Also, if the scan hasn’t even been initiated on the Windows system, first you’d need to either log in and initiate it, or “figure out a way to boot into WinRE in offline scan state.” Security sleuth Will Dormann followed Nightmare’s steps to reproduce GreatXML, and said the writeup seems “flawed.” In his testing, Dormann said the command prompt appeared the next time a Defender Offline scan ran. “And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials,” he wrote on social media. “And if you've already got that level of access, you can just turn off bitlocker.” “The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past,” Dormann added. “And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.” ®

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built a test agent onSwati Khandelwalhttp://www.blogger.com/profile/[email protected]

Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Under-the-hood AI changes and efficiency improvements at the OS layer across Apple’s platforms are certainly the highlights at WWDC 2026. But there have also been significant changes IT admins will need to prepare for, particularly around Declarative Device Management (DDM). 

The Intel age is over

Apple warned us this was coming, but macOS 27 will not support Intel at all. The company will deliver three more years of security updates for those devices, and you will still be able to use Rosetta to get Intel app binaries to run legacy apps on Apple Silicon. But if you still rely on any Intel apps or Macs, it really is time to plan your upgrade.

DDM becomes the present

It was the future once, but when it comes to Declarative Device Management (DDM) that future is now. Apple is removing all its legacy MDM mechanisms to replace them with DDM. “For IT admins, WWDC 2026 is a migration year,” wrote Fleet. “Apple is removing legacy MDM mechanisms and replacing them with Declarative Device Management (DDM). Some of it is urgent. Some of it just needs a plan.”

It’s a great step, though IT admins will need to ensure they aren’t relying on legacy MDM to handle any of their device fleets. That’s a particular issue around software and security update management. In most cases, your MDM provider has probably already introduced DDM support. But if you aren’t certain, now is the time to find out before your systems fail.

Apple has also added new DDM tools across various systems, apps, identities and more. Some of the highlights include:

• VPN and Network configurations can be provisioned using DDM; they also become credential-reliant, which should make management more streamlined.
• Apple Intelligence, Siri, and keyboard settings can also be configured via DDM, and admins can manage individual Apple Intelligence tools. 
• Web content filter and content caching both become controllable with DDM.
• A new privacy key lets IT manage things like camera or microphone access.
• Apple has added a device system health reporting function to verify that hardware components on iPhone and iPad are genuine.
• IT will be able to detect whether a device is in Lockdown Mode.

“One of the new features I’m most excited about is the ability to set permission defaults for managed apps and websites viewed in Safari,” said Adam Henry, senior product manager at Iru. “While the user is still prompted to allow these permissions, we can now present those requests as a unified prompt immediately upon app launch, along with a custom explanation as to why those permissions are important — think a teleconferencing app or website that always needs access to camera and microphone.

“Overall, I think this is a much more user-friendly solution that will likely increase permission compliance.”

Siri and AI

Although, Apple has introduced new management tools for AI, it’s important to remember some advice from Joel Rennich, senior vice president for product management at JumpCloud: “Traditional IAM models assume users directly interact with applications, but agentic systems change that assumption. AI intermediaries can now retrieve data, execute workflows, and make decisions across systems. Enterprises will need identity frameworks that govern both human and non-human actors consistently.”

He also noted: “The separation between where data lives and where it is used becomes increasingly invisible to the user. Intent becomes the primary input, not app selection.”

At the same time, the evolution of AI on Apple’s devices promises a lot for enterprise users. Matt Vlasach, Jamf senior vice president, enterprise products and solutions engineering, told me: “Most notable for me was Siri AI and the push towards on-device and more capable models that can do more with user context. While obvious for consumer use cases as illustrated in the keynote, the opportunity to evolve this to the work context using a more advanced Apple Intelligence framework is an exciting evolution.”

Farewell AFP

Apple has finally eradicated Apple Filing Protocol (AFP) in macOS. This will be an issue for any business that uses legacy Time Capsule or NAS storage devices, though in most cases those products are already obsolete and should be replaced. This is unlikely to be a huge challenge for most, given that Apple began using SMB as its primary file sharing protocol back in 2013 and support for AFP server disappeared in 2020. (Time Capsule fans might want to take a look at the TimeCapsuleSMB open-source project.)

Hello AppleCare log collection

Apple will introduce a new remote log collection capability that integrates directly with the company’s support infrastructure. So, when AppleCare support engages with an organization’s IT team, they can provide an enhanced logging token which can be shared to get the device to collect diagnostic logs to upload to AppleCare. You just know this will expedite remedy.

Single Sign-On improvements

As I noted here, there are some significant Single Sign-On (SSO) updates; two that caught my eye include:

• IT can now insist on biometric as well as password ID on managed devices.
• Authenticated Guest Mode with Platform SSO allows users to quickly and securely login to a shared Mac in a temporary session.
• Platform SSO on macOS 27 adds web-based authentication.

Network and more

Another change affects the system processes used in device management at a network level. Apple now requires that you use TLS 1.2 or later. If you or your MDM systems are not doing so, get ready for things to break. (Apple has published a support article to help IT test their network environments in preparation for this change.)

Apple also announced that IT admins will be able to purchase and manage app subscriptions directly in Apple School Manager and Apple Business Manager. And it introduced a managed migration feature that should help migrate data, while preserving device management enrollment and settings. 

More information

I’ve really only offered a flavor of some of the IT improvements introduced at WWDC. To find out more, watch the Apple sessions on “What’s new in managing Apple devices” and take a look at the Apple Platform Deployment guide; it should be updated before the new operating systems ship this fall 

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon and subscribe to The Core.

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed reportRavie Lakshmananhttp://www.blogger.com/profile/[email protected]