Agregátor RSS

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery.

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery. Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Evropský parlament na úředních počítačích ode dneška používá francouzský vyhledávač Qwant. S odvoláním na interní dokumenty to tvrdí list Politico. Evropa se snaží odpoutat od závislosti na amerických technologiích a tohle má být jeden z kroků, jak se osamostatnit. Došlo pouze ke změně výchozího ...

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]

Apple’s latest Safari privacy campaign is more than pre-WWDC marketing. It is an early signal of how the company plans to frame artificial intelligence (AI): as something that only works if users trust the platform behind it.

The week before WWDC is often significant, as Apple tends to make announcements it simply can’t fit into the keynote itself. This year’s first pre-show reveal is a new campaign focused on privacy that shows how much more private Safari is than rival browsers; there’s even a highly entertaining video that makes the point.

Privacy on Safari

Apple has been building privacy protections into Safari for years. The browser protects you from malicious scripts that might attempt to access passwords or credit card information. Safari also tells you what data an extension wants to access and can restrict access to match your settings. It blocks third-party cookies by default, detects and removes trackers, and has measures in place to prevent data companies from identifying — and following — you through device characteristics. 

That’s even before Apple’s powerful Private Browsing mode, which includes meaningful protections. The company has put together a page packed with resources to explain the privacy protections it has in place across its platforms.

Privacy is critical to Apple — not only because the company regards it as a human right, but because it correctly recognizes that to make new generations of sensor-laden technologies it must ensure privacy is protected. Without privacy and trust, people won’t use the technology.

Trust is the product, not you

The truth is that people are becoming increasingly concerned about how the digital devices we depend on for convenience are now being used for different kinds of surveillance, and we need to be convinced that our personal data is protected. We do not want every aspect of our life to become fodder to feed a digital dystopia, even as we still want the positive solutions technology promises.

Think about the Apple Watch. Consider the data it gathers: distance walked, calories burned, and more — it’s a rich trove of personally identifiable data that no one really wants to share with others without consent. Apple Watch is not the only Apple device that is gathering information, even your web browser captures a great deal of it. Hence, the focus on Safari in Apple’s new campaign.

Privacy will become an even greater concern as AI spreads. Data brokering services already make extensive use of AI to analyze and identify patterns in the online data they harvest. AI deployed without strong privacy protections poses serious risks to the way we live, while the consolidation of AI ownership in the hands of a few companies risks creating dangerous imbalances of power. That’s the context in which private data needs to be protected, making privacy an essential component of a positive tech-augmented future. 

Why the AI era raises the stakes

Apple’s focus on privacy is far from new; it has been consistent in this work for many years. Competitors often accuse Apple of hypocrisy, but the company has been arguing for privacy’s importance for more than a decade. Others have adopted some of the same principles, though not all of them — and while Apple may sometimes use privacy as a moat for its own products and services, that does not diminish its value.

It’s with all this in mind that I consider Apple’s latest privacy ad campaign and its rollout just before WWDC, where it is expected to introduce new AI services. That Apple’s new privacy campaign seems not to have made the final cut for the show tells me the company has much more to discuss on the topic, particularly around Apple Intelligence.

What Safari’s signals suggest

When Apple introduces its new AI features at WWDC it will do so while celebrating the privacy built into them. The current privacy ad campaign will be part of an overall push as the company explains that its ecosystem can run third-party AI services while also offering its own bespoke Apple Intelligence AI to do really useful things in complete privacy.

This isn’t just a competitive moat, it’s a realistic assessment in practice. It shows that Apple understands that in the age of AI, privacy matters more than ever. As AI becomes central to everyday digital experiences, privacy is no longer optional — and Apple is prepared to make the case to support it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and follow The Core.

Asana has launched an AI personal assistant that can track various data sources to alerts users when a work project runs into problems and recommends next actions.

It’s one of a range of product announcements made Thursday at the company’s Work Innovation Summit in London, including updates to its existing AI teammates product. These follow Asana’s recent acquisition of AI workflow automation software vendor StackAI for $75 million.

Asana Dash is described as an “AI chief of staff” that can help users stay up to date on work projects by accessing information in Asana as well as across email, calendar and team messaging apps, said Arnab Bose, Asana’s chief product officer. “Keeping people in their ‘zone of genius’ and hooking up all of these unstructured signals to the structure of Asana — that’s what Dash does best,” said Bose.

The AI assistant can access the same Asana project information as the user, and can flag when problems occur that could push a project off-track. Asana Dash can then act to address problems, such as posting messages within Asana on behalf of the user or directing an AI teammate to take action. (Asana Dash will ask the user before making any changes.)

“Asana is building on recent acquisitions, and earlier investment in a graph database focused on human connections — the Asana Work Graph — and its position within a well-integrated flow of work to deliver to each worker an executive assistant rooted in the context of their job,” said Wayne Kurtzman, IDC research vice president.    

The Asana Dash personal assistant is enabled by an expanded Asana work graph — the data model related to work carried out by teams in the application. Asana has in the past been more focused on tasks, projects, portfolios, and goals, said Bose, but the work graph now includes new sources of data, linking to employee calendars and accessing meeting transcripts, for instance, alongside other documents and databases.

There are also updates to the AI teammates feature — collaborative AI agents that multiple human coworkers can interact with — which are now more powerful, said Bose. This includes additional skills and integrations with third-party apps such as Gmail, Slack, Outlook, Figma, and Canva.

As for the StackAI acquisition, Bose said it allows Asana to extend the reach of AI agents into a variety of business apps more easily and reliably, building ] on Asana’s “system of action” function. The latter tracks work carried out across an organization, he said, and can automate the complex processes that make up many enterprise workflows. 

“If you look at StackAI’s website, the thing that they are really, really great at is building these complex, multi-step processes,” said Bose. The aim is to combine StackAI’s agent builder with integration expertise agents already available in Asana. 

“So, the idea is when an AI teammate or Dash recommends the next best action, they will be able to choose downstream actions based on the portfolio of approved workflows that you’ve built out in StackAI.”

Overall, the announcements help Asana provide a platform that combines agents and workflow automation with AI assistance that aids humans to work more effectively, said Bose.

“Our terminology for this is a ‘human-agent operating system,’ because automation, I feel, is a little reductive in the sense that there are some things that are fully automated, but a lot that you’d want a human being and an AI agent to coordinate on and align on,” he said.

Asana did not immediately respond to a request for pricing and availability details for Asana Dash.

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMOSwati Khandelwalhttp://www.blogger.com/profile/[email protected]

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was [email protected]

Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload.

A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic.

Waze je oblíbená navigace s prvky sociální interakce • Uživatelé v reálném čase vzájemně sdílí cenné dopravní informace • Znáte všechny funkce a vychytávky této povedené aplikace?

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]