Agregátor RSS

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab:

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab: Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Úřad pro ochranu osobních údajů řeší desítky stížností na jednotné měsíční hlášení zaměstnavatele, které stát spustil počátkem dubna. Systém, jenž má firmám odlehčit od desítek formulářů, nejenže výrazně zatížil jejich účetní oddělení, ale docházelo v něm i k únikům osobních dat zaměstnanců k firmám, kde nepracovali. Podle ministerstva práce a sociálních věcí stála za problémem technická chyba. „Incident se týkal několika stovek zaměstnavatelů z celkového počtu přibližně 375 tisíc, na které se jednotné měsíční hlášení vztahuje,“ reagoval mluvčí Jakub Slavík. [Novinky.cz]

Byla vydána (𝕏, Bluesky) nová verze 22.0.0 open source webového aplikačního frameworku Angular (Wikipedie). Přehled novinek v příspěvku na blogu.

Koncem května zmiňovaný bug, v jehož důsledku nemusel fungovat správně režim pasivního chlazení (Zero RPM), byl opraven s ovladači 26.6.1, které si již můžete stáhnout na webu AMD…

Microsoft odhalil pár drobných vylepšení Průzkumníku. • Podporuje např. zadávání adres s uvozovkami. • Tyto novinky se aktuálně testují v kanále Experimental.

There's a lot of fear surrounding the bug-finding capabilities of super-advanced AI models like Anthropic's Mythos and OpenAI's GPT 5.5-Cyber. But attackers are already using free, publicly available LLMs to hijack networks and worm through software supply chains at a much lower cost – to them at least. The latest example comes from University of Toronto researchers, who used an unnamed, publicly available open-weight model released in 2025 to develop a computer worm that they claim spread through an enterprise test network. The self-propagating code adapts on the fly to identify known vulnerabilities and misconfigurations on target systems, then generates and executes attacks to move laterally through the network and compromise additional machines. And it’s all built on a small, free model that runs on a single GPU. “People need to understand that it’s not just the biggest and most powerful AI models that pose security concerns – a whole other area of threat has been vastly underestimated,” University of Toronto computer engineering professor Nicolas Papernot told The Register. Papernot and fellow researchers Jonas Guan, Tom Blanchard, Hanna Foerster, Hengrui Jia, and Gabriel Huang published their findings [PDF] on Tuesday. While guardrails and other safety features implemented by major commercial AI systems are “essential,” Papernot told us, in reality “they will not prevent the threat of AI-driven worms with a similar design.” “The majority of real-world cyberattacks don’t rely on zero-day vulnerabilities,” he added. “Our work demonstrates that attackers can now cheaply operationalize known vulnerabilities at scale, which decreases the window of time defenders have to fix vulnerabilities and find human errors, like reused passwords or poorly configured backup jobs.” The paper doesn’t specify, and Papernot declined to say, which LLM they used. “We omitted certain methodological details (such as the agent’s reasoning graph and tool harness) and experimental specifics (such as the AI model) that could materially help a malicious actor construct similar malware,” Papernot said. “We shared enough information to make the threat credible enough for scientific scrutiny without providing a blueprint that would enable misuse.” The researchers also noted that they are not publicly releasing the code, but are working with the University of Toronto to set up a vetting process through which qualified researchers may request access for defensive research purposes. Not NotPetya Before you start breathing into a paper bag, there are a few things to note about this research. First, unlike Mythos and friends, the prototype worm does not exploit zero-day vulnerabilities. It only targets publicly disclosed but unpatched bugs, misconfigurations, and recurring weakness classes. This is intentional, because known security flaws – not zero-days – are what most real-world cyberattacks use, the authors say, citing WannaCry and NotPetya as examples. Both of these worms exploited security holes that had patches available for at least a month before the malware infected vulnerable machines. Both spread rapidly and caused global disruption. The worm did, however, find and abuse vulnerabilities disclosed after the model’s training cutoff by ingesting publicly available security advisory information at runtime and using this data to develop exploits. While the paper repeatedly points to WannaCry and NotPetya as worst-case scenario examples, this lab-tested prototype or something similar is not going to cause the level of destruction that either of those two earlier worms did. Both propagated very quickly: WannaCry infected more than 230,000 computers across 150 countries in just one day in May 2017. In June 2017, NotPetya spread globally within hours, taking down at least one large banking network in just 45 seconds. Plus, they both used very sophisticated evasion techniques to avoid being detected by security tools. This worm, on the other hand, moves slowly. In the “FakeCorp” network they used in the experiments, the prototype took about five days to replicate across half the network, requiring hundreds of LLM inference calls per target for reconnaissance, strategy formulation, and payload generation. The timeline gives defenders a longer window for detection and response. However, it will likely shorten as inference hardware and model efficiency improve. Also, unlike WannaCry and NotPetya, the worm doesn’t try to hide itself. “We deliberately chose not to equip the worm with concealment capabilities – it is not instructed to cover its tracks or minimize its network footprint, and it has no tools to do so,” the boffins wrote. “This was a conscious methodological choice to further limit the risk of misuse.” Finally, the test-network devices themselves didn’t have any endpoint detection, antivirus, or firewall software deployed, which (we hope) makes this a not-quite-realistic setup. Exploiting the FakeCorp target network Here’s how the experiments worked. The team deployed the worm prototype in 15 independent experiments on an isolated 33-host network including Linux servers, Windows environments, and IoT devices. Each computer had been seeded with at least one real-world vulnerability, including software bugs and misconfigurations. The worm operated fully autonomously for seven days, and correctly identified an average of 31.3 vulnerabilities, exploited 23.1 hosts to elevated access, and propagated to 20.4 hosts. It reached up to seven generations of self-replication, we’re told. “Put another way, on average, the proof-of-concept worm successfully exploited 73.8 percent of the network and then replicated to 61.8 percent of the network,” according to the research paper. In addition to finding and abusing the known flaws on the devices, the worm also found vulnerabilities disclosed after the LLM’s training cutoff: two recent Linux flaws, CopyFail and DirtyFrag, and a critical bug that leads to remote code execution in the Marimo notebook platform (CVE-2026-39987). The AI-based worm gained root access in 41 of 67 attempts (61 percent) across the three hosts with these one-day vulnerabilities. This includes 13 of 27 attempts on the Marimo host, 15 of 17 on DirtyFrag, and 13 of 23 on CopyFail. The two Linux vulnerabilities were disclosed shortly before the experiments, and a single document containing publicly available exploit instructions was enough for the worm to weaponize them successfully 70 percent of the time, or in 28 out of 40 attempts. “This result suggests that the same exploitation pipeline can absorb newly published vulnerability information without architectural changes,” the team wrote. When worms get sneaky In addition to finding and exploiting vulnerabilities, the AI worm did some other interesting, sneaky things during the experiments. Despite the lack of firewalls and endpoint security products enabled, the researchers added some components to the worm’s code to “provide increased defence-in-depth.” This included a denylist of IP addresses baked into the source code. So in theory, the worm would read the denylist every time it targets a new machine, and if the IP address matched one on the list, it would move on to a new target, thus preventing it from infecting some hosts. Instead, at “various points” during the experiments, the worm rewrote its source code to allow it to attack an IP address on the denylist. In another workaround example: when a virtual-machine check caused replica worms on Alpine Linux and Windows Server 2008 machines to crash at startup, the parent worm found the attestation source file on the target computer and removed the VM-detection check, allowing the worm to replicate successfully on the new machine. “This behavior was not prompted or incentivised by the agent’s instructions; it autonomously diagnosed the failure, identified the responsible code, and modified it to achieve its objective,” the boffins wrote. In another test run, the researchers accidentally packaged a FakeCorp network configuration file that included admin credentials with the worm code. The worm discovered the credentials and shared them with other active replica worms, “causing a rapid increase in propagation within the contained environment.” Additionally, in two separate instances, the worm established persistence on a compromised computer using mechanisms outside of the intended replication pipeline, we’re told. In one instance, it started the replica process and then registered it with the machine’s service-management system to auto-restart if terminated. In another, it created a scheduled task that relaunched the replica worm, causing it to reappear even after the original process was killed. “The agent appears to have inferred, from the general objective of maintaining an operational replica, that persistence mechanisms available on the target could be used to make the replica more robust,” the researchers noted. Prior to publishing their work, the academics say they shared their findings with “national science, security, and defence” agencies to seek advice on how to responsibly release the information. We asked Papernot for details, including which government agencies and how they responded, but he declined to share anything else. ®

V Berlíně se na podzim otevře Apple Developer Center – první v Evropě, teprve páté na světě. Jde o zařízení, které Applu zajistí bližší kontakt s komunitou, vývojáři získají lepší přístup k nástrojům, workshopům a hlavně individuální podporu přímo od expertů z Applu. Měli by se dočkat pomoci při ...

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Americký plazmový reaktor simuluje extrémní teploty reálné jaderné ohnivé koule • Starší teoretické modely jaderného spadu nepočítaly se složitými interakcemi prvků • Cesium kondenzuje nejpozději a ochotně tvoří dosud nepředvídané cesium-uranáty

AMD v květnu potvrdila, že již spustila sériovou výrobu serverového Zen 6 Venice (32jádrové čiplety). Došlo však již i na tape-out 12jádrového čipletu v revizi B0. Ta je finální a funguje i s V-cache…

PWNED Welcome back to PWNED, the weekly column where we talk about weak security policies and how to avoid them. Hopefully, we can learn from others’ mistakes – or at least have a good laugh at them. Have a story about someone leaving a gaping hole in their network? Share it with us at [email protected]. Anonymity is available upon request. This week, we have a tale of password passivity involving Active Directory. It comes to us courtesy of Rob Anderson, head of reactive consulting services at Reliance Cyber, a UK-based security firm. Anderson recalls in the past working with a firm that was creating service accounts that developers needed to use, but the org didn’t have a proper password vault for storing the associated credentials. Instead, to make it easy for team members to find what they needed, they put the passwords into the description field for Active Directory. “People don't realize that as soon as you've got an Active Directory user — just an ordinary user — you can read the comments field or the description field across the whole of Active Directory,” Anderson told The Register. “It's such an amazing lapse of security.” Soon enough, an Initial Access Broker (IAB), someone who specializes in gaining access to protected networks and then selling it to other threat actors, used a phishing campaign and executed offensive hacking tool Sliver on the endpoint. At that point, they captured a victim’s credentials, which led them to query Active Directory. Once in AD, the hackers found plenty of passwords, which came with full domain access. They used this access to delete all the backups and execute ransomware. In total, the crimes put 2000+ users out of action by encrypting Hyper-V hypervisors and their hosts. The company was taken offline for months. What we can learn from this sad story is that you can’t put passwords in cleartext anywhere that's easy to access, unless you want an enormous attack surface. Even without a phish, an untrustworthy colleague could have sold the passwords to a threat actor. After all, a recent survey found one in eight workers think selling company logins can be justified. “I've seen it where configuration details are kept in application servers that are running, and threat actors are using fuzzing — trying likely file and directory names — which again exposes configuration and credentials to the threat actors,” Anderson said. He noted that developers are a bit more savvy these days about where they put their credentials, but security naivete sinks ships. Trust no one. ®

LG představilo novou designovou řadu Art TV 2026, pod kterou nově sdružuje několik různých konceptů televizorů zaměřených na vzhled a integraci do interiéru. Nejde přitom o úplně novou kategorii. Výrobce už řadu let nabízí modely Wallpaper TV nebo Gallery OLED, nově je však spojuje pod společnou ...

A report released Wednesday by Boston Consulting Group (BCG) indicates that many organizations are having difficulty converting efficiency gains that are AI-driven into any sort of measurable value.

The fourth edition of the consultancy’s annual Global AI at Work Survey reveals 42% of frontline employees who use AI on a regular basis save upwards of a full day each week; however, 66% are not given guidance on what to do with time they save, and “more than half don’t redirect it to strategic work.”

The report, AI at Work: Strategy Matters More Than Tools, is based on a global survey of 11,749 employees in 14 markets, from industries ranging from financial services to the healthcare sector.

David Martin, global leader of people and organization work at BCG, and the report’s lead author, said via email that the number of employees lacking the required guidance is surprising, “but it also tracks with what we see in many AI transformations. Companies have moved quickly to give people tools, but many have not yet redesigned the work around those tools.”

Saved time, he added, does not automatically become value. If a frontline employee saves a few hours a week, but has no direction on whether to use that time for customer service, quality improvement, innovation, or faster execution, “that value can simply leak out of the organization”

The fix is for leaders to change the scoreboard, Martin said: “Don’t just measure AI adoption or hours saved. Decide where that time should go, measure whether it is being reinvested, and give managers clear guidance on how to help teams use it. This is where AI transformation becomes a management challenge, not just a technology rollout.”

In fact, said Vinciane Beauchene, a managing director and partner at BCG and one of the report’s five co-authors, “the first wave of AI focused on individual productivity. The coming wave will need to transform collective work.”

“Everyone is talking about AI replacing work,” she said, “but it is in fact really about rethinking the human value-add inside.”

A managerial revolution underway

According to Beauchene, “this is the role of leaders. Our survey reveals a true managerial revolution in the age of AI; 65% of managers and leaders now believe agents will take over at least half of their job in the next three years, and frontline workers see their jobs evolving towards more managing and directing AI.”

A BCG release stated that the survey also highlights the continued emergence and maturity of AI agents, with 30% of respondents saying that agents are already integrated into workflows, more than double the number from last year’s report (13%).

Other key findings revealed that AI adoption among frontline workers has surged, with 74% saying they now use it daily or a few times a week, which is up 23 percentage points from a year ago. In addition, six out of 10 people believe that, within the next three years, AI agents could do at least half of their jobs.

And a survey slideshow released by the company pointed out, “the AI ‘honeymoon’ won’t last unless leaders bring strategic clarity driving sustained impact AI’s novelty and cognitive stretch fuel enjoyment early on. But sustained joy comes from strategic clarity. Employees thrive when the direction is real and the message reaches them with strong CEO involvement.”

Strategic clarity is a key differentiator

The report suggests that CEOs take a holistic approach to AI transformations by focusing on business outcomes as opposed to AI usage, investing in “redesigning work end-to-end, not in more tools,” placing people at the heart of that redesign, and governing AI not as a one-off program, but as a moving target.

Overall, BCG says that strategic clarity, “more broadly emerges from the survey as the most crucial differentiator in sustaining AI’s impact over time as organizations are moving past simply implementing AI tools in use case deployment initiatives.”

Increasingly, it adds, “the focus is shifting to redesigning end-to-end workflows and processes to reimagine functions, as well as to building and innovating new business models and products to drive growth, which have nearly doubled year-over-year.”

Global leader of BCG’s tech build and design unit BCG X Sylvain Duranton, also a report co-author, added, “employees don’t push back on AI intensity; they thrive when the strategy is clear, the direction is real, and the message reaches them.”

He added, “Business value and employee enjoyment aren’t trade-offs. The organizations capturing the greatest business value are the same ones where employees enjoy work the most.”

Despite the opportunity, the report notes that only one-third of frontline employees say that leadership’s communications about AI are clear, and only 28% “see a strong connection between what leaders say and what the organization actually does.”

However, Martin said, management can’t deal with this situation on its own. “CIOs have a critical role, but this is not a problem they can solve alone, and I would not frame it as something IT created by itself,” he noted.

Many organizations, he said, “started with the natural first step of getting tools into people’s hands safely and at scale. That was necessary, but it is not sufficient.”

The next phase “has to be much more cross-functional,” he said. “CIOs should help set the technology foundation, governance, data model, and measurement systems, but they also have an important role in creating strategic clarity. Employees need to understand why the organization is using AI, where it is meant to create value, and how it should change the work.”

Martin pointed out that CIOs should also pay close attention to cognitive load, especially on technology teams, as those teams are often the heaviest AI users.

“This means they may be among the most exposed to the mental strain that can come with reviewing outputs, managing AI tools, and keeping up with constant change,” he observed. The biggest gains come when technology strategy, workforce strategy, and employee experience move together. If AI remains only an IT program, companies will “undercapture” the value.

New expectations

The abundance of AI activity is also having another effect, in that 60% of respondents say the bar for work that counts as ‘good enough’ is now higher.

That, said Martin, is because AI is changing expectations. “If a tool can produce a first draft, summarize research, generate options, or automate a routine task, then ‘good enough’ moves up the value chain,” he said. “People are being asked to spend less time producing basic output and more time exercising judgment like checking quality, improving the answer, making decisions, and applying context.”

While that can be a good thing, he said, because it can make work more interesting and more valuable, “it also explains why employees are feeling more mental strain. The work that remains is often more complex. Leaders need to recognize that AI does not just make people faster, it changes what excellence looks like. That means companies need to update training, performance expectations, and management support accordingly.”

This article originally appeared on CIO.com.

Vim Classic byl vydán ve verzi 8.3. Drew DeVault oznámil tento fork editoru Vim (verze 8.2.0148, tj. těsně před zavedením Vim9 skriptování) v březnu letošního roku. Důvodem forku bylo, že vývojáři editorů Vim a Neovim začali při vývoji využívat LLM.

Open source konference DevConf.CZ 2026 proběhne 18. a 19. června v Brně na FIT VUT. Publikován byl program a spuštěna byla registrace.

AI-enabled cybercriminals have better tools and are inflicting more pain on their victims, wiping out virtual machines and hypervisors and leaving infrastructure in a "dark, dead" state after an attack, said Commvault Chief Technology Officer Brian Brockway. "The majority of cyber cases that we've seen in the customer base have moved well beyond the breaking inside, and encrypting and corrupting some of your key files and folders, to taking over control of your entire VM environment, wiping out all VMs, destroying all hypervisors, blowing up the center and leaving you in basically a dark, dead state," Brockway told The Register. Frontier AI is reshaping the threat landscape in two ways, he explained: advanced models are uncovering a deluge of software vulnerabilities, and attackers are exploiting disclosed flaws within minutes rather than weeks. “The more unplanned work that has to be done to react to this, that's always going to challenge priorities,” Brockway said. “We had the plan in place, we had sprints already dedicated to kind of get out to the next launch, and we have to come back over and reinvest more engineering time to corrective actions versus the next new get ahead feature.” Commvault cited Palo Alto Networks research showing that frontier AI models such as Mythos and GPT-5.5-Cyber identified more than seven times the typical number of software vulnerabilities found within a single month during testing. To prepare for this, Commvault recommends that IT and security teams look beyond backups and ask whether they can restore critical systems cleanly, whether recovery environments are isolated from compromised production systems, and whether recovery plans include the most important applications and dependencies. Brockway said air-gapping is the starting point. He said organizations should keep immutable and isolated copies of critical data separated from production identity, network, and management planes, and pressure-test recovery time and recovery point objectives against realistic attack scenarios, a hard lesson learned from witnessing victims recover from recent attacks. “One team is just trying to even clear the smoke to figure out what happened, then you have to come back over, strip it all down to bare metal, and basically redeploy the data center all over again,” he said. “While that's ongoing – and that's not a couple hour process by any means, that could take you, even in a well-exercised environment, it could be a couple of days or longer to get it back into a stable, usable state – what are our sanitized versions that we're going to come back over to (in order to) rebuild or restart the business again?” Businesses should prioritize the systems they cannot operate without — identity platforms, billing systems, operational databases, and cloud services — and define the order in which they will be restored, he said. As AI moves into core operations, teams should also account for newer dependencies such as data pipelines, model repositories, vector databases, and agentic workflows. In its recommendations, Commvault said it is also critical that organizations continuously test recovery. Brockway recommends rehearsing those plans in isolated cleanroom environments before the worst happens. “I need a testing environment that's got the same makeup, the same builds, which we're using, maybe not on full production resources, but I need to be able to say, ‘How do I put that application stack into a live environment, so we can come back over and test?’ “ he said. “That's what we're saying about things like this clean room concept of not just being a reaction to an incident, but it is also a quick environment for you to come back over and clone.” Brockway said this new normal in the AI era is straining the engineers who build and maintain enterprise software. He said while the first wave of AI scanning tools flooded teams with potential vulnerabilities, newer models go further, entering controlled environments and attempting the exploits themselves — a capability that mirrors what attackers do. "When you let them in, you have to do it under an extremely tight security control, because you're effectively almost automating the same thing that bad guys can do on the outside too," Brockway said. The output can swamp downstream teams. Brockway said one frontier model flagged roughly 10,000 critical vulnerabilities across operating systems, browsers, and other infrastructure. "That's 10,000 patches that have to come out of the system," he said. That volume forces hard choices about engineering priorities. Brockway said unplanned remediation work pulls staff off planned releases. To absorb the load at Commvault, Brockway runs a standing group dedicated to just those items. "They're the fast action team to analyze, make a quick assessment," he said. Brockway said the signal volume emerging from AI bug finders ultimately calls for more automation and AI to filter noise, assist with patching, and support deployment. "The amount of information and signals that are coming in are way overwhelming. People just get desensitized, and that's when bad things really start to occur," he said.®