Agregátor RSS

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Last week, the US government announced $2 billion in investments in quantum computing companies, allocating $100 million each to a range of startups in exchange for equity in the companies. Those could be make-or-break investments for many companies that are likely years away from a product that could see widespread use. But a member of the US Congress is now arguing that those deals are illegal, as Congress did not allocate the money for this purpose—instead, it was meant to support public research in semiconductors.

But the biggest chunk of money would go to a company that likely wouldn't exist if it weren't for the government's backing. Anderon will be set up with a billion dollars each from IBM and the government and will inherit personnel and IP from IBM. It will serve as a foundry for fabricating quantum processing units and will contract its services out to IBM and any other company that wants access to cutting-edge hardware.

Is any of this legal?

Zoe Lofgren (D–Calif.), the ranking member of the House Science, Space, and Technology Committee, made it clear that she is not happy with how the government is using its money to support this technology.

Read full article

Comments

Robots could well be the next trillion-dollar tech opportunity, in no small part thanks to AI. Not surprisingly, that’s led to race by a variety of robotics companies to build industrial and humanoid robots to help (or replace) humans.

And to help orient those devices visually in the real world, robot brains are being fed Youtube videos. The idea is to help them understand the environment in which they would work and to spur physical AI.

Kate Shen, co-founder of startup Anaxi Labs, is following a different approach to training robot brains. She is crowdsourcing and supplying videos of people performing tasks, which she then shares with robotics makers.

Human-scale video, she argues, is critical to train robots because it more accurately captures how robots should perform their tasks, depending on the circumstances around them. More broadly, the technique can also provide a clearer roadmap for physical AI. 

With that in mind, Computerworld spoke recently with Shen about Anaxi Labs’ physical AI initiatives and how they differ from what other companies are doing.

Kate Shen, co-founder of startup Anaxi Labs.

Anaxi Labs

Tell me about your company and why you started it. “This is very much a … [Carnegie Mellon University] startup. We started this company [when] we realized that when it comes to AI-building [large language models] (LLMs), everybody knows that there are two things on the infra level, chips and data. The same things were happening to robotics as we moved from digital to physical AI. 

“Except this time…, everybody is aware of [the] difficulty, everybody’s using infrastructure. But when it comes to data, we have to build the data infrastructure from scratch, because unlike LLM, the training data for robots can’t be from the internet. 

“We realized that it would become a [barrier] sooner or later, and it will turn into a major, major industry. And that’s how we started the company.”

Isn’t physical AI data mostly collected from YouTube? What are you doing differently as a company? “You mentioned two approaches, one,using YouTube video, and two, using a simulation. And unfortunately, the two paths were [taken] back then because [of a] lack of better paths. The sheer volume of data needed to train physical AI far exceeds what’s available on the internet, and it needs physical interaction many, many times for each scenario [more] than can be found on YouTube. 

“We realized, by talking to pretty much all the industry [players] since last year, [there is a] shift to egocentric, meaning like human-based training videos, data. We started investing heavily in building a world-scale data pipeline. We started working with industrial- dense regions…who usually have business covering multiple scenarios — for example, construction, logistics, and especially factory floors. 

“And the second pipeline is, we can use [a] community model for this and tap into this worldwide [pool of] individuals, consumers who are wanting to upload videos for training purpose[s]. We’re launching, starting this summer, our data collection and annotation app.”

What exactly are you trying to collect from the videos? ”The data we collect is simply exactly the task our clients want their robots to do — [an] egocentric view, basically like the two hands in the video doing exactly the same thing, sorting the packages and [having] their barcode scanned. In general, there are about 20 general steps, most commonly seen in industrial factory floor settings, and we’re doing all of them. Increasingly, we’re seeing household scenarios, like cleaning the kitchen, cleaning up the bedroom. 

“In order for the models to be able to understand [the videos], the second most important thing is annotation. At the early beginning, they only wanted segmentation, captioning and contact point[s]. 

“But now, in order to have the robot really understand the how and the why behind the scene, they’re increasingly demanding captioning in the format of almost like the chain of [thought]. 

“For example, a robot sees a slipper. And then we’re going to identify this is what happened, and then you’ve got to grip harder. And that’s the result.”

What is your assessment of physical AI, and how does it impact jobs? ”One is surrounding the safety, and the second one is [the] impact on [the] job market. As compared to LLM, in the early LLM days everybody just [got] as much data as possible from the internet. But [for] physical AI, when they place the order, there is a specific category called [failure] and recovery cases, meaning what if something goes wrong, what should the robot do in each scenario. This is a huge difference from the LLM days. Definitely, all the physical AI companies realized that, and they’re building this into their model since the beginning. 

“[On jobs,] right now, at least at this stage, we’re seeing mostly the upside. There are a lot of small robotic companies making a lot of money by working with the companies affected by [labor shortages]. We’re seeing those demands coming from factories who are struggling with shortage of labor, factories who have a problem hiring because their tasks are too dangerous.”

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved [email protected]

Philips 24B2D5300 je první duální monitor tohoto výrobce. • Má dvě 24" IPS obrazovky, každou na jiné straně. • Uplatnit se má v kancelářích nebo na recepcích.

Český hydrometeorologický ústav sjednotil barevnou teplotní škálu pro celoroční použití. To v praxi znamená, že modré odstíny budou nadále vždy odpovídat mrazu a rudé letním teplotám. Zelená a žlutá budou značit vše mezi tím. Dosud tomu tak nebylo. Škály se mohly napříč produkty lišit a mohly být ...

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Loňské letecké fotky západní třetiny Česka jsou dostupné v aplikaci ChytréMapy.cz. • Snímky z roku 2025 dosahují zatím nejvyššího rozlišení 10 cm na pixel. • V galerii najdete srovnávačku několika míst mezi lety 2022 a 2025.

Darovací smlouva se nejčastěji uplatňuje k převodu majetku v rodině. Takové darování domu nebo bytu ovšem není tak jednoduché, jak by se mohlo na první pohled zdát. Je třeba ho právně doložit. Jen díky řádně sepsané darovací smlouvě se lze vyvarovat různým právním komplikacím, její náležitosti a také vzor darovací smlouvy ke stažení zdarma naleznete níže.

I když se o ~1000Hz LCD mluví od loňska, většina dosud dostupných používala tzv. dual-mode, kdy byla tato obnovovací frekvence dostupná jen při sníženém rozlišení. LG přichází s prvním nativně 1000Hz…

V marketech se pravidelně objevují slevy na aplikace a hry • Vybírejte pro platformy Android i iOS • Na titulu můžete ušetřit desítky korun

Anthropic has revealed its intention to one day release models that match the performance of its Mythos bug-finding AI to the public, once it can make them safe. In case you came in late, in early April Anthropic announced it had developed a model called Mythos that is so good at finding security vulnerabilities in programming code that the company decided to offer it only to select entities because allowing unfettered access would mean cybercriminals could quickly discover and exploit software flaws. That access program is called “Project Glasswing” and participants report it quickly finds many bugs but few that humans couldn’t find given enough time and resources. Those with access to Mythos have also sometimes said the quantity of bugs it finds somewhat overwhelms their ability to patch them all. The mere existence of Mythos has sparked a little panic – Japan’s government ordered a sweeping security review and Indian authorities demanded a patching spree at financial institutions – plus a general realization that even lesser AI models are also decent bug-finders, meaning cyber-defenders must now expect attackers will weaponize more flaws, more often. No company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused Anthropic last week published an “initial update” on Project Glasswing that in its second-to-last paragraph reveals the company’s next step will see it “… work with critical partners – including US and allied governments – to expand Project Glasswing to additional partners. And in the near future, once we’ve developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release.” The company didn’t explain what it means by “near future” and admits that “At present, no company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.” Further illustration of that assertion can be found earlier in the company’s post, which reveals that Anthropic has used Mythos to scan more than 1,000 open-source projects that it says “collectively underpin much of the internet – and much of our own infrastructure.” To date, Mythos has found an estimated 6,202 high-or-critical-severity vulnerabilities in these projects – and 23,019 flaws in all. The post reveals that when Mythos finds a flaw, Anthropic and its pals in the security community reproduce the issue that Mythos has found and “re-assess its severity.” “Once we’ve confirmed that a vulnerability is real, we check for whether there are already fixes in place, and write a detailed report to the software’s maintainers,” Anthropic explains. “We take considerable care here: on top of the regular challenges of maintaining open-source software, maintainers have been facing a deluge of low-quality, AI-generated bug reports. Indeed, several maintainers have told us they’re currently severely capacity constrained, and some have even asked us to slow down our rate of disclosures because they need more time to design patches.” 1,752 of the high-or-critical-rated vulnerabilities Mythos found in FOSS have gone through that process and 90.6 percent (1,587) proved to be valid flaws. Of those, 62.4 percent (1,094) “were confirmed as either high-or-critical-severity,” the post states. One of the critical flaws impacted the wolfSSL cryptography library used by billions of devices worldwide. “Mythos Preview constructed an exploit that would let an attacker forge certificates that would (for instance) allow them to host a fake website for a bank or email provider,” Anthropic wrote. “The website would look perfectly legitimate to an end user, despite being controlled by the attacker.” Thankfully, developers have already patched wolfSSL, and Anthropic said it will deliver a full technical analysis “in the coming weeks.” Keep an eye out for CVE-2026-5194 to learn more about this one. Mythos is adding to an already overloaded security ecosystem “75 of the 530 high-or-critical-severity bugs we’ve reported have now been patched, and 65 of those have been given public advisories,” the post states, then explains that low fix rate by revealing Anthropic is “still early in the 90-day window that’s set out in our Coordinated Vulnerability Disclosure policy: we expect many more patches to land soon.” The company thinks it is also “likely to be undercounting patches because some vulnerabilities are patched without a public advisory.” Lastly, the flood of bugs Mythos found “is adding to an already overloaded security ecosystem.” Anthropic’s suggestion for security teams struggling to develop fixes for bugs AI discovered is, unsurprisingly, more AI such as skills that improve its Claude model’s ability to help developers. ®

In 1933, Franklin Roosevelt assembled what was then the most credentialed group of forecasters in the world. He called it the Brain Trust. He asked them to map out the next 25 years for the United States, through 1958. They missed transistors. They missed atomic energy. They missed antibiotics. They missed faster-than-sound travel. They missed […]

Logitech MX Master 4 zlevnila na 2804 Kč, běžně stojí o čtyři stovky víc. • Skvělá kancelářská myš má ergonomický tvar, tichá tlačítka a kovové kolečko se setrvačníkem. • Logitech do ní integroval také haptickou odezvu.

Oslavte 20. výročí WinXDVD a získejte doživotní licenci na Winxvideo AI - software nové generace pro vylepšení videí a fotografií, upscale do 4K, kompresi, konverzi i záznam obrazu s plnou GPU akcelerací.

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of

Teherán plánuje zpoplatnit podmořské kabely procházející Hormuzským průlivem • Experti považují tyto kontroverzní návrhy spíše za silná politická gesta • Případné přerušení datových tras by způsobilo značné ekonomické škody