Agregátor RSS

Společnost Flipper Devices oznámila Flipper One. Zcela nový Flipper postavený od nuly. Jedná se o open-source linuxovou platformu založenou na čipu Rockchip RK3576. Hledají se dobrovolníci pro pomoc s dokončením vývoje (ovladače, testování, tvorba modulů).

Users of the Myspace93 parody web art site be warned: the dataset spilled after a reported breach in 2021 included the plaintext usernames and passwords of more than 46,000 registered users. The site's co-creator has blamed "trusted members" of a Windows93 Discord channel for the leakage. The figure of 46,000+ users is a recent estimate from HaveIBeenPwned (HIBP) - the web's go-to breach aggregator - which ingested the related data this week, more than five years after the January 2021 attack. In addition to the clear-as-day passwords and usernames, HIBP said email addresses and IP addresses were also among the exposed data. Myspace93 is an offshoot of the Windows93 project. They’re both websites that spoof the old social media network and operating system respectively, allowing users to experience them now that they’re long gone. Its co-creator, who only goes by the alias jankenpopp, or Janken, penned a note to the website’s users following the attack. Dated July 4, 2021, Janken explained that the breach came about after they shared a beta app with trusted members of the Windows93 Discord channel. According to Janken, those members betrayed the co-creator and used their access to the beta application to steal server files and gain access to an unencrypted credential store. “None of them alerted me immediately to what was going on,” Janken wrote. “On the contrary, they created a program to download our entire server, and it was only a week later that another honest user alerted me to the fact that these people were bragging about having the Myspace passwords. “They didn't want to tell me the truth, and it took me two days to get a confession from them: not only had they downloaded all the source files of Windows93 behind my back, but also the unencrypted file containing the passwords of more than 45k Myspace users. The group had also shared a download tool - along with instructions for using it - in their chat, and had posted numerous stolen files (unrelated to Myspace) across multiple platforms, said Janken. “I removed the .smash app from the server and called them to order. They whimpered and promised me on their honor to delete all the stuff and that things would not go any further. I believed them because at the time we were very close, we talked every day, and they regularly helped me to manage the community, to fix bugs, sometimes to code new features for Windows93 or to make the services more secure. I really trusted them back in the day and considered them part of my team. I blame myself for being so naive.” The MySpace93 website is still up and running for anyone who wants to revel in a little noughties internet nostalgia, but the ability to register an account and use the site as a social network is closed. Affected users should make sure they watch out for any reused passwords on other sites and switch on 2FA where they can. Janken said they had closed all the social network-related services across all the Windows93 offshoots as a result of the findings. ®

Vývojáři Wine oznámili vydání verze 2.0 knihovny vkd3d pro překlad volání Direct3D na Vulkan. Přehled novinek na GitLabu.

Microsoft this week refreshed its Surface for Business range of devices, adding features designed to appeal to enterprises. But high prices for the devices might be hard for IT buyers to swallow.

Microsoft announced a new Surface Pro for Business on Tuesday, alongside two variants of its Surface Laptop for Business devices – a premium model available in 13.8- and 15-in. versions and a lower-cost 13-in. option that Microsoft describes as its “entry-premium tier.”  

“The new Surface products use the latest Intel Core Ultra Series 3 processors and are very focused on features that business users will appreciate,” said Tom Mainelli, group vice president for IDC’s device and consumer research. He noted that an optional integrated privacy screen with anti-glare on the 13.8-in. model would likely appeal to frequent travelers, for instance. 

“I’m also happy to see a 5G option on the Surface Pro for Business,” Mainelli said. “Overall, the specs on offer here are compelling.”

Microsoft plans to add the option for Snapdragon X2 processors “later this year.”

The 13-in. Surface Laptop for Business is available with 16GB and 24GB of RAM and starts at $1,499 — with an 8GB option available later this year for $1,299. It includes a removable “Gen4 SSD “designed for enterprise serviceability,” Microsoft said.

The 13.8- and 15-in. Surface Laptop for Business devices start at $1,949 and also feature a haptic touch pad. 

“From window snapping and resizing to dragging, dropping and navigating content, haptics reinforce intent across the operating system and through select third-party apps [deliver] a more precise, responsive and confidence inspiring experience,” Nancie Gaskill, vice president, Surface Business at Microsoft, blog post.

The launch of the business-focused devices follows a recent price hike for the rest of the Surface line-up, likely due to the ongoing memory chip shortage; the price tag for the Surface for Business also reflects the challenge PC manufacturers face in keeping costs down. 

“Skyrocketing memory costs mean higher system prices, and that’s reflected in this Surface lineup,” said Mainelli. “I don’t see it as a strategic move by Microsoft to move further upmarket, but a simple reflection of the bill of materials.” 

Rising prices could create uncertainty for IT buyers when upgrading corporate fleets. 

“Enterprise buyers are facing difficult choices as they try to stay ahead of their refresh cycles amid rising costs and static hardware budgets,” said Mainelli. “Some may consider pausing purchases in hopes that prices will fall back, but we see no evidence that this will happen any time soon.

“We continue to recommend that companies buy what they can, as extending hardware lifetimes too far can lead to productivity and security headaches.” 

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Předplatné AlzaPlus+ si vyzkoušelo již 1,7 milionu zákazníků. • Jeden z nich loni uskutečnil 730 objednávek. • 80 % zásilek míří do AlzaBoxů, těch je přes 5000.

Cisco has disclosed yet another perfect 10 vulnerability, this time warning that unauthenticated attackers could gain Site Admin privileges in its Secure Workload platform simply by sending crafted API requests to vulnerable systems. The bug, tracked as CVE-2026-20223, earned the full 10.0 CVSS treatment and affects Cisco Secure Workload Cluster Software in both SaaS and on-prem environments. According to Cisco's barebones advisory, the issue boils down to weak validation and authentication checks in internal REST API endpoints. In practical terms, that means attackers don't require credentials, user interaction, or any significant effort to exploit the bug. Cisco said a successful attack could allow remote attackers to "read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user." Cross-tenant bugs tend to make cloud customers especially twitchy because they undermine one of the core assumptions of multi-tenant infrastructure: namely that somebody else's compromise is not supposed to become your problem. Cisco noted that the flaw affects internal REST APIs rather than the platform's web management interface, although that distinction is unlikely to bring much comfort to admins staring at a 10.0 severity score. The networking giant said there are currently no workarounds, and customers must install fixed releases to fully remediate the issue. Cisco Secure Workload 3.10 is fixed in version 3.10.8.3, while 4.0 is fixed in 4.0.3.17. Customers running version 3.9 or earlier are being told to migrate to a supported fixed release. Cisco added that its cloud-hosted SaaS deployments have already been patched and require no customer action. Cisco said it is not aware of active exploitation and that the flaw was discovered during internal security testing, though vulnerabilities carrying a 10.0 score and requiring no authentication rarely stay quiet for long. The bug lands less than a week after Cisco disclosed another maximum severity flaw affecting SD-WAN systems that could allow attackers to grant themselves administrator privileges, continuing what is becoming an increasingly awkward run of top-scoring Cisco security advisories. The company has spent much of the past year disclosing one 9.8-plus infrastructure flaw after another across products spanning firewalls, management platforms, identity systems, and enterprise networking gear. At this point, Cisco seems to be treating 10.0 CVSS scores as a recurring feature rather than a special occasion. ®

Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud [email protected]

Microsoft on Wednesday open-sourced two AI tools designed to help developers and security teams build and maintain safer AI agents. The first is called RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It’s a pytest framework for agentic AI applications built on Microsoft’s open‑source PyRIT toolkit that embeds automated red‑team tests into CI/CD pipelines. This allows developers to simulate real‑world attack scenarios - like prompt injection - and verify that agents stay within approved tool use, actions, and behavioral boundaries. It also supports statistical trials, meaning that teams can set policies such as “this action must be safe in at least 80 percent of runs,” to account for models’ probabilistic behavior. Plus, it allows red teams and incident responders to reproduce any AI security findings to ensure agents behave as intended - and that security mitigations work as they should. “It’s high time we stop talking about AI safety as a philosophy and start thinking about AI safety as an engineering discipline,” Ram Shankar Siva Kumar, Microsoft’s data cowboy and founder of its AI red team, told The Register. Microsoft has been using RAMPART internally, and while Kumar said he couldn’t provide specific details, he told us that a security researcher found an issue, and then the Redmond red team used RAMPART to test for the flaw across the agentic AI application. “RAMPART was able to take that one particular vector and find close to 100 different variants of that vector,” Kumar said. “And then we were able to use RAMPART to essentially go through this asset and see is this working, not just one time, not two times, but close to 300 times. We were also able to do in the context of multi-turn conversations.” The testing framework also allowed the developers to build mitigations into the product. “They were again able to use RAMPART to see if that remediation actually held water, not just against one vector, which the security researcher found, but multiple variations of those vectors,” Kumar explained. “This is empowering our incident responders and also our engineers.” The second AI tool that Microsoft open-sourced on Wednesday is an agent called Clarity, and it’s designed to serve as a “structured sounding board that helps teams figure out whether they are building the right thing before they write a single line of code,” according to a Wednesday blog that Kumar wrote about the two new tools. For example, say a developer wants to add real-time collaboration to a document editor. They tell Clarity this, and the agent responds with questions akin to what “experienced architects, product managers, and safety engineers would ask,” according to Microsoft. Clarity’s answers, as shown in a screenshot on GitHub: “Before we design that - what happens when two people edit the same paragraph at the same time? Do you need true real-time (cursors, presence), or is ‘no one loses work’ the actual requirement? Those lead to very different architectures.” The AI tool essentially aims to answer what problem the developer is trying to solve with an app, and what could possibly go wrong, and “talk” these issues out before the coding even begins. “It’s inherently collaborative,” Kumar said. “It helps the team take a step back, and say, ‘Hey, before we build this, are we going in the right direction? Because code is cheap. It takes a snap of a finger to generate a full system. Are we doing this in a way that makes sense?'” ®

Erotické filmy mohou být rafinované a těžící hlavně z atmosféry. Bývají i historické a erotiku více či méně využívají k posunu děje či popisu událostí. Některé jsou velmi názorné, jiné pracují spíše v náznacích. Velmi často ale jde o filmy, které prolamují společenská tabu.

Společnost Red Hat oznámila vydání Red Hat Enterprise Linuxu (RHEL) 10.2 a 9.8. Vedle nových vlastností a oprav chyb přináší také aktualizaci ovladačů a předběžné ukázky budoucích technologií. Vypíchnout lze CLI AI asistenta goose. Podrobnosti v poznámkách k vydání (10.2 a 9.8).

Google teď má dva tarify AI Ultra pro nejnáročnější uživatele. • Jsou dražší než u OpenAI nebo Anthropicu, ale mají další výhody. • Srovnali jsme všechny tarify Google AI.

Zahájení prodejů Ryzen 7 5800X3D se zjevně blíží, v Indii obdrželi zákazníci první objednané kusy již minulý týden. Zdá se, že na nejvýkonnější herní procesor s podporou DDR4 budou stát fronty…

On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]