Agregátor RSS

Segment, který měl Intel původně pokrýt šestijádrovou konfigurací Nova Lake, nakonec dostane starší WildCat Lake se zdvojnásobeným počtem velkých jader…

ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]

Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked in a testy beef with the software giant.

Nightmare Eclipse, the pseudonym the researcher goes by, released a handful of high-severity vulnerabilities in recent months, making them zero-days that had the potential to be exploited in the wild. The researcher has said the disclosures, which included proof-of-concept code, came after Microsoft reneged on an arrangement the two made regarding vulnerabilities they had discussed.

Disclosure drama

“But someone violated our agreement and left me homeless with nothing,” Nightmare Eclipse wrote in March. “They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.”

Read full article

Comments

Upozornění pro uživatele Asahi Linuxu: Neaktualizujte macOS na verzi 27 Golden Gate! Apple změnil detekci spouštěcích oddílů. Po aktualizaci oddíl s Asahi Linuxem nevidí. Snad je to jenom chyba.

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]

MUNICH — Nextcloud has integrated Euro-Office into its workplace application suite, one of several updates to Nextcloud Hub unveiled on Tuesday that include a new compliance app for large organizations and a program to support developers building for its platform.

The announcements came during the company’s Nextcloud Summit 2026 here.

Euro-Office, announced in March, is billed as an open source, sovereign alternative to Microsoft Office for European organizations keen to reduce their reliance on US tech providers. It consists of four browser-based applications: a document editor, spreadsheet program, presentation tool, and a PDF editor — each enabling collaborative editing. Euro-Office documents can also be opened directly from the Nextcloud Files mobile app.

Nextcloud is one of several European companies that support Euro-Office, which is built on the open-source code base of OnlyOffice and distributed under the GNU Affero General Public License v3 (AGPL v3).

The integraton means Nextcloud users can now choose between two options in Nextcloud Office: Euro-Office and the existing Collabora integration. 

“Euro-Office uses a different architectural approach that can result in a better performance in the browser, a different user experience…, so it’s important that this option is available,” Jos Poortvliet, Nextcloud co-founder and vice president of communications, said at the Tuesday event.

Other changes in the Nextcloud Hub 26 Spring release include updates to Nextcloud‘s Talk video and voice meeting app, including AI noise suppression and the ability to start a call from any Nextcloud Hub app – an addition that will make collaborative editing easier, said Poortvliet. 

For Nextcloud Assistant, there are new AI agent capabilities. In addition to existing capabilities such as managing calendars and tasks, AI agents can now create cards in Nextcloud’s Deck task management app and update information in the Forms app.

There are also improvements to the AI assistant’s interface, which can be moved around to avoid blocking other applications and allow users to copy and paste text more easily without opening another tab. To meet EU AI Act requirements, Nextcloud will make it easier to see which  provider supplies the large language model (LLM) the Assistant runs on.

Nextcloud will also integrate the AI assistant directly into its Nextcloud Office suites via a sidebar chat interface, allowing users to address problems such as errors in the spreadsheet app.

NextCloud’s AI chat assistant is integrated into the company’s Office suites.

NextCloud

There’s also a new Governance app that helps large organizations — particularly governments and highly regulated industries — meet regulatory requirements with compliance tools to manage data held in Nextcloud Hub. It contains several features,  including sensitivity labels to control access rights; data retention and archive capabilities; and a legal hold option that preserves documents for legal purposes such as a court case.

The Governance app includes a Compliance Manager that provides a compliance score based on an organization’s regulatory requirements, and measures progress towards certain targets. Admins can also search and review documents shared by employees and generate audit reports for compliance. The Governance app is available to Nextcloud Enterprise customers.

Nextcloud also launched a program to support independent software providers interested in building apps on its platform. 

With AI making it easier for developers to build software that integrates with its platform, Nextcloud expects a 10-fold increase in the number of available apps — from 600 now to 6,000 over the next 12 months, according to Nextcloud CEO Frank Karlitschek.

Nextcloud promised to promote apps developed by partners in its App Store and sell subscriptions as part of the ISV program, as well as provide documentation and technical help to customers. In return, developers would provide guarantees to customers around security processes and long-term support.

“We can strengthen our ecosystem, the developers also make some money — because obviously we do a revenue share here — and we leverage the dynamics that we expect from AI coming very soon,” said Karlitschek.

Editor’s note: NextCloud paid for Matthew Finnegan’s travel and hotel costs for NextCloud Summit 2026, but had no editorial role in the creation of this story.

Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]

Základní rady, které pomohou s výběrem chytrých hodinek • Za co má smysl připlatit, za co ne. A jak ušetřit • Jaký displej, jakou odolnost, jaký systém

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours. SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named “Miasma-Open-Source-Release,” and said that they started appearing on Monday. Its researchers analyzed one of these before GitHub nixed it, and described the code as more than just a supply chain worm. “It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH based lateral movement and other attack vectors,” the SafeDep team said. While we don’t know who is behind this publicly released worm, it follows in the footsteps of TeamPCP, which developed and then open sourced the mini Shai-Hulud worm last month, announcing a supply-chain attack contest on BreachForums and spawning copycat open source package poisonings. One of these copycat worms, Miasma, first hit upwards of 100 Red Hat and Microsoft open source projects before spreading to other victims, with app-security firm Socket tracking 473 affected package artifacts as of Tuesday. “The Miasma repository is an evolution of the Mini Shai-Hulud toolkit, and was open-sourced June 8 via four previously compromised users,” Rami McCarthy, principal threat researcher at Wiz, told The Register. “Since we had already reversed the payload, this public release isn’t particularly useful for sophisticated defenders, and we haven't observed any opportunistic adoption of it yet.” This, he added, mimics what happened when TeamPCP open sourced mini Shai-Hulud last month. “We didn't see attackers weaponize it either,” McCarthy said. “It's not clear [whether] attackers benefit from adopting this out-of-the-box toolkit versus vibe coding their own. And while it raises concerns about muddying attribution, attackers tend to continue developing their private fork of the malware, providing a clear payload progression to track and deconflict from anyone utilizing the open-source version.” An interesting aspect of both of these worms and other recent attacks like this one dubbed “Comment-and-Control” by AI bug hunter Aonan Guan is that they run entirely in GitHub - they don’t require any custom command-and-control (C2) infrastructure - and use the code-hosting platform for all stages of the attack including remote command execution, configuration, and data exfiltration. “This is a key behavioural shift because traditional network based detection and protection tools rely on baselining and anomaly detection,” SafeDep researchers noted. “Defenders now have to operate closer to application protocol to identify behavioural anomaly instead of network based anomalies.” The Miasma worm uses three independent GitHub commit search channels for C2, and each has a different search string and purpose. One of these, "DontRevokeOrItGoesBoom," discovers attacker-controlled personal access tokens (PATs) to exfiltrate credentials and other sensitive data. These PATs are AES-256-CBC encrypted in the commit message. The second, "TheBeautifulSandsOfTime," delivers JavaScript for immediate command execution. It’s checked once at startup, and, after validation, it passes the payload to eval() to execute at runtime. Finally, “firedalazer” delivers Python script URLs for the persistent monitor. All three are unauthenticated by default, use GitHub’s public commit search API, and use a different validation or decryption key, which means compromising one doesn’t automatically compromise the other two.®

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks. [...]

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and five publicly disclosed zero-day vulnerabilities. [...]

Apple podruhé odložil AI pro uživatele v EU. Vinu svaluje na evropské nařízení DMA. • Google, OpenAI i další přitom AI v Evropě běžně provozují. • Komise tvrdí, že DMA snížení ochrany soukromí nevyžaduje.

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

macOS 27 se zaměřuje hlavně na AI, která uvidí do všech aplikací. • Apple věnuje velkou pozornost rodičovské kontrole. • Po kritice designu Liquid Glass se dočkáme spousty úprav a optimalizací.

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some