Agregátor RSS

Finský startup Donut Lab na veletrhu CES sliboval revoluční sodíkové baterie • Experti však odhalili, že šlo pouze o obyčejný lithium-iontový akumulátor • Firma od drobných investorů podvodem získala zhruba 25 milionů dolarů

Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges. [...]

A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]

Chinese government spies remained hidden in the networks of multiple North American medical and military research organizations for more than a year, deploying custom malware and snooping through Gmail inboxes and stealing sensitive data. This PRC-nexus espionage crew, which Google tracks as UNC6508, used some particularly noteworthy search terms as they were scanning for data to steal. They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans. “It’s one of the most interesting grocery shopping lists of things to collect that I’ve seen from a state-sponsored actor,” Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, told The Register. “We have defense-related activity, which was a significant bulk of the different terms, or emails related to defense platform systems or companies,” McNamara said. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name. Others were specific email addresses of individuals at more niche defense companies.” While most of the terms related to defense and technology, the intruders also searched for some medical research facilities – and the very specific pathogen, “Chikungunya,” a viral disease transmitted to humans from mosquitoes that was responsible for an outbreak in China's Guangdong province in July 2025. Google won’t say how many organizations were compromised in this campaign. A Monday report said the operation targeted several national, state, and private medical entities. “These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” according to the report. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.” McNamara told us that the tech company’s incident responders notified all the victims they identified, “and we suspect there's probably even more.” Incident responders first detected this campaign in early 2025, but told us it dates back to at least 2023. And all of these attacks began with the digital intruders somehow exploiting externally facing REDCap (Research Electronic Data Capture) servers. These servers are primarily used by universities, hospitals, and research institutions to build and manage online databases and surveys, and to store sensitive clinical research data. The earliest known intrusion happened in September 2023, when UNC6508 compromised a REDCap server belonging to a North American medical research institution. McNamara told us that all of the intrusions followed this same pattern. Seeing (Infinite)Red After three months, the snoops silently deployed custom malware named InfiniteRed to capture legitimate REDCap login credentials. The malware includes three modular components. The first allows it to maintain persistent remote access by injecting its code into new REDCap versions after intercepting the upgrade process. Then it injects a credential harvester into the authentication system file to compromise user accounts. Finally, it functions as a backdoor with custom hooks that executes on every REDCap page load. Google’s threat intelligence team identified “multiple” US and Canada-based organizations infected with InfiniteRed, and offered assistance with removing the malware. After remaining undetected for more than a year, UNC6508 used the stolen credentials to access admin accounts and the victims’ internal network. Finally, the attackers added sneaky domain content compliance rules for data theft. All 'Patroit' themed emails sent to BebitaBarefoot774 Content compliance rules are legitimate features in many cloud-based enterprise productivity suites - like Google Workspace - to exfiltrate specific email communications. Administrators can create these rules to manage messages that contain predefined sets of words or phrases, and these rules apply to all of the users in an organizational unit. UNC6508 created a compliance rule named "Patroit" (yes, they misspelled “Patriot”) to match keywords and email address patterns in sent or received emails. These messages were then silently BCC-forwarded to an attacker-controlled Gmail address, BebitaBarefoot774[@]gmail[.]com, delivering a steady stream of geo-strategic policy, military strategy, advanced technology, and medical research emails to the PRC-linked crew. The search terms also included professional email addresses and phone numbers for members of organizations in these spaces. GTIG disabled the Gmail account to prevent further data exfiltration. “One of the questions that we've had internally around this is: We're seeing this show up primarily at medical research institutions,” McNamara said. “Why are they searching for things like unmanned drones and unmanned vehicles? Why would you expect to find that there?” One theory, he said, is that this particular threat group was tasked with collecting data across different categories of national-security-related terms and information. “Maybe they were copy-and-pasting this across multiple victims, including ones outside of this medical research space?” Plus, some of the targeted institutions were likely working on research with a military or government agency connection. “So there was a potential that they could be in correspondence with someone where one of these terms showed up, and the actors were casting a very wide net,” McNamara said.®

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account registration on Monday morning while it cleans up the mess. The issue was first acknowledged on June 12, with a post stating: "We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository." The team warned that users might have issues opening new accounts, pushing package updates, and adopting or creating fresh packages. Around 400 user-submitted packages were believed compromised; that figure climbed past 1,500 over the weekend. On June 14, a more sophisticated wave of malicious packages was spotted. The Arch Linux team this morning disabled new account registration "while we are working on the cleanup." The core Arch distribution itself is unaffected. The AUR is a community-run package repo – if something isn't in the official repo, it's probably here, assuming nobody's poisoned it. The AUR is user-submitted and unsupported, so users are expected to inspect package build files themselves before installation. The malicious packages attempted to pull in hostile JavaScript dependencies, including npm packages identified in the campaign. Arch Linux is a fast, lightweight Linux distribution. It isn't for beginners – users need to pick their own display manager and desktop environment as well as their own applications. However, this makes it highly customizable. The project's website says: "Currently we have official packages optimized for the x86-64 architecture. We complement our official package sets with a community-operated package repository that grows in size and quality each and every day." Unless, of course, miscreants go wild with malicious commits, and the team has to wade in to deal with the problem. According to the AUR, there are just over 107,000 packages, with 5,586 updated and 273 packages added in the past seven days. This isn't Arch Linux's first brush with trouble. In 2025, the project was hit with a Distributed Denial of Service (DDoS) attack that disrupted its main web page, the AUR, and the project's forums. It also had to address compromised browser packages that reportedly contained a Remote Access Trojan. Both incidents highlight risks in the way the AUR is structured and maintained. It's an invaluable library of packages led by a community of smart Arch users, yet that open, community-driven model can be abused by attackers. New account creation remains disabled at the time of writing. The Arch team will no doubt be pondering how to avoid this situation in the future. ®

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]

WhatsApp se musí bezplatně otevřít cizím AI chatbotům. • Jde o předběžné opatření Evropské komise, která vede antimonopolní vyšetřování. • Metě hrozí pokuta až do výše 10 % jejího ročního obratu.

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]

Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. [...]

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these passwords don't always stay temporary. They may be sent over email or SMS, reused across accounts, [email protected]

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Je malá, praktická a už s ní nebudete muset shánět kabel – jeden USB-C má totiž integrovaný. Powerbanka AlzaPower Urban 10000mAh Power Delivery (22,5W) se běžně prodává za 599 Kč, teď je ale bílá varianta v rámci Alza dnů o čtvrtinu levněji, stojí 449 Kč. Levněji ještě nebyla. Abyste ...

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger itSwati Khandelwalhttp://www.blogger.com/profile/[email protected]

Už vás nebaví drahé měsíční předplatné? Využijte největší půlroční výprodej na Goodoffer24.com a kupte nový Office 2024 jen za 11 €! S Office 2024 Pro Lifetime se s předplatným můžete konečně rozloučit a užívat si sadu Office na celý život za pouhých 11 €, exkluzivně na Goodoffer24.com s využitím promokódu AX30!

Studie zjistila, že na blockchain Pearl, jenž má provádět smysluplné AI výpočty, reálně běží jen nesmyslné maticové operace. Spotřebovává obrovské množství energie bez reálného přínosu…

Skvěle fotí za jakýchkoliv světelných podmínek • V běžném provozu využívá sotva zlomek extrémní porce výkonu • Ve všech oblastech výrazně nadprůměrné zařízení

MUNICH — Amid trans-Atlantic political and trade tensions, digital sovereignty — once a relatively niche concern — has jumped to the top of the agenda for European organizations wary of their reliance on US technology suppliers.

For many, including European Union policy makers, increased use of open source software is a key part of the answer, offering an alternative to proprietary platforms from a handful of large US vendors.

That’s the view of Frank Karlitschek, CEO of Nextcloud, the German software vendor that bills itself as an open-source alternative to software suites from the likes of Microsoft and Google. 

Nextcloud CEO Frank Karlitschek speaking at the German software company’s Nextcloud Summit 2026.

Nextcloud

Karlitschek founded the company in 2016, forking OwnCloud’s open-source file-sharing software. Since then, Nextcloud has expanded its products to include a range of productivity and collaboration tools that organizations can install and run on their own servers or access via cloud providers. 

More recently, Nextcloud helped develop the Euro-Office application suite, which launched last week as an open source alternative to Microsoft Office and others, and continues to build out its Nextcloud Hub with AI assistant and agent features. The company now says revenues are growing at between 50% to 100% year over year.

Computerworld spoke to Karlitschek at Nextcloud Summit about momentum around digital sovereignty, the European Commission’s Tech Sovereignty Package proposals, and how Nextcloud hopes to evolve in the coming years.

The following interview was edited for length and clarity.

When Nextcloud launched, there was a big push in Europe away from on-premise software towards US cloud providers. How have attitudes towards open source and awareness of alternatives providers changed since then? “I’ve been doing open source since the ‘90s; at the time it was mostly for a nerdy audience — a very small group of people who really care about software and being in control. The sovereignty part was always there. It’s the core idea behind open source that you can understand what the software is doing, you can deploy it wherever you want, you can study it and change it, and so on. 

“At the time, it was very niche, and since then it’s really growing and growing. There are certain points in time that really accelerated the growth; something like the Snowden revelations, for example, or the whole discussion about GDPR and certain legislation. And then, of course, the current geopolitical situation.  

“I personally find it interesting that it grew from something that is just interesting for software developers, and now it’s on the geopolitical stage. I have meetings with big politicians who really care about it now, and I personally find it interesting that it’s increasingly understood by — I wouldn’t say the mainstream, but more and more people.

“At the beginning of Nextcloud, we mostly talked with IT managers looking for a solution; they care about how it works, the price and other things. But now we are also talking with the C-level people. It’s part of an overall strategy of a company, to say, ‘Hey, we need to look into the dependencies, we want to have a solution that fits into the strategy of the company.’

“In the past, it was like a commodity – it’s just some software, who cares? Now, it’s really part of the company strategy. That’s really interesting.”

There’s been a lot of interest around digital sovereignty over the past couple of years. To what degree is this translating into action, with organizations migrating away from US cloud providers? “The interest is gigantic. Everybody’s talking about it, we have so many contacts and people coming to us. Not everybody is doing it — a lot of people are just exploring and seeing what the options are. 

“Obviously, we hope that this will translate into actions in a few months. At the moment, it’s a lot of talking and exploring the options. As a company, we are also growing a lot in customer base.  But the interest in this space is even bigger; we see it as the beginning of a funnel.

‘In defense we see a lot of interest, then also everything around education is very important for us, then other regulated markets like the healthcare, for example. Finance is an interesting one.”

A lot of the conversations around digital sovereignty are tied to the current geopolitical situation and even the US administration. Do you see demand for sovereign technology as a structural change or are some organizations holding back to see how the situation improves in the future? “I see it as a long-term trend. If you look at the IT budgets and projects in the ‘90s, it was some something unimportant. It was, of course, important that the printer works and the fax machine works, but it was not definitely not strategic for the company. 

“And then in 2000, the whole cloud trend came up, and there was the big hope that this will save money. It was always the narrative with cloud computing that you can just outsource it and save money and it’s great. 

“Nowadays, people realize that it’s not something that you can just ignore. I wouldn’t say that everything comes back on premise, but people care about it now. They understand it’s not just a commodity, like water, or electricity that comes out of the wall and you don’t care what’s behind it. People realize that it’s something that has an impact on the future of an organization, from a vendor lock-in perspective, from a cost perspective, from an industry espionage perspective, and competitiveness. With open source, you’re more flexible. So, I think the trend that this is all more strategic and important for the future, this will go on.”

The European Commission recently published its Tech Sovereignty Package, including its open source strategy. Are these proposals sufficient to address the concern around digital sovereignty and support the open source ecosystem in Europe?

“It’s great, I really like it. I was actually surprised they listened so well. But now the real challenge is to actually do it; this still needs to happen. The description of the problem and a possible solution, this is all very good. I’m surprised, I’m happy about it, but to put this into actually binding law, this still needs happen.”

Would you like to see any changes to the current proposals before they’re gets passed into legislation? “At the moment, they have these four different risk levels, and the most critical one — No. 4 — is one where they accept only open source and European solutions. This is the highest risk level, but this is only for 1% of the market. I hope that it’s better understood that more than 1% should care about this more.

“If you have something which is completely not critical, maybe doesn’t possess any personal data at all — sure, it’s totally fine [to use non-EU suppliers]. But if you have GDPR requirements, espionage protection, no vendor lock-in, and so on, then there should be more of that [the highest requirement level].”

US firms have attempted to address European customers’ concerns in different ways, with sovereign marketed cloud services and joint ventures with European providers. Microsoft 365 Local is designed to run on premise. Where do you draw the line between what’s actually a sovereign solution and what some call ‘sovereignty washing? “Sovereignty has different dimensions, of course. But if you look at the problem of the CLOUD Act alone, which gives foreign agencies full access to the data here, then the whole idea that it’s enough to have European data centers — that’s not enough. It’s clearly written in the CLOUD Act, that even with [European] data centers, or subsidiaries, it still applies.  

“Microsoft tries to find a solution there with its Delos idea; a company that is owned by SAP — a German company — and Microsoft delivers only the software. But even then, you have this dependency, because software needs updates and software security updates. And if they’re not available, or if someone puts a backdoor into the software, which is possible, then you still have a problem. 

“So, they’re trying really, really hard to find a way around the problem, but it’s not easy for them.”

To look ahead a bit in terms of the product strategy, there were announcements for Nextcloud Hub this week around AI agents, and the program to work with independent software vendors. What do these say about Nextcloud’s future? “The overall product strategy will not change so much; it’s about having state-of-the-art collaboration software — but with a lot more control, security and safety — that’s open source and independent where you host it. So this will always stay, but of course, there’s some additional factors that come into play now, like the AI impact that we see and want to leverage with our agent strategy. 

“We’ve had this for one and a half years already, but we are expanding that. In the future, you might still use an interface in a classic way that you open documents and type in text and so on. But there are also a lot of operations that can be automated in the future with AI. And this is something we really invest a lot into. 

“Another aspect of AI is how easy it is to build custom software around it. The coding models are getting better all the time, which means there will be more and more custom business software. This is what we want to capture with our ISV program. Software development will become easier, but you don’t want to deploy just random software in your company, you want to have something that is tested, certified and secured, and that somebody’s accountable for it. This can be something we can provide at Nextcloud.”

Editor’s note: NextCloud paid for Matthew Finnegan’s travel and hotel costs for NextCloud Summit 2026, but had no editorial role in the creation of this story.