Agregátor RSS

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication (2FA)

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication (2FA) Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A huge analysis of gene expression across species revealed genetic hallmarks of aging and could accelerate anti-aging treatments.

There’s truth to the old adage, “Age is just a number.” People of the same age differ vastly in health and mental capabilities. One 80-year-old may be vibe coding with Claude, while another is gradually forgetting familiar faces and memories.

To better gauge this difference, scientists have been developing “clocks” that measure biological age. Rather than the number of candles on a birthday cake, these tools capture health at the cellular level and are remarkably accurate at estimating disease risk and even life expectancy. But how they work is hard to explain.

Now Harvard scientists and collaborators have released a powerful and more interpretable clock. Using the gene activity of thousands of individuals and animals, the clock predicts biological age in rodents, monkeys, and humans, including how many years they have left.

The analysis involved over 11,000 gene activity profiles across four species, highlighted shared mechanisms during aging, and responded to known anti-aging interventions—such as parabiosis, during which aging animals receive blood from a young donor.

Although the clock isn’t ready for clinical use, it is a boon to scientists working to slow or even reverse the unstoppable progression of time. It “could help researchers to pinpoint which processes are modulated by interventions or diseases,” wrote João Pedro de Magalhães at the University of Birmingham, who was not involved in the work.

Tick, Tock

Biological clocks come in a variety of flavors.

Most rely on AI to make sense of information held in large databases of people. One of these, for example, uses blood proteins related to brain aging to reflect cognition and its decline better than chronological age. Another type, metabolomic age clocks, sorts through protein and fatty acid building blocks to estimate biological age. These clocks correlate well with risk of inflammation, chronic disease, and frailty (where the body struggles to recover from a mild infection or minor fall). More recent multi-omics clocks combine blood measures, metabolism, gene activity, and clinical data for a comprehensive bird’s-eye view of biological age.

But epigenetic clocks remain the field’s defining breakthrough.

As we age, chemical tags accumulate on DNA, switching genes on or off. The pattern of these tags shifts over time and is shaped by everyday life—diet, exercise, stress, sleep quality. Studies have found that the age gaps between biological and lived years measured by the well-known Horvath epigenetic clock, which relies on DNA methylation, were associated with the risk of various types of diseases. Later versions of the Horvath clock could predict maximum lifespan. And other groups have developed “pan-mammalian” epigenetic clocks that work across species.

“One drawback of epigenetic clocks, however, is their limited interpretability,” wrote Magalhães. “The mechanisms that underpin age-related methylation changes are still debated.”

Clocking In

In the new study, the team measured aging by looking at gene activity, or transcriptomics. Transcriptome profiles capture which genes are switched on at any given moment.

Previous studies have linked the aging transcriptome to chronic inflammation, faltering mitochondria, and the gradual breakdown of the extracellular matrix, the molecular scaffolding that supports tissues and organs. With age, these systems go awry.

“Because the signatures reflect changes in the activity of specific genes, transcriptomic biomarkers are more interpretable than are epigenetic ones,” wrote Magalhães. The tradeoff is that gene activity is far more dynamic than DNA methylation, the epigenetic signature used in the Horvath clock. A transcriptome can shift in response to stress, illness, exercise, or even the time of day, making it a less reliable measure of aging.

To make the new clock, the team assembled over 11,000 transcriptomes, heavily relying on data from the Interventions Testing Program, a giant effort to study longevity treatments in mice. The dataset included mice exposed to genetic tweaks, drugs, and dietary therapies known to affect aging and lifespan. The team also added more than 2,600 samples from monkeys, several hundred from rats, and over 4,000 from humans to deliver a cross-species view of aging.

They then built multiple transcriptome clocks that estimated age and mortality risk. To validate the clocks, they turned to an independent dataset that included rodent models of accelerated aging, Alzheimer’s diseases, chronic kidney disease, and other age-related conditions. When applied to individual cells, the clocks yielded older transcriptomic ages in more than 90 percent of the samples, suggesting that aging is deeply rooted at the cellular level.

In humans, the clocks accurately predicted the lifespans of participants enrolled in a large heart health study. They were also sensitive to environmental factors that affect aging, ticking forward after exposure to radiation or chronic diseases and rewinding after treatments such as young-blood transfusion, a strategy shown to rejuvenate elderly rodents.

An analysis of the genes driving the clocks highlighted many of the usual molecular suspects. Aging turned on genes involved in inflammation, cellular energy disfunction, and senescence—where failing cells leak toxic molecules. Many of these signatures appeared across organs and species, suggesting that core aspects of aging have been conserved in mammals.

These findings are especially valuable for longevity researchers, who often work with rodent models. Despite living a fraction of a human lifespan, aging rodents undergo transcriptomic shifts similar to those found in us. The new clock could easily test their biological age after potential anti-aging treatments, capture the immediate effects, and predict lifespan, long before they die. It could, in theory, speed up aging research and the quest for treatments.

But to be clear, like other aging clocks, it isn’t a crystal ball. Scientists don’t know if the transcriptome changes drive aging or merely reflect its aftermath. The signatures could be capturing overall health and resilience, rather than molecular changes associated with aging per se.

That distinction matters. As we grow older, cells activate a variety of protective genes to counter rising stress, inflammation, and damage. Not every age-related transcriptomic change is harmful. Some changes reflect the body’s attempt to fight back. Because transcriptomes capture only a snapshot in time, scientists still need to differentiate genes that contribute to aging from those that help defend against it and learn how those patterns shift over time.

There’s a broader challenge too. Researchers are building more and more biological clocks using different criteria, and they don’t always agree. One may say you’re far older than another. This highlights “the need for any aging biomarker to be validated carefully,” wrote Magalhães.

The post How Fast Are You Aging? New Genetic Clock May Have the Answer appeared first on SingularityHub.

Linux rootkits are old, but they never really disappeared. They just stopped attracting the same attention.

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

Ostraha vás může požádat o spolupráci, nemá ale pravomoci policie. Co to znamená v praxi a liší se nějak postup, když hlídač kontroluje dítě?

Jezdíte na pracovní cesty dieslem? Podle aktuální vyhlášky je nárok nově o více než 10 Kč za každý projetý litr nafty vyšší.

SourceForge vznikl v roce 1999 jako jedno z prvních center open-source vývoje. Po letech dominance ukázal, že svobodná licence sama nechrání důvěru mezi autorem a uživatelem, pokud má platforma vlastní obchodní motivace.

Seznámíme se s projektem nazvaným LunarML. Jedná se o transpřekladač (transpiler) transformující zdrojové kódy zapsané v jazyce ML (resp. Standard ML) do programovacích jazyků Lua a JavaScript.

Exploze SN 2023vbw, která se odehrála v říjnu 2023, zřejmě nebyla jen tak nějakou obyčejnou supernovou. Podle jejího průběhu a vlastností jde o jeden z dosud nejpřesvědčivějších příkladů supernovy párové nestability. Po těchto přízračných supernovách extrémně hmotných hvězd nezůstane ve vesmíru naprosto vůbec nic.

Nvidia k příležitosti Computexu potvrdila většinu stávajících drbů o N1(X) / GB10 pro notebooky. Nedošlo k vydání, jen k ohlášení, notebooky budou vydané až na podzim a výkon je na úrovni RTX 5060…

Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week. “The compromised account pushed malicious orphan commits to two RedHatInsights repositories, bypassing code review,” the threat hunters said in a Monday blog. “This happened across two waves of activity.” Wiz considers this a “live threat,” and says its researchers are actively monitoring it for any new developments. Socket, meanwhile, counted 95 affected package versions as of 11:00:22 UTC. The supply-chain security shop continues to monitor the ongoing attack and update the artifacts list – so be sure to check it out, and if your organization or any development pipelines have installed one of the poisoned versions, assume compromise and immediately rotate credentials. The compromised versions execute a hidden payload through a preinstall hook so that the malware automatically runs during the npm install process – before a developer imports or uses the package. “Based on Socket’s analysis, the payload is designed to collect GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault material, SSH keys, Git credentials, and other sensitive files,” Socket’s research team wrote on Monday. “It also includes encrypted exfiltration logic and GitHub-based fallback mechanisms, indicating that the attacker was not only attempting to steal credentials, but also potentially enable further supply chain propagation.” A Red Hat spokesperson told The Register that the IBM-owned software firm is aware of the reports. “We immediately initiated an investigation and removed the packages from the npm registry,” the spokesperson said. “The packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system. While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems.” Both security firms say the malware resembles the Mini Shai-Hulud worm – but because TeamPCP open sourced the credential-stealing tool, it’s tough to say whether TeamPCP or a copycat crew is responsible for the latest developer-targeting supply chain infection. According to Wiz, the modifications look “largely cosmetic, with references to the Dune universe replaced by Greek mythology themes (i.e ‘spartan’), while the underlying functionality and tradecraft remain substantially similar.” One of the notable changes, the security sleuths said, is that the new variant adds data collectors for Google Cloud Platform and Microsoft Azure identities, and this new capability snarfs up all the identities that the infected machine has access to, as opposed to just stealing secrets from the cloud environments. This suggests “an increased attacker focus on gaining and leveraging access to the cloud itself,” Wiz warns. This variant also creates repositories containing the description “Miasma: The Spreading Blight.” And unlike earlier variants of the self-spreading worm that copied themselves, this one generates a uniquely encrypted payload for each infection, which makes hash-based indicators-of-compromise useful only for a specific package version. ®

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]

npm balíčky @redhat-cloud-services byly kompromitovány.

Byly publikovány informace o zranitelnosti CVE-2026-46243 pojmenované CIFSwitch v Linuxu od roku 2007. Běžný uživatel může získat práva roota (lokální eskalaci práv). V upstreamu je již opraveno.

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

The vicious cycle of today’s supply-chain attacks

It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

Read full article

Comments

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising orgs, political parties, and government-related services also spotted by the security shop’s intelligence arm in May. "Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access," Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register. "A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said. "When combined with a large pool of exposed credentials, attackers have more opportunities to conduct convincing and scalable election-related operations." Plus, AI gives phishing, impersonation, election misinformation and other scam operations a massive boost, making them faster, cheaper, and easier to scale. The uptick in election-related threats follows the Trump administration’s efforts to gut America’s lead cyber-defense agency and decimate its efforts to combat election-related fraud, while slashing its budget and workforce, and cutting all federal funding for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). According to a Monday report, Check Point has been monitoring registered domains and documented about 1,300 containing the keyword “election” and 2,957 containing “vote” in January. Three months later, between April 13 and May 14, about 1,140 newly registered domains contained the word "election," while the number containing "vote" had climbed to about 4,010. While simply registering a domain doesn’t guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, and campaign donation scams, and misinformation sites designed to look like official election communications. Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democrats’ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen services’ site credentials. Hess told us that "it's important to note that the credential statistics reflect credentials identified on Check Point's External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself." As the reports point out, the credential leaks aren't limited to one political party or specific campaigns. “Individual political campaign domains showed little to no observed credential exposure across a sample of swing-state candidates from both major political parties, reinforcing that current exposure is concentrated in centralized platforms rather than campaign-specific infrastructure,” according to the report. “A single campaign domain stood out as an exception, with around 90 leaked credentials identified,” the report continued. "The campaign domain referenced was associated with candidate Tom Kean," Hess said, referring to Rep. Tom Kean Jr. (R-NJ). "However, it's important to note the credentials were identified within infostealer malware logs, which typically reflect opportunistic compromise rather than deliberate targeting of a specific campaign. While not indicative of direct targeting, the presence of these credentials may still pose a security risk if associated accounts remain active or reused.” In addition to the political org-related credential exposure, voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data - being given away for free - tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information. On April 26, the threat hunters spotted a post on criminal forum Spear[.]cx, claiming to offer a multi-state US voter database covering more than two dozen states and Washington, DC. ®

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]