Agregátor RSS

Až příliš silný start Nový model Anthropicu Claude Mythos Preview po svém spuštění našel 27 let neopravenou chybu v OpenBSD, což je jeden z nejbezpečnějších operačních systémů. Využitím chyby lze na dálku shodit libovolný počítač. Mythos našel 16 let starou neopravenou díru v FFMPEG kodeku ...

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

Cops bust latest scam, return $12m to bilked victims

US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries.…

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Ministerstvo financí ve spolupráci s finanční správou dnes představilo beta verzi aplikace využívající umělou inteligenci pro předvyplnění daňového přiznání. Není třeba přepisovat údaje z různých potvrzení, ani hledat správné řádky, kam údaje napsat. Stačí nahrát dokumenty a využít AI.

Possible link to Mr. Raccoon's claimed Adobe break-in

A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team

Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape.

Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware families, such as LummaC2, have become increasingly sophisticated at harvesting these credentials. Because cookies often have extended lifetimes, attackers can use them to gain unauthorized access to a user’s accounts without ever needing their passwords; this access is then often bundled, traded, or sold among threat actors.

Crucially, once sophisticated malware has gained access to a machine, it can read the local files and memory where browsers store authentication cookies. As a result, there is no reliable way to prevent cookie exfiltration using software alone on any operating system. Historically, mitigating session theft relied on detecting the stolen credentials after the fact using a complex set of abuse heuristics – a reactive approach that persistent attackers could often circumvent. DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users’ accounts.

How DBSC Works

DBSC protects against session theft by cryptographically binding authentication sessions to a specific device. It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine. The issuance of new short-lived session cookies is contingent upon Chrome proving possession of the corresponding private key to the server. Because attackers cannot steal this key, any exfiltrated cookies quickly expire and become useless to those attackers. This design allows large and small websites to upgrade to secure, hardware-bound sessions by adding dedicated registration and refresh endpoints to their backends, while maintaining complete compatibility with their existing front-end. The browser handles the complex cryptography and cookie rotation in the background, allowing the web app to continue using standard cookies for access just as it always has.

Google rolled out an early version of this protocol over the last year. For sessions protected by DBSC, we have observed a significant reduction in session theft since its launch.

An overview of the DBSC protocol showing the interaction between the browser and server.

Private by design

A core tenet of the DBSC architecture is the preservation of user privacy. Each session is backed by a distinct key, preventing websites from using these credentials to correlate a user's activity across different sessions or sites on the same device. Furthermore, the protocol is designed to be lean: it does not leak device identifiers or attestation data to the server beyond the per-session public key required to certify proof of possession. This minimal information exchange ensures DBSC helps secure sessions without enabling cross-site tracking or acting as a device fingerprinting mechanism.

Engagement with the ecosystem

DBSC was designed from the beginning to be an open web standard through the W3C process and adoption by the Web Application Security Working Group. Through this process we partnered with Microsoft to design the standard to ensure it works for the web and got input from many in the industry that are responsible for web security.

Additionally, over the past year, we have also conducted two Origin Trials to ensure DBSC effectively serves the requirements of the broader web community. Many web platforms, including Okta, actively participated in these trials and their own testing and provided essential feedback to ensure the protocol effectively addresses their diverse needs.

If you are a web developer and are looking for a way to secure your users against session theft, refer to our developer guide for implementation details. Additionally, all the details about DBSC can be found on the spec and the corresponding github. Feel free to use the issues page to report bugs or provide feature requests.

Future improvements

As we continue to evolve the DBSC standard, future iterations will focus on increasing support across diverse ecosystems and introducing advanced capabilities tailored for complex enterprise environments. Key areas of ongoing development include:

• Securing Federated Identity: In modern enterprise environments, Single Sign-On (SSO) is ubiquitous. We are expanding the DBSC protocol to support cross-origin bindings, ensuring that a relying party (RP) session remains continuously bound to the same original device key used by the Identity Provider (IdP). This guarantees that the high-assurance security of the initial device binding is maintained throughout the entire federated login process, creating an unbroken chain of trust.
• Advanced Registration Capabilities: While DBSC provides robust protection for established cookies, some environments require an even stronger foundation when the session is first created. We are developing mechanisms to bind DBSC sessions to pre-existing, trusted key material rather than generating a new key at sign-in. This advanced capability enables websites to integrate complementary technologies, such as mTLS certificates or hardware security keys, creating a highly secure registration environment.
• Broader Device Support: We are also actively exploring the potential addition of software-based keys to extend protections to devices without dedicated secure hardware.

Ahem: My fellow Android-appreciating organisms — I’ve got a confession.

After the better part of two decades of personally using Google’s Chrome browser on both Android and every desktop computer I own, I’ve made the leap into the arms of a shiny new web-weaving seductress. Her name is Vivaldi.

Yes, it feels like a mildly geeky version of virtual adultery (especially with an exotic-sounding name like that). But I’ve long been a proponent of embracing whatever apps and services best serve your individual needs at any given moment and avoiding being beholden to any one company — no matter who that company may be. And now, after all these years, it’s become clear that Chrome is no longer the best web-wading companion for me.

Now, don’t get me wrong: Chrome is completely fine. It’s got plenty of positives, and I’ve certainly got no major beefs with it. I think that’s why it’s been so easy to stick with all this time, for so many of us — ’cause it gets the job done, and it’s familiar. There’s something to be said for that.

But as a person who’s always curious about new technology, constantly striving to optimize my digital environments, and endlessly working to make ’em all as efficient as humanly possible, I came to realize that “fine” wasn’t as good as it’d get anymore. And, lemme tell ya: Particularly if you’re a productivity-minded browser power-goober like me, stickin’ with Chrome largely just because it’s what you use and know is causing you to miss out on some incredibly interesting and advantageous upgrades.

And you know what? You aren’t alone. In fact, the vast majority of monitor-staring mammals work exclusively within the confines of Chrome. (The browser commands somewhere around three-quarters of the worldwide desktop computer browser market as of early 2026, according to some recent estimates.)

Again: It’s easy to understand why. Heck, I was one of those numbers myself — up until just a matter of months ago. I’d tried pretty much every other browser out there at some point, and I just hadn’t found anything meaningfully different and better enough for my needs to make it worth the hassle of switching over and dealing with all that adjustment.

Until now. 

And my goodness, it wasn’t an easy change to make.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Three new things to try every Friday — and my Android Notification Power-Pack as a special welcome bonus.]

My Chrome to Vivaldi adapting adventure

I’ve got an entire separate article about what ultimately won me over with Vivaldi and which exact features I’m finding to be invaluable within it. I’d highly recommend giving it a read.

Here, I want to focus specifically on how I managed to overcome the hurdle of such a challenging change — and it isn’t about anything technical with the transition, either. In fact, Vivaldi makes it almost shockingly easy to move your data over from Chrome and import all your basic settings and history.

What I found, though, was two-fold:

1. On the Android front, moving into the Vivaldi app was actually quite painless. I started out by using it here and there, as a supplement to the standard Android Chrome browser, and quickly realized how much I enjoyed and appreciated its experience and the added niceties it gave me — including seemingly endless customization over every last element of the browser interface and a whole slew of on-demand privacy and web-clutter-cutting options. It wasn’t long before I changed my Android browser default and was using it full-time.

Vivaldi’s Android browser is powerful, pleasant to use, and incredibly customizable.

JR Raphael, Foundry

2. On the desktop front, the change presented far more friction. In fact, I’ve been using the Vivaldi Android app for months now — since sometime in the fall of 2025 — and it wasn’t until early this year that I made the leap over to Vivaldi on my workday Windows computer, too.

What changed was that I finally put my finger on the problem.

If there’s one real hurdle with Vivaldi — and one thing that kept me, personally, from fully moving into its desktop version for so long — it’s that it really can be overwhelming to adapt and get accustomed to all the new interfaces and elements it gives you, especially within the feature-rich desktop domain and with an environment so central to everything we do these days.

As I noted in my in-depth Vivaldi exploration, with as much time as most of us spend in our browsers on computers at this point, the browser essentially is our desktop — and our virtual office, too. And leaving the comfort of familiarity behind for something so unknown and unfamiliar is a daunting prospect.

Vivaldi, in particular, is quite different from Chrome on a computer at first exposure. And it has a lot of new options, features, and possibilities to ponder.

The options and features within the Vivaldi desktop browser are both amazing and — especially at first — overwhelming.

JR Raphael, Foundry

With that in mind, let me tell you what worked for me:

• First, I took advantage of Vivaldi’s immense customization potential and scaled back some of the more jarring differences. For me, that meant eliminating the on-by-default left-of-screen vertical tab bar — which was just too different of an interface for me at first, especially amidst everything else I was adjusting to — and also changing the “Tab Cycling” setting to “Cycle in Tab Order” and the “New Tab Position” setting to “After Related Tabs,” which were two subtle-seeming returns to the standard Chrome behavior that really kept throwing me off in their different-by-default implementations.
• Second, I forced myself to ignore most of the new Vivaldi features — all that good stuff I go over in that other article! — and focus on just one new feature or element at a time, for at least a few days each. There is a lot to take in with this program, and if you try to ingest all of it at once, it’s bound to overwhelm you and lead to a retreat. But if you explore one new piece of the puzzle at a time, really see how you feel about it and get in the habit of using it (or, alternatively, disabling it — if it just isn’t for you), it’s a much more manageable and enjoyable transition.
• Third, after that initial targeted series of adjustments, I mostly ignored the mountain of Vivaldi settings for a while. There’s just too much there to reasonably process at the get-go. I’m still peeking in periodically and finding something new and realizing I can customize it in a way that suits my working style better (and then sometimes realizing that a similar option also exists that I hadn’t yet tapped into on Android). Doing it all at once before you even have a feel for the browser just isn’t reasonable.

Last but not least, remember — particularly for desktop purposes — that Vivaldi is based on the same Chromium foundation as Google’s Chrome browser. That means you can use the standard Chrome Web Store to find and install extensions as needed and bring over the same tools you’ve always had in your browser setup. That, too, helps a lot with making yourself comfortable and creating an optimal environment that works for your needs (though I always recommend eliminating any extensions you aren’t actively using, and a browser change is a perfect time to perform an audit and get rid of any dead weight).

If you follow this approach and take the time to wrap your head around everything Vivaldi offers, the transition doesn’t have to be difficult. And — who knows? — you might find yourself feeling the same sense of excitement I have over a guilt-free virtual dalliance where the only lasting impact is your own happiness and efficiency.

Check out my free Android Intelligence newsletter for even more thoughtful knowledge — including three new things to try each Friday and a trio of useful Android notification tools to get you going.

Nabíjecí stanice jsou totéž co bateriové stanice nebo powerpacky. • Jde o přerostlé powerbanky s kapacitou ve stovkách či tisících watthodin. • Určitě chcete ty s LiFePO4 a co největším počtem konektorů.

Výrobce počítačových periferií Keychron zveřejnil repozitář se schématy šasi klávesnic a myší. Licence je restriktivní, zakazuje většinu komerčních užití a v podstatě jsou tak data vhodná pouze pro výukové účely, hlášení a opravy chyb, případně výrobu vlastního příslušenství.

Správce balíčků APT, používaný v Debianu a odvozených distribucích, byl vydán ve verzi 3.2 (seznam změn). Mezi novinkami figurují nové příkazy pro práci s historií, včetně vracení transakcí.

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

With its powerful M5 chip, the latest iteration of the world’s most popular laptop keeps everything that made the MacBook Air compelling in the first place, while meaningfully boosting performance across the board. Beyond the faster processor, there’s also much quicker SSD storage and better memory bandwidth, all of which combine to make this a highly capable Mac.

In practical terms, the powerful M5 chip allows these Macs to better handle demanding data workloads than earlier models, making it an ideal machine for many creative and professional users. You also get 512GB of storage as standard (with as much as 4TB available as an option) and at least 16GB of RAM.

Big improvements to Apple’s most popular laptop

To some extent, of course, the MacBook Air has been left in the shadows by the all-new MacBook Neo. The latter costs much less, is quite capable of handling most tasks, and is a great fit for general purpose use, though the M5 Air can do all of that faster, because it is built to be a more efficient machine. Compared to the M4-powered model you can see these improvements:

• With 10CPU cores and either 8 or 10 GPU cores, the M5 chip has a 15% faster CPU and 30% faster GPU.
• It also has neural accelerators in each core, which makes the M5 MacBook Air very capable for AI-specific tasks or 3D rendering.
• The memory bandwidth hits 153GBps. (The M4 model gave us 120GBps.)
• SSD read/write speed are up to twice as fast as the M4, which you’ll feel when doing things with big files, such as when flinging video or imaging assets through apps or working/developing with on-device AI models.

The price has increased by $100 to start at $1,099, though you get twice the built-in storage to help soften the blow.

Benchmark performance

Let’s look at some of the benchmark scores I saw using Geekbench 6 with the Apple-loaned 15.3-in. MacBook Air I tested:

• Single-core: 4,103.
• Multi-core: 17,089.

For comparison, here are benchmarks for the previous generations:

• M1 MacBook Air: 2,346 single-core; 8,356 multi-core.
• M2 MacBook Air: 2,588 single-core; 9,691, multi-core. 
• M3 MacBook Air: 3,065 single-core; 11,959 multi-core.
• M4 MacBook Air: 3,833 single-core; 14,871 multi-core. 
• M5 MacBook Air: 4,103 single-core; 17,098 multi-core.
• MacBook Neo: 3,608 single-core; 9,346 multi-core.

Illustrating the extent to which the move to Apple Silicon has opened up new opportunities for Macs, the M5 MacBook Air delivers the kind of performance we once got from M3 Pro/Max MacBook Pros that shipped just over two years ago.

Apple The bigger picture

To some extent, what’s coming next doesn’t mean much when planning what to get today, but the takeaway must be that MacBook Air has plenty of power under its hood for the future.  When you choose one, you aren’t just getting the processor — you’re also getting a range of other internal improvements designed to optimize the benefits it brings.

These improvements must certainly have been the North Star to engineers when they built this Mac, which also benefits from those new neural accelerators across all its cores. Even compared to the year-old M4 MacBook Air, these systems represent a big upgrade. 

Of course, when you grab a laptop, the big thing you need is battery life. While your results will vary, the promised 18 hours of use on battery will get you through your day, every day. So will the display, which in this case is a 15.3-in. Liquid Retina P3 display with support for 1 billion colors, True Tone, and 500 nits of brightness. 

When it comes to audio output and the built-in web conferencing cameras in these Macs, nothing much has changed fromlast year’s M4 models. The song remains the same when it comes to design: you get that beautiful aluminum chassis, new colors (Sky Blue, Midnight, Starlight, and Silver), with pretty much everything we already love about these Macs the same. Connectivity relies on an Apple N1 wireless chip for Wi-Fi 7 and Bluetooth 6. You also get two USB-C/Thunderbolt ports, MagSafe charging and the ability of driving up to two external displays in addition to that Liquid retina screen. That’s very useful for on-the-go pros who want to use a larger display most of the time but need the convenience of a portable now and then. 

Apple What about MacBook Neo?

Some feel the arrival of the MacBook Neo will cannibalize MacBook Air sales. There’s some truth in that. And while the Neo can and will handle almost anything a regular user might want to throw at it, the M5 Air is much more capable by design. While the Neo has a 6-core CPU, the Air has up to 10; the Neo gets 5 GPU cores, the Air gets 10; Neo has a maximum 8GB memory, while the Air ships with at least 16GB — and the memory interconnect is much faster too. It means these systems are great for anyone who wants to accomplish more demanding tasks, but can’t quite justify purchasing a MacBook Pro. 

No doubt, most people will be happy with any one of these Macs most of the time. But when you need to hit a deadline or regularly tackle more demanding tasks, you’ll probably lean toward the Air, or something better. Most business users will do just that, even though more companies will be eyeing Macs thanks to the affordable Neo, which will be suitable for a whole collection of new use cases that couldn’t justify investment in Air.

Buying advice

In reviewing Apple’s latest trio of Macs, I must confess — like so many people — that I really have lost a little bit of my heart to the MacBook Neo. But I do need a bit more power for what I do. That work doesn’t involve data-wrangling, video compositing, AI model design or any high-end graphics work, so while I might want a MacBook Pro, I really only need a MacBook Air. And this iteration offers all the power and performance I’d expect from a Mac I expect to use it for the next few years.

It’s a solid improvement to the most popular consumer notebook on the planet, remains a viable upgrade for MacBook Neo users and continues to serve as an alluring gateway to inch us toward the MacBook Pro. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Do redakce nám dorazily nová sluchátka Apple AirPods Max 2 • Pouštíme se do podrobné recenze, ale mezitím vám přinášíme první dojmy • Budeme rádi, když nám dáte vědět, co vás na sluchátkách nejvíce zajímá

UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline

A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…

Sex symbol dnes už neznamená jen odhalené tělo nebo jedna provokativní scéna. Film i publikum se posunuly a přitažlivost se dnes rodí z kombinace charismatu, stylu a silných rolí. Vedle ikon, které tento obraz formovaly, nastupuje nová generace hereček, jež mu dává úplně jinou podobu. Vybrali jsme ...

Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload

Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…

Broken laptops are not becoming easier to fix, despite the availability of public data about their repairability and growing support for right-to-repair legislation. That’s according to US PIRG Education Fund, a consumer protection nonprofit.

Its fifth annual Failing to Fix survey found Asus to be the most repairable laptop brand — although its score dropped compared to last year — and Apple the least repairable of those surveyed. Prominent enterprise PC suppliers Dell, HP, and Lenovo fell somewhere in the middle of the rankings.

While the report looks at consumer products, many of the issues highlighted by the report would apply to businesses too — particularly Apple, which sells the same models to everyone.

“We haven’t done the research, so don’t have the exact numbers,” said Nathan Proctor, senior director or Right to Repair. “But businesses buy the same products and Right to Repair issues are even more pronounced the more expensive that the device is.”

Repairability is not just about product design: It can also be affected by contract terms.

“A lot of companies will tie service to a maintenance contract, and enterprises will find themselves left short if they don’t sign up, said Proctor. “For example, they might not send the firmware needed for a repair, if the customer hadn’t signed up for such a maintenance contract.”

It is certainly the case that more enterprises will look at maintenance as part of the overall package and will not look at PCs or laptops in isolation but rather as part of a “PC as a service” (PCaaS) deal, according to market research firm IDC. In a survey from last year, it found that enterprises were paying more attention to sustainability. “We see more IT leaders considering the complete lifecycle when choosing IT products for the enterprise,” said Lara Greden, senior director market intelligence with IDC.

“In a recent IDC survey, 88% said end-of-first-life, or IT asset disposition services, are a critical or important factor in choosing PCaaS vendors, for instance. OEMs like Dell, HP, and Lenovo offer these services, often with partners, including Apto Solutions and Iron Mountain, for example,” she said.

This is also reflected in the longer laptop lifecycles that companies are implementing. The tradition approach taken by companies is to allow for three years before upgrading but that is no longer the case.

“Some companies still refresh on a fixed three-year lifecycle, but there is a trend towards lengthening lifecycles to four to five years and even more so, to replace only as needed. Services such as Dell Lifecycle Hub and Lenovo xIQ make use of device performance telemetry data to inform repair and replacement cycles,” said Greden.

The PIRG survey of 105 products revealed some to be wary of when it comes to considering whole lifecycles. Apple’s laptops scored the worst, rated C- by PIRG, just behind Lenovo. Businesses wanting to put repairability at the top of the list will look to Asus and Acer, the two top scorers in the PIRG ratings. “I think people were surprised by Apple’s ratings,” said Proctor, “but we found that they didn’t offer the same levels of software support.”

The repairability of a device is certainly a factor to be considered. “IDC research shows that the ability to repair PCs, and even to include refurbished PCs, in PCaaS contracts is a top-2 decision-making factor for choosing a PCaaS vendor,” said Greden.

This is not the first time that PIRG has had the IT industry in its sights. Last October, it was urging Microsoft to change its deadline for the end of Windows 10 support. It is now looking for the US to introduce the same sort of system for scoring system for repairability that France has introduced. Consumers there can see detailed information about how fixable consumer tech products are, with companies obliged to post an overall repair score based on standardized criteria when a product goes on sale.

Buyers elsewhere would benefit 100% from the same sort of labeling, said Proctor.