Agregátor RSS

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Bug hunting has become a whole lot more exciting in recent months with both Anthropic and OpenAI touting their latest models (that also happen to be super-scary exploit machines). On Tuesday, as Anthropic announced a fourfold expansion to its Mythos preview program, Cisco jumped into the fray, praising the transformative power of AI - but without disclosing how many bugs the latest frontier models found. Cisco SVP Anthony Grieco in a Tuesday blog said that the advanced AI systems, including Anthropic’s Claude Mythos Preview and OpenAI’s GPT 5.5-Cyber, scanned 1.8 billion lines of code in eight weeks looking for vulnerabilities in Cisco products - a task that otherwise would have taken the networking giant’s advanced security team eight years to accomplish. However, Grieco, who heads Cisco’s security and trust organization, didn’t say how many flaws Mythos and other frontier models uncovered, or if they have all been fixed. The company also did not respond to The Register’s questions about this. Grieco did say that “speed is only half the story,” calling the “real breakthrough” the “scale, quality, and impact” of the models’ findings. The 1.8 billion lines of code, written in more than 25 different languages, spanned Cisco’s portfolio, we’re told. Netzilla paired the models with a “human-guided harness,” and achieved a false positive rate of under 3 percent, Grieco wrote. “Rather than focusing on a specific scope for a security evaluation, we can assess entire code bases of a product. It’s like switching from a flashlight to a flood light to illuminate a dark room,” he said. “Because each finding is validated through a hybrid of AI and human expertise, our engineering teams are receiving actionable intelligence rather than a wall of warnings.” Meanwhile, Anthropic on Tuesday said it expanded Project Glasswing to about 150 additional organizations, bringing the total partner count to about 200. Project Glasswing is the AI giant’s controlled partner program for giving selected orgs access to Claude Mythos Preview. When it announced the new model and partner program in early April, Anthropic limited the preview to about 50 entities, claiming Mythos is so good at finding and exploiting security holes that all hell would break loose and the zombie apocalypse would hit should the model fall into the wrong hands. Since April, these select government agencies and corporate partners - including Cisco - have been using Mythos to find and fix bugs in their own products. Palo Alto Networks, one of the original Project Glasswing partners, said in May that after spending a month using frontier AI models, including Anthropic's Mythos, to scan more than 130 products across its three platforms, it uncovered 26 CVEs representing 75 underlying security issues. For comparison, the cybersecurity giant said it typically discloses fewer than five CVEs per month. At the time, a company exec forecast “a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm.” The newly expanded Project Glasswing spans more than 15 countries, and, while an Anthropic spokesperson declined to name them or the new partner companies, it’s a safe bet that these are likely Western and/or “friendly” nations. So not China and Russia. Rubrik, a data security and management vendor, said that it was among the new Glasswing partners. The expanded list also reportedly includes the Korea Internet and Security Agency (KISA), along with Samsung Electronics, SK hynix, and SK Telecom, among other Korean companies. “The group covers several industries that weren’t well-represented in our initial cohort, such as power, water, healthcare, communications, and hardware,” according to a Tuesday Anthropic blog. “And many of the new partners are vendors - companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments.” Each new partner must meet Anthropic’s security requirements before they gain access to Mythos, the company added. ®

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has developed a new AI agent that can run autonomously around the clock to complete tasks across Microsoft 365 applications.

Microsoft Scout, unveiled at the company’s Build event Tuesday, is a new type of always-on agent based on the OpenClaw agent framework that Microsoft calls “autopilots.”

These act on a user’s behalf with their own governed Entra identity, Omar Shahine, corporate vice president at Microsoft, said in a blog post.

“Autopilots stay active in the background, understand how work gets done across your apps and systems, and take action without needing to be prompted each time,” said Shahine, a Microsoft veteran who recently announced he is leading a new team to bring OpenClaw-based personal assistants to Microsoft 365 apps.

Microsoft Scout connects to apps such as Teams, Outlook, OneDrive, and SharePoint, and accesses data from chat, email, calendar, and contacts. Accessed via Teams, it can also interact with a user’s browser and with external apps via model context protocol (MCP). The tool functions across cloud, desktop, and the web.

Shahine said Scout can reduce mundane tasks that office workers face, such as coordinating and scheduling meeting times with colleagues, or blocking times in a user’s calendar based on upcoming work commitments. “It can also spot risks, like stalled decisions, so you can address them before they become blockers,” he said.

It’s available as an “experimental release” to customers of the company’s Frontier program, Microsoft said, and will require Intune policy configuration and “opt-in attestation.”

Scout is the latest in a range of agentic tools available in Microsoft 365 apps, including Agent Mode, where users can interact with Microsoft 365 Copilot inside apps such as Word and Excel to create content, and Copilot Cowork — Microsoft’s version of Anthropic’s Claude Cowork agent that can complete tasks independently.

Despite the company’s big AI push, Microsoft has struggled to convince businesses that Microsoft 365 Copilot is worth the additional cost; it’s advertised at $30 per user each month for large businesses. Around 3% of Microsoft 365 customers pay for the add-on subscription, the company said in January, with 15 million paid users. (Microsoft announced last month that that figure has now risen to 20 million.)

It’s not clear whether Scout will be included in Microsoft 365 Copilot subscriptions or charged separately. Microsoft did not immediately provide additional details about pricing.

The launch follows Google’s recent announcement of Spark, an autonomous agent that runs within the Google Workspace application suite. Spark can also be considered a response to the launch of OpenClaw last year, initially under the name “Clawdbot.”

OpenClaw has drawn scrutiny due to apparent security flaws, but Microsoft promises Scout is built with “enterprise-grade security and controls, so it can be trusted in your organization from day one.”

For organizations that have already deployed Microsoft 365 Copilot, Scout doesn’t introduce entirely new data risks, said Jeff Pollard, vice president and principal analyst at Forrester. But it “amplifies whatever data governance problems already exist. The difference this time: instead of surfacing sensitive data to users, it can potentially act on it.

“That makes it an active risk in terms of day to day operations,” Pollard said.

Potential security concerns echo those for AI agents and are exacerbated with personal agents such as Scout: amplified data exposure (since agents can interact with data and use tools autonomously); agent manipulation or prompt injection; unexpected actions, such as using tools or acting in ways that aren’t supposed to be allowed; and observability gaps related to understanding user and agent intent and the explainability of actions.

“However, these tools exist because they make AI far more useful for individuals, so security leaders can’t draw a line in the sand and say “no.” They have to adapt and figure out how to secure them,” said Pollard.

As with most new workplace technologies, Pollard expects adoption to start with “power users” who design and develop the use cases for the agent that can then expand more widely across users.

He warned that the accuracy of tools such as Microsoft Scout can fall short of user expectations. “LLM agents still struggle with goal alignment, multi-step reasoning drifts, and tool misuse,” he said. “Users aren’t always great at explaining what they want and LLM agents aren’t always great at providing what was requested. That’s a continuing problem.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Výběr nového televizoru není složitý. Nabídka je sice obrovská a cenové rozpětí široké, ale při dodržení jednoduchých pravidel dokáže svůj ideální televizor vybrat každý.

Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. [...]

Mozilla oficiálně ukázala chystaný redesign Nova. • Prvky se zakulatí, ale skoro všechny najdete na původních místech. • Vrátí se kompaktní režim a nastavení bude více členěné.

**Mozilla oficiálně ukázala chystaný redesign Nova. **Prvky se zakulatí, ale skoro všechny najdete na původních místech. **Vrátí se kompaktní režim a nastavení bude více členěné.

You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back.

Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware.

Multiple Instagram users had their accounts hijacked after attackers convinced Meta's AI-powered support tools that they were the legitimate owners. [...]

Apple surprised everyone with the power and performance of the M1 MacBook Air when it launched the laptop in late 2020. And more than five years later, those Macs show no sign of slowing down, handling everything users care to throw at them.

The Mac still boots almost instantly, races through daily tasks, offers battery life that puts even some newer Windows laptops to shame and, perhaps most importantly, still gives millions of users no compelling reason to upgrade. 

Why the MacBook Air is still going strong

The M1 wasn’t merely better than the Intel Macs it replaced. It delivered a dramatic step forward. Silent, fast, and with remarkable energy efficiency, these laptops have proved themselves to be more reliable and longer-lasting than almost any other notebook.

Apple has continued to deliver impressive improvements ever since the M1 Macs first appeared. The recently introduced M5 MacBook Air delivers double the multi-core and 50% better single-core performance than M1; that means it provides similar performance to the MacBook Pro of around three years ago. 

Apple Silicon has improved every single year and is now extremely powerful — so much so that Apple is about to sell 10 million units of the A-series MacBook Neo, a $599 machine with an iPhone-derived chip that delivers more performance than many mainstream users need.

Meanwhile, even when using a nearly-six-year-old MacBook Air, you still experience a fast browser, responsive Office apps, great battery life and powerful photo editing capabilities. 

To the Moon and back

At the high end of Apple’s range, you’ll find Macs so accomplished they can handle almost every imaginable professional task. It means that right now, today, Apple’s product range extends from good enough to simply amazing. 

Despite heavy marketing hype from competitors who boast of their own ARM-based competitors in similar price brackets, those PCs remain compromised in comparison, if only by their use of Windows, build quality, and overall higher running costs.

Think about it: All things being equal, if you gave a typical office worker an M1 MacBook Air and an M5 MacBook Air and asked them which models they were using, how long would it take them to figure it out? 

Sure, a highly experienced Mac user would likely know. But for a lot of people, the difference would be hard to spot because what they do on their computers just isn’t particularly demanding. 

Making people happy is good for business

Surely that’s bad for Apple’s business, right? I think not. It means Apple has created a huge population of happy Mac users who are still having a good time with the Mac they acquired in 2020. Those people tell other people about their experience, which helps evangelize the platform and can’t have hurt MacBook Neo sales this year. 

They also become more interested in other Apple products, which they can afford to invest in instead of investing in the standard PC “upgrade’”cycle. After all, if you have a platform that doesn’t need an upgrade every three years, you can spend your money on something else instead. For consumers, that might be AirPods and Apple services, while for enterprise professionals that investment might become an iPad or iPhone Pro. 

Apple doesn’t mind. It still makes bank.

The company generally finds that giving people what they want is good for business. It boosts customer satisfaction scores, reduces maintenance costs, and builds repeat customers.

That long replacement cycle delivers a second benefit, too. Apple talks extensively about sustainability. With the M-series Macs, it has achieved it. 

Sustainable technology

People use these laptops longer and get more value later when they sell them on. And when they eventually get returned for recycling, Apple can tear the machines down for parts as it works toward establishing circular manufacturing within the next four years.

The M1 MacBook Air might eventually be remembered not just as the first Apple Silicon Mac, but as representing the moment when ordinary people didn’t have to worry about performance anymore. That’s why the product refuses to die — not because it’s immortal, but because for millions of users it still does everything they need. And all the M- and A-series Macs that follow it do exactly the same thing.

One more thing, however: Intel Macs will no longer be supported by macOS 27 when it ships this year. Apple typically ends support for products around 6-7 years after it removes them from sale, so when will it end support for the M1? Potentially, not too soon.

Apple only stopped selling the M1 MacBook Air in 2024, which suggests support could continue until 2030 or 2031. So, if you bought an M1 MacBook Air in 2020, you’ve actually invested in something designed to work for you for a decade. Which PCs can truly deliver that?

No wonder the M1 MacBook Air refuses to die.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and read The Core.

Asus jako první výrobce uvedl OLED monitor v dosud netypické kombinaci rozlišení a úhlopříčky. Jeho novinka nazvaná ROG Strix OLED XG259QWPG Ace má 24,5 palce a mřížku 1920 × 1080 px. Používá lesklý Tandem WOLED panel od LG, který oproti předchozím generacím slibuje až o 15 % vyšší jas, o 25 % ...

Russia's domestic spy agency says it has uncovered a sprawling foreign espionage operation that allegedly turned the smartphones of senior Russian officials into pocket-sized surveillance devices, though it has so far offered little in the way of evidence. In a statement Tuesday, the Federal Security Service (FSB) claimed foreign intelligence agencies implanted malware on the mobile devices of high-ranking Russian officials, allowing operators to steal data, intercept conversations, and secretly activate microphones and cameras to monitor targets and their surroundings. “This software is used to steal existing data, eavesdrop on ongoing conversations, and conduct covert acoustic and video monitoring of the environment near electronic devices, all aimed at obtaining sensitive information,” the FSB said. The agency said it had opened a criminal investigation into illegal access to computer information and the distribution of malicious software. It did not identify the alleged intelligence service responsible, disclose how many officials were affected, name the malware involved, or provide any technical indicators that would allow independent verification of the claims. As things stand, the FSB has revealed the accusation but not the proof. However, the notion that foreign intelligence agencies might target the phones of senior Russian officials is hardly farfetched. State-backed mobile surveillance campaigns have become a routine feature of modern espionage, and Moscow has spent years accusing Western intelligence services of abusing consumer technology platforms for intelligence gathering. In 2023, the FSB claimed that thousands of iPhones had been compromised in a US National Security Agency spying operation. At the time, Russian security vendor Kaspersky disclosed what became known as “Operation Triangulation”, an iPhone surveillance campaign that infected devices through iMessage. Apple denied cooperating with any government, while Kaspersky stopped short of attributing the operation to the NSA. Moscow's spy agencies are hardly strangers to offensive cyber operations themselves. Last year, the FBI warned that hackers linked to the FSB's Center 16 were exploiting a years-old Cisco vulnerability to collect configuration files from thousands of network devices associated with critical infrastructure operators. So while the FSB's latest allegations may ultimately prove accurate, they lack the technical evidence security researchers would normally expect before accepting claims of a major cyber espionage campaign. ®