Agregátor RSS

UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline

A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…

Sex symbol dnes už neznamená jen odhalené tělo nebo jedna provokativní scéna. Film i publikum se posunuly a přitažlivost se dnes rodí z kombinace charismatu, stylu a silných rolí. Vedle ikon, které tento obraz formovaly, nastupuje nová generace hereček, jež mu dává úplně jinou podobu. Vybrali jsme ...

Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload

Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…

Broken laptops are not becoming easier to fix, despite the availability of public data about their repairability and growing support for right-to-repair legislation. That’s according to US PIRG Education Fund, a consumer protection nonprofit.

Its fifth annual Failing to Fix survey found Asus to be the most repairable laptop brand — although its score dropped compared to last year — and Apple the least repairable of those surveyed. Prominent enterprise PC suppliers Dell, HP, and Lenovo fell somewhere in the middle of the rankings.

While the report looks at consumer products, many of the issues highlighted by the report would apply to businesses too — particularly Apple, which sells the same models to everyone.

“We haven’t done the research, so don’t have the exact numbers,” said Nathan Proctor, senior director or Right to Repair. “But businesses buy the same products and Right to Repair issues are even more pronounced the more expensive that the device is.”

Repairability is not just about product design: It can also be affected by contract terms.

“A lot of companies will tie service to a maintenance contract, and enterprises will find themselves left short if they don’t sign up, said Proctor. “For example, they might not send the firmware needed for a repair, if the customer hadn’t signed up for such a maintenance contract.”

It is certainly the case that more enterprises will look at maintenance as part of the overall package and will not look at PCs or laptops in isolation but rather as part of a “PC as a service” (PCaaS) deal, according to market research firm IDC. In a survey from last year, it found that enterprises were paying more attention to sustainability. “We see more IT leaders considering the complete lifecycle when choosing IT products for the enterprise,” said Lara Greden, senior director market intelligence with IDC.

“In a recent IDC survey, 88% said end-of-first-life, or IT asset disposition services, are a critical or important factor in choosing PCaaS vendors, for instance. OEMs like Dell, HP, and Lenovo offer these services, often with partners, including Apto Solutions and Iron Mountain, for example,” she said.

This is also reflected in the longer laptop lifecycles that companies are implementing. The tradition approach taken by companies is to allow for three years before upgrading but that is no longer the case.

“Some companies still refresh on a fixed three-year lifecycle, but there is a trend towards lengthening lifecycles to four to five years and even more so, to replace only as needed. Services such as Dell Lifecycle Hub and Lenovo xIQ make use of device performance telemetry data to inform repair and replacement cycles,” said Greden.

The PIRG survey of 105 products revealed some to be wary of when it comes to considering whole lifecycles. Apple’s laptops scored the worst, rated C- by PIRG, just behind Lenovo. Businesses wanting to put repairability at the top of the list will look to Asus and Acer, the two top scorers in the PIRG ratings. “I think people were surprised by Apple’s ratings,” said Proctor, “but we found that they didn’t offer the same levels of software support.”

The repairability of a device is certainly a factor to be considered. “IDC research shows that the ability to repair PCs, and even to include refurbished PCs, in PCaaS contracts is a top-2 decision-making factor for choosing a PCaaS vendor,” said Greden.

This is not the first time that PIRG has had the IT industry in its sights. Last October, it was urging Microsoft to change its deadline for the end of Windows 10 support. It is now looking for the US to introduce the same sort of system for scoring system for repairability that France has introduced. Consumers there can see detailed information about how fixable consumer tech products are, with companies obliged to post an overall repair score based on standardized criteria when a product goes on sale.

Buyers elsewhere would benefit 100% from the same sort of labeling, said Proctor.

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]

No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue

Microsoft says that it will work on how it communicates with developers after two leading open source figures were suddenly locked out of their accounts, leaving them unable to sign updates.…

Kometu C/2025 R3 nejlépe spatříte mezi čtvrtou a pátou hodinou ranní • Na ranní obloze ji naleznete v oblasti známého souhvězdí Pegasa • Tento objekt naší sluneční soustavou prolétá poprvé a možná i naposledy

Wash your mouth out with digital soap

Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an attacker-controlled result and putting millions of users at risk, researchers have shown.…

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A federal appeals court in Washington has refused to suspend the Pentagon’s supply-chain risk designation against Anthropic, leaving defense contractors with conflicting legal signals over whether they can continue using Claude, and putting the ruling at odds with a separate federal court that reached the opposite conclusion last month.

“The equitable balance here cuts in favor of the government,” a three-judge panel wrote in its order Wednesday. “On one side is a relatively contained risk of financial harm to a single private company. On the other side is judicial management of how, and through whom, the Department of War secures vital AI technology during an active military conflict.”

The panel, comprising Judges Henderson, Katsas, and Rao, acknowledged that Anthropic “will likely suffer some degree of irreparable harm” but found its interests “seem primarily financial in nature” rather than constitutional.

The order states the ruling is not a final decision on the merits. Oral arguments are set for May 19.

Anthropic had asked the US Court of Appeals for the District of Columbia Circuit to pause the supply-chain risk designation issued March 3 by Secretary of War Pete Hegseth.

The label, according to the company’s court filings, bars it from Pentagon contracts and requires defense contractors to stop using Claude in military work. The court denied the request, conflicting with a US District Court in California that granted Anthropic a preliminary injunction on March 26, blocking a parallel designation under a related statute.

Acting Attorney General Todd Blanche called the ruling “a resounding victory for military readiness” in a post on X. “Military authority and operational control belong to the Commander-in-Chief and Department of War, not a tech company,” he wrote.

Vendor risk is no longer predictable

For enterprises, the split ruling creates a compliance problem with no clean answer. The order states the Department has canceled its contracts with Anthropic, begun removing Claude from its systems, and prohibited contractors from using it as a subcontractor on Pentagon work. It also states, however, that “the Department has not prohibited contractors from using Claude for work performed for entities other than the Department.”

That distinction does not resolve the uncertainty. Following the California injunction, the government filed a compliance status report on April 6, cited in legal analysis by Herbert Smith Freehills Kramer, confirming it had restored Anthropic access across federal systems. That compliance applied only to the California statute. The broader D.C. designation remains active.

Sanchit Vir Gogia, chief analyst at Greyhound Research, said enterprises are dealing with vendor risk that their procurement frameworks were not designed to handle. “It means a vendor does not have a single legal status anymore. It can be restricted under one framework and protected under another, at the same time. That is a very different world from the one enterprise procurement teams are used to operating in,” he said.

The timing mismatch compounds the problem, Gogia said. “Legal processes move on their own timelines. Procurement cycles move on to another. Architecture decisions, once made, are not easy to reverse. When those timelines fall out of sync, you end up locked into dependencies that may no longer be viable,” he said.

‘Any lawful use’ shifts governance into the contract

The case has implications beyond Anthropic, Gogia said. The “any lawful use” standard the Pentagon sought to impose is one that the General Services Administration is separately moving to codify across federal AI procurement.

If that happens, governance authority would move from vendor-defined safeguards into contract language, Gogia said. “The contract becomes the final authority, not the platform. Governance is no longer primarily enforced through design. It is enforced through legal agreement,” he said.

Large defense contractors required to operate under such terms will push equivalent requirements down their supply chains, Gogia said, meaning enterprises with no direct Pentagon exposure may still face similar obligations through their partners.

On Anthropic’s refusal to drop its ethical restrictions, he said the question enterprises ultimately ask is “not whether a vendor is ethical, but whether that vendor can remain usable across all the contexts in which the enterprise operates.”

Matt Schruers, CEO of the Computer & Communications Industry Association, which filed an amicus brief in the case alongside ITI, SIIA, and TechNet, said the outcome adds to an already difficult environment. “The Pentagon’s actions and the DC Circuit’s ruling create substantial business uncertainty at a time when US companies are competing with global counterparts to lead in AI,” he said in a statement.

The D.C. court directed both parties to address three unresolved threshold questions before May 19, including whether the court has jurisdiction over Anthropic’s petition at all, according to the order. Anthropic’s opening brief is due April 22. Anthropic did not immediately respond to a request for comment.

Líbí se mi tmavý motiv macOS, ale u některých interních aplikací zase tak dobře nevypadá, případně je méně čitelný. Standardně systém nedovoluje oddělit barevné nastavení softwaru. Existuje však trik, jak toho dosáhnout. Světlý a tmavý Finder Stačí nastavit systému tmavý motiv a jednotlivé ...

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how to turn those early warning signs into proactive defensive action before an intrusion begins. [...]

Firma Ojective Development vydala svůj nástroj pro monitorování a řízení odchozích síťových připojení Little Snitch i pro operační systém Linux. Linuxová verze se skládá ze tří komponent: eBPF program pro zachytávání provozu a webové rozhraní jsou uvolněny pod GNU GPLv2 a dostupné na GitHubu (převážně Rust a JavaScript), jádro backendu je proprietární pod vlastní licencí, nicméně zdarma k použití a redistribuci (cena přitom normálně začíná na 59€). Balíčky lze stahovat ze stránek Objective Development. (Little Snitch vyžaduje minimálně jádro 6.12 s BTF a momentálně nefunguje se souborovým systémem Btrfs, což má být v příští verzi opraveno.)

Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash

UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor was quietly redirected to an attacker-controlled account.…

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon [email protected]

Adobe’s Shantanu Narayen announced plans to step down as CEO last month after 18 years leading software vendor through several periods of tech change from the arrival of the cloud, mobile computing, and the early days of artificial intelligence.  

For whomever is tapped next for the top job — the search is expected to take several months — the biggest priority will be reshaping Adobe’s products and strategy for the next wave of agentic AI, analysts said.

“Ultimately, Adobe must evolve from a leader in creative tools to the system that connects content, context, and commerce in a world of real-time agentic interactions,” said Gerry Murray, research director at IDC.

Adobe CEO Shantanu Narayen (L) and Judson Althoff, CEO of Microsoft’s commercial business, speak on stage at Microsoft Ignite 2025. 

Microsoft

Narayen’s resignation, will “force the Adobe board to search for a leader who is not just a master of the subscription economy, but a visionary in the ‘agentic’ AI era,” Jim Lundy at Aragon Research said in a blog post last month.   

Adobe’s next CEO inherits a business that’s fundamentally strong, but entering a “more complex phase of execution,” said Maria Bell, senior research analyst at CCS Insight. “Under Shantanu Narayen, the company not only transitioned to a cloud subscription model, but built a highly integrated platform spanning creative, document and marketing workflows. 

“The challenge for his successor is less about transformation and more about proving that Adobe’s AI-led strategy can deliver consistent, long-term growth.” 

Questions about the company’s path ahead come as it prepares for Adobe Connect later this month in Las Vegas. The event runs April 20-22.

Adobe was among the early adopters of generative AI (genAI) with the launch of its Firefly model in March 2023, positioning itself as a commercially safe tool for enterprise customers such as IBM, Pepsi and Mattel to generate content. It later expanded Firefly with the addition of multi-modal AI tools that included video, vector and audio, while embedding Firefly across its software and rolling out GenStudio in 2024 to help businesses manage AI-generated at scale. 

Those moves have yet to reassure investors that the company is on solid footing. Adobe’s stock fell following its latest earnings report, despite seeing better-than-expected revenue and a three-fold year-on-year increase in AI-related sales.

Adobe had 850 million monthly users across Acrobat, Creative Cloud, Express and Firefly, according to its most recent financial results.

The company faces competition from a number of vendors, including Canva and Figma, which also offer creative design tools. It also must contend with AI providers such as OpenAI and Google that enable users to generate content via prompts.

“Adobe is no longer competing only with traditional design tools, but with a broader set of AI-native platforms and ecosystems that are reshaping how content is created and consumed,” said Bell. “This shifts the basis of competition from product capability to accessibility, integration and cost — putting pressure on Adobe’s historical pricing power.”

Although he will remain as chairman of the board, Narayen’s departure adds to the uncertainty around Adobe’s future. 

“While Adobe is currently in a position of strength,” said Lundy, “a leadership change of this magnitude often invites aggressive competitive maneuvers from rivals in the marketing and design tech stacks.” 

The key challenge for any successor will be “balancing Adobe’s professional-grade heritage with the increasing commoditization of creative tools driven by AI,” he said.

The most immediate pressure point for Adobe is its Creative Cloud suite, according to Murray, as competitors threaten Adobe’s dominance in the market. “AI-native tools are collapsing the value of skill, time, and complexity, especially for students and prosumers,” he said. “Adobe will need to rethink pricing and packaging around outputs rather than tools, while dramatically simplifying the user experience.” 

Nevertheless, Adobe retains a “significant structural advantage” in the strength of its product ecosystem and user base, said Bell. “Its tools remain deeply embedded among professional designers and creative teams, supported by a strong community built over decades.”

Another priority will be the need to differentiate its offerings from competitors that rely on similar AI models. This shifts competition away from engineering and towards a go-to-market strategy, Murray said, requiring Adobe to “innovate on pricing, packaging, and partners” to attract and retain users. 

Adobe has made “clear progress” embedding generative AI (genAI) tools across its portfolio, said Bell, but the move towards usage-based models — including generative credits and more flexible access models — “creates uncertainty around pricing, revenue predictability and margin sustainability.

“As such, the priority is moving from feature rollout to monetization discipline,” she said. 

There’s also the prospect that increasingly capable autonomous third-party AI agents could put pressure on Adobe’s margins. While some SaaS-pocalypse concerns are overblown — including the prospect that business customers will vibe-code their own enterprise apps – the emergence of increasingly capable AI agents could push software applications down to an infrastructure layer that agents access on behalf of humans. 

“AI is making it possible to recompose software dynamically, which threatens traditional application-layer value,” said Murray. 

At the same time, he noted that Adobe also has the opportunity to “redefine its moat” around agentic workflows and its ability to connect content and data for smarter automation.

To help Adobe adapt to these ongoing technological shifts, the next CEO will need to appoint a “central authority to align AI product strategy, platform architecture, and partnerships across business units” or lead the charge.

Adobe requires a “robust AI stack,” he said, but will have to find its place in a shifting landscape.  “… Adobe is unlikely to own the enterprise AI control plane, so success will depend on building an open, interoperable stack that integrates with hyperscalers while delivering differentiated value at the application and workflow level,” said Murray.

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf") first appeared on the VirusTotal platform on November 28, 2025. A second Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Evropský parlament v březnu odmítl prodloužení Chat Control 1.0. Jenže v EU probíhá trialog o Chat Control 2.0, který je svou konstrukcí matoucí. Plošné sledování chatů a e-mailů by explicitně nezavedl, ale služby by k němu stejně nejspíš donutil.

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]