Agregátor RSS

**Ruská hackerská skupina APT28 ovládla zranitelné routery. **Jejich prostřednictvím pak přesměrovala provoz, získávala hesla a další údaje. **FBI a české Vojenské zpravodajství proti útočníkům zasáhly.

Ruská hackerská skupina APT28 ovládla zranitelné routery. • Jejich prostřednictvím pak přesměrovala provoz, získávala hesla a další údaje. • FBI a české Vojenské zpravodajství proti útočníkům zasáhly.

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures. "Built for Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Téměř v každém sci-fi z nedaleké budoucnosti komunikuje posádka kosmických lodí s rodinou skrze vestavěné zařízení s obrazovkou. Ať už kdesi na hlavní palubě, nebo v soukromých kajutách. Jak to ale funguje v lodi Orion, která v noci z neděle na pondělí oblétla Měsíc? V 93miliardovém rozpočtu ...

Google Chrome konečně nabídne vertikální zobrazení karet. • Konkurenční prohlížeče tuto funkci mají už roky. • Chrome také nabídne celoobrazový režim čtení.

Tvůrcem nejpopulárnější kryptoměny bitcoin, který se skrývá za pseudonymem Satoši Nakamoto (Satoshi Nakamoto), je britský kryptograf Adam Back. Na základě vlastní investigativní práce to tvrdí americký deník The New York Times (NYT). Několik indicií podle autorů jasně ukazuje na to, že Back a Nakamoto jsou stejný člověk. Jde mimo jiné o podobný odborný a osobnostní profil či totožné chyby a manýry v psaném projevu.

A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic hardware to break weak passwords. [...]

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Většina cyklistů maže řetěz olejem a nevidí na tom nic špatného – že je nutné to dělat pořád dokola a je kolem toho mazlavá špína, prostě patří k věci. Ti, kteří chtějí posunout svoji hru na vyšší level, řetězy voskují – nešpiní se, vydrží déle, ale dá to práci a je to drahé. Projekt Cha (jako ...

People often think of containers as locked boxes that keep software separate from the rest of the computer. In reality, that safety depends on a chain of digital gatekeepers. If one gatekeeper misses a signal, the whole box opens up.

Google Chrome 147 byl prohlášen za stabilní. Nejnovější stabilní verze 147.0.7727.55 přináší řadu novinek z hlediska uživatelů i vývojářů. Podrobný přehled v poznámkách k vydání. Vylepšeny byly také nástroje pro vývojáře. Přehled novinek v Chrome DevTools 145 až 147 také na YouTube.

Projekt AI gigatováren v EU se zpožďuje, podmínky výzvy stále chybějí a termín není jasný • . • Česko chce investovat miliardy, ale kvůli odkladům hrozí růst nákladů i technologické zastarávání. • Evropské tempo brzdí byrokracie, zatímco USA a soukromníci budují AI centra rychleji.

Studio Madfinger Games před dvěma lety udělalo rozruch na poli extrakčních stříleček. Gray Zone Warfare se stalo silnou alternativou pro populární Escape From Tarkov. Postupem času zájem znatelně upadl, ale vypadá to, že chytá druhý dech. Čerstvě vyšel obšírný update Spearhead, který překopává řadu ...

ChipSoft's website remains down but emails are functioning

A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say.…

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and [email protected]

The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns, researchers said Tuesday.

An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU, researchers from Lumen Technologies' Black Lotus Labs said. The threat group has operated for at least two decades and is behind dozens of high-profile hacks targeting governments worldwide. APT28 is also tracked under names including Pawn Storm, Sofacy Group, Sednit, Tsar Team, Forest Blizzard, and STRONTIUM.

Technical sophistication, tried-and-true techniques

A small number of routers were used as proxies to connect to a much larger number of other routers belonging to foreign ministries, law enforcement, and government agencies that APT28 wanted to spy on. The group then used its control of routers to change DNS lookups for select websites, including, Microsoft said, domains for the company’s 365 service.

Read full article

Comments

Vývojáři z Laboratoří CZ.NIC vydali nové verze aplikací Datovka (Datovka 4.29.0, Mobilní Datovka 2.6.2). V případě desktopové verze přibyly možnosti projít všechny uložené zprávy, zkontrolovat časy expirací časových razítek a přerazítkovat datové zprávy, které lze v ISDS přerazítkovat. Novinkou je také možnost vytahovat myší ze seznamu ZFO soubory datových zpráv, tento úkon jde udělat i pomocí tlačítek Ctrl+C. Nová verze Mobilní Datovky přináší jen drobné úpravy.

Chinese AI company Z.ai has launched GLM-5.1, an open-source coding model it says is built for agentic software engineering. The release comes as AI vendors move beyond autocomplete-style coding tools toward systems that can handle software tasks over longer periods with less human input.

Z.ai said GLM-5.1 can sustain performance over hundreds of iterations, an ability it argues sets it apart from models that lose effectiveness in longer sessions.

As one example, the company said GLM-5.1 improved a vector database optimization task over more than 600 iterations and 6,000 tool calls, reaching 21,500 queries per second, about six times the best result achieved in a single 50-turn session.

In a research note, Z.ai said GLM-5.1 outperformed its predecessor, GLM-5, on several software engineering benchmarks and showed particular strength in repo generation, terminal-based problem solving, and repeated code optimization. The company said the model scored 58.4 on SWE-Bench Pro, compared with 55.1 for GLM-5, and above the scores it listed for OpenAI’s GPT-5.4, Anthropic’s Opus 4.6, and Google’s Gemini 3.1 Pro on that benchmark.

GLM-5.1 has been released under the MIT License and is available through its developer platforms, with model weights also published for local deployment, the company said. That may appeal to enterprises looking for more control over how such tools are deployed.

Longer-running coding agents

Z.ai says long-running performance is a key differentiator for the company when compared to models that lose effectiveness in extended sessions.

Analysts say this is because many current models still plateau or drift after a relatively small number of turns, limiting their usefulness on extended, multi-step software tasks.

Pareekh Jain, CEO of Pareekh Consulting, said the industry is now moving beyond tools that can answer prompts toward systems that can carry out longer assignments with less supervision.

The question, Jain said, is no longer, “What can I ask this AI?” but, “What can I assign to it for the next eight hours?”

For enterprises, that raises the prospect of assigning an agent a ticket in the morning and receiving an optimized solution by day’s end, after it has run hundreds of experiments and profiled the code.

“This capability aligns with real needs such as large refactors, migration programs, and continuous incident resolution,” said Charlie Dai, VP and principal analyst at Forrester. “It suggests that long‑running autonomous agents are becoming more practical, provided enterprises layer in governance, monitoring, and escalation mechanisms to manage risk.”

Open-source appeal grows

GLM-5.1’s release under the MIT License could be significant, especially for companies in regulated or security-sensitive sectors.

“This matters in four key ways,” Jain said. “First, cost. Pricing is much lower than for premium models, and self-hosting lets companies control expenses instead of paying per use. Second, data governance. Sensitive code and data do not have to be sent to external APIs, which is critical in sectors such as finance, healthcare, and defense. Third, customization. Companies can adapt the model to their own codebases and internal tools without restrictions.”

The fourth factor, according to Jain, is geopolitical risk. Although the model is open source, its links to Chinese infrastructure and entities could still raise compliance concerns for some US companies.

Dai said the MIT license makes it easier for companies to run the model on their own systems while adapting it to internal requirements and governance policies. “For many buyers, this makes GLM‑5.1 a viable strategic option alongside commercial models, especially where regulatory constraints, IP sensitivity, or long‑term platform control matter most,” Dai said.

Benchmark credibility

Z.ai cited three benchmarks: SWE-Bench Pro, which tests complex software engineering tasks; NL2Repo, which measures repository generation; and Terminal-Bench 2.0, which evaluates real-world terminal-based problem solving.

“These benchmarks are designed to test coding agents’ advanced coding capabilities, so topping those benchmarks reflects strong coding performance, such as reliability in planning-to-execution, less prompt rework, and faster delivery,” said Lian Jye Su, chief analyst at Omdia. “However, they are still detached from typical enterprise realities.”

Su said public benchmarks still do not capture the messiness of proprietary codebases, legacy systems, and code review workflows. He added that benchmark results come from controlled settings that differ from production, though the gap is closing as more teams adopt agentic setups.

Two practice web addresses appear to have been compromised

Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.…