Agregátor RSS

Před polovinou ledna svitla informace, že aktuálně očekávaný Arrow Lake-refresh se posouvá na začátek jara a Nova Lake, očekávaný ve druhém pololetí, se už letos nestihne. To však CEO Intelu popírá…

There are reports that a legitimate Microsoft email address—which Microsoft explicitly says customers should add to their allow list—is delivering scam spam.

The emails originate from [email protected], an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.

From Microsoft, with malice

According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. "It provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn’t allowed)," she said. The email, captured in the two screenshots below, looked like this:

Read full article

Comments

The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. [...]

The explosive growth of AI infrastructure is creating a mad dash for new data center capacity – and more data center staff – unlike anything seen before.

Demand for data center capacity could more than triple by 2030 due to growth in AI and other workloads, according to data from McKinsey.

Continue reading on Network World.

Meta also replaces a legacy C++ media-handling security library with Rust

Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …

Microsoft is warning admins of an Office security bypass zero day vulnerability that can be triggered simply by a user opening a document. The flaw is currently being actively exploited.

“The vulnerability is serious,” said Johannes Ullrich, dean of research at the SANS Institute. “The root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components. The effect is similar to what an attacker could do with Office Macros. But Office Macros are typically blocked for documents downloaded from the internet. Microsoft implemented similar protections for OLE components, but this recent exploit found a way to bypass them.”

Despite efforts by Microsoft and email gateway vendors, emails with malicious attachments are still a significant attack vector, he added.

“It is important that organizations roll up this update quickly. Until it has been applied, filters on email gateways or endpoint protection signatures may help mitigate the threat.”

Fortunately the vulnerability, CVE-2026-21509, which has a CVSS score of 7.8, is fixed automatically in Office 2021 and up, however, admins should note that these applications need a restart for the patch to take effect. For Office 2016 and Office 2019, there’s a separate patch.

Jack Bicer, director of vulnerability research at Action1, said that for security teams and CISOs “the urgency is real: don’t wait, prioritize this update immediately, and ensure all Office applications are restarted so the protections take effect without delay.” 

The flaw is exploited by sending malicious Office documents and convincing users to open them, “a classic technique that emphasizes the ongoing effectiveness of social engineering in real-world attacks,” he said.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the hole to its catalogue of known exploited vulnerabilities. Vulnerabilities in the catalogue must be remediated by federal civilian executive branch agencies by a specified date.

Asked for comment, a Microsoft spokesperson said the company recommends impacted customers follow the guidance on its CVE page. It also points out that Microsoft Defender has detections in place to block exploitation, and Office’s default Protected View setting provides an extra layer of protection by blocking malicious files from the internet.

“As a security best practice, we encourage users to exercise caution when downloading and enabling editing on files from unknown sources, as indicated in security warnings,” the spokesperson added.

The data center industry is racing toward a power crisis that technology alone will not be able to solve, according to Uptime Institute’s 2026 data center predictions report.

“Critical digital infrastructure continues to expand strongly,” said Andy Lawrence, executive director of research at Uptime Institute, in a statement. “At the same time, our research shows uncertainty about how AI will reshape demand. This is complicating both capacity planning and resiliency strategies. We are also seeing increasing fragmentation in the design and deployment of data centers and expect investment and innovation in carbon capture technologies, in AI, and automation in the data center itself.”

Continue reading on Network World.

Plus, the gang says it got in via Microsoft Entra SSO

ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.…

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. [...]

France plans to phase out American video conferencing services such as Zoom and Microsoft Teams within government agencies and replace them with its own proprietary tool, Visio. The goal is to strengthen security and protect confidentiality in public communications by reducing dependence on non-European solutions.

Visio has been tested in pilot form since last year and is now being rolled out to around 200,000 government employees. According to the French government, discontinuing licenses for external services could mean savings of around €1 million per year for every 100,000 users who switch.

The decision is in line with the EU’s increased focus on technological sovereignty. The European Parliament recently adopted a resolution calling for reduced dependence on foreign players in cloud services, software, and AI, especially since US-based companies dominate Europe’s cloud market.

The criticism concerns, among other things, legal risks linked to US legislation, such as the Cloud Act, which can give US authorities access to data, even when it is stored in Europe.

“This project is a concrete example of the Prime Minister’s and the government’s desire to regain our digital independence,” David Amiel, deputy minister for public administration and state reform, said in a statement. “We cannot take the risk of exposing our scientific exchanges, sensitive data, and strategic innovations to non-European players. Digital sovereignty is both a necessity for our public services, an opportunity for our businesses, and insurance against future threats.”

Na odměnu ve výši 300 Kč už nestačí jen pět plateb kartou. • Nově bude třeba si na účet poslat důchod, nebo 25 tisíc. • Kdo to nesplní, dostane jen 150 Kč.

The impact of AI on the labor market is more serious than previously expected, with entry-level jobs collapsing and white-collar jobs in danger, participants at the World Economic Forum (WEF) said last week.

“We expect over the next years, in advanced economies, 60% of jobs to be affected by AI either enhanced or eliminated or transformed, 40% globally. This is like a tsunami hitting the labor market,” Kristalina Georgieva, managing director of the International Monetary Fund (IMF), said during a panel discussion on the global economic outlook.

Young people searching for jobs will find it harder to get a good placement. “Wake up. AI is for real, and it is transforming our world faster than we are getting [it] handled,” Georgieva said.

Anthropic CEO Dario Amodei, was also blunt.

Half of entry-level white-collar jobs could be gone in “one to five years — [the prediction] as of six months ago, I would stick with that,” Amodei said, during a panel session focused on “The Day after AGI.”

White-collar jobs, which include knowledge workers and professionals in software, finance, research and science, will be affected, too. “I think maybe we’re starting to see just the little beginnings of it in software and coding,” Amodei said.

At Anthropic, Amodei said he envision a time when the company needs less people in junior and intermediate positions. “We’re thinking about how to deal with that within Anthropic in a sensible way,” he said.

Palantir CEO Alex Karp echoed that sentiment, saying after white-collar jobs are hit,  vocational jobs will become more valuable.

Vocational technicians, for instance, will still be needed to make batteries, but it’ll be harder for someone skilled in philosophy to find work, he said, noting he has an undergraduate degree in philosophy. 

“You hopefully have some other skill,” Karp explained in a fireside chat. “That one [a philosophy degree] is going to be hard to market.”

Those views dovetail with a Microsoft research study in December that said AI could affect information workers. Professions requiring manual labor, such as operating machinery, helpers and others, are least likely to be affected by AI — but they could see downward pressure on pay.

Jobs that require AI skills are getting much higher pay and raises, with salaries often  stagnant for jobs untouched by AI. “The jobs that are not touched…, they are kind of the same, they are paying now less,” the IMF’s Georgieva said. “So, the middle class inevitably is going to be affected.

“If adoption of AI is not relatively equal, we’re going to create more inequalities,” Georgieva said.

Even so, the ongoing AI infrastructure buildout will create new jobs, especially in  developing countries in areas such as energy, construction, telecom and maintenance, panelists said in a session titled “A Coming Jobs Challenge in Emerging Markets?” 

Professional labor has matured in developed markets such as the US and Europe, which is why those areas face a larger risk of job losses to AI. But the situation is different elsewhere.

“We cannot allow the jobs debacle to … widen the equity gap,” said Taufik Tengku Aziz, CEO of Malaysian oil company Petronas. The company is now working with the Malaysian government to make the country’s population AI literate.

“We don’t necessarily believe…AI will displace people. But companies without AI will do damage to [their] own people as we move forward,” Aziz said.

The participants at WEF panels were not all gloomy about how AI will affect jobs. They noted the impact of AI still can’t be easily measured — and its benefits might yet  outweigh any job losses. It could also create new careers.

As with any new breakthrough technology, “some jobs will get disrupted, but I think new, even more valuable — perhaps more meaningful — jobs will get created,” said Demis Hassabis, CEO of Google Deepmind.

In its December study, Microsoft noted how the arrival of ATMs actually created more work for bank tellers instead of replacing them. Banks wound up hiring more tellers to focus on higher-value work.

“Banks opened more branches at lower costs and tellers focused on more valuable relationship-building rather than processing deposits and withdrawals,” the researchers said in the study.

AI can also be seen as plus in some industries. Pfizer CEO AIbert Bourla, for example, sees AI as improving productivity across all sectors, and noted drug discovery and better health outcomes as examples of where the technology has been a boon.

“Are you asking me if in our labs maybe we could do the job with less scientists? Probably,” Bourla said. But Pfizer’s focus for now is on doing more with the same level of investments, he said.

Potřeba převézt 500 tun zásob 640 kilometrů divočinou přes Aljašku z Fairbanks k Severnímu ledovému oceánu dala vzniknout pozemnímu vlaku společnosti LeTourneau, který brázdil tuhý sever na podhuštěných kolech. Automobil dlouhý jako housenka musel odolat mrazům až −60°C a v případě poruchy hrozil ...

IT admins and CIOs should be aware that 2026 is effectively the final year of support for Intel-based Macs. Apple told us so at WWDC last year when it said, “macOS 26 (Tahoe) will be the final release for Intel Macs.” 

That means macOS 27 won’t support Intel chips.

When Apple announced its plans, they might have seemed long enough away for some IT purchasers to ignore them. But with only a few months to go until Intel Macs lose support, it’s now time to think again and upgrade any old Intel-based Macs you or your business may still be using.

Five years of Intel support

It’s hard to complain about the cadence of this part of the transition to Apple Silicon. Apple has been scrupulously fair in its approach to Intel Mac support, which has been available for five years — or about as long as most business users use their computers. The first M1 Macs appeared in November 2020.

Apple also says it will continue to provide security updates for some Mac models for another two years, which might help. You can’t wait forever, though, as the update cadence basically means those Intel Macs will cease to be secure in 2028.

It is important to recognize that there are other significant reasons to upgrade. Equipped with Apple Silicon chips, Apple’s latest machines are certainly the best available platforms for AI development and use and are about to get even better, thanks to the Google Gemini partnership. 

They are often even faster at running Intel-based Mac apps thanks to the Rosetta emulation the OS supports — these Macs are just that much better than what they replaced. Apple will remove most Rosetta features in macOS 28 in 2027.

AI needs more than Intel Macs can provide

Ultimately, AI adoption exposes the weakness of those Intel machines, which just aren’t up to the demands it makes. AI requires three vital ingredients: processor performance, energy consumption, and memory.

Intel-based Macs just don’t compete with the Macs Apple offers today – even a five-year-old M1 Mac mini leaves its Intel equivalent gasping in the dust. Apple Intelligence (and many third-party AI services) also thrive on use of the Neural Engine, which is only found in M-series chips.

The bottom line is that even as Dell is putting a stop to its “AI PC” marketing push, people are buying far more capable and affordable Macs instead. So, if you want to use future technologies in your business, there’s only one direction to take.

The other reason to upgrade comes from outside Apple.

Out with the old…

Developers also follow industry trends, and there are already many tools that rely on performance-driven AI that only function on M-series Macs. You’ll also find a growing number of enterprise-grade tools such as real-time XDR (Extended Detection and Response) services that only work to full effect when run on AI-capable hardware. (Intel Macs really struggle to run the AI that enables such services; the machines run hot and suffer throttled performance.)

And in the current tense threat environment, business partners won’t accept that you’re not running advanced security protection because you rely on a couple of old Intel Macs (or, worse, Windows 10 PCs) you haven’t upgraded yet. 

Developers are also responsive to the smash hit success of Apple Silicon Macs. That success means many of them have ceased working on their Intel Mac applications to focus on Apple Silicon, where the market is going. That means they aren’t being updated as frequently, if at all, leaving those third-party applications potentially vulnerable to attack when run on Intel Macs.

There is a little life left in these old computers. Since Apple will provide security updates for another two years, you’ll still be able to shift them on second-user markets for a little longer. But if you or your company are looking to upgrade some of the computers you picked up during the onset of the Covid epidemic in 2020, the end of Windows 10 support and the cessation of Intel Mac support mean you have some buying decisions to make.

Follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team

Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That’s why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.

Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.

Stronger Authentication Safeguards

We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android 16+.

More User Control for Failed Authentications: In Android 15, we launched Failed Authentication Lock, a feature that automatically locks the device's screen after excessive failed authentication attempts. This feature is now getting a new dedicated enable/disable toggle in settings, giving you more granular control over your device's security.

Expanding Identity Check to cover more: Early in 2025, we enabled Identity Check for Android 15+, which requires the user to utilize biometrics when performing certain actions outside of trusted places. Later in the year, we extended this safeguard to cover all features and apps that use the Android Biometric Prompt. This means that critical tools that utilize Biometric Prompt, like third-party banking apps and Google Password Manager, now automatically benefit from the additional security of Identity Check.

Stronger Protection Against Screen Lock Guessing: We’re making it much harder for a thief to guess your PIN, pattern, or password by increasing the lockout time after failed attempts. To ensure you aren’t locked out by mistake (by a curious child, for instance), identical incorrect guesses no longer count toward your retry limit.

Enhanced Recovery Tools

We're also enhancing our recovery tools to make them even more helpful. This update is now available for Android devices running Android 10+.

More Control for Remote Lock. Remote Lock (android.com/lock) is a crucial tool that lets you lock your lost or stolen device from any web browser. We are adding a new optional security question/challenge to the process. This helps ensure that only you, the real device owner, can initiate a lock, adding another layer of security to your recovery flow.

Proactive Protection: "Default-On" in Brazil

Keeping our users safe is a top priority, which is why we're working to make theft protection available out-of-the-box for more Android users. For new Android devices activated in Brazil, two of our key theft protection features are now enabled by default:

• Theft Detection Lock: Uses on-device AI to sense motion and context that may indicate a "snatch-and-run" theft. If a theft attempt is detected, it will quickly lock the device screen to help protect your data.
• Remote Lock: Allows users to lock their device from any device that provides a web access to android.com/lock without the need to have enabled the feature in advance.

This helps ensure new devices have a critical layer of theft protection from day one.

Continuing To innovate in Device Theft Protection

We’re always evolving our protections to stay one step ahead of thieves. Our ongoing updates help ensure that no matter where you go, you can have greater peace of mind knowing your device and data are protected by Android’s multi-layered defenses. Keep a lookout for even more Android theft protection updates.

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. [...]

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]