Agregátor RSS

Oživeno 01:37 | Starship lehce dopadl do vod Indického oceánu. Přistání opět živě přenášely kamery na dronech a robotických hladinových plavidlech vyzbrojených anténami Starlink. Pozemní personál je při dopadu v bezpečné vzdálenosti a k lodi dorazí později. Starship po převalení na bok ...

Linux privilege escalation starts once an attacker gets a foothold on a machine. Maybe it is a regular user account. Maybe it is an exposed application that nobody patched, or a reused password from another breach. Root access is usually the next objective. Attackers typically keep digging once inside, looking for a way to gain root privileges and remove the restrictions around them.

Vodafone láká na internet za zlomek ceny, E.ON odměňuje nové zákazníky tučným bonusem a Samsung nabízí druhé zařízení se slevou. Vybrali jsme akce, které se tento týden skutečně vyplatí.

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

„If you're not careful and you noclip out of reality in the wrong areas, you'll end up in the Backrooms, where it's nothing but the stink of old moist carpet, the madness of mono-yellow, the endless background noise of fluorescent lights at maximum hum-buzz…“ S výzkumem online temné turistiky liminálních prostorů se ztrácíte v místech, která v naší realitě neexistují.

Strong opposition kicks in when data center demand surpasses 5% of a country’s power supply.

As the AI boom accelerates, governments and utilities are struggling to keep pace with the industry’s huge energy demands. New figures suggest data centers now consume about 6 percent of electricity in the US, raising concerns about grid capacity and environmental impacts.

Data centers have always been energy-hungry, but the AI explosion is causing computing demand to skyrocket. The biggest data centers now consume as much electricity as small cities and are proliferating at breakneck speed.

A new report from the International Data Center Authority (IDCA) finds that the total power draw of all these facilities has now hit 67.7 gigawatts—a 36 percent jump over two years. The US alone accounts for 29.2 gigawatts of that total, roughly 43 percent of global consumption.

“Our real-time data shows that many very large AI factories are coming into operation, spiking up total US consumption,” Mehdi Paryavi, CEO and founder of IDCA, told Data Center Knowledge. “The US now devotes 6 percent of its total electricity to data centers.”

That could be a significant milestone, as the report warns that “significant community and political pushback starts to occur in nations once their data center footprints have reached the 5 percent consumption level of national grids.” The US isn’t alone—the UK is now using 5.8 percent of its electricity to power data centers, and in Germany, the figure has hit 9.5 percent.

Opposition is growing.

Hundreds of state-level bills to regulate data centers have been introduced, according to the report. In Maine, the legislature passed a bill that would have barred construction of data centers bigger than 20 megawatts until 2027. Maine’s governor, Janet Mills, vetoed the bill, and the legislature failed to override the veto. But Mills later signed an executive order forming a council to investigate the impact of data centers in the state, with recommendations due in early 2027.

Local planners are also refusing to issue new permits due to energy scarcity. For example, developers in Northern Virginia’s Data Center Alley, a region already densely packed with the facilities, will have to wait until 2032 to launch new projects.

Water usage is an equally important concern in many areas. The vast majority of data centers rely on water-cooled chillers or evaporative cooling towers that can consume millions of gallons daily. A single large facility can potentially draw as much water as 6,500 households. Modern AI facilities increasingly use more modern closed-loop liquid cooling systems that require minimal ongoing water use, but these account for a small proportion of the overall data center fleet.

The report suggests that some of this negative reaction is also self-inflicted. Developers routinely use locally registered entities with generic names that obscure who is actually behind a project, leading to a lack of trust in local communities.

“Before being swept along by the enthusiasm of tech billionaires whose profits depend on this expansion, we should pause and ask ourselves whether it’s worth the price,” Greenpeace UK’s chief scientist Doug Parr told the Guardian in response to the findings.

“We need more transparency about the amount of water and energy used by data centers, proper environmental impact assessments, and a ban on new polluting plants being built to power AI.”

It’s not only new projects putting strain on the grid though. The report found that an estimated 13 percent of US cloud consumption, totaling more than 3 gigawatts, comes from so-called “zombie” workloads—abandoned test environments and unused applications that continue to draw power without doing any useful work.

In addition, there are thousands of smaller data centers embedded in corporate buildings and regional offices drawing considerable amounts of power. These are often missed by consumption estimates that typically focus on large hyperscale campuses, but the IDCA says they account for at least 15 percent of total data center power consumption, in part because they are considerably less efficient than their larger counterparts.

The problems are only likely to get worse though, as tech companies show no signs of slowing down. Annual global data center spending is approaching $1 trillion, with up to $700 billion anticipated in the US alone in 2026, the report notes.

Whether grids will be able to absorb all that new capacity, and how hard local communities fight back against developments, may well end up being a deciding factor in whether the AI boom keeps rolling or fizzles out.

The post Data Centers Now Consume 6% of US Electricity—and the Backlash Has Begun appeared first on SingularityHub.

A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists. Between September 2025 and May 2026, the “low-skilled” scumbag using the handle bandcampro partnered with the LLM to impersonate an American veteran, run a Telegram channel (@americanpatriotus), hack admin credentials, and steal cryptocurrency, according to a threat report from TrendAI. His only "real cost" in the operation was stolen API keys. Bandcampro ultimately reached about 17,000 subscribers, used 73 likely-stolen Gemini API keys, hacked 29 WordPress admin credentials, infiltrated at least one company, and emptied at least one victim’s cryptocurrency wallets, according to TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov. The threat-hunters detailed the campaign in a Thursday report, and said while the Telegram channel dates back five years, bandcampro’s success skyrocketed once he started using AI-generated content last fall. "We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI’s VP of AI security and threat research, told The Register, adding that “bandcampro's conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.” Kellermann said the attack “highlights LLMs' Achilles heel, which is the tremendous exposure to API attacks." TrendAI researchers discovered the scammer’s infrastructure in May, which exposed the full contents of the individual’s operational environment. He used Google Gemini to generate the Telegram channel text and Venice.ai to power an interactive chatbot designed to simulate a Quantum Financial System (QFS) terminal. Neither Google nor Venice responded to The Register’s requests for comment. The campaign targeted the QAnon and MAGA communities, mimicking the cryptic, anonymous “Q drop” messages at the heart of the QAnon conspiracy, but the researchers say his “use of information operation techniques was more likely for cryptocurrency fraud instead of political motives,” based on the content posted, and the stock remote access trojan (RAT) used alongside other commercial malware. On September 9, 2025, the actor posted a fake "freedom-first, self-custody wallet" called StellarMonster, with a welcome bonus of up to 1,000 XLM (about $380) on the Telegram channel. It was an executable named StellarMonSetup.exe. Malware analysis determined that in reality, StellarMonSetup.exe is a legitimate remote access tool called GoToResolve, which gives the operator a persistent remote desktop session with file access, command execution, and clipboard capture. Plus, any subscribers who used the "import your wallet" function and typed their seed phrase into the fake import screen gave the attacker their wallet keys. “At least one victim's crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner's 40+ wallet addresses harvested across all major chains,” the researchers noted. The attacker also used an AI-powered brute-forcing tool to hack WordPress accounts, we’re told. “The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists,” Trend wrote. In total, the AI-assisted WordPress hacking operation cracked 29 WordPress administrator accounts, including those belonging to weapons retailers, legal offices, medical practices, and small commercial sites. During his conversations with Gemini, bandcampro asked questions like: “When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?” The criminal also asked how professional crypto call centers scam North American victims and Gemini suggested Medicare and/or Health Canada fraud targeting the elderly. The Russian speaker also automated his content campaign through a pipeline he named "Quantum Patriot," a set of Python scripts that called Gemini to role-play as an American veteran patriot. The pipeline fed a preset list of newsfeeds into the LLM and Gemini rewrote them, prompted to act as an admin of an “American Patriot” channel looking for “hidden angles.” The crypto- and credential-thief also used Gemini to help him hack, set up a command-and-control framework - including a mail-testing tool, a Gmail aggregator, and an anonymous proxy on a VM in the Netherlands - steal and validate credentials, and run the chatbot. “In the anatomy of one busy working day, Gemini deployed servers, helped debug code, automated workflows, wrote a script to rotate API keys, and managed the actor’s Cloudflare tunnels,” the TrendAI researchers wrote. “The actor prompted in Russian, while the LLM reasoned and replied in English. Over one 16-hour session, the actor co-worked with Gemini end-to-end." At one point, after a nine-hour pause from the human partner, which the authors say “was likely a 9-hour sleep,” bandcampro found the bot posting every 20 minutes without a break - but with Russian slang appearing in the English posts. So he opened another session to fix it. “What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models,” Trend’s team warned. ®

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon. Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI/CD credential-stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories. If a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further, Ox Security lead researcher Moshe Siman Tov Bustan said in a Thursday blog post. Megalodon steals AWS secret keys and Google Cloud access tokens. It also queries AWS, Google Cloud Platform, and Azure metadata for instance role credentials, reads SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and scans source code for more than 30 secret regex patterns. Then it exfiltrates GitHub tokens, including secrets used to authenticate with cloud providers, thus allowing attackers to impersonate developers’ cloud identities, along with Bitbucket tokens. In other words: consider ALL of your CI/CD variables pwned. "We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning,” Bustan told The Register. “What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide.” Plus, he added, hacking GitHub “compromises the security of every company with a private repository hosted on the platform.” This new wave of supply chain attacks hitting developers’ environments won’t stop until “companies like npm and GitHub take serious action against the spread of malicious code on their servers,” Bustan said. He noted npm’s statement on X saying it “invalidated npm granular access tokens with write access that bypass 2FA” to prevent additional supply-chain attacks like Mini Shai Hulud. “That could help a little with account hijacking, but it doesn’t solve the actual problem,” Bustan said. “Malicious code is still reaching their servers, and nothing is stopping it before it does.” npm … but not TeamPCP SafeDep spotted Megalodon hidden inside a legitimate package: Tiledesk, an open source live chat and chatbot platform. The attacker backdoored versions 2.18.6 (May 19) through 2.18.12 (May 21), and the same npm maintainer published the last clean version, 2.18.5, before unknowingly publishing these newer compromised versions. “The attacker never touched the npm account,” the open source supply-chain security startup researchers said. “They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.” While publishing malicious packages on npm is a TeamPCP signature move, Bustan said there’s no threat-intel or code-analysis evidence that connects Megalodon to the crew behind the Trivy, Checkmarx, and other recent supply-chain attacks. “Our best guess now is that it's a different threat actor copying their behavior and style, but not much of the code itself,” he told us. And despite TeamPCP open sourcing its Shai-Hulud worm and announcing a supply-chain attack competition on BreachForums, Ox doesn’t believe Megalodon is a contest entry. “We have indications that they are not participating in the TeamPCP contest due to the contest having a specific rule to add a public encryption key that the actor behind the malware could match with his private key to prove his involvement,” Bustan said. Who is built-bot? SafeDep’s threat hunters traced the malicious commit (acac5a9) to an author “build-bot,” connected to the email address build-system[@]noreply.dev with the message “ci: add build optimization step.” The author name and noreply email mimic automated CI commits, and there’s no GitHub account linked to the author and committer user fields. “Someone pushed the commit to master with no PR and no merge commit, using a compromised PAT or deploy key,” according to the researchers. They searched GitHub for other commits authored by the same email address and found 2,878 results, plus a second email, [email protected], with an additional 2,841 commits. All landed May 18 during a six-hour window (11:36 to 17:48 UTC) and targeted 5,561 repositories. This includes nine compromised Tiledesk repositories: tiledesk-server, tiledesk-dashboard, tiledesk-telegram-connector, tiledesk-llm, tiledesk-docker-proxy, tiledesk-community-app, tiledesk-campaign-dashboard, tiledesk-helpcenter-template, and tiledesk-ai. Others include Black-Iron-Project with eight compromised repos, WISE-Community, and hundreds of smaller repositories. ®

The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed.

Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device with keys that are available only to the receiver's. By definition, E2EE means that no one else—including the platform itself—can read the plaintext messages.

In sworn testimony before two US Senate committees in 2018, CEO Mark Zuckerberg said Meta does “not see any of the content in WhatsApp; it is fully encrypted” and that “Facebook systems do not see the content of messages being transferred over WhatsApp.” The engine for this E2EE is the Signal protocol, an open source code base that multiple third-party experts have said lives up to its promises.

Read full article

Comments

The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365.

It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account.

The scam works in a similar way to most phishing attacks. An attacker sends an email purporting to be from a trusted cloud document sharing service, including instructions to enter a particular code on a legitimate Microsoft site.

The code, however, authorizes the attacker’s device to access the victim’s Microsoft account.

The FBI has issued a set of instructions for IT security managers to help mitigate the Kali365 attack before it affects their users. These include creating a conditional access policy to block code flow for all users, with exceptions for the necessary business processes. Managers should also block authentication transfer policies, preventing users from handing over their access rights from a corporate PC to a mobile device.

Phishing remains a major threat for organizations. According to a World Economic Forum report from January this year, CEOs worldwide see it as the main security threat. It’s also something that is not going away, 77 percent of organizations think that the number of phishing attacks has increased in the past year. Kali365 has just added to that number.

This article first appeared on CSO.

Microsoft představil Azure Linux 4.0 a Azure Container Linux. Na konferenci Open Source Summit North America 2026 organizované konsorciem Linux Foundation a sponzorované také Microsoftem. Azure Linux 4.0 vychází z Fedora Linuxu. Azure Container Linux je založen na projektu Flatcar. Azure Linux (GitHub, Wikipedie) byl původně znám jako CBL-Mariner.

The recent FamousSparrow attacks reportedly relied on exposed web applications, ProxyLogon exploitation, and other well-known server-side vulnerabilities. 

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. [...]

Meta is the latest company to trim its workforce as a result of the growing use of AI within the industry. The company laid off 8,000 employees earlier this week, while also moving 7,000 more to AI-focused roles.

“AI is the most consequential technology of our lifetimes,” Zuckerberg said in a memo that he sent to employees, informing them of the cuts.  “The companies that lead the way will define the next generation,” he added.

The company has not revealed too much detail of the changes in the workforce, but it’s clear that jobs focused on AI infrastructure will be protected.

Meta is not alone in announcing cuts. In a blog this month, Cisco said it was cutting 4,000 jobs and Microsoft is looking at inciting employees to take voluntary retirement for the first time.

The Meta reorganization is following the trend that businesses that don’t adapt to AI usage will struggle. Earlier this year, PwC US CEO Paul Griggs caused consternation when he suggested that executives who failed to get to grips with AI had a limited future in the company.

While workforces are increasingly dependent on AI as a path to progress, IT departments are not necessarily on top of the game. A Dataiku survey earlier this year revealed that 74% of CIOs were fearful that their career paths were dependent on AI outcomes.

European authorities have cracked down on a VPN that has been used for various criminal activities.

The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large-scale fraud, data theft, and other serious offences.

While First VPN’s fates seems well-deserved, there are concerns about wider attempts by governments and law enforcers to clamp down on users of VPN services. Various legislations have tried to implement new laws restricting access to the internet, in particular, those seeking to limit minors from accessing social media and other sites deemed inappropriate by authorities. Australia has already brought in such a law and the UK is looking to follow suit. However. VPNs providers have fought back, claiming that their offerings are a vital tool in the preservation of the internet as a free and open service — and in securing regular business activities for many enterprises.

Ina recent blog post Mozilla said, “Blunt interventions like mandatory age assurance and restricting access to tools like VPNs are not effective in improving the protection afforded to young people online, while undermining the fundamental rights of all users.”

Any restrictions against VPNs in the US are likely to fall foul of the First Amendment. Attempts by lawmakers to prohibit their use, such as the one proposed in Utah, are looking unlikely to succeed.

Europoslankyně Markéta Gregorová (Piráti) poodhaluje zákulisí přípravy nařízení Chat Control 2.0. Kdyby bylo schváleno, umožnilo by technologickým firmám plošně sledovat naši komunikaci. Před pár týdny skončila platnost první verze, která ukázala neefektivitu přístupu. Ani Evropský soud pro lidská ...

A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI age, attackers can find and exploit system vulnerabilities at a dangerously fast rate.

While widely reported, the proof-of-concept exploit was of limited significance because it required direct physical access to the target device; what matters most is that it is a very real illustration of the new security reality.

AI doesn’t care whose side you’re on

AI boosts productivity for everyone, including attackers. In this case, the technology augmented the human security research team’s efforts, enabling them to identify a weakness in Apple’s security system. This won’t be the first time AI gets used to identify hard-to-find bugs and certainly won’t be the last.

This should be a real concern to any platform provider, as it means the most well-resourced attackers will be leaning deep into AI to help them find vulnerabilities. And as AI improves, the capacity it provides will inevitably become more dangerous.

That’s even before you consider that some attackers work for the kind of state and state-adjacent entities that can afford aircraft carriers. 

When nation-states come knocking

Access to such extensive resources means future AI-augmented attacks will have at their disposal the most powerful computational AI money can buy, which probably boils down to quantum computers.

The threat of quantum computers has been discussed since the 1990s. These systems are expected to be quite capable of breaking the encryption keys on which digital existence is built, and things will not be the same when they do. We don’t have long to wait until that threat becomes real. Google recently warned quantum computers will be able to hack into some, though not all, encrypted systems by 2029. 

Once Q-Day breaks, there will be no going back. And just as Mythos AI was able to help security researchers break into Apple’s core security today, quantum computer-augmented AI is likely to open even more dangerous security frontiers. The Global Risk Institute warns organizations “should take immediate action to address this significant cyber risk.”

What you can do while the industry catches up

What actions can we take now? We have to look to the tech firms to develop tech to protect us against tech:

• Google, for example, is investing in post-quantum cryptography (PQC) digital signature protection and will put similar protections in place across its own authentication services in the next couple of years. 
• Apple says it has also deployed quantum-secure cryptography across a wide range of protocols, “prioritizing applications involving sensitive user information where attackers could harvest encrypted communications at scale.” 
• Cisco is deep into developing quantum-secure networks, working with network partners such as Orange Business to protect enterprise and public-sector data from future quantum threats.

These protections will help secure some of the most important elements of the computing experience, but they won’t cover everything, leaving a less certain threat environment in which many of the least-resourced software developers are exposed.

Legacy systems, particularly around critical infrastructure and key industries like health or finance, will be particularly exposed. You really, really don’t want key systems at your hospital or bank to rely on insecure and unsupported Windows 10 machines, for example. (You’d be better of with a MacBook Neo — truly, you would.)

Apple is not a badly resourced developer, which means it has no choice but to invest heavily in additional security to protect its platforms against both quantum and AI threats. We’ve also got to prepare for even more complex attacks down the road, as the two powerful technologies converge (to the detriment of security).

Gather ye while you can

We know nation-state actors are already hoovering up huge quantities of encrypted data, as they hope to be able to decrypt it once quantum capability matures. (There’s even a name for this, HNDL, which stands for Harvest Now, Decrypt Later.)

You don’t need to panic. These new breed attacks will be massively expensive to put together, which suggests they’ll be used against the same high-value targets Apple built Lockdown Mode to protect. What we saw happen with the NSO Group, which made the Pegasus attack you can now buy on the dark web, and other similar exploits that leaked over time, show that sophisticated attacks will inevitably seep into general use over time.

For now you can choose to use quantum ready messaging services such as iMessage and, while we wait for PQC-compliant password managers to ship, at least make sure to use highly secure passwords for key apps and services. And monitor the news for AI-augmented security exploits against Apple equipment. And as always, never leave your Mac unattended anywhere people you don’t know or trust can reach it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.