Agregátor RSS

OpenAI’s GPT-5.2 Pro does better at solving sophisticated math problems than older versions of the company’s top large language model, according to a new study by Epoch AI, a non-profit research institute.

GPT-5.2 Pro solved four problems that had been too difficult for any other AI models to solve, and of the 13 problems that any other model had previously solved, it was able to solve 11, Epoch reported.

This means GPT-5.2 Pro had solved 31% of Epoch AI’s challenges, a rise from the previous score best of 19%.

Math problems have long proven difficult for AI. Scientists have speculated that this could be because AI systems can’t recognize their own limitations, while others have surmised that the issue is that AI are focused on language and not on numbers, leading to a few stumbles along the way. 

The Epoch AI experiment has demonstrated that AI is becoming more adept at some of the trickier math issues. In the test, GPT-5.2 Pro was presented with problems from various branches of math.

Joel Hass, a professor in the department of mathematics at University of California, Davis, contributed one of the problems solved by GPT-5.2 Pro. He told Epoch AI he was impressed with the way it cracked his topological challenge.  “GPT-5.2 Pro solved the problem with correct reasoning. Notably it was able to recognize the specific geometry of a surface defined by a polynomial in the problem statement,” he said.

Number theorist Ken Ono of the University of Virginia contributed another of the problems. He said that the AI model had “understood the essential theoretical trick and executed the necessary computations” to solve it, but added, “If it was a PhD student I would award only 6/10 for rigor due to missing details.”

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. [...]

Microsoft gave Windows users’ BitLocker encryption keys for to US law enforcement officers, providing access to encrypted data, according to a news report.

The US Federal Bureau of Investigation approached Microsoft with a search warrant in early 2025, seeking keys to unlock encrypted data stored on three laptops in a case of alleged fraud involving the COVID unemployment assistance program in Guam. As the keys were stored on a Microsoft server, Microsoft adhered to the legal order and handed over the encryption keys, Forbes reported on Friday.

Microsoft did not immediately respond to a request for comment.

There have been instances in the past where the big tech companies were approached by law enforcement for access to devices but have resisted handing encryption keys to authorities.

BitLocker is a widely used tool for securing data at rest, whether by individuals or enterprises managing hundreds or thousands of Windows devices. By default, many Windows installations back up BitLocker recovery keys to Microsoft’s cloud services, where Microsoft can retrieve them if legally compelled with a valid order.

Custody issue, not BitLocker

BitLocker is designed to provide encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. As BitLocker is bunded with Windows 10 and Windows 11, it has effectively become the default full-disk encryption layer across Windows endpoints, say experts.

“BitLocker itself does not fail here. The software does what it is built to do, encrypts the disk, integrates into Windows, allows for easy recovery,” said Sanchit Vir Gogia, chief analyst at Greyhound Research.

While the encryption of BitLocker is robust, enterprises need to be mindful of who has custody of the keys, as this case illustrates.

“The encryption engine in BitLocker, using AES-128 or AES-256 in XTS mode, is built to resist modern cryptanalysis. Even the US Department of Homeland Security has admitted they lack the forensic tooling to break it directly. However, most enterprise fleets running Windows use tools like Intune and Autopilot to roll out and manage devices. In that flow, unless explicitly disabled, recovery keys are automatically backed up to Microsoft Entra ID. These keys are then viewable via the admin centre or retrievable through scripts,” Gogia said.

Where most enterprises go wrong

Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.

The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even if stored in corporate-controlled directory or service such as Microsoft Entra ID or Intune, there should be strong governance on who can read the keys, with effective logging and just-in-time access, said Amit Jaju, a global partner at Ankura Consulting. This can cut Microsoft out of the recovery loop, he said.

If keys have to reside in Microsoft’s cloud, use strong multi-factor authentication for admin roles, with conditional access and privileged-access workstations so a compromise of admin credentials does not automatically become a compromise of all keys, he said.

Enterprises should ensure strict access control and separation of duties. “Only a small, vetted group such as security operations, endpoint engineering, should have rights to view or export recovery keys. Approvals should be workflow-based, not ad hoc. Every key retrieval should leave an auditable, immutable trail, and ideally be tied to an incident or ticket ID,” said Jaju.

CISOs should also ensure that when devices are repurposed, decommissioned, or moved across jurisdictions, keys should be regenerated as part of the workflow to ensure old keys cannot be used.

Gogia warned of the long tail of insecure setups. Personal accounts linked during provisioning, or BYOD devices that silently sync keys to consumer dashboards, are invisible pathways for leakage. “If those keys sit outside your boundary, you no longer have a clean chain of custody. That’s not a theoretical risk. It’s something auditors are now actively checking,” he said.

As many breaches are not cryptographic but procedural, enterprises should have a formal playbook for when a recovery key can be used (lost PIN, internal investigation with legal approval, lawful order) and when it cannot (informal manager request to access an employee’s data), noted Jaju.

Geopolitics reshaping enterprise data and key control

Geopolitical tensions are also reshaping global trade and technology policies, something enterprises increasingly need to factor into their security strategies. As governments assert greater control over data, trade secrets and proprietary information risk becoming entangled in broader state interests.

Gogia warned, “The US CLOUD Act allows law enforcement to compel US-based providers to hand over data and keys, even if that data is hosted in Europe or Asia. Similarly, Chinese data localisation rules require keys and data to be accessible to state regulators. In India, recent legislation has introduced broad access rights for security agencies. And the EU is debating whether sovereignty must include key custody by design, not just data residency.”

If recovery keys are stored with a cloud provider, that provider may be compelled, at least in its home jurisdiction, to hand them over under lawful order, even if the data subject or company is elsewhere without notifying the company. This becomes even more critical from the point of view of a pharma company, semiconductor firm, defence contractor, or critical-infrastructure operator, as it exposes them to risks such as exposure of trade secrets in cross‑border investigations.

Jaju added, “Enterprises should assume that where keys are held, they can potentially be compelled. So where practical, ensure that the entities controlling keys are legally anchored in the jurisdiction whose laws and due-process standards you trust most. Establish board-level oversight on cross-border data access, including a register of government data-access requests, where legally permitted. For multinational companies, legal and security teams must work together to understand mutual legal-assistance treaties, CLOUD Act implications, and local interception laws.”

Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. [...]

Outlook users have reported difficulties with Microsoft’s January Patch Tuesday updates, forcing Microsoft, once again, to patch some of its patches.

Users reported that, after applying the January 13 Windows updates, some applications became unresponsive or encountered unexpected errors when opening files from or saving files to cloud-based storage such as OneDrive or Dropbox. In particular, certain Microsoft Outlook configurations with the PST file containing a users’ messages stored on OneDrive could cause Outlook to hang or lead to sent messages going missing or previously downloaded emails being re‑downloaded.

In response, Microsoft has issued a bunch of out-of-band emergency updates for Windows 11 and 10 and Windows Server 2019, 2022, and 2025 to solve the problem.

This is not the first time that Microsoft has had to issue a patch for a patch. Just last week, it had to react when it inadvertently introduced two new bugs: an inability to connect to Windows Cloud PCs and an inability to shut down some machines with Secure Launch enabled. Prior to that, in October 2025, a patch caused a multitude of different issues, while in May 2025 Microsoft had to issue an out-of-band patch to fix a Windows 11 start-up failure.

Microsoft said the latest out-of-band updates are cumulative and include security fixes and improvements from the January 13, 2026, security update (KB5074109) and the out-of-band update (KB5077744) from January 17, 2026.

Jednou z nejatraktivnějších disciplín radioamatérů – přinejmenším z pohledu většinové veřejnosti – je rozhodně vysílání EME, při kterém už tak velké antény na zahradách kutilů doplňuje ještě jedna odrazka kosmických rozměrů: Měsíc. Zkratka EME totiž představuje techniku, pomocí které vysíláme ...

While Apple CEO Tim Cook spent an evening at the movies, Bloomberg reported that his company intends to introduce a much-improved, Google Gemini-boosted AI in February, following this with an even bigger upgrade later this year.

We’ve heard much of this before; what’s new is the timing. (The partnership envisions Google Gemini integrated within Apple’s Foundation Models.)

Beta testing from February

The initial beta upgrade is scheduled to ship with iOS 26.4 in the second half of February, Bloomberg said. If everything goes as expected during beta testing, the software should ship for real in March or April. 

The company is then expected to announce an even bigger upgrade to Siri at WWDC in June, when Apple unveils its next iPhone OS — iOS 27, which is due out in the fall. This will turn Siri into a smart, conversational chatbot.

We all understand why the partnership between Apple and Google is happening: The iPhone maker encountered big problems in its own AI development, and while a lot of heads have rolled since then, it clearly needed to reach a deal to expedite its platform embrace of artificial intelligence. 

The company’s failure to introduce an AI-enabled Siri in 2024 is something it knows a billion customers are aware of, with millions now making regular use of the array of generative AI (genAI) services already out there. With 73% of CIOs saying Macs are already in use to run AI in the enterprise, Apple wants to meet the needs of that particular audience.

Getting it right

With platforms that have arguably become the best devices on which to run and build AI, Apple is under great pressure to prove it can also provide AI services people will trust and use, while retaining the essential simplicity of the Apple user experience.

For good or ill, the importance of AI will only grow in the coming years, meaning Apple is under serious pressure not just to deliver something good, but also to deliver something that satisfies expectations. The millions who have waited since 2024 for some of the promised Siri features will be less likely to forgive the company if it ships anything unremarkable. This is a high-pressure moment that could even be existentially decisive for the firm.

It’s possible those high stakes will work in Apple’s favor. That’s because the long wait and wide reporting of problems Apple faced, which means that interest in whatever it does come up with will be very high.

Will this AI make or break Apple?

We don’t know yet whether people will rush to install iOS 26.4, however. We’ve heard reports that interest in iOS 26 may be lower than normal, which possibly reflects reluctance to embrace the Liquid Glass UI.

It is true that many people are curious about AI — even in Europe, 37.2% of the population has used genAI tools. All the same, not everyone is completely enthusiastic, fearing it further entrenches the power of Big Tech while decimating employment prospects. 

Within this environment, initial reactions to what Apple delivers are important because many users may be cautious about the upgrade. As a result, initial reactions from the media and early adopters could make or break Apple’s new Google Gemini partnership.

Ultimately the world will be waiting to see whether this is an Apple Maps moment, or the something closer to the unveiling of the first Mac. 

We’re about to find out.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Vliv umělé inteligence ve veřejném prostoru i v jednotlivých profesích roste. Pro jedny je příslibem budoucnosti, pro druhé strašákem. Pro filmaře je ovšem AI nevyčerpatelnou studnicí témat, jež mají potenciál být ještě aktuálnější a podnětnější. Nové sci-fi Důkaz viny (Mercy) ale podobné ambice ...

Bratislava OpenCamp pokračuje vo svojej tradícii a fanúšikovia otvorených technológií sa môžu tešiť na 4. ročník, ktorý sa uskutoční 25. 4. 2026 na FIIT STU v Bratislave. V súčasnosti prebieha prihlasovanie prednášok a workshopov – ak máte nápad, projekt, myšlienku, o ktoré sa chcete podeliť s komunitou, OpenCamp je správne miesto pre vás.

The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. [...]

Grafiky GeForce RTX 5000 v průměru zdražily o 20 %. • RTX 5090 a RTX 5060 Ti (16 GB) už z obchodů zmizely. • Radeony zdražují také, ale méně. Aktuálním hitem je RX 9070 XT.

Probe follows outcry over use of creepy image generation tool

The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.…

Krádež není inovace (Stealing Isn't Innovation). Koalice umělců, spisovatelů a tvůrců protestuje proti používání autorsky chráněných děl velkými technologickými společnostmi pro trénování AI systémů bez povolení či kompenzace.

US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset

Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.…

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy

Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.…

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. [...]

Lednové servisní aktualizace pro Windows vyvolaly další nečekaný problém. • Zamrzají programy, které pracují se soubory v cloudu. • Microsoft vydal mimořádnou aktualizaci, která chybu opravuje.