Agregátor RSS

​22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. [...]

Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. [...]

V Paříži a na Polymarketu bylo horko. Za poslední měsíc dvakrát. Znáte Polymarket? Je to na blockchainu založená platforma, která umožňuje uživatelům sázet na výsledek reálných událostí z oblasti politiky, sportu, vědy nebo popkultury. Nebo také na počasí. A přesně to udělal zatím neznámý sázkař ...

Greg Kroah-Hartman začal používat AI asistenta pojmenovaného gkh_clanker_t1000. V commitech se objevuje "Assisted-by: gkh_clanker_t1000". Na social.kernel.org publikoval jeho fotografii. Jedná se o Framework Desktop s AMD Ryzen AI Max a lokální LLM.

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash. The trend was especially stark in the UK, where 77 percent of all security staff saw no salary increase, although the pattern was observed globally too with 71 percent of infoseccers experiencing wage stagnation. For context, 45 percent of all tech workers received pay rises across the 53 countries surveyed, and even DevOps - the most generously rewarded discipline - only reached 56 percent. More than half of those working in adjacent disciplines, including infrastructure, AI/ML, and product management, received wage increases. The pay squeeze is taking a toll: security professionals now rank in the bottom three for overall workplace satisfaction alongside QA testers and infrastructure bods - despite cybersecurity being in the top-three most in-demand positions across the tech industry. Ankur Anand, CIO at Harvey Nash, the IT recruitment biz which gathered the latest data, told The Register that security salaries are stagnating because successful teams are breeding complacency at the board level. "Cybersecurity has become a victim of its own effectiveness," he said. "When teams do their job well, the absence of incidents leads to complacency at senior levels.  "At the same time, AI is expanding the threat surface and increasing the volume, speed, and complexity of what security teams have to deal with. When you layer that onto constant pressure, legacy technology, and highly distributed working models, you end up with a workforce carrying huge responsibility with limited recognition. That combination is a powerful driver of burnout and attrition." That boardroom complacency sits awkwardly alongside warnings from security authorities. The UK's National Cyber Security Centre reported a 50 percent rise in its most severe attack category less than a year ago, and data from Check Point, Fortinet, and a January World Economic Forum report all point in the same direction: threats are mounting. The salary data also comes during a period of instability in the cybersecurity job market, with full-time job opportunities starting to plummet due to global economics and technological innovations, like AI, erasing entry-level positions.  Cybersecurity, like many other industries, is now in an employer-controlled job market – a far cry from the skills-gap panic of recent years. The mood is visible in why people are staying put: 56 percent cite genuine job satisfaction, but 24 percent admit they're simply not confident they'd find anything better right now.  Anand concluded: "The data should be a wake-up call. We're asking cybersecurity teams to stand on the front line of business risk, yet too often we're not matching that responsibility with the reward, progression, and operating environment that keeps people in the profession. "When pay lags the market, workload keeps rising, and the role is seen as a blocker rather than an enabler, it's no surprise that attrition starts to look like the path of least resistance. "If organizations want to reduce exposure and respond faster when incidents happen, they need to treat cyber talent as a strategic capability: valued, visible, and supported by leadership. The organizations that get this right won't just retain their best people – they'll build trust with customers, regulators, and their own boards." ®

Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash.…

Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes. [...]

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right [email protected]

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A home security biz getting digitally burgled is not a great look - but that's exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records. US-based ADT is one of the world's largest providers of monitored home alarm systems, selling everything from burglar alarms and cameras to smart home kits, all pitched on keeping unwanted visitors out.  On Friday, the company said it detected "unauthorized access" on April 20, shut it down, and brought in outside incident responders, with law enforcement looped in.  According to ADT, the intruder made off with a "limited set" of data covering names, phone numbers, and addresses, with a smaller slice including dates of birth and the last four digits of Social Security or tax ID numbers. No payment data was accessed, it said, and the firm was keen to stress that customer security systems were not touched. That's the official version. ShinyHunters, meanwhile, is telling a rather different story. In a post on its dark web leak site, seen by The Register, the crew claims it lifted "over 10M Salesforce records containing PII and other internal corporate data" and is now airing the lot after talks with ADT went nowhere.  "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made," the group said. "They don't care." The mention of Salesforce hints at a possible SaaS foothold rather than someone fiddling with alarm panels. While ADT has yet to confirm how the intruders gained access, it said in a separate 8-K filing [PDF] that attackers accessed "certain cloud-based environments." There is, to put it mildly, a gap between "limited set" and "10 million records." Companies tend to define incidents as tightly as possible, while crooks tend to do the opposite. The truth usually lands awkwardly in between. Have I Been Pwned has now put a number on it, listing 5.5 million unique email addresses, a number that sits far nearer "millions" than ADT's version of events. ShinyHunters recently made similar claims about cruise company Carnival Corporation, complete with talk of failed negotiations and a looming data dump. ADT has not yet responded to questions from The Register about how it was compromised, how many people were affected, whether customers outside the US are involved, or whether it has filed breach notifications with state attorneys general. For a company built on keeping intruders out, this one has already got inside the front door. Whether it also cleaned out the filing cabinets is the part still being argued over. ®

Security giant says attackers grabbed 'limited set' of data. Crooks claim 10 million records

A home security biz getting digitally burgled is not a great look - but that's exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records.…

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Keep the patches away for as long as you like

Microsoft has devised a solution to the problem of Windows Updates that break customer devices – users are now able to pause them for as long as they like.…

Oživeno 24. 4. 2026 | Kulatá verze prohlížeče hlásí spoustu vylepšení. Firefox již dříve nabídl překladač stránek. Není tak dobrý jako cloudová konkurence, ale může fungovat bez připojení a slibuje naprosté soukromí. Na této technologii Mozilla staví překladač v reálném čase. Podporuje i ...

Se smartphony, které mají v názvu „Ultra“, se roztrhl pytel, a to i v Evropě • Otestovali jsme fotograficky laděný model Oppo Find X9 Ultra • Je zaměřený na focení, vysoký výkon a kvalitní displej

Loni na podzim Prusa Research poprvé ukázal nový systém multimateriálového 3D tisku INDX. Vyvíjí je společně se švédským Bondtechem a ten také na přelomu roku spustil předprodej první várky Founders pro nejméně trpělivé fanoušky. V Holešovicích si dali na čas, ten ale nemarnili a INDX dále ...

Nerecenzovaná studie tvrdí, že ovoce a zelenina zvyšují riziko rakoviny plic • Odborníci kritizují chybějící kontrolní skupinu i zcela nepodloženou hypotézu • Dosavadní výzkumy prokazují obrovské zdravotní přínosy rostlinné stravy

UK’s data watchdog confirms its boss has been off the job since February while an HR investigation runs

The UK's data watchdog is without its chief after John Edwards stepped aside from the Information Commissioner's Office while an independent workplace investigation examines unspecified HR matters.…

OPINION In retrospect, calling it Mythos made it a hostage to fortune. Anthropic may have hoped that the name implied its AI code security model had mythical god-like powers, but there's an alternate reading. Another definition for Mythos is a set of beliefs of obscure origin which are incompatible with reality. That reality is trickling in, and it’s looking less mythical, more typical. Mythos is a great tool that can automate a lot of the things expert humans do, and it’s the expert humans who get the most from it. It is very good at finding classes of vulnerability that humans know about, while not finding ones that they don’t. Training, amirite? Project Glasswing, limiting early use to trusted partners with a real need, is probably a responsible approach to using its powers for good, but other unrestricted models are quite good at this too. Some hype, some truth, LLMs gonna LLM. It is cynical to say the only real innovation is an AI company operating ethically. Equally cynical is seeing the closed roll-out and the attendant publicity as merely an exercise in hype. It is more constructive, arguably more accurate, and certainly more exciting, to take all this as an early glimpse of a better future. One where the threat landscape stops being a function of geological and climactic forces we can’t control, turning instead into one cultivated, controlled and gratifyingly anti-climactic. Two propositions point the way. One is that the effectiveness of tools like Mythos will continue to evolve, exposing more and more structural and individual code flaws. The other, that these tools will inevitably become generally available. How quickly and cheaply may be controllable, but the outcome is inevitable. There are no long-term secrets in IT. Right now, and for some time to come, most running code has been written in the pre-industrial age of vulnerability detection. Eyeballs, not AI balls, did the work. This is a bad public environment to dump roaming packs of implacable vuln-hunting robots. If they come too soon, it’ll be messy. And they are coming. But if we survive that transition intact, then let the robots roam at will. There is one class of code that is guaranteed to present no security risks whatsoever, and that’s undeployed code. New code has a lot of problems, some caught before deployment and some that aren’t, but never an infinite number. Where truly excellent tools exist, code can be made truly excellent before release. It doesn’t matter if the same tools are available to the bad guys thereafter. A good model, and cited often, is aviation safety. At the beginning of the jet age, new airliners had structural and mechanical faults that made them fall out of the sky. Over time, not only did design and material knowledge improve, but the engineering and regulatory disciplines evolved alongside. Now, we still have crashes, but they are inevitably traceable to things that could and should be done right, but weren't. There’s no new undiscovered class of failure waiting in the wings. It is highly unlikely that code is anything different — after all, we’ve been doing it precisely as long as we’ve been flying jets. Just fixing code vulnerabilities doesn’t fix security, in the same way that knowing how to make and fly exquisitely safe aircraft stops fuel contamination, flocks of geese, or foolish humans from creasing the things. It does help immensely, though. Looking at exploits based on long chains of known and unknown vulns shows how flakey code can be, but it also shows how removing just one of those bugs shuts down the entire attack. The Swiss cheese model of failure works less and less well the more the cheese tends to cheddar. As for the holes outside the code, the supply chain exploits, the special engineering, the straightforward inside sabotage job, to the extent that we can encode, model and train on them, they too will be amenable to the inexhaustible patience of the inference engines. And while huge swathes of enterprise infrastructure continue to run old, unpatched or misconfigured systems, it’ll be like flying on aircraft from the Age of Death. There’s no IT equivalent of the FAA with the power to ground that which should never be flying, much as that would be a fun counter-factual. This too shall pass. There is no way that a tool which catches vulnerabilities by the hundred does not make old code safer, new code so much more so. It will be most interesting to see how the tools for finding flaws evolve alongside the techniques for designing, factoring and writing code for inherent strength. Nobody should expect the way things are now to be the most efficient, least expensive way there is. Nor should anyone expect human expertise to fall out of use. The fact that so many aviation safety issues revolve around human failure shows how intrinsic humans still are in design, construction, maintenance and operation aloft. Let computers do what computers are good at, let humans do what humans are good at. Old but true. We know from decades of digital life that humans aren’t so good at security, and that computers aren’t so hot at it either. In another old saying — give us the tools and we can finish the job. Mythos isn’t a tool that can let us do that, not yet. AI in general seems determined to make things worse. Now, at last, we can see a path forward, a different way of doing things that is likely to actually happen. What was a threat landscape can become a garden where good things grow. That’s no myth, that’s the future. ®