Agregátor RSS

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver,

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte)

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte) Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Skotský Fyne Audio dosud stavěl hlavně na klasických pasivních reprosoustavách pro tradiční Hi-Fi. Teď ale firma poprvé výrazněji vstupuje do stále populárnější kategorie aktivních „all-in-one“ reproduktorů. Novinka Cubitt 5 kombinuje zesilovač, DAC, Bluetooth i HDMI ARC v kompaktních regálových ...

Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]

Ač se může zdát, že osobní počítače se sotva dopatlaly k rozumnému rozšíření PCIe 5.0, na papíře již existuje PCIe 6.0, PCIe 7.0 a připravuje se i PCIe 8.0. To má být hotové již za dva roky…

Alzácká klávesnice Rapture Kilo V2 HE zlevnila na 800 Kč, loni stála třikrát tolik. • Ani v Číně nekoupíte levněji model s magnetickými spínači. • Rapture láká na tichý chod, rychlé reakce a české/slovenské popisky.

A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. "Fast16's hook engine is selectively interested in

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. "Fast16's hook engine is selectively interested in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Představím finální verzi knihovny Ujorm3 s nově napsaným ORM modulem pro práci s objekty typu JavaBean a Record v kontextu relačních databází. Cílem bylo transparentní řešení bez dalších závislostí.

Observability outfit Grafana Labs has revealed that an attacker accessed its GitHub repository and stole its codebase. In social media posts the company blamed the situation on an “unauthorized party” who was somehow able to obtain a token that offered access to its GitHub environment. The company thinks it has identified the source of the credential leak, and therefore “invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access.” But that didn’t stop the attacker from threatening to release the company’s code unless Grafana paid a ransom. Grafana says it won’t pay. “Based on our operational experience and the published stance of the Federal Bureau of Investigation, which notes that ‘paying a ransom doesn't guarantee you or your organization will get any data back’ and only ‘offers an incentive for others to get involved in this type of illegal activity,’ we have determined the appropriate path forward is to not pay the ransom,” the company wrote. It’s not clear if that stance is entirely principled, because plenty of Grafana’s products are already open source. The company’s posts suggest that the attacker accessed code that is not freely available. The Register has sought clarification about just what the attacker accessed, because if they lifted code that’s mostly already open source there’s little reason for Grafana to pay a ransom! Grafana’s decision not to pay may also be easier than it is for other victims of cybercrime because the company says it “determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations.” The company therefore appears confident that whatever code the attackers downloaded won’t make a material different to its business, or harm customers. The same couldn’t be said for educationware giant Canvas, which last week paid extortionists after they claimed to have stolen data describing over 275 million students and faculty. The Register will update this story if we receive additional information from Grafana Labs. ®

Generál Merrill A. McPeak, náčelník štábu amerického letectva, nebyl během první Války v zálivu spokojený s výkony tehdejší přesně naváděné munice a požadoval, aby mělo USAF k dispozici zbraňový systém, který by spolehlivě fungoval za každého počasí. Záhy poté proto vznikl program JDAM založený na ...

Oblíbená praxe řešit upgrade cestou DDR4, které lze sehnat výrazně levněji než DDR5, ztratí leccos ze svého lesku. Vývoj situace na trhu s pamětmi je velmi nepříznivý, DDR4 skokově zdražily…

The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]

Linux kernel boss Linus Torvalds has declared the project’s security mailing list has become “almost entirely unmanageable” due to multiple researchers using AI to find bugs and then filling the list with duplicate reports. Torvalds used his weekly state of the kernel post to deliver release candidate four for Linux 7.1 and report “fairly normal” progress towards a full release. He then pointed kernelistas to the project’s documentation, which he wrote “might be worth highlighting” as “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.” “People spend all their time just forwarding things to the right people or saying ‘that was already fixed a week/month ago’ and pointing to the public discussion,” Torvalds complained. The Penguin Emperor believes that kind of chatter is “all entirely pointless churn” and isn’t productive because “AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved – and only makes that duplication worse because the reporters can't even see each other's reports.” He then offered an opinion on how best to use AI to improve software security. “AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work,” he wrote. “Feel free to use them, but use them in a way that is productive and makes for a better experience.” “The documentation may be a bit less blunt than I am,” he added, “but that's the core gist of it.” “So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?” Torvalds' remarks contrast with recent comments from fellow kernel maintainer Greg Kroah-Hartman, who recently told The Register that AI has become an increasingly useful tool for the FOSS community. ®

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems.  [...]

SAP představil řešení pro autonomní řízení podniku. Red Hat Summit 2026 ukazuje budoucnost podnikového open source. OPSWAT uvádí AI engine pro detekci zero-day hrozeb a nové skenování zařízení bez odstávky. Czech AI Factory startuje. Česko nabízí vlastní AI služby a superpočítačové kapacity. Fortinet poukazuje na prudký nárůst kyberkriminality využívající AI. Plán EU na nahrazení čínské technologie může dle čínské studie stát 370 mld. eur. Poptávka po tokenech roste rychleji, než klesá jejich cena.