Agregátor RSS

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis [email protected]

CiviCRM (Wikipedie) bylo vydáno v nové verzi 6.14.0. Podrobnosti o nových funkcích a opravách najdete na release stránce. CiviCRM je robustní open-source CRM systém navržený speciálně pro neziskové organizace, spolky a občanské iniciativy. Projekt je napsán v jazyce PHP a licencován pod GNU Affero General Public License (AGPLv3). Český překlad má nyní 45 % přeložených řetězců a přibližuje se milníku 50 %. Potřebujeme vaši pomoc, abychom se dostali dál. Pokud máte chuť přispět překladem nebo korekturou, přidejte se na platformu Transifex.

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Upscalovací technologie FSR 4.1 zamíří i na Radeony RX 6000 a 7000. • Čtvrtá generace FSR se už kvalitativně téměř dotáhla na konkurenční DLSS 4. • Hráči si však ještě pár měsíců počkají.

Další lokální zranitelností Linuxu je ssh-keysign-pwn. Uživatel si může přečíst obsah souborů, ke kterým má právo ke čtení pouze root, například soubory s SSH klíči nebo /etc/shadow. V upstreamu již opraveno [oss-security mailing list].

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider "Mini Shai-Hulud" campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised. OpenAI said the incident happened during a phased rollout of new supply chain security controls introduced after a previous Axios-related incident. According to the company, the two compromised employee devices had not yet received updated package management protections that would have blocked the malicious dependency. The attackers carried out "credential-focused exfiltration activity" against a limited set of internal repositories reachable from the affected employee machines, according to OpenAI. It said "only limited credential material was successfully exfiltrated from these code repositories." That was apparently enough to trigger a precautionary reset across multiple products. OpenAI is rotating the certificates used to sign macOS versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is requiring users to update the affected software by June 12. The incident ties OpenAI to the increasingly messy supply chain campaign that has spent the past several weeks worming through npm ecosystems, CI/CD infrastructure, and GitHub Actions workflows. Security firm Socket linked the TanStack compromise to the broader "Mini Shai-Hulud" operation, which abused poisoned automation workflows and stolen publishing credentials to push malicious package updates into trusted software pipelines. Researchers tracking the wider Mini Shai-Hulud campaign have connected the activity to a threat group known as TeamPCP, which appears to have developed an unhealthy interest in poisoning npm ecosystems and rifling through developer credentials. TanStack confirmed this week that 84 malicious package versions spanning 42 @tanstack/* packages had been published after attackers compromised parts of its release infrastructure. The poisoned packages were designed largely to steal credentials, including GitHub tokens, cloud secrets, npm credentials, and CI/CD authentication material. The campaign appears linked to earlier Mini Shai-Hulud attacks involving SAP-related npm packages, suggesting the same credential-stealing operation is spreading across multiple developer ecosystems. OpenAI said it is continuing to investigate the incident and monitor for any downstream abuse tied to the stolen credentials. The reassuring news is that OpenAI says no production systems were breached. The less reassuring news is that attackers keep getting deeper into the software assembly line before anybody notices. ®

Donald Trump zhruba před rokem ohlásil jeden ze svých „zlatých“ projektů Golden Dome. Vícevrstevnou obranu celého území USA proti balistickým a hypersonickým raketám, střelám s plochou dráhou letu a dalším hrozbám. Bílý dům tehdy spočítal, že k vybudování Golden Dome bude potřeba 175 miliard ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]

Dostaňte záplavu informací pod kontrolou a vytvořte si vlastní digitální noviny.

British MPs are urging the government to tighten online safety laws, arguing social media companies should face the same kind of scrutiny as other products linked to serious harm. In a letter to Liz Kendall and Kanishka Narayan, shared with The Register, the UK's Science, Innovation and Technology Committee said there is now "strong and consistent evidence" linking social media use to harms affecting young people and warned that "no action is not an option." The committee, chaired by Chi Onwurah, said the current system leaves social media companies free to grow their youth user bases while avoiding meaningful responsibility for the subsequent fallout. "The status quo, where social media companies are neither accountable nor responsible for preventing harms, isn't acceptable," Onwurah said. "If any other consumer product caused these harms, it would've been recalled or changed." The intervention forms part of the government's "Growing up in the online world" consultation and follows a March evidence session examining arguments for and against restricting social media access for under-16s. The committee said it heard evidence from clinicians, bereaved parents, academics, child safety groups, and experts studying Australia's social media age limits, as well as accounts from young people and families concerned about harmful content and the effect social media is having on children's wellbeing. While the MPs stopped short of explicitly endorsing a blanket social media ban for teenagers, the letter makes clear the committee thinks ministers have spent too long relying on voluntary action from platforms whose business models still reward engagement above pretty much everything else. The committee said existing age restrictions should be properly enforced using "effective and privacy-preserving" age verification systems – rather than checks that can be bypassed by a drawn-on mustache – and called for stronger legal obligations requiring companies to filter illegal content and to block children from viewing harmful material. The letter also revisits the committee's earlier concerns about recommendation algorithms and how platforms deal with harmful and illegal posts, areas where MPs say previous proposals for reform went nowhere. MPs are now urging ministers to revisit those recommendations and bring forward fresh online safety legislation in the next parliamentary session. Particular attention was paid to algorithms and addictive design features. The committee argued that infinite scrolling and similar engagement mechanics should be designed out of platforms entirely, and warned that social media companies cannot keep pretending they are passive hosts while their recommendation systems actively shape what users see. The letter also warned that gaps in the UK's Online Safety Act mean some AI chatbots operating on closed databases currently fall outside the regime, something MPs said must be fixed before the next generation of online platforms disappears into yet another regulatory blind spot. ®

Květnové slevy a velké překvapení od Goodoffer24.com – je zde Office 2024! Kromě toho můžete koupit OEM licence na Windows 11 Pro, Office 2019 a další kancelářský software, nebo i hry!

AMD oficiálně potvrdila termín dostupnosti FSR 4.1 pro (před)minulou architektonickou generaci Radeonů. Kupodivu plánuje i podporu pro RDNA 2, která si však vyžádá více času…

OLED monitor MSI MAG 273QP zlevnil na 7663 Kč. • Za tolik se prodávají kvalitní LCD, které ale budou horší. • MSI má skvělý obraz, rychlou odezvu, plně polohovatelný stojan a tříletou záruku.

“If you can’t measure it, you can’t fix it.” 

That’s a common saying in business, and it tends to be true. But what if the thing you want to fix is your employees’ attitudes? 

The AI revolution makes it possible to measure emotions and mental states. So why not use it widely and fix what’s broken? 

That’s the idea behind emotion AI, which is also called “affective computing,” “sentiment analysis,” or “algorithmic affect management.” The idea is to use sensors and AI to detect, interpret, classify, and act upon human emotions in the workplace. 

Thanks to improvements and breakthroughs in a wide range of technologies (including computer vision, natural language processing, speech and voice analysis, biometrics, machine learning and deep learning, and edge computing hardware) emotion AI is now possible. 

Many companies have come forward to provide ready-to-use solutions for emotional AI apps, including Cogito, Affectiva, Hume AI, Entropik, and HireVue.

The idea is simple: Collect data from employees, process it through AI, and get a result that shows how an employee feels. Depending on the solution, the data comes from: 

• Vocal features — pitch, tone, cadence, micro-pauses, vocal stress
• Facial expression — video analysis of video calls and through desktop cameras
• Text — mass sentiment analysis on emails, Slack/Teams messages, survey responses, and performance reviews
• Physiological biosignals — heart rate variability, galvanic skin response (via wearables)
• Behavioral telemetry — keystroke cadence, mouse dynamics, app-switching patterns
• Posture and gaze — computer vision analysis from cameras installed in workplaces

Despite the progress and variety of solutions, this whole area is problematic for businesses. 

Why companies want to use emotion AI

The range of business goals driving emotion AI is vast. The most defensible reason is safety. Workers in risky jobs, such as factory workers and truck drivers, could be protected with AI tools that help avoid injury and death. A common example is technology that detects when a truck driver is dozing off and either sounds an alarm or switches to autopilot to take control of the truck and pull over. 

Another goal is better customer service. Companies like MetLife use software that monitors call center agents’ voice, tone, and pitch to make sure they don’t get snippy or express frustration with customers. 

HR departments could use AI to understand the workplace mood by analyzing company communications and employee surveys. Companies can also check for employee burnout and use the technology for hiring. By applying emotion AI to a video job interview, companies might make better hires. 

Emotion AI in the workplace can offer other benefits such as lowering employee turnover, healthcare expenses, and safety risks while boosting customer satisfaction, worker productivity, and insight into team or managerial dysfunction.

What’s wrong with emotion AI

While measuring, then acting upon, the emotions and mental states of employees sounds like a powerful idea, it’s often based on bad science. 

Emotion AI systems that lean on facial expressions, for example, are based on a theory by Paul Ekman, an American psychologist at the University of California, San Francisco. He theorized back in the late 1960s that a small set of basic human emotions produces universal, reliably readable facial expressions across cultures. 

But Ekman’s theory was shown to be problematic by a 2019 meta-analysis led by Lisa Feldman Barrett, in an article published in Psychological Science in the Public Interest. She looked at more than 1,000 studies and concluded that you can’t always reliably infer people’s emotional states from facial movements alone. 

Most emotion AI solutions are based on the assumption that everyone’s emotions can be interpreted the same way, and that’s almost certainly wrong, given how different people can be in appearance, voice, personality and physiology. 

Like many areas of business and leadership in recent years, AI is often seen as a solution to the challenges of managing a lot of employees. 

Emotion AI holds out the promise that leaders can bypass the need to inspire, motivate and educate employees so that their actions are aligned with company goals, and instead try to achieve this alignment through hyper-surveillance. 

But that’s unfair, say some emotion AI supporters. Many organizations use emotion AI systems claiming to help employees in some way. Research suggests that this might backfire. 

A 2024 Finnish case study found that workplace emotion-tracking technology tends to undermine wellbeing more than support it and has a bunch of problems. First, the technology often fails to work. Specifically, it claims to identify mental states like “stressed” or “engaged,” which turn out not to faithfully reveal actual internal moods. 

Second, the quality of emotional AI output often varies by race. The study found that the faces of black people were wrongly labeled as “angry” or “contemptuous” more often, even when showing the same facial expressions as white participants. That’s just one example of bias that might come from treating employees differently based on an AI’s flawed ability to interpret human emotional expression. 

Third, they found that claims of “anonymous aggregation” turn out to be false in practice with smaller teams. The data can unintentionally reveal identities, leading to privacy violations. 

Fourth, emotion AI may have the practical effect of requiring “emotional labor,” which means mustering up and conveying the right emotions as part of the job, on an ever-growing range of professions. 

And finally, emotion AI is prone to mission creep. Companies often deploy it for one purpose then drift toward increasing worker surveillance. 

Emotion AI may have no future

While emotion AI is growing in some sectors of the economy, it’s being forcibly shrunk through growing regulatory action. The European Union last year banned emotion AI in the workplace and in educational settings, with narrow exceptions for medical or safety reasons. Multinational corporations are gravitating to the European standard. 

There’s even been limited legal or regulatory action against the technologyin a few states, including California, New York, and Illinois.

Some companies have voluntarily rejected emotion AI. Microsoft, for example, announced in June 2022 that it would retire the Azure Face API’s emotion-recognition capabilities (along with inference of gender, age, smile, facial hair, hair, and makeup) as part of an overhaul of its Responsible AI Standard. 

The company’s Chief Responsible AI Officer, Natasha Crampton, explained the change by citing “the lack of scientific consensus on the definition of ’emotions,’ the challenges in how inferences generalize across use cases, regions, and demographics, and the heightened privacy concerns around this type of capability.” Microsoft also worried that such technology “can subject people to stereotyping, discrimination, or unfair denial of services.”

So while there are real and helpful uses for emotion AI in some cases, the science behind it is weak, the results are often misleading, employees generally dislike it and find it stressful, bias is likely built in, privacy violations are likely — and it might not even be legal internationally or even across all American states. 

Tempting as it is, emotion AI is too problematic to deploy. 

AI disclosures: I don’t use AI for writing. The words you see here are mine. I used a few AI tools via Kagi Assistant (disclosure: my son works at Kagi) as well as both Kagi Search and Google Search as one part of my fact-checking for this column. I used a word processing product called Lex, which has AI tools, and after writing the column, I used Lex’s grammar checking tools to hunt for typos and errors and suggest word changes.

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nový asteroid 2026 JH2 bezpečně mine naši planetu již toto pondělí v noci • Průměr blížícího se tělesa vědci odhadují na patnáct až pětatřicet metrů • Živý přenos průletu nabídne na internetu italská virtuální observatoř