Agregátor RSS

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.

The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments.

When one disk volume manipulates another

The core of the YellowKey exploit is a custom-made FsTx folder. Online documentation of this folder is hard to find. As explained later, the directory associated with the file fstx.dll appears to involve what Microsoft calls the transactional NTFS, which allows developers to have “transactional atomicity" for file operations in transactions with a single file, multiple files, or ones that span multiple sources.

Read full article

Comments

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - [email protected] [email protected] [email protected] "Early analysis indicates that [email protected], [email protected], and [email protected]

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - [email protected] [email protected] [email protected] "Early analysis indicates that [email protected], [email protected], and [email protected] Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Linux administrators are once again dealing with a familiar problem: a local Linux foothold that can potentially become full root access.

Following a quarter in which his company delivered record revenue, Cisco CEO Chuck Robbins announced that the company's latest round of layoffs begins today.

In a blog post yesterday, Robbins was quick to boast that Cisco’s fiscal Q3 2026 earnings saw revenue increase 12 percent year-over-year to $15.8 billion. He told employees that he and the rest of Cisco’s executive leadership team “could not be prouder of the growth you have all delivered for Cisco.”

But that pride could apparently not save the company’s successful employees from unemployment.

Read full article

Comments

K2 je projekt na zrychlení a zkvalitnění Windows. • Prioritou pro Microsoft je zlepšení výkonu. • Low Latency Profile zrychlí spuštění aplikací a nabídek.

Do výběru nejlepších sci-fi filmů jsme zvolil tituly, které představují základ žánru a které by měl vidět asi každý. Nevyhýbali jsme se ale ani novým filmům. Vybrali jsme to nejlepší z každé podkategorie, kterých je ve sci-fi více než dost.

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Apple has a design for AI life. It hopes to build on the outstanding hardware performance its systems already provide to create a fantastic environment in which AI developers can thrive. If this plan sounds familiar it’s because it’s all about the App Store, and while it’s easy to expect Apple’s revenue share to change, the plan still makes the company the custodian of the AI age.

The way it should work is if app developers see that one way to bring their AI services to billions of iPhones, iPad, and Mac users is to make AI agents available via Apple’s own portals. These will likely be via App Intents, enabling Siri to execute actions inside their apps without actively opening them. 

The Information reports some developers are resistant to joining the initiative, in part because they want to avoid paying any fees. All the same, consider the moment, consider the meaning, and I think the significance is that Apple has at last got its act together with AI.

Ecosystem, services, store

Apple is going to bet that the advantages its existing store provides will give customers the faith and trust to access AI apps there rather than somewhere else. The company hasn’t announced its plan yet, though there have been hints. Just look at how Apple is laying things out with these moves (both announced and speculated about). It’s:

• Working with Google to build out Apple Intelligence.
• Working with third parties to support AI services as apps with which to replace or supplement Siri.
• Maintaining investment in better hardware to run AI — you can quite happily run some models natively on an iPad. 
• Equipping systems with powerful tools such as Unified Memory and the Neural Engine.
• Rolling out Apple Private Cloud Computer to provide an infrastructure to support private AI in the cloud.
• Pulling these elements together to form an ecosystem.

Like a jigsaw, the pieces fit together to provide a fantastic base from which Apple can distribute increasingly powerful AI APIs developers can use to create amazing AI experiences. I spoke with the smart people at the OmniGroup just last year who explained how they already use Apple Intelligence APIs (aka Foundation Models) to add powerful AI features to apps. 

That was just the first lap; the second comes at WWDC 2026; and the third and subsequent races take place over the next 12 to 24 months as Apple implements the elements it’s put in place across its ecosystem. 

Making money, one token at a time

The prize? For Apple, it’s about maintaining its own relevance within the AI age while carving out some way to generate revenue as its hardware ecosystem runs AI agents and services. The company will continue to develop and build out Apple Intelligence as a peer player in the competitive AI market. But, as most now agree, it is also focused on ensuring its platforms are the best systems on which to run AI.

Apple’s attempt to build a profitable, secure, and capable way to run AI — supported by customer-focused security and privacy standards— seems like an answer to some of the emerging challenges around AI deployment. Speak to almost anyone in IT right now and you’ll come across stories of corporate data leaks that may fall foul of data regulation. That’s before you even consider the manner in which AI ownership consolidates power over the intellectual future of humanity into such a small number of hands it almost makes media ownership seem democratic.

Getting the band together

With so much at stake, not just for Apple, it feels as if the company has found some of the answers that could enable a less frightening AI future. It has a chance to own the hardware ecosystem while curating the AI services environment for the benefit of its customers — and producing its own trusted systems for casual AI usage.

We’ll find out more in a few weeks.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. [...]

Singularity (YouTube) je nejnovější otevřený film od Blender Studia. Jedná se o jejich první 4K HDR film.

Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. [...]

Vyšla hra Život Není Krásný: Poslední Exekuce (Steam, ProtonDB). Kreslená point & click adventura ze staré školy plná černého humoru a nekorektního násilí. Vžijte se do role zpustlého exekutora Vladimíra Brehowského a projděte s ním jeho poslední pracovní den. Hra volně navazuje na sérii Život Není Krásný.

Zdroj Raijintek Ampere 1000 zlevnil na 2499 Kč, ještě loni stál přes čtyři tisíce. • Láká na výkon 1000 W, silnou 12V větev a semipasivní chod. • Potěší sedmiletá záruka a certifikace 80Plus Platinum.

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]