Agregátor RSS

Obří datové centrum tajně odčerpalo téměř 114 milionů litrů vody • Firma dlužnou částku dodatečně uhradila, ale unikla jakékoli pokutě • Město Fayetteville kvůli tomu následně zakázalo výstavbu datových center

Máte poslední možnost, abyste se při nákupu zboží z Číny u drobných zásilek vyhnuli novému paušálnímu clo. Krom něj chystá EU ještě další poplatky, které mohou vstoupit v platnost později…

Cisco will make around five percent of staff redundant and has generously offered them free Cisco training for a year once they’re gone. CEO Chuck Robbins broke the news in a Wednesday blog post titled “Our Path Forward” that opens “Today we announced our Q3 FY26 earnings with record revenue of $15.8 billion, up 12 percent year over year, and double-digit top and bottom-line growth. The ELT [executive leadership team] and I could not be prouder of the growth you have all delivered for Cisco.” That growth included net income growing 35 percent to $3.4 billion. Yet Robbins’ pride was not sufficient for all Cisco staff to keep their jobs. The CEO said the layoffs are necessary because “The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest.” For Cisco that means “reducing roles in some areas” and also “making clear, strategic investments – particularly in silicon, optics, security, and in our employees’ use of AI across the company.” On Thursday, US time, close to 4,000 unlucky Cisco staff will be shown the door. Robbins said Cisco will help its soon-to-be-former workers find their next gig, and that the company’s efforts to do so have a 75 percent success rate. “We are also committed to continued personalized learning and will provide one year of access to all Cisco U courses and certifications, covering AI, Security, Networking, and more,” he added. Cisco made two big rounds of layoffs in 2024, one of which ejected seven percent of staff and the other resulted in Cisco firing five percent of employees. The restructures appear not to have slowed the company down: Robbins said product orders in Q3 rose 35 percent year over year – a figure that encapsulates a 105 percent year-over-year surge in revenue from hyperscalers and more modest 18 percent growth from other buyers. Robbins said Cisco has already scored $5.3 billion of AI infrastructure sales this year, and forecast full-year sales of $9 billion – 4.5 times its haul from last year. More prosaic products, like Wi-Fi kit, also grew fast as sales rose 40 percent. The company hopes to keep that cash flowing by building wireless kit that uses less memory. “You’ll see products that’ll become orderable in Q4 that’ll actually require 50 percent less memory,” Robbins said, with the design work to make that possible an example of the “20-plus programs that we’ve put into place that are active to reduce the memory utilization across the portfolio.” Cisco’s doing that despite the rising price of memory and storage not putting a dent in its margins, an outcome that execs attributed to supply chain management efforts. Glasswing to lift security sales Later in the earnings call, Robbins revealed that Cisco is participating in Anthropic’s Project Glasswing and using the Mythos model to test its code. The CEO said another impact of Anthropic’s bug-finding AI will be to accelerate plans to replace security appliances once other vendor’s use of Mythos finds flaw that are hard to fix. “I actually think while there will be a security opportunity, there’s going to most likely be a lot of focus from our customers on modernizing their infrastructure so that they don’t have this risk from technology that just can’t be patched,” Robbins said. Robbins said Cisco may have won an order or two from customers who were already close to replacing old security kit “and Mythos pushed them over the edge.” But he said Cisco didn’t receive “any meaningful orders in Q3 as a result of Mythos, but that could change in the future as we continue to work with customers.” ®

Hru The Legend of Zelda: Twilight Princess od společnosti Nintendo si lze nově díky projektu Dusklight (původně Dusk) a reverznímu inženýrství zahrát i na počítačích a mobilních zařízeních. Vyžadována je kopie původní hry (textury, modely, hudba, zvukové efekty, …). Ukázka na YouTube. Projekt byl zahájen v srpnu 2020.

WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI

Apache HertzBeat 1.8.0 - Remote Code Execution

ePati Antikor NGFW 2.0.1301 - Authentication Bypass

PJPROJECT 2.16 - Heap Bufferoverflow

The vulnpocalypse has begun. Palo Alto Networks usually finds five vulnerabilities a month, but on Wednesday said it scanned its entire codecase using the latest frontier models, including Anthropic’s Mythos, and found 75 security holes, covered in 26 CVEs. This comes a day after Microsoft said it used its new agentic bug hunting system called MDASH to find 17 vulnerabilities across its products - on a record-setting Patch Tuesday that saw Redmond disclose a whopping 30 critical CVEs. Plus, last week Mozilla said it fixed 423 Firefox bugs in April, which is more than five times higher than the 76 fixes issued in March and almost 20 times higher than its 21.5 monthly average last year. The browser maker previously said Mythos found 271 flaws in Firefox 150. It shouldn’t be all that shocking. Security vendors have long warned about attackers using AI, and how this means defenders need to operate at AI speed to protect their own networks and systems (aka buying their AI-infused products). Now that models have become really good at finding bugs in code, security shops are using AI to scan their own software, hopefully to uncover and fix flaws before the baddies do. And this trickles down to two things: more patches, and more work for admins. Zero Day Initiative’s chief vuln finder Dustin Childs agrees with this assessment. “At first, yes, this means more patches and thus more work for admins,” he told The Register. “The goal over time would be to eliminate as many as possible, and, over time, that monthly number goes down.” What will make this whole AI bug hunting season “really painful,” he continued, is if the patches don’t work or - worse yet - break things. “Many customers don’t trust patches as it is, so if AI-related patches break things, they are less likely to apply as time goes on,” Childs added. “This will be true even if AI only finds the bugs and doesn’t make the patches.” Bug hunting on steroids This isn’t to say security companies should avoid AI to find and fix flaws. “All vendors should use what tools they have to find and remediate bugs before they are exploited in the wild,” Childs said. “Ideally, they would find the bugs before they even ship, but I’m not holding my breath for that to happen.” Both Microsoft and Palo Alto Networks (PAN) are part of Anthropic’s Project Glasswing, which means they are among the select group of entities allowed to test Mythos, the much-hyped LLM, to find security holes in their own products. Palo Alto Networks began testing Mythos on April 7, and has since continued using the LLM and other frontier models, including Claude Opus 4.7 and OpenAI’s GPT-5.5-Cyber, according to Chief Product and Technology Officer Lee Klarich. “Today, we released our May ‘Patch Wednesday’ security advisories,” Klarich said in a Wednesday blog, adding that “this is the first time where the majority of findings were the result of frontier AI models scanning our code.” The LLMs scanned over 130 Palo Alto Networks products and platforms platforms, and as noted above found 75 issues, covered in 26 CVEs. None of these bugs are under exploitation, and as of Wednesday the company has fixed all bugs in its SaaS-delivered products and coded patches for all customer-operated products. Maybe 5 months before 'AI-driven exploits the new norm' “We intend to fix every vulnerability we find before advanced AI capabilities become widely available to adversaries,” Klarich said in his blog, adding that his company expects “a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm.” A day earlier, Microsoft said its new multi-model agentic scanning harness (codename MDASH) helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack, as disclosed in May’s Patch Tuesday event. This included four critical remote code execution flaws in components such as the Windows kernel TCP/IP stack and the IKEv2 service. “Unlike single-model approaches, the harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end,” Microsoft VP of agentic security Taesoo Kim said in a Tuesday blog. Tom Gallagher, VP of engineering at Microsoft Security Response Center, admitted that “this month's release sits on the larger side of a hotpatch month.” Gallagher said he expects AI-assisted bug hunting to increase Patch Tuesday releases as both Microsoft and third-party researchers use these tools to boost vulnerability discovery. And yes, all of this ultimately means more patches and more work. More patches = more work “Finding bugs has always been the cheap end of the pipeline,” Luta CEO Katie Moussouris told The Register. “Triage, disclosure, building patches that do not break production, and getting customers to deploy them is the expensive end, and nobody has funded it for this volume.” Moussouris helped convince Redmond's top brass that Microsoft needed a bug bounty program in 2013, and three years later started her own bug bounty consultancy. She noted Palo Alto Networks’ staggering jump in CVEs this month. “Multiply that across every vendor and the bottleneck becomes admins and vulnerability management teams,” Moussouris said. And she also stressed that people should be using these new models to find vulnerabilities. “It is exactly what defenders should be doing,” Moussouris said. “Both PAN and Microsoft landed on the same answer: no single model catches everything. PAN ran Claude Mythos, Claude Opus 4.7, and GPT-5.5-Cyber because each finds bugs the others miss,” she added. “Microsoft orchestrates over 100 specialized agents across multiple models. Add threat intel and codebase context, and Microsoft rediscovered 96 percent of five years of confirmed bugs in a critical Windows component. The asymmetry is temporary, PAN puts adversary parity at three to five months, so any vendor not scanning their own code now is letting someone else find their bugs first.”®

Byla vydána nová major verze 29.0 programovacího jazyka Erlang (Wikipedie) a související platformy OTP (Open Telecom Platform, Wikipedie). Detailní přehled novinek na GitHubu.

Most users put up with AWS the way you put up with the DMV. I say this with love, but it's hard to disagree that the UI is awful. The console is a UX time capsule if time capsules weren't allowed to ever look like other time capsules. The pricing pages were designed by someone who hates you personally, and you accept all of it because the one thing AWS has historically gotten right is the boring, important stuff. The security model. The IAM language no one likes, but everyone trusts. The boundary between your account and someone else's. Get that wrong, and the whole bargain collapses. So when Fog Security disclosed an authorization bypass in Amazon Quick on May 12 (that's the BI service formerly known as QuickSight, briefly known as Quick Suite, and now apparently just Quick, but check back next week) and AWS responded with a statement claiming "no customer data was at risk," it's fair to ask which definition of customer data they're using. Because it isn't an obvious one, and it certainly isn't mine. What Fog found Fog reports that when an Amazon Quick administrator (which is an absolutely devastating personal insult) uses "custom permissions" to explicitly deny access to AI Chat Agents, the UI correctly hides the feature. Great! Awesome! I sure wish to hell I could do that with S3 buckets to which I do not have access! Notably, there's no other way for an admin to do this - it's custom permissions or naught. The API, however, was perfectly willing to keep answering chat requests for any user in the account who knew how to send them. Fog's proof-of-concept was a non-admin asking the agent "Tell me about mangoes" from a session that was, on paper, locked out of the agent entirely. The agent told them about mangoes. AWS deployed the fix between March 11 and March 12, eight days after Fog reported it via HackerOne. So far, so coordinated. Seriously, for a company of this scale, that's underpants-outside-the-pants superhero speed. Good for you; gold star. What came next Where this gets uncomfortable is the response. AWS classified the severity as "none." It issued no customer notification. It published no advisory. After Fog disclosed the HackerOne report and published a blog post, AWS provided a statement to Fog Security reading, in full: "We appreciate Fog Security's coordinated disclosure. This issue was addressed in March 2026. No customer data was at risk and there is no customer action required. As always, customers can contact AWS Support with any questions or concerns about the security of their account." Take that sentence apart and see how much work "no customer data was at risk" is doing. Amazon Quick is described on its own product page as an AI assistant that "connects Slack, Microsoft Teams and Outlook, CRMs, databases, and documents in one place" and "grounds every answer in your real business data." The default chat agent, which is automatically and annoyingly provisioned the instant Quick is enabled whether the customer wants those AI features or not, is the front end for that data. It is the whole point of the front end for that data. Now consider the actual scenario AWS just patched. An administrator at, say, a regulated bank (an unregulated bank is called "a criminal enterprise that hasn't been caught yet") configures custom permissions denying chat agent access to a large group of users. Maybe those users are contractors. Maybe they're in a business unit that isn't cleared for AI tools. Maybe the bank's compliance posture flat-out prohibits shadow AI usage on top of internal data. Until two months ago, every one of those users could send an HTTP request directly to the agent endpoint and get a response. Fog asked about mangoes because they're a security firm doing a clean disclosure, not a malicious insider. A malicious insider would not have asked about mangoes. The question to AWS, with no rhetoric attached: In what sense was customer data not at risk? Either the chat agent doesn't actually have access to the data the product page says it does (in which case the marketing department has some serious splainin' to do) or unauthorized users could query an agent wired into customer data, in which case "customer data was at risk" is the correct English-language description of the situation. AWS clarifies, and says the quiet part out loud After this story started circulating, AWS offered a follow-up comment that I sincerely appreciate, because it's so much more honest than the first one. Per a hounded-looking AWS spokesperson: "The researcher was using the Admin Control capability that no customers were actively using when the server side validation was not present." Reading that twice doesn't help. Let me translate. AWS is saying: Yes, the server-side authorization check was missing. Yes, an authenticated user in your Quick account could bypass the only access control mechanism the service offers. The reason this is fine, apparently, is that no real customer had bothered to configure that access control during the window when it didn't work. Um ... what? The defense isn't "the bug wasn't real," which you could be forgiven for hearing in AWS's first statement. The defense also isn't "the bug couldn't have done what Fog says it could have done," which is the even stronger implication of their first statement. The defense is "the access control didn't enforce what we said it did, but luckily nobody was relying on it." This is the corporate-comms equivalent of "the lock on the front door didn't work, but nobody had locked it anyway, so why are you upset?" It's also a surprisingly specific telemetry claim. AWS is asserting that they know zero customers had configured custom permissions to deny chat agent access during the exposure window. That's a confident thing to say, and an even more interesting thing to volunteer as a defense, because it doubles as a withering review of Quick's access management model: the only knob the service provides for this purpose, the one AWS's own documentation explicitly tells administrators to use, has zero recorded uptake. The same follow-up also pointed back to the HackerOne thread to demonstrate that AWS told Fog throughout the disclosure window that "user-based authorization remained enforced." Translation: you needed authenticated credentials in the same Quick account to exploit this. Yes. That's intra-account scope, which Fog documented in their writeup, and which is precisely the scope in which custom permissions are supposed to function as a security boundary. AWS saying "user-based authorization was fine" is saying "you couldn't exploit this anonymously from the internet," which was never the threat model in question. The threat model is the contractor with valid SSO credentials whose admin tried to lock them out of some datasets. Why this matters more than it sounds Amazon Quick's access model is already an outlier: IAM policies don't govern Quick's AI Chat Agent, SCPs don't apply, and RCPs don't apply. Custom permissions are the only knob the service provides. If those don't enforce, nothing else does. And per AWS's own follow-up, literally nobody was using them anyway. Both halves of that sentence should be alarming, and AWS is offering them as reassurance. AWS's competitive moat for the last decade hasn't been pricing. It sure as poop hasn't been developer experience, documentation, console design, or the inscrutable poetry of service names. It's been the well-earned belief that AWS gets the foundational things right: boundaries, identity, durability, reliability, and the parts customers can't easily verify themselves. Customers have paid the AWS premium because they trusted the boring stuff. This year that trust is being tested in a way it hasn't been before. The 2025–2026 cadence of AWS security advisories has noticeably increased, for reasons that are as yet unclear. Coordinated disclosures from independent researchers keep surfacing missing authorization checks in newer, AI-adjacent services. The fixes are landing fast, which is good. The customer communication isn't landing at all, which is, charitably, a choice. A "severity: none" rating on a bypass of the only access control a service offers is not an objective security finding so much as it is a communication decision. And the communication decision now reads, with the benefit of AWS's follow-up: "We'll fix the bug, we won't tell you it existed, and if you ask we'll explain that you weren't using the feature anyway." AWS gets a lot of forgiveness on the small stuff because they own the big stuff. They might want to reconsider how much of the big stuff they keep classifying as "none." ®

Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data.

According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives, but just 5% say their data is ready to support them.

This reflects the messy reality of AI as enterprises struggle to move beyond experimentation to operationalization.

“You do not need enterprise-wide AI-ready data to launch pilots or isolated AI use cases,” said Cayetano Gea-Carrasco, Dun & Bradstreet’s chief strategy officer. “But you do need it to scale AI reliably across mission-critical workflows and systems.”

Early gains seen

Organizations are all-in on AI in 2026 and view it as a mission-critical imperative, according to the D&B report. Well over half (67%) are seeing “early signs or pockets” of ROI, and 24% report “broad or strong” returns.

Further, more than half (56%) of the 10,000 businesses polled by the data and analytics firm say they are planning to increase AI investment in the next 12 months. Around one-third (30%) are scaling AI into production and 26% are operationalizing the technology across multiple core processes.

As adoption rapidly increases, early returns are more common now than even just a year ago, D&B noted, but they still remain uneven. Dovetailing with this, concerns around data readiness are “even more profound” than in 2025.

This is for a variety of reasons, including problems with access to data (reported by 50% of those polled by D&B), privacy and compliance risks (44%), and data quality and integrity concerns (40%). Further, 38% report lack of integration across systems, while 37% say there is a shortage of qualified AI professionals.

Concerningly, however, just a small number of enterprises (10%) say with high confidence that they are able to identify and mitigate AI-related risks.

“The key question is no longer whether organizations are experimenting with AI,” said Gea-Carrasco. “It’s whether they have the data and infrastructure required to deploy AI reliably at enterprise scale.”

He noted that it’s relatively easy for enterprises to launch copilots, chat interfaces, or departmental AI tools using general-purpose models and get “impressive results in a controlled environment.” But far fewer are able to deploy AI into production workflows, where accuracy, accountability, explainability, interoperability, and consistency directly impact business decisions. This includes areas like onboarding, compliance, risk management, and customer operations. “That’s where data readiness becomes critical,” said Gea-Carrasco.

The data hurdle

The challenges around data are only compounded as enterprises move from copilots to more autonomous agentic workflows. “Most enterprise data environments were built for human workflows, not autonomous AI systems operating continuously across the business,” he pointed out.

While AI systems can produce outputs that sound coherent, they can be difficult to trust operationally, due to hallucinations, conflicting recommendations across systems, and compliance issues, Gea-Carrasco noted. This is problematic for all enterprises, but particularly for those in regulated industries like banking, insurance, healthcare, and financial services, where trustworthy and auditable outputs are “non-negotiable.”

Organizations seeing the most progress are those working to ensure that their data is high-quality, reliable, and governed. They are investing in consistent identity resolution and data interoperability and maintenance, so that AI can “reliably consume” and act on information, he explained.

Where enterprises are seeing ROI

Enterprises are beginning to see ROI in areas where underlying data environments are more mature, thus making it easier for AI to be directly embedded into real workflows, according to Gea-Carrasco. This includes areas like sales intelligence, onboarding, compliance workflows, customer research, risk analysis, workflow automation, prospecting, screening, supplier evaluation, and business verification.

ROI is typically reflected in reduced manual research, faster onboarding and review cycles, improved operational consistency, accelerated sales workflows, and better decision support for employees, he said. “In many cases, organizations are using AI to help teams process and synthesize large amounts of information significantly faster than before.”

He emphasized that AI is most successful when it augments existing operational processes rather than fully replacing human decision-making. “Organizations are finding success where AI helps employees work faster, make better decisions, and it reduces repetitive manual work while humans remain involved in oversight and final approvals,” he said.

Enterprise approach to agentic AI

Agentic AI is beginning to enter production environments, although it is “still relatively early and targeted,” Gea-Carrasco pointed out.

Most enterprises today are deploying agents that are narrowly scoped rather than fully autonomous, he said. The near-term pattern is supervised autonomy, where agents execute portions of workflows while humans remain involved in approvals, oversight, and exception handling. Thus, agents are entering what he referred to as “clearly defined workflows,” such as research, onboarding support, and workflow orchestration.

Over the next several years, AI will move from standalone copilots to more connected agentic systems embedded directly into enterprise workflows, he noted. They will increasingly coordinate work across customers, suppliers, partners, employees, and enterprise apps. Agents will likely become ever more prominent in workflows around sales operations, onboarding, compliance, procurement, customer research, risk management, supplier evaluation, and monitoring.

“Enterprise AI is becoming less about isolated productivity tools,” said Gea-Carrasco, “and more about building intelligent operational systems that can support decision-making and workflow execution at scale.”

This article originally appeared on CIO.com.

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]

Banky nabízí finanční bonusy za založení produktu nebo doporučení nového klienta. Které vám teď dají „vydělat“?

Pronajímatel chtěl po bývalém nájemci nájemné za dobu, kdy už byt užíval někdo jiný. Ústavní soud mu dal za pravdu jen částečně.

Minule jsme spustili základní infrastrukturu pro běh našich služeb. Nyní se podíváme na dva nástroje, které nám společně zajistí bezpečné zálohování. Kopia pořídí snímek dat a Rclone vše přesune do úložiště.

Popíšeme si VBI, tedy Vertical Blank Interrupt. Jde o subrutiny volané po dokončení vykreslování snímku, či na začátku vykreslování dalšího snímku. Mnohé hry mají své jádro (kernel) implementované právě přímo ve VBI.

Google na podzim představí svůj Googlebook, notebook, který míří výš než Chromebooky. Intel se nechal slyšet, že pro tento produkt bude dodávat vlastní procesory…

…aneb Představení sauropoda rodu Omeisaurus

„Důrazně žádáme všechny uživatele, aby robota nijak nebezpečně neupravovali ani nepoužívali riskantním způsobem.“ S tímhle slibným sloganem jde na trh půltunový mecha bot GD01 čínských Unitree. Můžete si ho pořídit za 650 tisíc dolarů, vlézt do něj a dělat všechny ty mecha věci.