Kategorie

[...]

ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]

Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked in a testy beef with the software giant.

Nightmare Eclipse, the pseudonym the researcher goes by, released a handful of high-severity vulnerabilities in recent months, making them zero-days that had the potential to be exploited in the wild. The researcher has said the disclosures, which included proof-of-concept code, came after Microsoft reneged on an arrangement the two made regarding vulnerabilities they had discussed.

Disclosure drama

“But someone violated our agreement and left me homeless with nothing,” Nightmare Eclipse wrote in March. “They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.”

Read full article

Comments

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]

MUNICH — Nextcloud has integrated Euro-Office into its workplace application suite, one of several updates to Nextcloud Hub unveiled on Tuesday that include a new compliance app for large organizations and a program to support developers building for its platform.

The announcements came during the company’s Nextcloud Summit 2026 here.

Euro-Office, announced in March, is billed as an open source, sovereign alternative to Microsoft Office for European organizations keen to reduce their reliance on US tech providers. It consists of four browser-based applications: a document editor, spreadsheet program, presentation tool, and a PDF editor — each enabling collaborative editing. Euro-Office documents can also be opened directly from the Nextcloud Files mobile app.

Nextcloud is one of several European companies that support Euro-Office, which is built on the open-source code base of OnlyOffice and distributed under the GNU Affero General Public License v3 (AGPL v3).

The integraton means Nextcloud users can now choose between two options in Nextcloud Office: Euro-Office and the existing Collabora integration. 

“Euro-Office uses a different architectural approach that can result in a better performance in the browser, a different user experience…, so it’s important that this option is available,” Jos Poortvliet, Nextcloud co-founder and vice president of communications, said at the Tuesday event.

Other changes in the Nextcloud Hub 26 Spring release include updates to Nextcloud‘s Talk video and voice meeting app, including AI noise suppression and the ability to start a call from any Nextcloud Hub app – an addition that will make collaborative editing easier, said Poortvliet. 

For Nextcloud Assistant, there are new AI agent capabilities. In addition to existing capabilities such as managing calendars and tasks, AI agents can now create cards in Nextcloud’s Deck task management app and update information in the Forms app.

There are also improvements to the AI assistant’s interface, which can be moved around to avoid blocking other applications and allow users to copy and paste text more easily without opening another tab. To meet EU AI Act requirements, Nextcloud will make it easier to see which  provider supplies the large language model (LLM) the Assistant runs on.

Nextcloud will also integrate the AI assistant directly into its Nextcloud Office suites via a sidebar chat interface, allowing users to address problems such as errors in the spreadsheet app.

NextCloud’s AI chat assistant is integrated into the company’s Office suites.

NextCloud

There’s also a new Governance app that helps large organizations — particularly governments and highly regulated industries — meet regulatory requirements with compliance tools to manage data held in Nextcloud Hub. It contains several features,  including sensitivity labels to control access rights; data retention and archive capabilities; and a legal hold option that preserves documents for legal purposes such as a court case.

The Governance app includes a Compliance Manager that provides a compliance score based on an organization’s regulatory requirements, and measures progress towards certain targets. Admins can also search and review documents shared by employees and generate audit reports for compliance. The Governance app is available to Nextcloud Enterprise customers.

Nextcloud also launched a program to support independent software providers interested in building apps on its platform. 

With AI making it easier for developers to build software that integrates with its platform, Nextcloud expects a 10-fold increase in the number of available apps — from 600 now to 6,000 over the next 12 months, according to Nextcloud CEO Frank Karlitschek.

Nextcloud promised to promote apps developed by partners in its App Store and sell subscriptions as part of the ISV program, as well as provide documentation and technical help to customers. In return, developers would provide guarantees to customers around security processes and long-term support.

“We can strengthen our ecosystem, the developers also make some money — because obviously we do a revenue share here — and we leverage the dynamics that we expect from AI coming very soon,” said Karlitschek.

Editor’s note: NextCloud paid for Matthew Finnegan’s travel and hotel costs for NextCloud Summit 2026, but had no editorial role in the creation of this story.

Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]

WWDC26 felt like a defining platform moment. Apple is no longer simply promising that AI will arrive eventually; it is arguing that Apple Intelligence and Siri AI should become central to the future of its ecosystem. If that works, the company will have turned AI from a perceived weakness into a new reason to stay inside Apple’s world.

Still, the bigger question is execution. Apple did not present AI as a lab experiment; it presented a polished, consumer-ready experience. That raises expectations. 

Apple must deliver this time

Users will not judge Apple Intelligence by model architecture or parameter counts. They will judge it by whether Siri understands them, whether actions work reliably, whether personal context feels useful rather than intrusive, and whether the experience is consistent across devices.

Since Monday’s announcements, we’ve learned that some features will not work on all devices — and there’s speculation Siri AI may not fully escape beta until 2027. “Until Apple puts a stake in the ground and says when the new Siri features will be available, the debate remains: Does Apple actually have the chops in personalized AI? The demo suggests yes. The lack of timing suggests maybe,” wrote analyst Gene Munster.

Optimists argue that Apple has regained momentum by presenting a coherent AI story, one built around privacy, integration and everyday utility rather than spectacle. Skeptics counter that many of the features resemble capabilities already available elsewhere, and say the company still needs to prove it can ship them at scale and make them a meaningful reason for consumers to upgrade.

What the analysts say

That balance is visible in analyst reaction. In a client note seen by Computerworld, Erik Woodring of Morgan Stanley described the keynote as clear progress on Apple’s AI roadmap and said it suggested monetization opportunities could arrive earlier than expected — even if the overall journey will be “a marathon, not a sprint.”

UBS, in contrast, said the privacy-focused AI additions are useful but unlikely to be a material driver of iPhone demand in the near term, while Barclays called the changes interesting but incremental, and not enough to drive an upgrade cycle.

Ben Wood, chief analyst at CCS Insight, argued that Apple had to answer concerns about its AI shortcomings and now has to prove that its privacy-led, integration-first approach translates into a meaningfully better everyday experience. “Consumers will not judge Apple Intelligence by model sizes, partnerships or technical architecture,” Wood told me. “They will judge it by whether Siri understands them, whether actions work, whether personal context feels useful rather than intrusive, and whether the experience is consistent across devices.”

Dipanjan Chatterjee, vice president principal analyst at Forrester, said Apple’s strength lies in shifting the focus from the underlying technology to outcomes such as usefulness, simplicity and trust, while warning that the company still has skeptics to win over after its stop-start AI rollout. “The lesson for brands is clear: market the value, not the ingredients,” said Chatterjee. “After stumbling with the Apple Intelligence roll-out, Apple’s success will hinge on delivering the new Siri experience quickly, and ensuring it works as promised for iPhone users at scale.”

What about Apple developers?

While many are infuriated about Europe’s inability to build compromise, Apple’s developer army otherwise seems positive about what the company has accomplished. 

“On the AI front, it never made sense to me for Apple to develop their own LLM, so focusing on powerful, fast and private for implementation of Apple Intelligence seems to be an effort that is progressing rather nicely.  In all, a pretty good Keynote, I’d say,” Rich Siegel, founder and CEO of Bare Bones Software, said in an interview.

“It’s great to see Apple continue to pursue a vision of AI that leverages local systems, preserves privacy, and integrates with third party tools,” said Ken Case, CEO of the Omni Group. “A lot of our work around the Apple Foundation Models and automation, App Intents, and adopting Swift look to be fruitful investments, but it’s clear there’s more to do starting this summer. It’s also welcome to see them refine Liquid Glass, giving customers more control and listening to feedback they’ve heard over the past year.”

“I expected that this year’s Siri revamp would be the biggest personal assistant update Apple has ever done, and that’s exactly what we got,” said Sergii Kryvoblotskyi, director of AI and research at MacPaw. “Since Apple acquired Siri back in 2010, it has lacked one thing: real intelligence. Behind the great speech recognition service it provided, the tech was not ready to provide real value to users.”

“Most notable for me was Siri AI and the push towards on-device and more capable models that can do more with user context,” Matt Vlasach, Jamf senior vice president, enterprise products and solutions engineering,” said in an interview. “While obvious for consumer use cases, as illustrated in the keynote, the opportunity to evolve this to the work context using a more advanced Apple Intelligence framework is an exciting evolution.”

“OS 27 feels like a deliberate reset, less about new features and more about polish and quality-of-life improvements, which most users will welcome,” said John Richards, general manager, IT products, at Iru. “The new capabilities are focused entirely on Apple Intelligence and Siri AI, and what’s encouraging is how much Apple leaned into privacy with the Gemini partnership. That combination of capability and privacy-first design is the right instinct.”

“The single biggest request I made at Apple’s Foundation Models workshop in Madrid was opening Private Cloud Compute to third-party developers,” said Serhii Popov, senior software Eengineer at CleanMyMac. “It’s here and free for apps under 2 million users. That’s a real breakthrough and a huge opportunity for a lot of great apps.”

How will integrated AI change things?

Joel Rennich, senior vice president for product management at JumpCloud, looked ay how on-device AI will transform other paradigms. For starters, it shifts identity from simple authentication to governing what actions an AI agent is allowed to take.v“Enterprises will need identity frameworks that govern both human and non-human actors consistently,” he said.

“iOS 27 and Apple Intelligence point toward an operating system that does not just launch apps, it executes intent,” Rennich said. “Instead of users navigating between tools, the OS increasingly mediates outcomes directly through AI. This changes how work is initiated and completed on devices.

“With Apple Intelligence integrated across core experiences like Siri, Safari, and system services, AI is no longer an overlay but infrastructure. The separation between where data lives and where it is used becomes increasingly invisible to the user. Intent becomes the primary input, not app selection.”

I also spoke with Hexnode CEO Apu Pavithran, who pointed to some of the concerns enterprise users might have following WWDC: “The keynote didn’t speak much to admins,” he said. “The features that matter most at the management layer, such as how Apple exposes Siri AI through MDM APIs, whether IT gets granular per-app controls for Apple Intelligence, how shared device deployments handle the new assistant — these will be answered in the developer documentation. This week, that’s where IT teams should be looking.”

“Admins should dig in immediately and see what’s changed. Watch the developer docs, audit how Apple Intelligence interacts with existing device policies, and remember that the keynote is only a part of the story for enterprises,” he said.

Making AI great again

“Rebuilt from the ground up, Apple is trying to make AI feel native, useful and invisible across the devices people already use every day,” Francisco Jeronimo, vice president for client devices at IDC, said in an interview. “This matters, because the winning AI experience for consumers will not be the loudest or most technically complex. It will be the one that understands context, respects privacy, works reliably across apps, and reduces friction without forcing users to change behavior.”

“[Apple] is also clearly seeking to differentiate through its privacy promises,” said CCS Insight’s Wood. “This looks like a step in the right direction, but there is no room for complacency, and Apple still has a long AI journey ahead.”

Pavithran reflected on something more. “Overall, it’s hard not to think of this year as a deliberately measured keynote, one that’s intentionally playing it safe and seeking to rewrite the AI narrative,” he said. “I won’t be surprised if this ends up setting the stage for a much bigger installment next year with incoming CEO John Ternus hitting the ground running with some ‘wow’ features like new hardware or agentic AI at scale.”

That we can now seriously consider that possibility shows the extent to which Apple has regained momentum in AI on its platforms.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon and The Core.

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]

For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift.

Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel.

The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It’s used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.

!!!WTF!!!

The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root.

Read full article

Comments