Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

RedHook Android malware now uses Wireless ADB for shell access

Bleeping Computer - 5 hodin 8 min zpět
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. [...]
Kategorie: Hacking & Security

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

The Hacker News - 11 Červenec, 2026 - 19:59
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six minutes after it was published. If you or one of your Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

The Hacker News - 11 Červenec, 2026 - 19:49
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Za čtvrt roku Android nebude tak otevřený jako dnes. Instalace aplikací mimo Obchod Play bude složitější

Zive.cz - bezpečnost - 11 Červenec, 2026 - 16:45
** Android omezí instalaci neoficiálního softwaru povinnou registrací všech vývojářů ** Uživatelé budou muset kvůli neověřeným aplikacím měnit nastavení systému ** Proti novým pravidlům Googlu protestují desítky vývojářských organizací
Kategorie: Hacking & Security

How to Build a Tamper-Resistant Logging Infrastructure for Linux

LinuxSecurity.com - 11 Červenec, 2026 - 16:38
When you’re digging through an incident, your logs are the only thing you can actually trust. The problem is, attackers know that too. If someone gets root on your server, their first move is almost always to delete the evidence and cover their tracks.
Kategorie: Hacking & Security

Australia warns of global campaign targeting vulnerable CMS platforms

Bleeping Computer - 11 Červenec, 2026 - 16:18
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. [...]
Kategorie: Hacking & Security

API Key Leakage in Public Repositories: What Linux Teams Miss

LinuxSecurity.com - 11 Červenec, 2026 - 16:04
Security scanners flag exposed API keys in public repositories every day. The initial response is usually predictable: delete the commit, revoke the credential, and move on. That’s a mistake.
Kategorie: Hacking & Security

‘Rotten to its core’ — Apple files an explosive lawsuit against OpenAI

Computerworld.com [Hacking News] - 11 Červenec, 2026 - 15:13

<br>&lt;!--<br>/* Style Definitions */<br> p.MsoNormal, li.MsoNormal, div.MsoNormal<br> {mso-style-unhide:no;<br> mso-style-qformat:yes;<br> mso-style-parent:"";<br> margin:0cm;<br> mso-pagination:widow-orphan;<br> font-size:12.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-fareast-font-family:Aptos;<br> mso-bidi-font-family:"Times New Roman";<br> mso-fareast-language:EN-US;}<br>a:link, span.MsoHyperlink<br> {mso-style-priority:99;<br> mso-style-parent:"";<br> color:#467886;<br> text-decoration:underline;<br> text-underline:single;}<br>a:visited, span.MsoHyperlinkFollowed<br> {mso-style-noshow:yes;<br> mso-style-priority:99;<br> color:#96607D;<br> mso-themecolor:followedhyperlink;<br> text-decoration:underline;<br> text-underline:single;}<br>p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph<br> {mso-style-priority:34;<br> mso-style-unhide:no;<br> mso-style-qformat:yes;<br> margin-top:0cm;<br> margin-right:0cm;<br> margin-bottom:0cm;<br> margin-left:36.0pt;<br> mso-add-space:auto;<br> mso-pagination:widow-orphan;<br> font-size:12.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-fareast-font-family:Aptos;<br> mso-bidi-font-family:"Times New Roman";<br> mso-fareast-language:EN-US;}<br>p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst<br> {mso-style-priority:34;<br> mso-style-unhide:no;<br> mso-style-qformat:yes;<br> mso-style-type:export-only;<br> margin-top:0cm;<br> margin-right:0cm;<br> margin-bottom:0cm;<br> margin-left:36.0pt;<br> mso-add-space:auto;<br> mso-pagination:widow-orphan;<br> font-size:12.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-fareast-font-family:Aptos;<br> mso-bidi-font-family:"Times New Roman";<br> mso-fareast-language:EN-US;}<br>p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle<br> {mso-style-priority:34;<br> mso-style-unhide:no;<br> mso-style-qformat:yes;<br> mso-style-type:export-only;<br> margin-top:0cm;<br> margin-right:0cm;<br> margin-bottom:0cm;<br> margin-left:36.0pt;<br> mso-add-space:auto;<br> mso-pagination:widow-orphan;<br> font-size:12.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-fareast-font-family:Aptos;<br> mso-bidi-font-family:"Times New Roman";<br> mso-fareast-language:EN-US;}<br>p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast<br> {mso-style-priority:34;<br> mso-style-unhide:no;<br> mso-style-qformat:yes;<br> mso-style-type:export-only;<br> margin-top:0cm;<br> margin-right:0cm;<br> margin-bottom:0cm;<br> margin-left:36.0pt;<br> mso-add-space:auto;<br> mso-pagination:widow-orphan;<br> font-size:12.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-fareast-font-family:Aptos;<br> mso-bidi-font-family:"Times New Roman";<br> mso-fareast-language:EN-US;}<br>span.apple-converted-space<br> {mso-style-name:apple-converted-space;<br> mso-style-unhide:no;}<br>.MsoChpDefault<br> {mso-style-type:export-only;<br> mso-default-props:yes;<br> font-size:10.0pt;<br> mso-ansi-font-size:10.0pt;<br> mso-bidi-font-size:10.0pt;<br> font-family:"Aptos",sans-serif;<br> mso-ascii-font-family:Aptos;<br> mso-fareast-font-family:Aptos;<br> mso-hansi-font-family:Aptos;<br> mso-font-kerning:0pt;<br> mso-ligatures:none;}<br>@page WordSection1<br> {size:595.3pt 841.9pt;<br> margin:72.0pt 72.0pt 72.0pt 72.0pt;<br> mso-header-margin:35.4pt;<br> mso-footer-margin:35.4pt;<br> mso-paper-source:0;}<br>div.WordSection1<br> {page:WordSection1;}<br> /* List Definitions */<br> @list l0<br> {mso-list-id:159780858;<br> mso-list-type:hybrid;<br> mso-list-template-ids:1159211390 134807553 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}<br>@list l0:level1<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Symbol;}<br>@list l0:level2<br> {mso-level-number-format:bullet;<br> mso-level-text:o;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:"Courier New";}<br>@list l0:level3<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Wingdings;}<br>@list l0:level4<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Symbol;}<br>@list l0:level5<br> {mso-level-number-format:bullet;<br> mso-level-text:o;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:"Courier New";}<br>@list l0:level6<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Wingdings;}<br>@list l0:level7<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Symbol;}<br>@list l0:level8<br> {mso-level-number-format:bullet;<br> mso-level-text:o;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:"Courier New";}<br>@list l0:level9<br> {mso-level-number-format:bullet;<br> mso-level-text:;<br> mso-level-tab-stop:none;<br> mso-level-number-position:left;<br> text-indent:-18.0pt;<br> font-family:Wingdings;}<br><br>--&gt;<br>Apple surprised the tech industry after financial markets closed Friday with news the company has sued OpenAI, alleging theft of trade secrets for ChatGPT hardware. The lawsuit particularly targets some senior ex-Apple employees now working at OpenAI.

Apple’s suit names two former employees — Chang Liu and Tang Tan, former vice president for product design, iPhone and Apple Watch — as well as OpenAI and that company’s recently-acquired firm, io Products, alleging “trade secret misappropriation and breach of contract.” 

Jony Ive, who sold io Products to OpenAI, is not named in the lawsuit, though it seems relevant that Tan was one of the senior ex-Apple executives who founded that company.

For its part, OpenAI issued a brief statement in response to the litigation. “We have no interest in other companies’ trade secrets,” the company said. “We remain focused on building innovative technology that empowers people everywhere.”

The allegations against Tan

Some of the claims and allegations included in Apple’s lawsuit include:

  • That in the months before leaving Apple, Tan met with OpenAI or its collaborators and discussed meetings with a key Apple supplier.
  • He emailed himself information about suppliers and internal summaries.
  • When interviewing former Apple staffers for jobs, he used confidential information, such as internal project code names, to gain even more knowledge.
  • He asked candidates to bring actual parts from Apple to interviews to discuss — and a then-Apple employee screenshotted and downloaded files concerning a highly confidential Apple project before attending an OpenAI recruitment session.
  • Tan asked Apple employees to bring CAD/design artifacts to their interviews.
  • Tan allegedly instructed new hires on how to avoid scrutiny when leaving Apple, such as instructing them not to tell the company they had taken jobs at OpenAI.
The ‘so funny’ laptop bug

The lawsuit also claimed that after quitting Apple for OpenAI in January 2026, Chang Liu managed to keep or “otherwise acquire” an Apple-issued notebook which he used to access confidential data on the company’s private network while at OpenAI. “LOL, I found out I can access the [server], so funny,” Liu texted a friend still working at Apple.

The suit alleges that he made no effort to report the situation, which was a bug in the system he had uncovered. Apple eventually discovered the exfiltration was taking place and took steps to prevent it, but Liu allegedly downloaded more than 1,000 pages of data, including “confidential technical presentations, spreadsheets, PDFs, and written work product,” Apple said.

“Only OpenAI and Mr. Liu know all the ways they have been exploiting the trove of Apple confidential information he stole, and to the extent they have not concealed or destroyed the evidence of these misappropriations, it will be investigated thoroughly in discovery.” 

Apple’s lawsuit also alleges Liu was simultaneously coaching a current Apple employee named Alyssa Peng on how to copy files from Apple workstations without triggering the security team, asking her to get specific confidential information and using Apple’s stolen data to help her get ready for an eventual OpenAI interview.

Why this could get bigger

There’s much in the litigation that it will garner serious international attention as it unfolds. Apple’s argues that a competitor with access to so much of its own proprietary information could “bypass years of independent research and development, skip the capital expenditure required to build genuine expertise, and bring products to market faster and at lower cost, harming the value of Apple’s investments.”

It’s not just the secrets behind actively-used processes Apple is protecting; the company is also asserting its rights to regain control of information it has assembled over time concerning processes and manufacturing attempts that have failed. That’s understandable – you can invest a lot of money in finding out what doesn’t work and knowing that is a trade secret in itself. 

“OpenAI coaches candidates to prepare for their interviews by studying Apple’s confidential engineering documentation, internal presentations, and proprietary technical materials,” the litigation claims. “OpenAI then uses its insider Apple information to ask detailed questions to extract more: about Apple’s proprietary tools, vendor management processes, engineering methodologies, manufacturing workflows, and supplier relationships, for example.

“OpenAI has turned to trade secret misappropriation to free-ride off Apple’s decades of innovation,” Apple said. “This is the tip of the iceberg.” 

The lawsuit also confirms that Apple often designs and customizes the specialized machinery used in its suppliers’ factories, and that trade secrets concerning those efforts have been grabbed. The suit notes that OpenAI works with established Apple suppliers Foxconn, Luxshare, and Goertek on its own hardware.

If true, these allegations go right to the top of OpenAI’s hardware development plans. Tan is now OpenAI’s Chief Hardware Officer.

The lawsuit points out that OpenAI now employs more than 400 Apple engineers and executives (including the company’s former Vision Pro Vice President), suggesting its entire approach to hardware recruitment is based on extracting Apple’s proprietary knowledge from potential hires. 

“Apple lacks visibility into what’s been happening behind closed doors at OpenAI, where such misconduct is normalized and exemplified by leadership,” the lawsuit argues. “This much is clear, however: at every level, from members of its Technical Staff to its Chief Hardware Officer, and in coordination with business partners, OpenAI has been stealing Apple’s trade secrets and confidential information. As a natural result, OpenAI’s nascent hardware business now rests on the shakiest of foundations, rotten to its core by its illegal reliance on misappropriated trade secrets.”

You can follow me on social media! Join me on BlueSky, LinkedIn, Mastodon, and subscribe to The Core.

Kategorie: Hacking & Security

Apple is prepping for life after the AI gold rush

Computerworld.com [Hacking News] - 11 Červenec, 2026 - 12:09

Consumer electronics prices are shooting up. Energy prices are increasing fast. Even water bills are climbing. For a technology that promises “efficiency,” the ongoing AI gold rush seems to be taking things away, much like the proverbial gift that keeps on grabbing.

With hundreds of billions in AI investment already racked up for 2026, it’s important to remember the entire industry is currently built on a mountain of debt — and much of this borrowed money is being spent on data center capacity. That’s true, even though consumers would probably rather have a cheap Mac than spend money on an AI subscription service. 

All this debt is being amassed because a small number of people at a very small number of firms have decided to make huge investments in the tech, which at present requires huge quantities of energy, memory and data center capacity to run. 

But it won’t always be this way.

A mountain of debt, but we’re short of memory

Look, the industry as it is now just doesn’t seem sustainable. Trillions are being spent and memory vendors are shifting capacity to make the high-value, high-bandwidth memory these server farms require — at the expense of traditional consumer electronic suppliers. 

The rapid rollout just creates AI tech will need to be replaced, likely at greater cost, in a few years’ time. In a nutshell, the industry is spending trillions to make billions; Sequoia’s David Cahn estimates the AI revenue gap between infrastructure expenditure and the revenue to justify it has already fallen $600 billion a year short

At some point, the VC money will run dry, after which it is inevitable deployment will slow and demand for all the components — including memory used in these large language model (LLM) data centers will fall. Some analysts think capex growth in the sector could halt by mid-2027.

At that point, memory vendors will have expensive production facilities and extensive defaults on their order books. If the 2027 prediction is true, those vendors will feel this impact in the form of reduced forward orders by the end of 2026.

The problem is that the investments have become so vast that any slowdown will have consequential effects across all sections of the economy. 

After the gold rush

Almost certainly, the technology will continue to improve, and the problems we’re looking to solve today might no longer be challenges once fresh innovation strikes. So, what happens next? 

Let’s think about memory, the biggest pain point at the moment and where we will (hopefully) find future innovation. At present, some of the largest LLMs sit inside data centers supported by vast quantities of memory. These machines are built to handle really complex tasks, but most of the time are used to search the web, deliver writing assistance and summarize documents. Those frequently-transacted tasks barely stretch the capabilities of these services and Apple, and others have already figured out how to run such tasks on device.

That’s the first obvious space in which to innovate – to invest in 1-bit data LLM systems to miniaturize and distill models so they actually run on the device you’re using, rather than relying on all those remote servers. 

The Apple shopping list

Apple’s interest in 1-bit data LLM pioneer PrismML speaks volumes about where the iPhone maker sees LLM development going, as did its acquisitions of Kuzu Inc., WhyLabs Inc, Pointable Inc., and Datakalab Inc. in recent years. 

The beauty of PrismML’s tech is what it can do. It was recently used to compress Alibaba’s huge 27-billion-parameter Qwen 3.6 model from 54GB down to under 4GB, running with all 27 billion parameters active simultaneously — all without sacrificing benchmark performance. 

The kicker? It managed to run that advanced, sophisticated AI model on an iPhone 17 Pro. My take? Just as music used to be captured on reel-to-reel tape and is now digitized and in the air, AI will move from the data center to the device, possibly faster than people expect. 

Apple has three pillars for AI: On-device for most of what you need, on Private Cloud Compute servers for most of the rest, or via third-party server-based systems for the most demanding tasks. That’s a blueprint for how the industry will evolve as technologies represented by PrismML tend toward bringing more of that intelligence to the device. Over time, those local tasks will become more sophisticated, eroding the available market for today’s heavily-indebted AI incumbents. 

Emerging priorities such as the need for privacy, data sovereignty, and trusted cloud will also spur the emergence of a multipolar AI future in which no one vendor dominates, further complicating their journey to profitability. It’s a model that favors the kind of service-agnostic, edgeAI approach Apple has taken.

EdgeAI for the rest of us

In the end, I don’t think there will be a need for much of the AI data center capacity now being built, because Apple and others will figure out how to use data minimization to transact sophisticated AI tasks on the device. For the most part, EdgeAI will deliver the consumer AI experience, while data centers cater to more sophisticated use. One day, after this gold rush has run its course, we’ll peer outside of our basements to see which of today’s AI firms actually are the chosen ones.

They may not be the ones you expect.

You can follow me on social media! Join me on BlueSkyLinkedInMastodon, and subscribe to the human-curated daily Apple news briefing at The Core.

Kategorie: Hacking & Security

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

Bleeping Computer - 11 Červenec, 2026 - 11:03
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers. [...]
Kategorie: Hacking & Security

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

The Hacker News - 11 Červenec, 2026 - 08:45
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Linux Privilege Escalation from a Defensive Perspective: Sudoers and SUID Misconfigurations

LinuxSecurity.com - 11 Červenec, 2026 - 00:41
Root access on a Linux system rarely arrives through a zero-day.
Kategorie: Hacking & Security

New U-Boot flaws could enable stealthy firmware attacks

Bleeping Computer - 10 Červenec, 2026 - 23:59
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. [...]
Kategorie: Hacking & Security

Ryuk ransomware member pleads guilty in the US, faces 15 years in prison

Bleeping Computer - 10 Červenec, 2026 - 19:46
A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems. [...]
Kategorie: Hacking & Security

Police suspects Dutch hackers were involved in Odido breach

Bleeping Computer - 10 Červenec, 2026 - 18:37
The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. [...]
Kategorie: Hacking & Security

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

The Hacker News - 10 Červenec, 2026 - 18:30
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

The Hacker News - 10 Červenec, 2026 - 18:29
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah