Agregátor RSS

The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. [...]

Mastodon (Wikipedie) - sociální síť, která není na prodej - byl vydán ve verzi 4.5. Přehled novinek s náhledy v oznámení na blogu.

Led při ohýbání generuje elektřinu, může to souviset i s blesky. Subneptuny pravděpodobně nebudou oceánskými světy. Nově objevená blízká superzemě je v obyvatelné zóně. zrychlili a zlevnili výrobu kvantových nanodiamantů.

Jaká opatření z oblasti důchodů, daní či dávek mohou v příštích letech ovlivnit váš rodinný rozpočet? Projděte si s námi návrh programu vznikající koalice.

Letošní podzimní vydání Ubuntu se ukazuje být systémem s opět o něco vyladěnějšími aplikacemi ve Snapech. Má ale čím zaujmout, když většinu jeho základu tvoří stejné GNOME 49 jako ve Fedoře 43 a dalších distribucích?

Paradoxní výsledek: Nvidia, která předpokládala, že bude schopna vyvážet AI akcelerátory do Číny, nemůže, zatímco AMD, která už s vývozem svých akcelerátorů nepočítala, získala licenci…

Německo zvažuje, že zaplatí místním telekomunikačním operátorům včetně Deutsche Telekom, aby nahradili zařízení od čínské firmy Huawei. Náklady na výměnu by mohly přesáhnout dvě miliardy eur (bezmála 49 miliard Kč). Jeden scénář počítá s tím, že vláda na tento záměr použije prostředky určené na obranu či infrastrukturu.

Move fast - miscreants compromised a domain controller in 17 hours

Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.…

A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace. [...]

The technology unleashes self-replicating viruses called phages on food bacteria to continuously hunt down and destroy bad bugs.

It’s a home cook’s nightmare: You open the fridge ready to make dinner and realize the meat has spoiled. You have to throw it out, kicking yourself for not cooking it sooner.

According to the USDA, a staggering one-third of food is tossed out because of spoilage, leading to over $160 billion lost every year. Much of this food is protein and fresh produce, which could feed families in need. The land, water, labor, energy, and transportation that brought the food to people’s homes also goes to waste.

Canada’s McMaster University has a solution. A team of scientists wrapped virus-packed microneedles inside a paper towel-like square sitting at the bottom of a Ziploc container. It’s an unusual duo. But the viruses, called phages, specifically target bacteria related to food spoilage. Some are already approved for consumption.

Using microneedles to inject the phages into foods, the team decontaminated chicken, shrimp, peppers, and cheese. All it took was placing the square on the bottom of a storage dish or on the surface of the food. Mixing and matching the phages destroyed multiple dangerous bacterial strains. In some cases, it made spoiled meat safe to eat again based on current regulations.

It’s just a prototype, but a similar design could one day be used in food packaging.

“[The platform] can revolutionize current food contamination practices, preventing foodborne illness and waste through the active decontamination of food products,” wrote the team.

A Curious Food Chain

It’s easy to take food safety for granted. The occasional bad bite of leftover pizza might give you some discomfort, but you bounce back. Still, foodborne pathogens result in hundreds of millions of cases and tens of thousands of deaths every year according to the World Health Organization. Bacteria like E. Coliand Salmonella are the main culprits.

Existing solutions rely on antibiotics. But they come with baggage. Flooding agriculture with these drugs contributes to antibacterial resistance, impacting the farming industry and healthcare.

Other preservative additives—like those in off-the-shelf foods—incorporate chemicals, essential oils, and other molecules. Although these are wallet-friendly and safe to eat, they often change core aspects of food like texture and flavor (canned salsa never tastes as great as the fresh stuff).

Maverick food scientists have been exploring an alternative way to combat food spoilage—phages. Adding a bath of viruses to a bacteria-infected stew is hardly an obvious food safety strategy, but it stems from research into antibacterial resistance.

Phages are viruses that only infect bacteria. They look a bit like spiders. Their heads house genetic material, while their legs grab onto bacteria. Once attached, phages inject their DNA into the bacteria and force their hosts to reproduce more viruses—before destroying them.

Because phages don’t infect human cells, they can be antibacterial treatments and even gene therapies. And they’re already part of our food production system. FDA-approved ListShield, for example, reduces Listeria in produce, smoked salmon, and frozen foods. PhageGuard S, approved in the US and EU, fights off Salmonella. Other phage-based products include sprays, edible films, and hydrogel-based packaging used to decontaminate food surfaces.

Even better, phages self-renew. They are “self-dosing antimicrobial additives,” wrote the team.

But size has been a limiting factor: They’re too big. Phages struggle to tunnel into larger pieces of food—say, a plump chicken breast. Although they might swiftly wipe out bacteria on the surface, pathogens can still silently brew inside a cutlet.

Prickly Patch

The new device was inspired by medical microneedle patches. These look like Band-Aids, but loaded inside are medications that can seep deeper into tissues—or in this case, food.

To construct food-safe microneedles, the team tested a range of edible materials and homed in on four ingredients. These included gelatin, the squishy protein-rich component at the heart of Jell-O, and other biocompatible materials readily used in medical devices. The ingredients were poured into a mold, baked into separate microneedle patches, and checked for integrity.

Each ingredient had strengths and weakness. But after testing the patches on various foods—mushrooms, fish, cooked chicken, and cheese—one component stood out for its reusability and ability to penetrate deeper. Called PMMA, the coating is already used in food-safe plexiglass and reusable packaging.

The team next loaded multiple phages that target different food-spoiling bacteria into PMMA scaffolds and challenged the patches to neutralize bacterial “lawns.” True to their name, these are fuzzy microscopic bits of bacteria that form a carpet. You’ve probably seen them at the bottom of a food container you’ve left far too long in the fridge.

The phage patches completely erased both E. Coli and Salmonellain steaks with high levels of the bacteria. Another test pitted the patches against existing methods in leftover chicken that had lingered 18 hours in unsafe food conditions. Compared to directly injecting phages or applying phage sprays, the microneedle patch was the only strategy that kept the chicken safe to eat according to current regulations.

Phage Buffet

The system was especially resilient to temperature changes. When applied to chicken or raw beef, the phage patches were active for at least a month at regular refrigerator temperatures, “ensuring compatibility with food products that require prolonged storage,” wrote the team.

The system can be tailored to tackle different bacteria, especially by mixing up which phages are included. Using a variety could potentially target strains of bacteria throughout the food production line, making the final product safer.

The team is planning to integrate the platform into food packaging materials, which would ensure the microneedles are in constant contact with the food and deliver a large dose of phages that self-replicate to continue warding off bacteria. Other ideas include sprinkling phage-loaded materials directly onto food during manufacturing and production.

The idea of eating viruses might seem a little weird. But phages naturally occur in almost all foods, including meat, dairy, and vegetables. You’ve likely already eaten these bacteria-fighting warriors at some point as they’re silently hunting down disease-causing bacteria.

The vaccine could prevent foodborne illness and reduce waste. It’s easy to adapt to different strains of bacteria, food-safe, and cost effective, wrote the team, making it “well suited for applications within the food industry.”

The post Scientists Unveil a ‘Living Vaccine’ That Kills Bad Bacteria in Food to Make It Last Longer appeared first on SingularityHub.

Japanese media company Nikkei has confirmed that a security breach of its Slack accounts has potentially leaked highly sensitive information from more than 17,000 of its users. Consultants point to the incident as yet another reminder of the dangers when non-corporate devices are allowed to access confidential corporate data. 

“An employee’s personal computer was infected with a virus, leading to the leakage of Slack authentication credentials. It is believed that this information was used to gain unauthorized access to employee accounts,” Nikkei said in a published statement. “The incident was identified in September and countermeasures such as changing passwords were implemented. Potentially leaked information includes the names, email addresses, and chat histories for 17,368 individuals registered on Slack.”

The Nikkei statement added “Considering the incident’s significance and to ensure transparency, we voluntarily reported it to [Japan’s] Personal Information Protection Commission. No leakage of information related to sources or reporting activities has been confirmed.”

Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, a directory of former government and military specialists, stressed that this is part of an ongoing trend of Slack breaches.

“There is often increased risk when employees or contractors access company resources from non-company-managed devices. Recent attacks against Okta, MGM Resorts, and others have been linked to such unmanaged access,” Levine said, adding that last year, “an attacker exfiltrated more than [1 terabyte] of internal data from Disney’s Slack environment when a contractor had accessed Slack from an unmanaged device, bypassing monitoring tools.”  

Erik Avakian, technical counselor at Info-Tech Research Group, noted that one of the most concerning things about attacks similar to the Nikkei breach is that the attackers are often able to easily bypass MFA defenses.

“An employee’s computer gets hit by malware designed to steal credentials. The malware grabs Slack session tokens and cookies, then sends them to attacker command and control servers,” Avakian said. “With those stolen and likely active tokens, the attacker is able to log into Slack from their own device and access private channels and chat history without even triggering a multi-factor authentication prompt, since they reused an already-authenticated session.”

Avakian said that the nature of these attacks suggests that enterprise CISOs should consider procedural changes. 

This kind of attack would give threat actors “broad access to channels and integrations, which made the impact worse. Weaknesses around this incident shine a light on unmanaged or poorly protected devices, long-lived tokens, and not enough logging or alerts for suspicious sessions,” Avakian said. “Organizations can learn from these types of incident, and those using Slack, or any other widely used communications platform similar to Slack, should maintain a policy for revoking active sessions and refreshing tokens for affected users routinely, forcing password resets and rotating API tokens.”

Jeff Man, a senior information security consultant with Online Business Systems, pointed out, “the larger discussion should be on the failings of the Nikkei IT/IS program to protect against some sort of attack that targeted its employees. Why are employees allowed to use Slack on personal devices?”

“So this is really an issue of risk management,” Man said. “In the case of Nikkei, it appears the exploitation was elsewhere [on the system]. The initial access allowed the miscreants to use credentials to gain access to Slack. That’s not a compromise of Slack itself, that’s a compromise of employee account authentication.”

Stephen Boyce, security consultant and CEO of The Cyber Dr., said the Nikkei incident represents “what happens when someone uses a personal device to get into work systems. Once that device gets hit with malware, it’s game over for the credentials. The part that worries me is this could happen anywhere. People forget how much sensitive stuff ends up in Slack: messages, files, links, sometimes even credentials. Once someone has that, they can poke around pretty freely.”

“To me, it’s just another reminder that zero trust has to go all the way out to the edge, not just the network. You’ve got to know the device, use MFA tied to managed hardware, and control what data lives in those SaaS tools,” Boyce said. “You may be also asking ‘Well, do we do away with BYOD all together?’ And the short answer is ‘no’ but we do need to look at ways we can secure the workforce beyond company issued assets.”

This article originally appeared on CSO Online.

The State of Nevada has completed its recovery from a ransomware attack it suffered on August 24, 2025, which impacted 60 state agencies, disrupting critical services related to health and public safety. [...]

Plus 2 new critical vulns - patch now

Cisco warned customers about another wave of attacks against its firewalls, which have been battered by intruders for at least six months. It also patched two critical bugs in its Unified Contact Center Express (UCCX) software that aren't under active exploitation - yet.…

Some say good government is less government. Others have a different point of view. But the least you should be able to expect from any kind of governance is that following one law doesn’t force you to break another. That is, unless you’re Apple and the laws are made in Europe.

In a letter seen by Computerworld, Apple Vice President Kyle Andeer has come out swinging against yet another investigation into the company’s business. Apple faces a pair of inquiries under Europe’s Digital Services Act (DSA), a sprawling piece of legislation that pretends to make the online world safer and probably won’t. (UK legal firm Slaughter and May offers a useful guide here.)

Apple comes out fighting

The problem is that the two investigations arguably reflect requirements made under the DSA’s companion law, the Digital Markets Act. Apple isn’t happy, and its latest furious complaint against EU regulators pulls no punches in pointing out the futile and contradictory hypocrisy in play. 

“We are concerned that these new inquiries are cynical attempts to distract from the core problems caused by the Commission’s misguided DMA enforcement efforts,” the letter says.

As part of an initial investigation, the European Commission has thrown Requests for Information (RFI) at Apple. These say regulators suspect that Apple:

• “Has not put in place reasonable, proportionate and effective mitigation measures tailored to this specific systemic risk [of the dissemination of illegal content related to financial scams through App Store].”
• “Has not put in place appropriate and proportionate measures to ensure a high level of safety and security of minors on their service.”

Apple helpfully points to its extensive and provable track record of having put numerous protections in place to protect customers and their children, while also pointing out that the Commission has made the task far more challenging in how it applies the DMA.

Apple is the world’s safest ecosystem

“We find it difficult to square the premise of these [requests] with the Commission’s aggressive interpretation and application of the Digital Markets Act (DMA). The Commission has consistently taken positions under the DMA that undercut Apple’s ability to protect its users,” the company said.

“Apple has always focused on protecting its users from bad actors on its platforms and in its App Store. For almost two decades, we have been investing heavily in systems and processes to identify risks of financial scams, apps that could potentially harm children, and other apps that we believe pose risks to our users on iOS and iPadOS. We have taken a number of steps to protect our users from harm — whether the risk is at the app level or the payment processor level.”

The extensive letter points to numerous things Apple already does. From App Store and App Review and beyond, its approach helps control fraud, prevent distribution of pornography, and defend against malware. But, of course, the Commission is actively eroding these protections with the DMA.

Europe is fundamentally undermining itself

“The Commission has forced Apple to change that successful approach — while simultaneously refusing to allow it to implement proven safeguards that have helped ensure that iOS users are better protected from malicious actors than users of any other [approach]. Without those protections, risks to users on our devices will inevitably increase.”

Apple also warns that giving developers permission to link out of their apps to wherever they want to link without any significant protections also threatens user security. Needless to say, this is precisely what Europe has demanded Apple do — a move that will inevitably expose people to additional risks. Europe is also insisting Apple “fundamentally undercut” many of the tools it currently uses for parental protection and control, even to the extent of refusing to permit Apple to institute key safeguards. 

“For decades, Apple has been meeting the challenges of an ever-evolving threat landscape by constantly innovating to keep our users safe from harm. Our efforts have made iOS the most secure mobile platform,” the company, quite justifiably, explains.

Apple also points to some of the big companies that have undermined the very protections the Commission now claims to want to encourage.”

European enshittification

“The Commission has made the App Store less safe for users: It introduced new vulnerabilities and undermined the protections Apple has long put in place to protect users of the App Store,” Apple said. “At the same time, the Commission has done nothing to address abuses by developers. Authorities in the United States have condemned Epic Games, Match Group, and other developers for misleading and deceiving users (specifically including children, in at least one case). The silence of the Commission has been deafening. It has turned a blind eye to these abuses, as they would expose the hypocrisy of the Commission’s approach to the digital marketplace. The loser is the user.

“It does not make sense for the Commission to press Apple to protect users, including minors, from fraud within the App Store while at the same time requiring Apple to create functionalities like link-outs and web views that increase the risk of fraud without necessary safeguards.”

Where’s the consistency?

“The Commission cannot both prohibit Apple from taking the steps it has found essential in mitigating the risk of scams and fraud on the App Store while simultaneously scrutinizing Apple for not providing even more measures to mitigate these risks on the App Store.”

Apple is quite evidently in a Catch-22 situation. On one hand, it’s being forced to introduce fundamental insecurities into its platforms, while at the same time facing punishment for what it is required to do. Central to all of this is what appears to be a commitment to denial on the part of Europe, which can’t even accept, for example, that many fraudsters play a long game; that is why intentional use of third-party payment systems with multiple layers of approval is so important when it comes to NFC.

What next?

With that total lack of consistency, Apple will surely see the cost of doing business in Europe increasing fast. So, when will it become so burdensome and expensive to do business in Europe that it becomes worth quitting the market? 

This has to be a question Apple’s senior leadership teams must discuss at morning meetings as Europe’s regulators hammer Cupertino with contradictory and inconsistent requests. If European voters feel like the long wait for Apple Intelligence was painful to them, just how will they feel in the event Apple chose to withdraw some products and services from that market entirely?

Perhaps Europe’s Parliament, which hires the leaders of the Commission, might want to consider that in the prelude to the next election in 2029.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Po dvaceti letech skončil leader japonské SUMO (SUpport.MOzilla.org) komunity Marsf. Důvodem bylo nasazení sumobota, který nedodržuje nastavené postupy a hrubě zasahuje do překladů i archivů. Marsf zároveň zakázal použití svých příspěvků a dat k učení sumobota a AI a požádal o vyřazení svých dat ze všech učebních dat.

Ikea odhalila 21 nových produktů pro chytrou domácnost. • Všechny běží na standardu Matter, prodávat se začnou v lednu. • Nahrazují současné produkty, ale dorazí i nové jako teploměr či otočné tlačítko.

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a linkRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Red and blue teams often operate independently, but attackers don't. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. [...]

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-serviceRavie Lakshmananhttp://www.blogger.com/profile/[email protected]