Agregátor RSS

Nájemkyně užívá od 80. let sloučené byty, které se ale nikdy nezkolaudovaly jako jeden celek. Nejvyšší soud posoudil, zda lze takové prostory považovat za byt a jaká pravidla zde platí.

Elektronický podpis dokumentů je nástroj, který umožňuje zachovat informaci o tom, kdo dokument podepsal. Popíšeme si hlavní principy jak funguje digitální podepisování a co zaručí ověřitelnost dlouhodobě.

Sonda do světa otevřeného softwaru. Dnes si na Linuxu připojíme Apple AirPods, přehrajeme si hudbu v GNOME, porovnáme si dva texty a nastavíme si herní myš.

Útoku moderních tanků ještě donedávna čelila děla nebo řízené protitankové střely. Co kdyby namísto těchto drahých systémů proti tankům zasahovali malí, chytří, laciní a nebezpeční pozemní roboti? Ohniví mravenci útočí v koordinovaných autonomních hejnech a z tanků rozhodně nemají strach.

Simulace galaxií na úrovni jednotlivých hvězd bývají nesmírně výpočetně náročné. Japonský tým vymyslel nový postup, kdy ke klasickým (super)počítačovým simulacím připojil umělou inteligenci, vycvičenou na simulacích exploze supernovy ve vysokém rozlišení. Nová simulace pojme stokrát více hvězd a je stokrát rychlejší než dosavadní nejlepší simulace galaxií na úrovni hvězd.

Strmě rostoucí ceny a neméně strmě padající dostupnost pamětí se promítnou i do cen grafických karet. Situace už se přirovnává ke kryptománii nebo covidové éře. Výrobci pamětí ale dodávky nezvýší…

Byla vydána (Mastodon, 𝕏) první RC verze GIMPu 3.2. Přehled novinek v oznámení o vydání. Podrobně v souboru NEWS na GitLabu.

Eugen Rochko, zakladatel Mastodonu, tj. sociální sítě, která není na prodej, oznámil, že po téměř 10 letech odstupuje z pozice CEO a převádí vlastnictví ochranné známky a dalších aktiv na neziskovou organizaci Mastodon.

Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. [...]

Using AI to attack AI

updated  Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks.…

Ethan Mollick je profesor z pensylvánské The Wharton School. Ale také neúnavný komentátor dění kolem AI a „pokušitel“, který se snaží dostat k hranicím možností chatbotů a dalších služeb. Jestli vám nevadí angličtina, přihlaste si ke sledování jeho účet na X. Mollick nedávno zaujal experimentem, ...

A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. [...]

As businesses begin deploying AI agents in greater numbers, IT teams will need to manage and secure those AI systems as they connect to corporate data. That’s the idea behind Microsoft’s Agent 365 (A365), a new “control plane” that lets customers deploy and govern the use of agents. The A365 announcement was made in conjunction with the company’s Microsoft Ignite event in San Francisco.

“While we’re not quite there yet, agent sprawl will become a key issue in the near future” with agents produced for specific tasks and employees creating their own, said Jack Gold, founder and principal analyst at J. Gold Associates. “Microsoft wants to control the agents within their infrastructure, much as it does with other Microsoft 365 and Office 365 environments.”

A365 functions as the central record of agents that access data in an organization’s Microsoft 365 environment. That includes agents built with Microsoft’s own tools, such as Copilot Studio, as well as open-source frameworks and third-party agents from the likes of Adobe, n8n, ServiceNow, and Workday.

Accessed via the Microsoft 365 admin console, A365 allows IT staffers to manage which agents employees can use and restrict the data and resources available to those agents.

“IT leaders can track every agent being used, built, or brought into the organization, eliminating blind spots and reducing risk,” Charles Lamanna, Microsoft president, Business Apps and Agents, said in a blog post Tuesday.

A visual dashboard displays connections between agents, data and workers, with real-time analytics around agent behavior and performance. 

“Even though it is early days…, there are quickly becoming too many agents to manage manually,” said Allie Mellen, an analyst at Forrester. A tool such as A365 can help IT and security teams “track, manage, and secure the agents in their organization,” she said. “AI agents are a new attack surface that we must protect given their access to sensitive data.”

A365 builds on three existing Microsoft tools: Defender, Entra, and Purview. Microsoft Defender helps detect and block known and emerging threats that target agents, while Purview, Microsoft’s data governance tool, is used to prevent agents from accessing — and then leaking — sensitive data.

Each agent is assigned a unique Microsoft Entra ID for IT to track usage and apply “adaptive, risk-based policies,” that can shut down compromised agents. “Microsoft has correctly identified that if agents are to do real work, they need ’employee’ IDs, not just software licenses,” said Alastair Woolcock, vice president analyst at Gartner. 

The use of A365 to extend Entra and Defender to the digital workforce means Microsoft is effectively “hiring agents into the org chart,” he said.  

It’s a move that forces other tech firms to either integrate with Microsoft’s governance layer or risk having their agents blocked as shadow IT, said Woolcock. “It’s a smart approach as companies and governments will need a control plane for multi-agent orchestration, where it’s not just Microsoft’s agents, but all agents under Agent 365,” he said. 

Several software vendors, including ServiceNow, Google, and Amazon Web Services are all vying to offer the main tool organizations use to govern agents. “Organizations won’t want to govern agents via a multitude of control planes and vendors; they’ll need one as a global standard,” said Woolcock. 

Microsoft’s proximity to end user workflows with Office apps and Teams gives the company a unique leverage point, he said. And if it integrates seamlessly with existing Microsoft tools, A365 could spare enterprise IT teams from relying on additional systems to manage agents.

There are still questions about how the tool will function in practice. “If I obtain agents that are not Microsoft-created, will I still be able to insert my third-party agents into this new infrastructure?” said Gold. “Microsoft says yes, but we’ll need to see how that plays out, much as it took some time to play out with PC and cloud apps. But overall, this is a win-win situation for both MSFT and its customers.”

Agent 365 is available now in early access via Microsoft’s Frontier program. Microsoft plans to offer more details on pricing closer to general availability.

More Microsoft Ignite 2025 news:

• Microsoft Fabric IQ adds ‘semantic intelligence’ layer to Fabric
• Microsoft unveils Agent 365 to help IT manage AI ‘agent sprawl’
• Microsoft touts scalability of its new PostgreSQL-compatible managed database
• Microsoft unveils Agent 365 to help IT manage AI ‘agent sprawl’
• Microsoft bets on agentic AI for cloud ops, but analysts doubt the pitch

Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce downtime and make it easier to recover from system failures or faulty updates. [...]

Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. [...]

Byla vydána nová major verze 5.0 svobodného 3D softwaru Blender. Přehled novinek i s náhledy a videi v obsáhlých poznámkách k vydání. Videopředstavení na YouTube.

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in a report shared with The Hacker News, said it observed the use

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in a report shared with The Hacker News, said it observed the use Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

For the third time in recent months, Google has found itself scrambling to fix a potentially serious zero-day flaw in the Chrome browser’s V8 JavaScript engine.

Addressed on Monday as part of an emergency ‘out-of-band’ patch, the vulnerability identified as CVE-2025-13223 was discovered by Clément Lecigne of Google’s in-house Threat Analysis Group (TAG).

At some point, the company also uncovered evidence that the flaw, rated ‘high’ with a CVSS score of 8.8, was being exploited in the wild.

As is customary to avoid giving other threat groups clues, Google’s advisory offers no detail on this discovery, merely stating: “Google is aware that an exploit for CVE-2025-13223 exists in the wild.”

Type confusion

The vulnerability description is just as sparse, mentioning only that the vulnerability is a Type Confusion flaw affecting the V8 JavaScript engine. This is a core element not only of Chrome, but also other Chromium-based browsers, including Microsoft Edge, Brave, and Opera.

The latter point is significant given that Chromium browsers are by some distance the most widely used consumer and business browsers in the world. Not surprisingly, Google added the following boilerplate statement to its latest advisory:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

In the case of third-party apps, that could take some time. In short, don’t hold your breath if you’re expecting a more detailed explanation of CVE-2025-13223.

The V8 engine was introduced by Google in 2008 to speed up JavaScript, a C++ scripting technology fundamental to modern web technology. Type Confusion is a class of vulnerability that in this type of C-coded component can cause memory corruption, out-of-bounds access, and in the worst-case scenario, code execution.

This raises the possibility that CVE-2025-13223 can be exploited without user interaction by luring a user to a booby-trapped website. Google’s advisory doesn’t say, while the National Vulnerability (NVD) entry says only: “Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” However, given that many V8 engine vulnerabilities make this kind of exploit possible, security administrators should assume it is a risk and patch Chrome as a priority.

Enterprise updating

The latest update also addresses a separate Type Confusion vulnerability in the V8 engine, CVE-2025-13224, also rated as ‘high’ priority. So far, there is no indication that this is under exploit.

Enterprise customers can address both flaws by updating to Chrome version 142.0.7444.175/.176 for Windows, version 142.0.7444.176 for Mac, and version 142.0.7444.175 for Linux.

Normally, enterprises patch every eight weeks on the Extended Stable Channel (ESC), allowing plenty of time for testing. In contrast, patches for zero-day vulnerabilities will usually be applied manually within days.

“For enterprise admins, the toll is real, because zero days mean a sweaty scramble to get fast patching and testing. And because Chrome updates come without real warning, hard and often, teams don’t get a break,” commented Zbyněk Sopuch, CTO of risk management company Safetica.

“The pattern here is that shared components multiply the blast radius, and until the wider community patches in an organized way, V8 stays one of the ripest targets in the room,” he added.

Attackers are always looking for ways to target V8, he said, because it allows them to “aim at the entire beehive. Admins are lying awake at night because of Chrome and the unknown list of apps that quietly run the same engine.”

Chrome has suffered two other confirmed zero days in the V8 engine in 2025, from a tally of seven across Chrome as a whole. The V8 flaws were CVE-2025-5419 in June and CVE-2025-10585 in September. Seven zero days sounds like a lot, but the annual count has been around this level for some time.

Regulator sides with telcos that claimed new cybersecurity duties were too ‘burdensome’

The Federal Communications Commission (FCC) will vote this week on whether to scrap Biden-era cybersecurity rules, enacted after the Salt Typhoon attacks came to light in 2024, that required telecom carriers to adopt basic security controls.…