Alisios Informáticos

Acaba de confirmarse: Un exploit de zero-day llamado 'MiniPlasma' permite a los atacantes obtener acceso de SYSTEM en sistemas Windows completamente actualizados. El exploit afecta a Microsoft Windows, específicamente al servicio de impresión y manejo de colas de impresión, y permite una elevación de privilegios locales (LPE) a NT AUTHORITY\SYSTEM. La vulnerabilidad es de tipo zero-day, sin parche oficial disponible, y se ha publicado un proof-of-concept (PoC) que demuestra su explotación en sistemas Windows totalmente parcheados. El impacto es grave, ya que permite a los atacantes obtener acceso de SYSTEM a los sistemas afectados, lo que podría llevar a daños. ¿Hay parche? No, por ahora. ¿Qué deben hacer los afectados HOY? Revisar los logs de seguridad y monitorear el sistema para detectar cualquier actividad sospechosa. ¿Estás en riesgo? Revisa esto: actualiza tus sistemas lo antes posible y aplica las medidas de seguridad recomendadas. https://t.co/UeURc95WF6

⚠️ BitUnlocker Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes Source: https://t.co/dq8KjmuHtP A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft's BitLocker encryption, allowing attackers with physical access to decrypt protected volumes on patched Windows 11 machines in under 5 minutes by exploiting a crucial gap between patching and certificate revocation. The attack is rooted in CVE-2025-48804, one of four critical zero-day vulnerabilities. Systems that have completed the KB5025885 migration, moving the boot manager signature to the newer Windows UEFI CA 2023 certificate, are also protected against this downgrade path. #cybersecuritynews #Windows11

🚨GOOGLE JUST SILENTLY DOWNLOADED A 4GB AI MODEL TO YOUR COMPUTER WITHOUT ASKING.. WITHOUT TELLING YOU.. AND WITHOUT ANY WAY TO STOP IT.. If you use Chrome.. There's a good chance a 4 gigabyte file is sitting on your hard drive right now that you never agreed to download.. It's called Gemini Nano.. Google's on-device AI model.. A security researcher just proved it installs itself with zero clicks.. Zero prompts.. Zero notifications.. Alexander Hanff set up a completely fresh Chrome profile.. Didn't click anything.. Didn't scroll.. Didn't type a single keystroke.. Just opened the browser and watched.. 14 minutes and 28 seconds later.. Chrome had silently scanned his hardware.. Read his GPU, RAM, and storage.. Then wrote a 4GB file to his hard drive.. No permission dialog.. Nothing.. Chrome's own logs show the download begins BEFORE the settings page where you could opt out is even loaded.. The file starts installing before the refusal button exists.. As of Chrome 148.. Any website you visit can trigger this download.. One line of JavaScript.. You click a link to read a blog post.. That click counts as "user activation".. And Chrome silently pulls 4GB in the background.. No install prompt.. No consent dialog.. Google's own docs admit this.. Your laptop overheats.. Storage disappears.. Battery drains.. And you have no idea why.. The model doesn't even work well.. Cloud requests take 1.3 seconds.. The local model at worst case takes over 9 minutes for a single response.. Google is using your storage, electricity, and bandwidth to run an AI that's 40 times slower than their own servers.. And the "AI Mode" button in Chrome's address bar.. Doesn't even use the local model.. It sends everything to Google's cloud anyway.. You pay the storage penalty.. The heat penalty.. The bandwidth penalty.. And the visible AI feature ignores the local file entirely.. Because Chrome fails to clean up old versions.. Users are finding 12GB or more of duplicate AI files stacked on their drives.. Palo Alto Networks found a vulnerability where a browser extension could hijack the local AI model's permissions.. Accessing your webcam.. Microphone.. Local files.. Through an AI you never installed.. Here's how to check if it's on your machine.. Windows.. C:\Users\[YourName]\AppData\Local\Google\Chrome\User Data\Default\OptGuideOnDeviceModel\ Mac.. ~/Library/Application Support/Google/Chrome/Default/OptGuideOnDeviceModel/ If there's a file called weights.bin.. Google downloaded their AI to your computer without asking.. To stop it.. Type chrome://flags.. Search "optimization-guide-on-device-model" and disable it.. Search "prompt-api-for-gemini-nano" and disable that too.. Restart Chrome.. Then manually delete the folder.. If you don't disable the flags first.. Chrome redownloads the 4GB file on next launch.. Firefox requires explicit opt-in for AI.. Apple Intelligence requires explicit consent.. Chrome just takes your hard drive.. Google didn't ask to use your storage.. Your electricity.. Your bandwidth.. They just took it.