reporter

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a securityView the full article

Wiz Khalifa has found himself in some hot water overseas, with the rapper reportedly sentenced to nine months in a Romanian jail following a drug possession case stemming from a festival performance last year. According to Romanian prosecutors, Khalifa (real name Cameron Jibril Thomaz) was stopped by police in July after allegedly smoking cannabis onstage during his set at the Beach, Please! Festival in Constanta County. Authorities claim he was found in possession of more than 18 grams of cannabis, and that some of it had been consumed mid-performance – a move that might fly at plenty of festivals elsewhere, but very much doesn’t in Romania. Wiz Khalifa – ‘Roll It Up Freestyle’ Khalifa was formally charged with “possession of dangerous drugs, without right, for personal consumption”, per Romanian outlet Agerpres. He was initially hit with a relatively modest fine of 3,600 lei (roughly $830 AUD), however prosecutors appealed that decision, pushing for a harsher penalty – which has now resulted in the nine-month jail sentence. There’s a pretty big caveat, though. Wiz doesn’t live in Romania, meaning authorities would need to formally request extradition from the United States for that sentence to be enforced. At the time of writing, there’s been no public confirmation on whether that step will actually be taken, or how likely it is to happen. Still, it’s a wild reminder that what might seem like business-as-usual on a festival stage in one country can carry very different consequences in another. For now, it remains to be seen whether Wiz Khalifa’s Romanian saga goes any further – but it’s definitely not the kind of overseas tour story artists usually hope to come home with. Further Reading Wiz Khalifa Welcomes Second Child, Daughter Kaydence Dozens Injured After Barrier Collapses At Snoop Dogg & Wiz Khalifa Concert Wiz Khalifa Got Arrested At An Airport For Riding A Hover Board The post Wiz Khalifa Sentenced To Nine Months In Romanian Jail Over Cannabis Incident appeared first on Music Feeds. View the full article

LLM-powered chatbots have risks that we see playing out in the headlines on a nearly daily basis. But chatbots are limited to answering questions. AI agents, however, access data and tools and carry out tasks, making them infinitely more capable – and more dangerous to enterprises. The OWASP Top 10 for Agentic Applications can help CISOs explain what the issues are to their business counterparts. It can also help CISOs to directly improve agentic AI security, because it comes with threats taxonomy, mitigation strategies and playbooks, and example threat models. It’s all part of OWASP’s Agentic Security Initiative. Scott Clinton, OWASP GenAI security project board co-chair and co-founder, says he was surprised by how many agentic solutions were already deployed in organizations that the OWASP team uncovered while they were researching the list. And how many of those solutions were deployed without the knowledge of IT and security teams. This level of risk is unprecedented, he says. That includes a lot of theoretical, “academic” risks. “However, we focused on those that were data-driven,” he says. “Where we would provide practical guidance based on real-world conditions today.” The challenge of educating stakeholders “If you’re a CSO, chances are you are having quite a time educating your stakeholders about the risks that are being introduced by the use cases that are probably being pushed on you,” says Kayla Underkoffler, director of AI security and policy advocacy at Zenity, an AI security company, and one of the core contributors to the OWASP list. The CISO might not be able to say no, she adds – but might also be a little hesitant to say that the company can go all in and adopt the technology without thinking of the consequences. The list was deliberately designed to be consumable, she says. “It will help with threat modeling, help with telling the story, help explain what controls need to be in place to reduce the risk and why.” A security leader can get an agentic AI use case from the business and align the top risks to fit that use case. The list also provides a common language around agentic AI and its risks, Underkoffler says. Actionable guidance Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies. “Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value he finds in the new Agentic AI OWASP top 10 is that it’s immediately useful. “It’s directly actionable as a control baseline in both security architecture and governance, risk, and compliance contexts,” he says. One aspect of the list that he found particularly insightful was the evolution of “least privilege” to “least agency.” He recommends that CISOs use the list to assess their programs, identify gaps, and map out a plan of action for improvement. “Most likely already have active programs in place,” he says. But it’s also likely they will need to evolve to accommodate the specific risks of agentic AI. Missing pieces The only thing that’s lacking in this first release of the list is that some of the mitigation sections aren’t detailed enough, says Zenity’s Underkoffler. But there are plans to address that. “We have some efforts to really dive into the mitigations for security teams, to help implement these controls,” she says. “Not just descriptions of what you should do but real code examples of how you can implement them.” For example, she says, one of the suggested mitigations is to “apply the principle of least privilege”. “Which is completely accurate,” she says. “Everyone should apply the principle of least privilege. But what does that mean for agents?” Rick Holland, data and AI security officer at Cyera, a data security vendor, says he’d like the list to explain the likelihood of each type of attack. “Not all threat actors are created equal,” he says. For organizations targeted by nation-state actors, for example, the attackers might use more sophisticated attack vectors, like memory and context poisoning or agentic supply chain vulnerabilities. Rank-and-file cybercriminals might go after more low-hanging fruit, Holland says, using techniques like agent goal hijack or tool misuse. Jose Lazu, associate director of product management at CMD+CTRL, a security training company, says that there are some second-tier risks that could have been included, such as model and tuning supply-chain integrity, long-horizon data poisoning, multi-agent coordination exploits, and cost-based resource exhaustion. “These areas are evolving quickly, so CSOs need to keep them on their radar,” he says. OWASP Top 10 for Agentic AI Below we list the OWASP Top 10 for Agentic Applications 2026, a framework that identifies the most critical security risks facing autonomous and agentic AI systems. 1 – Agent Goal Hijack Attackers use prompt injection, poisoned data, and other tactics to manipulate the AI agent’s goals, so that the agent carries out unwanted actions. For example, a malicious prompt can manipulate a financial agent into sending money to an attacker. 2 – Tool Misuse and Exploitation Agents misuse legitimate, authorized tools for data exfiltration, destructive actions, and other unwanted behaviors. In fact, we’ve already seen examples of AI agents deleting databases and wiping hard drives. 3 – Identity and Privilege Abuse Flaws in agent identity, delegation, or privilege inheritance allow attackers to escalate access, exploit confused deputy scenarios, or execute unauthorized actions across systems. For example, an attacker can use a low-privilege AI agent to relay instructions to a high-privilege in order to do things they’re not supposed to be able to do. 4 – Agentic Supply Chain Vulnerabilities Compromised or malicious third-party agents, tools, models, interfaces, or registries introduce hidden instructions or unsafe behavior into agentic ecosystems. For example, an attacker can embed hidden instructions into a tool’s meta-data. 5 – Unexpected Code Execution Agent-generated or agent-invoked code executes in unintended or adversarial ways, leading to host, container, or environment compromise. AI agents can generate code on the fly, bypassing normal software controls, and attackers can leverage this. For example, a coding agent writing a security patch might include a hidden back door due to poisoned training data or adversarial prompts. 6 – Memory and Context Poisoning Attackers corrupt persistent agent memory, RAG stores, embeddings, or shared context to affect an agent’s future actions. For example, an attacker keeps mentioning a fake price for a product, which gets stored into an agent’s memory, and the agent might later think the price is valid and approves bookings at that price. Contaminated context and shared memory can spread between agents, compounding corruption. 7 – Insecure Inter-Agent Communication Weak authentication, integrity, or semantic validation in agent-to-agent messaging enables spoofing, tampering, replay, or manipulation. For example, an attacker can register a fake agent in a discovery service, and intercept privileged coordination traffic. 8 – Cascading Failures A single fault, such as hallucination, poisoned memory, or compromised tool, propagates across autonomous agents. For example, a regional outage in a hyperscaler can break multiple AI services, leading to a cascade of agent failures across many organizations. 9 – Human-Agent Trust Exploitation Agents exploit human trust, authority bias, or automation bias to influence decisions or extract sensitive information. For example, a compromised IT support agent can request credentials from an employee and send them to the attacker. 10 – Rogue Agents Agents can act harmfully and deceptively in such a way that individual actions may appear legitimate. This could be due to prompt injection, or due to conflicting objectives or reward hacking. For example, an agent whose job is to reduce cloud costs might figure out that deleting files is the most efficient way to do that. View the full article

In einem falschen Security-Mindset gefangen? Foto: Paul Craft – shutterstock.com Dass Jobs im Bereich Cybersecurity ein hohes Burnout-Potenzial aufweisen, ist längst kein Geheimnis mehr: Das Umfeld von Sicherheitsprofis ist vor allem geprägt von dem (gefühlten) Druck, täglich steigenden Anforderungen gerecht werden zu müssen. Dafür sind diverse Gründe ursächlich – in erster Linie aber die Art und Weise, wie über Security gedacht wird. Die gute Nachricht: Wenn Sie ein schädliches Mindset identifizieren, können Sie es verändern und sowohl sich als auch Ihre Teams besser für den Erfolg positionieren. Cybersicherheit ist ein hochtechnisches Gebiet und in gewisser Hinsicht eine harte Wissenschaft. Auf der anderen Seite ist sie aber auch stark von Elementen der Psychologie und Moral geprägt. Wie effektiv die IT-Sicherheit letztlich ausfällt, hängt auch vom Mindset und den Überzeugungen der Fachkräfte und Entscheider auf diesem Gebiet ab. Sollten Sie eines der folgenden sechs Mindsets an den Tag legen, ist Arbeit angesagt, damit ein gesünderes Security-Umfeld gedeihen kann. 1. “Security ist ein Ziel” Ein besonders heimtückisches Security-Mindset ist die Überzeugung, dass es sich um eine Reise mit Start- und Zielpunkt handelt. Zu dieser Überzeugung kommt man (hoffentlich) nicht bewusst – Profis ist klar, dass es sich um eine kontinuierliche Aufgabe handelt. Unterbewusst kann es aber durchaus dazu kommen, dass es zu vorübergehender Untätigkeit kommt, wenn bestimmte Tasks gerade erledigt wurden. Das führt allerdings nur dazu, dass alle im Team mehr unnötigen Stress haben. Denn wer ein Ende in Aussicht stellt, erzeugt ein subtiles Gefühl der Enttäuschung oder gar des Scheiterns, sobald offenbar wird, dass es doch immer noch etwas mehr zu tun gibt. Zur Ruhe werden Sie (und Ihr Team) erst kommen, wenn sie akzeptieren, dass Security ein fortlaufender Prozess ist. 2. “IT-Sicherheit ist nur was für Profis” Die Auffassung, dass Security ausschließlich in den Händen der entsprechenden Spezialisten liegt, führt zu zweierlei unglücklichen Konsequenzen: Alle anderen Mitarbeiter werden – zumindest gefühlt – aus der Verantwortung entlassen. Sicherheitsprofis werden auf subtile Weise in eine Einzelkämpferrolle gedrängt. Softwareentwickler sollten Security in jeder Phase des Lebenszyklus im Hinterkopf behalten, statt sich erst zur Auslieferung damit zu befassen. Das gilt jedoch auch für alle anderen Mitarbeiter im Unternehmen: Nur wenn Awareness herrscht, kann die Gefahr von Cyberangriffen minimiert werden. Natürlich kommt den Sicherheitsexperten diesbezüglich eine führende, beziehungsweise leitende Rolle zu. Letztendlich sollte sich aber jeder Mitarbeiter dazu befähigt fühlen, zur allgemeinen Unternehmenssicherheit beitragen zu können. Eine gemeinschaftliche Aufgabe stärkt davon abgesehen auch das Wir-Gefühl. 3. “Security wird immer nur diffiziler” Kaum etwas ist entmutigender als eine klassische Sisyphos-Aufgabe. Dieser Eindruck kann allerdings leicht entstehen, wenn es um Security geht: Cyberkriminelle werden immer raffinierter und nutzen immer bessere Tools, während die digitale Infrastruktur, die geschützt werden muss, sich immer umfangreicher, komplexer und vernetzter gestaltet. In der Realität ist der Kampf zwischen White und Black Hats ein ständiges Geben und Nehmen. Das Phänomen Ransomware ist ein gutes Beispiel: Eine Zeit lang schienen sich Verschlüsselungstrojaner zu einer Plage zu entwickeln – inzwischen hat sich die Sicherheitsbranche entsprechend weiterentwickelt und messbar zurückgeschlagen. Indem Sie die zyklische Natur der IT-Sicherheit akzeptieren, befähigen Sie sich dazu, eine Haltung einzunehmen, die die richtige Balance zwischen Entspannung und Wachsamkeit findet. Mentales Gleichgewicht ist der Schlüssel zu langfristigem (Security-)Erfolg. Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. Jetzt CSO-Newsletter sichern 4. “Sicherheit ist ein Produkt” Die IT Security wird nicht selten als Standalone-Funktion oder Zusatzprodukt betrachtet, die über die zugrundeliegende Infrastruktur “gestülpt” wird oder als konkrete “Sache”, die finalisiert und ausgeliefert werden muss. Das ähnelt ein bisschen der einstigen Perspektive auf Qualität im Allgemeinen als eine eigenständige, separate Komponente der Dinge. Um es mit Aristoteles zu sagen: “Qualität ist keine Handlung, sondern eine Gewohnheit”. Security wiederum ist wie Qualität kein fertiges Produkt, sondern (wie bereits angemerkt) eine fortlaufende Disziplin. Sicherheit als eine Praxis zu betrachten, die ständig verfeinert werden muss, setzt die dafür nötige Energie frei. Sie sollten es als Segen betrachten, in einem Bereich zu arbeiten, der kontinuierlich Raum für Wachstum und die Möglichkeit bietet, Ihre Skills vollumfänglich zur Geltung zu bringen. Haben Sie dieses Mindset verinnerlicht, gilt es, das mit dem gesamten Unternehmen zu teilen. Security sollte in keinem Fall wie ein Produkt ausgeliefert werden, denn sie ist keine Begleiterscheinung oder ein Hilfsmittel. Vielmehr sollte sie der Treiber für Kultur und bewusstes Handeln sein. Kurzum: IT-Sicherheit sollte Teil des täglichen Doings sein – auf individueller und organisatorischer Ebene. 5. “Die Kriminellen treiben die Security” Security-Profis, die kontinuierlich damit beschäftigt sind, Brände zu löschen, können zur Überzeugung kommen, dass die Cyberkriminellen das Spiel beherrschen. Diese reaktive Perspektive auf die IT-Sicherheit sorgt für Frustration und ein Gefühl der Machtlosigkeit. In der Realität haben die Unternehmen das Ruder in der Hand: Sie sind es schließlich, deren Assets für Kriminelle verlockende Ziele darstellen. Die Angreifer sind in den meisten Fällen nicht zu unterschätzen – es ist jedoch das Business, dass die Sicherheit treibt. 6. “100 Prozent reicht gerade” Gute Sicherheit braucht messbare Faktoren. Metriken wie die “Mean Time to Detect” (MTTD) ermöglichen es, die Situation zu monitoren und die Effektivität von Programmen zu messen. Problematisch wird es in diesem Bereich, wenn Sie der Vorstellung erliegen, dass sich sämtliche Indikatoren stets in eine positive Richtung – oder noch schlimmer im “perfekten” Bereich – bewegen müssen. Diese unrealistische Erwartung ist ein Einfallstor für verzerrte Messwerte. Stattdessen sollten Sie Metriken eher als Wegweiser sehen, die Sie ans Ziel bringen können. Der Schlüssel liegt jedoch darin, die nötigen Schritte zu unternehmen und Maßnahmen einzuziehen, um die Dinge in die richtige Richtung lenken. Das macht es essenziell, sich ehrlich mit Messungen auseinanderzusetzen. (fm) View the full article

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Financially-motivated attackers have found a way to use the flaw, dubbed React2Shell (CVE-2025-55182), to execute arbitrary code on vulnerable servers through a single malicious HTTP request. This allows them to quickly and easily gain access to a corporate network and deploy ransomware, according to researchers at cybersecurity company S-RM and the Microsoft Defender Security Research Team. Attackers initially exploited the vulnerability to introduce backdoor malware and crypto miners; this new method represents an escalation, and experts say it reveals a fundamental security flaw in front end development. “For too long, we’ve treated front end development as low end, low risk work,” said David Shipley of Beauceron Security. “This is to front end of applications what Log4j was to the back end, a massive opportunity for attackers.” How attackers easily get ‘highly privileged’ access React is widely used in enterprise environments, with Microsoft researchers identifying “tens of thousands of distinct devices across several thousand organizations” running React or React-based applications. React2Shell is a pre-authentication remote code execution (RCE) vulnerability affecting React Server Components (RSC), the open-source framework Next.js, and other related frameworks. It has been rated a 10 on the Common Vulnerability Scoring System (CVSS) because it is easy to exploit, puts numerous exposed systems at risk, and is highly susceptible to automated attacks since it doesn’t require authentication to execute. The vulnerability specifically impacts the Flight protocol, a core feature in the React development library and Next.js. RSC contains packages, frameworks, and bundlers that allow React apps to run parts of their logic on the server rather than in the browser. Flight allows server and client to communicate; when the client requests data, the server receives and parses a payload, executes server-side logic, and returns a human-readable software package. With the React2Shell vulnerability, impacted RSCs fail to validate incoming payloads, allowing threat actors to inject malicious components that React identifies as legitimate. Attackers can send HTTP requests to trick the server into running compromised code, potentially giving them “highly privileged” access to unpatched systems, according to the S-RM researchers. According to initial reporting on React2Shell, nation-state actors began exploiting the vulnerability within hours of public disclosure. While early impact was limited to the installation of persistent backdoors into networks and crypto currency mining, React2Shell is now being used as the initial access vector in a ransomware attack. S-RM notes that it is likely being used by “less sophisticated actors” targeting public-facing web servers. The Microsoft researchers warn of the dangers of this vulnerability: It can be exploited with just one HTTP request; default configurations are vulnerable, meaning there’s no special setup and attackers don’t have to wait for user mistakes; exploitation doesn’t require authentication because it occurs pre-authentication; and proof-of-concept exploits show near-100% reliability. “For all the over-talk on zero trust, here’s a great example of where it would’ve been useful,” said Beauceron’s Shipley. “Way too much trust and access was built into the React model. And attackers figured out how to exploit it.” What to look for In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to communicate with their external servers. They then disabled real-time protection in Windows Defender Antivirus. The ransomware binary was dropped and executed “within less than one minute of initial access,” the S-RM researchers report. The attackers modified encrypted files, left recovery notes, created text files that included the target’s public IP address, and cleared event logs and backup snapshots. The researchers noted that they did not observe lateral movement to other systems or attempts to steal data. The compromised server was taken down the day after it was discovered. S-RM advises enterprises using RSC to verify that it is a fully-patched version; however, React has warned that even initially released patches (versions 19.0.2, 19.1.3, and 19.2.2) are vulnerable. Beyond patching, organizations should perform forensic reviews to check for: Unusual outbound connections that could indicate C2 was executed; Disabling of antivirus and endpoint protection, or log clearing or tampering; Unusual spikes in resource use, which could indicate crypto miners; Windows event logs or endpoint detection and response (EDR) telemetry indicating attackers executed files in memory from binaries related to Node or React. Indicators of compromise (IOC) detailed in the advisory, both host-based and network-based. Front end is no longer low-risk This vulnerability reveals a fundamental gap in the development environment that has largely been overlooked, experts say. “There is a dangerous comforting lie we tell ourselves in web development: ‘The frontend is safe.’ It isn’t,” notes web engineer Louis Phang. He called this a “logic error in the way modern servers talk to clients,” that turns a standard web request into a weapon. It is the result of developers focusing on reliability, scalability, and maintainability, rather than security. For years, all that happened when a front end developer made a mistake was that a button that looked wrong, a layout was broken, or, in a worst-case scenario, Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into web pages, was possible, Phang said. With React rendering on the server, front end code has privileged access, and vulnerabilities serve as a backdoor into databases, keys, and data. “React2Shell signifies the end of the front end developer as a low-risk role,” Phang contended. Beauceron’s Shipley agreed, noting that the need for server-side heavy lifting changed the risk, but the tech stack didn’t respond accordingly. “First, we had confusion about whether it was severe or not, then some were downplaying how much exploitation would happen, and now we’re in a feeding frenzy,” he said. It’s concerning how long it’s taking to rouse the technology environment to deal with this threat; it could ultimately be a side effect of cuts to security teams and budgets and developer burnout, he noted. “This is a concerning trend heading into 2026, which will be even more intense for zero days thanks to AI,” Shipley predicted. This article originally appeared on InfoWorld. View the full article

A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert. “Vendors typically downplay the severity of a vulnerability,” says Curtis Dukes, executive VP for security best practices at the Center for Internet Security, “but HPE did not – it’s a 10.” The vulnerability is remotely executable by an unauthenticated user, he added, and it impacts every recent version of the suite. On top of that, he pointed out, OneView is a central manager of IT infrastructure in organizations. “For these reasons, the patch should be implemented immediately,” Dukes said. “Adversaries, nation-state, and criminal gangs alike know there is a window of opportunity and are likely working on an exploit.” HPE says in its advisory that the vulnerability, CVE-2025-37164, affects all versions between 5.20 and 10.20. It can be resolved by applying a security hotfix, which must be reapplied after an appliance upgrade from HPE OneView version 6.60.xx to 7.00.00, as well as after any HPE Synergy Composer reimage. HPE offers separate hotfixes for HPE OneView virtual appliance and HPE Synergy Composer. The advisory adds that any third party security patches that are to be installed on systems running HPE software products should be applied in accordance with the customer’s patch management policy. Asked for comment, an HPE spokesperson said the company has nothing to say beyond its advisory, other than to urge admins to download and install the patches as soon as possible. Jack Bicer, director of vulnerability research at Action1, said that because this vulnerability can be exploited without authentication or any user interaction, it is “an extremely severe security issue. There are no available workarounds, so the patch should be applied immediately. Until the patch can be applied, restrict network access to the OneView management interface to trusted administrative networks only.” HPE describes OneView as a solution that simplifies infrastructure lifecycle management across compute storage and networking through a unified API. It allows admins to create a catalogue of workload-optimized infrastructure templates so more general IT staff can rapidly and reliably provision resources. These templates can quickly provision physical, virtual, and containerized systems, setting up BIOS settings, local RAID configuration, firmware baseline, shared storage and more. HPE says software-defined intelligence allows IT to run multiple applications simultaneously with repeatable templates that ensure high reliability, consistency, and control. The vendor also says the embedded automation speeds provisioning and lowers operating expenses. The most recent major vulnerability in OneView was revealed in June: CVE-2025-37101, a local elevation of privilege issue which relates specifically to OneView for VMware vCenter. If exploited, an attacker with read only privilege could upgrade their access to allow them to perform admin actions. View the full article

TikTok has agreed to sell its U.S. operations to an investment group that includes Oracle, Silver Lake, and UAE-based company MGX, reports Axios. The "TikTok USDS Joint Venture LLC" that includes the three companies will own 45 percent of TikTok, while ByteDance will keep close to 20 percent. Existing investors will continue to hold the remaining shares. The U.S. group will handle U.S. data protection and content moderation, while also maintaining algorithm security. It has been tasked with retraining the content recommendation algorithm on U.S. user data to "ensure the content feed is free from outside manipulation." Oracle will be in charge of auditing and validating compliance with National Security Terms. The agreement states that the USDS Joint Venture will "operate as an independent entity" that has authority over U.S. data protection, while TikTok's global U.S. entities will manage global product interoperability along with e-commerce, advertising, and marketing. With the sale, TikTok will be able to continue operating in the United States while complying with the 2024 Protecting Americans From Foreign Adversary Controlled Applications Act. The act required TikTok parent company ByteDance to sell TikTok's U.S. operations to a non-Chinese company or be banned from operating in the United States. TikTok was briefly banned in January, but Donald Trump signed an executive order granting an extension that brought it back. The ban has been extended multiple times since then to provide additional time for a deal to be established. The agreement is set to go into effect on January 22.Tag: TikTok This article, "TikTok U.S. Sale to Oracle-Led Group Set to Close in January" first appeared on MacRumors.com Discuss this article in our forums View the full article

Since the AirPods Pro 3 launched, there have been complaints from users who have noticed a static-like sound or a crackling issue when using the earbuds, particularly when Active Noise Cancellation is on but no media is playing. Users have also run into strange high-pitched whistling sounds that happen intermittently. We shared the issues back in late October, and despite two subsequent firmware updates, the problems haven't been solved. Apple released ‌AirPods Pro 3‌ firmware version 8B25 in November, and firmware version 8B30 on December 10. Feedback from users who have installed the firmware updates indicate that the noise issues have not been addressed. Affected users are hearing static noises with Active Noise Cancellation on, sometimes with media playing and sometimes without. There have also been reports of problems with latency and sound syncing when watching videos. Some ‌AirPods Pro 3‌ users have had their AirPods replaced by Apple, but replacement earbuds have had the same issue, so it's not clear if there is a hardware fix for the problem. Apple's latest firmware updates have not provided details on what's included, specifying only "bug fixes and other improvements." This article, "AirPods Pro 3's Static and Noise Issues Haven't Been Resolved" first appeared on MacRumors.com Discuss this article in our forums View the full article

Epic Games is not going to bring Fortnite to iOS in Japan as promised because of the fees imposed by Apple's new App Store rules, ‌Epic Games‌ CEO Tim Sweeney said on social media. Sweeney complained that Apple did not comply with Japan's Mobile Software Competition Act "honestly" and instead "launched another travesty of obstruction and lawbreaking in gross disrespect to the government and people of Japan." Back in 2024 when the MSCA passed, Sweeney said that Epic would launch Fortnite in Japan in late 2025. He made the announcement before he was aware of how Apple planned to comply with the MSCA. Sweeney accused Apple of charging "competition-crushing" junk fees, including a five percent fee on revenue from apps distributed through alternate app marketplaces. ‌Epic Games‌ would need to pay Apple a five percent fee on all revenue generated via game purchases made through an ‌Epic Games‌ Store in Japan, or 15 percent on digital purchases through a web link if the Fortnite app were to be distributed through the ‌App Store‌. Obviously, real competition won't happen, and consumers won't benefit, when Apple abuses its position between users and competitors to obstruct honest dealing between them. This is another sad day in the history of relationships between platform makers, developers, and consumers, and we will be raising our complaints with the Japanese Fair Trade Commission. Sweeney said that ‌Epic Games‌ plans to raise complaints with the Japanese Fair Trade Commission. Apple says that it worked with Japanese regulators when establishing its new rules to comply with the MSCA, so it is not clear if ‌Epic Games‌ will be able to persuade Japan to implement more stringent restrictions. Japan's rules allow Apple to be compensated for its intellectual property, and Japan's interoperability rules allow Apple to refuse requests in situations where privacy and security would be compromised. Along with allowing for alternative app marketplaces, the MSCA adds support for alternate payment methods and allows Japanese users to set new functionality for the iPhone's Side Button. ‌Epic Games‌ was able to bring the ‌Epic Games‌ Store to the European Union, but Apple does have a 0.50 euro Core Technology Fee for marketplaces there, too. The Core Technology Fee will transition to a five percent Core Technology Commission for all developers in the EU starting on January 1, 2026, so the fees will be very similar to the Japan fees.Tags: Epic Games, Fortnite, Japan This article, "Fortnite Not Coming to iOS in Japan as Epic Games CEO Accuses Apple of 'Obstruction and Lawbreaking'" first appeared on MacRumors.com Discuss this article in our forums View the full article

Apple Maps no longer offers a Flyover feature that provides users with automated tours of notable landmarks in major cities. The Flyover option appears to have been nixed around when iOS 26 launched, but its removal went largely unnoticed. Flyover city tours were introduced in 2014 with iOS 8 and OS X Yosemite, using Flyover imagery to generate an aerial tour. Most cities with Flyover imagery supported the tour feature, but it may not have been used often since Apple was able to quietly discontinue it. Flyover imagery has not been removed and over 350 cities continue to have 3D Flyover imagery that highlights landmarks, parks, important buildings, and more with a bird's-eye view. Apple uses imagery collected with small military-grade planes that created detailed maps of buildings from above for Flyover. The feature is not available in some areas due to privacy and security concerns. Flyover city tours used to be accessible by tapping on the Flyover icon when searching for a city, but that option has now been removed.Tag: Apple Maps This article, "Apple Quietly Discontinued Flyover City Tours in Apple Maps" first appeared on MacRumors.com Discuss this article in our forums View the full article

macOS Tahoe introduced a bug that causes a Studio Display connected to a Mac to flicker every so often, and subsequent updates only seem to have made the issue worse. Mac users with the Studio Display have been complaining about intermittent flickering since the update launched in September. There are also complaints from users who have other kinds of displays, so it might be a bug that is affecting more than one type of external monitor. We have experienced this issue with a MacBook Pro running macOS Tahoe connected to a Studio Display, and the macOS Tahoe 26.1 and macOS Tahoe 26.2 updates haven't improved the situation at all. In fact, the flickering seems to be getting worse in recent days. Flickering happens most often when switching between apps that feature stark white backgrounds, or scrolling through webpages on light backgrounds. Any app can cause the flickering, and sometimes it just seems to be random. When flickering occurs, it's typically a brief flicker, but the display can also flicker several times in a row for a few seconds at a time. Switching from dark content to light content can almost always trigger a flicker on affected machines. It's not clear what is causing the issue, but given that multiple Studio Display owners are experiencing it, it's likely some kind of software issue that could be addressed with new Studio Display firmware rather than a hardware problem.Related Roundup: macOS Tahoe 26Related Forum: macOS Tahoe This article, "macOS Tahoe Bug Causes Studio Display Flickering Issues" first appeared on MacRumors.com Discuss this article in our forums View the full article

Just a day after Apple announced alternative app marketplace support for iOS users in Japan, AltStore PAL has launched in the country. iPhone and iPad users in Japan can download the alternative app marketplace from the AltStore website, and then use the AltStore to download apps without having to go through Apple's App Store. Prospective AltStore users need to be physically located in Japan, and have a Japanese ‌App Store‌ account. Devices also need to be running iOS/iPadOS 26.2 or later. AltStore developer Riley Testut said that Apple did not provide a heads up about the ‌App Store‌ rule changes that went into effect yesterday, but the marketplace was able to launch within a few hours because it has been live in the European Union for months now. To celebrate AltStore PAL's launch in Japan, users can get a month of free Patreon access with patron-exclusive features. AltStore is free to download, but the AltStore Patreon provides access to beta updates for the popular Delta game emulator. Along with Delta, AltStore PAL offers several other apps created by independent developers, some of which have functionality that's not allowed in the standard ‌App Store‌. Apps distributed through AltStore PAL are able to monetize through Patreon subscriptions. Apple is allowing alternative app marketplaces to meet the requirements of the Mobile Software Competition Act (MSCA) that went into effect on December 18. Marketplace apps are required to pay Apple a five percent Core Technology Commission. Alternative app marketplaces require authorization from Apple to operate, and are able to distribute apps that have also been notarized by Apple. The notarization process checks for basic functionality and ensures that apps do not include malware, but marketplace apps are not subject to the same content requirements, and Apple has little content oversight.Tags: AltStore, Japan This article, "AltStore Available in Japan One Day After Apple Enables Alternative App Marketplaces" first appeared on MacRumors.com Discuss this article in our forums View the full article

Amazon today has dropped the price of the new M5 MacBook Pro to $1,349.99, down from $1,599.00. This is the 10-Core model with 16GB RAM and 512GB SSD, and it's a match of the all-time low price on the M5 MacBook Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Additionally, the 16GB/1TB M5 MacBook Pro has hit $1,549.99 on Amazon, which is another $249 discount on the notebook. Both models have estimated delivery dates that are after Christmas, but if you've been waiting for a return of the best prices we've ever seen on these models, now's definitely a good time to buy. $249 OFF14-inch M5 MacBook Pro (16GB RAM/512GB) for $1,349.99 $249 OFF14-inch M5 MacBook Pro (16GB RAM/1TB) for $1,549.99 This version of the MacBook Pro just launched in October and it comes with the newest M5 chip, which offers up to 15% faster CPU performance and up to 45% faster graphics when compared to the M4 chip. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Apple's New M5 MacBook Pro Hits $1,349.99 on Amazon ($249 Off)" first appeared on MacRumors.com Discuss this article in our forums View the full article

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine. Termed ‘GhostPairing’ by researchers at security company Gen Digital (owner of Norton, Avast, Avira, and AVG), no passwords or account details are needed to execute the attack, which was recently detected in Czechia. All the attacker has to do is persuade a user to click on a malicious link sent to them as a WhatsApp message purporting to reveal a Facebook photo. In the most common variant of the attack, this throws up a fake page which asks the user to verify themselves by entering their mobile number. This number is then forwarded by the attackers to WhatsApp to initiate the ‘link device via phone number’ feature which adds new devices to an account. WhatsApp generates an 8-digit pairing code, which is intercepted and forwarded to the user. The user, who sees a new pairing prompt in WhatsApp, enters this code to confirm the pairing. Unfortunately, this adds the attacker’s browser session as a ‘trusted device.’ Unless the user becomes suspicious, it’s game over: the attacker now has full access to their account, messages, and message history, as well as the ability to view messages as they are sent and received. “After their device is linked, the attacker does not need to exploit anything else. They have the same capabilities that any user has when connecting WhatsApp Web on their own computer,” said Gen Digital’s researchers. “Everything happens inside the boundaries of the feature set that WhatsApp intended.” Worse, the attackers can also send messages that impersonate the user to spread the campaign to the victim’s contacts and WhatsApp groups. E2EE bypass GhostPairing is an example of an attack that exploits one of WhatsApp’s biggest draws: signing up, connecting to other users, and adding up to four additional devices to an account is incredibly convenient. It’s one reason why WhatsApp has become so popular. All users need to join is a phone number, with no username or password to remember. Another draw is that the app is built on end-to-end encryption (E2EE) privacy in which the private keys used to secure messages are stored on the device itself. This should make it impossible to eavesdrop on private messages without either having physical access to the device or remotely infecting it with malware. GhostPairing demonstrates that a social engineering attack can bypass this. Interestingly, although still possible, the attack is less practical when asking users to pair via QR codes. That offers some reassurance for users of messaging apps such as Signal, which only allows pairing requests via QR Codes. Defending WhatsApp Users can check which devices are paired via WhatsApp via Settings > Linked Devices. A rogue device link will appear here. Despite having access to a user’s WhatsApp account, the attacker can’t revoke their device access, which must be initiated by the primary device. Another tip is to enable two-step PIN verification. This won’t stop the attacker accessing messages but will mean they can’t change the primary email address. The threat to enterprises is that large numbers of employees use WhatsApp as well as communicating in larger employee discussion groups. The risk is that many of these won’t be documented and will therefore be overlooked by security teams. The recommendation is to assume that multiple groups do exist and educate users to report suspicious phishing or spam from unknown numbers. The message should be clear: WhatsApp messaging might look private, but the app itself has gaps that attackers can exploit. GhostPairing comes only weeks after university researchers uncovered a major WhatsApp flaw that allowed them to discover the mobile numbers of the app’s 3.5 billion global user base. Earlier this year, Meta discovered a weakness in the WhatsApp Desktop app that could be used to target Windows users. And it’s not only WhatsApp; researchers recently uncovered a hack affecting the company that created a modified version of Signal for use by senior US politicians. View the full article

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "View the full article

Apple in macOS Tahoe 26.2 introduced Edge Light, a clever new feature that turns your Mac's display into a virtual ring light during video calls. Instead of fumbling with external lighting equipment, your Mac can now illuminate your face automatically when you're sitting in a dark room. Basically, Edge Light adds a soft glow around the edges of your display to brighten your face during video conferences. But it's far from just a simple screen border effect. Edge Light uses your Mac's Neural Engine to analyze your face, size, and position in the frame to deliver accurate lighting, while the Image Signal Processor fine-tunes brightness to match your environment. The feature is even aware enough to know when your cursor approaches the display edge. When it does, Edge Light automatically recedes, allowing you to still access on-screen content without it interfering. What You'll Need Edge Light works on any Mac with Apple silicon (M1 or later). It's compatible with all video conferencing apps and even extends to external cameras and the Apple Studio Display when connected to an Apple silicon Mac. How to Turn On Edge Light Once you've updated to macOS Tahoe 26.2 or later, enabling Edge Light takes just a couple of clicks: Open a supporting video call app (FaceTime, Zoom, or WebEx, for example). Click the green video conferencing menu bar item at the top of your screen. Select Edge Light from the drop-down menu. To adjust the lighting intensity and color temperature, click the down chevron next to Edge Light. You'll see two sliders that let you customize the brightness and warmth of the effect to suit your preferences. If you own a Mac released in 2024 or later, you can turn on automatic Edge Light activation. Once enabled, your Mac will detect when you're in a dimly lit environment and turn the feature on without any manual input. Simply look for the automatic toggle in the video call dropdown menu, immediately below the expanded Edge Light options.Tag: FaceTime This article, "Use Edge Light for Better Video Calls in macOS" first appeared on MacRumors.com Discuss this article in our forums View the full article

While it appears that the iMac will not be updated in 2025, rumors indicate that Apple is planning some big changes for the all-in-one desktop computer. Below, we recap what has been rumored for the iMac over the next two to three years. Current Model: M4 Chip As a refresher, Apple last updated the 24-inch iMac in October 2024. Key upgrades included the M4 chip, up to 32GB of RAM, a 12-megapixel Center Stage camera, a nano-texture display option, Thunderbolt 4 ports, and new color options. The overall design of the iMac has not changed since April 2021. Next Model: M5 Chip Apple will likely update the iMac with an M5 chip next year, but no other changes have been rumored yet, so expect a spec bump for now. If the iMac receives some of the upgrades that the 14-inch MacBook Pro with the M5 chip did, the next iMac could be available with up to 4TB of storage (up from 2TB), and up to 2× faster SSD performance compared to the previous model. iMac Pro With M5 Max Chip? Earlier this year, Apple accidentally released a macOS kernel debug kit that contained internal product codenames, including for what appears to be an iMac with an M5 Max chip. It is unclear if the 24-inch iMac would be updated with M5 and M5 Max chips simultaneously next year, or if Apple plans to re-release a separate, higher-end iMac Pro with the M5 Max. The previous Intel-based iMac Pro was discontinued in March 2021. 32-Inch iMac? It has been nearly four years since Apple discontinued the 27-inch iMac, as part of its move away from Intel processors. Since then, the 24-inch iMac has been Apple's only all-in-one desktop computer, with no larger model available. In October 2023, Apple supply chain analyst Ming-Chi Kuo predicted that a higher-end 32-inch iMac with mini-LED backlighting would be released in 2025, but it appears that rumor was wrong given that the year is nearly over. Kuo has not commented on a larger iMac in a long time, so it is unclear if Apple plans to release such a product. In November 2023, Apple announced that it had no plans to release a new version of the 27-inch iMac with an Apple silicon chip at that time. Instead, Apple recommended pairing its standalone Studio Display with a Mac Studio or Mac mini. Perhaps this was Apple ruling out a larger iMac entirely, but only time will tell, and decisions can change. Wishful thinking: a 32-inch iMac Pro with an M5 Max chip and mini-LED backlighting. OLED Display South Korean publication The Elec this week reported that Apple is planning to release a 24-inch iMac with an OLED display in 2027 or 2028. The primary benefit of OLED technology compared to the current iMac's LCD is better overall image quality, with higher contrast ratio and deeper blacks. Like the iPad Pro, the iMac could go from LCD to mini-LED to OLED over the years. Bookmark our iMac roundup to stay up to date with the latest rumors.Related Roundup: iMacBuyer's Guide: iMac (Caution)Related Forum: iMac This article, "iMac Rumor Recap: OLED Display, M5 Max, 32-Inch Model, and More" first appeared on MacRumors.com Discuss this article in our forums View the full article

Ask any chief information security officer (CISO) what keeps them up at night and you’ll likely get a familiar list of persistent threats: ransomware, AI-enabled nation-state actors and in-the-wild exploitation of vulnerabilities hiding in an ever-expanding digital footprint. For years, the role has been defined by a state of constant vigilance, a reactive posture against an unending siege. In nearly every conversation I now have with CISOs, I ask them what they would do if they could reclaim 25% of their time. What I hear aren’t wishes for more tropical vacations. Instead, the responses form a new bucket list focused on innovation and transformation. Energized by AI’s power and potential, CISOs are creating lists that paint a picture of a new-normal state for security that is proactive, deeply human-centric and autonomous. This isn’t about adding another blinking box to the security stack; it’s a practical — and at times profound — roadmap for re-engineering the very function of security. It’s about fundamentally shifting the paradigm of how security creates value, moving from a cost center to an innovation center that truly enables the business. Based on my conversations, here are the top three themes that characterize the innovative CISO’s new collective bucket list. From tactical debt to strategic foresight Before a CISO can focus on the horizon, they must first solidify the ground beneath their feet. The first theme on every CISO’s list is the desire to build a foundation of excellence that enables truly proactive strategy. This starts with clearing out the tactical debt that consumes so much time. Leaders are eager to finally tackle housekeeping — tying up the 10% of projects left at 90% completion. In security, that last 10% is far from insignificant. It comprises unpatched systems, misconfigured or neglected cloud assets, and other open doors that attackers could walk right through. These incomplete projects represent not only a persistent security gap but also a significant waste of budget and resources that CISOs are desperate to reclaim. This foundational work extends to the entire ecosystem. Leaders want the time to analyze all vendor assessments methodically. In an age of interconnected APIs and third-party dependencies, a CISO’s defense is only as strong as its weakest vendor. They are constantly thinking about the next Log4j scenario and know that without a proper handle on supply-chain risk, their entire strategy rests on a house of cards. Finally, clearing the decks means nailing every last plan of action and milestone (POAM) from their audits. This goes beyond simple box-checking to demonstrating institutional integrity. It proves to the board and to regulators that security is a mature, accountable and continuous process, not just a perpetual game of whack-a-mole played in the wake of a bad report. By clearing the decks and closing existing gaps, they can shift their focus to the bigger picture: preventative security that stops attacks before they happen. This foundational excellence gives them the credibility and mental space to devote crucial time to the calculus of risk; for example, analyzing whether faster detection capabilities allow them to adjust or dial back specific preventive controls. It also enables more effective strategic communication with the board, framed in the language of business acceptance and risk tolerance. Building a unified, integrated defense The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps for attackers to exploit. CISOs aim to develop innovative processes and solutions that integrate disparate teams. As one leader eloquently described it to me, the ultimate goal is a “beautiful web of automations.” For example, this means automating control evidence across all security tools so that when an auditor requests proof of compliance, it’s generated in seconds — not through a three-week fire drill that diverts 10 analysts from their primary responsibilities. It’s a vision that allows all security functions to work together seamlessly, with AI correlating data from all sources to provide a single, unified picture of risk. This integration extends beyond the security team itself. A key priority is bringing “the harmony of security into legal” from a privacy perspective and deeply embedding compliance into security engineering. In a world of GDPR, CCPA and a patchwork of other regulations, privacy is no longer just a legal concern: it’s a core security and engineering challenge. The CISOs want to partner with their general counsels to embed privacy-by-design into the development life cycle, rather than just react to data breaches or privacy requests. This vision is also pragmatic. CISOs are tired of shelfware — the expensive, complex tools their teams are too busy to deploy correctly. Their list includes time for strategic problem-solving: digging into their existing platforms to find creative ways to up their game, rather than just chasing the next silver-bullet solution. It’s about creative engineering to build an environment that, as one CISO told me, “just works.” Security as a human-led business enabler Finally, the CISO bucket list is profoundly human. This begins with a profound shift in mindset, from being a gatekeeper to being a partner. Their ultimate objective is business enablement through effective risk management, freeing leaders from being dragged into operational tasks and allowing them to function as true C-suite peers. This requires investing time in understanding the business by sitting with product managers, joining sales calls and learning what drives revenue. While AI can automate tasks, it cannot build trust. CISOs are adamant about carving out time for human engagement — building relationships with partners, mentoring associates and collaborating with fellow executives. This is the irreplaceable human work that creates the political capital and cross-functional alignment needed to drive real change. This human-centric view is also the key to solving security’s most persistent challenge: the talent gap. The bucket list is filled with a passionate desire to invest in people. Internally, this means doubling down on talent that can grow and innovate. CISOs want to provide their team members with the time and budget to obtain the desired education credits and the space for genuine innovation. This isn’t just a nice-to-have; it’s a critical retention strategy. It’s how they keep their top analysts from burning out due to alert fatigue and empower them to solve the company’s most unique and challenging problems. Externally, this passion extends to giving back to the community, engaging with middle and high schools to cultivate the next generation of defenders and solving the talent pipeline problem at its root. By fostering an environment of learning and innovation, CISOs empower their people to achieve the final — and perhaps most important — item on their bucket list: the time to break and reinvent the inefficient security processes they have all observed and been forced to live with throughout their careers. The future is human-led and AI-powered Taken together, these bucket list themes paint a clear picture of the future of security leadership. It’s a future where CISOs are no longer just the chief defenders, but strategic business partners who cultivate resilience and enable innovation. Achieving this vision means shifting from chasing alerts to anticipating threats, empowering security professionals to do their most meaningful work and leveraging AI not to replace human expertise, but to amplify it. The goal is to build a security function that is as intelligent, adaptive and creative as the humans at its core. That is the future we should all strive for. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via aView the full article

It's getting more and more difficult to find good deals with guaranteed Christmas delivery, but today Amazon has a match of the record low price on the AirPods Pro 3, as well as delivery before December 25. There's also a solid discount on the AirPods 4 on Amazon, but holiday delivery dates are slipping into late December for that one. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Apple's AirPods Pro 3 have hit $199.00 today on Amazon, down from $249.00. This is a match of the all-time low price on the AirPods Pro 3, and it beats the Black Friday price we saw last month by about $20. $50 OFFAirPods Pro 3 for $199.00 Secondly, you can get the AirPods 4 without ANC for $74.00, down from $129.00. This is a solid second-best price on this model, and just $5 away from the all-time low price we saw during Black Friday. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Update: Stock on the AirPods 4 has been fluctuating all morning, but the $74.00 discount may return soon. If it does we will update this article again. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Get the AirPods Pro 3 for $199 on Amazon With Christmas Delivery" first appeared on MacRumors.com Discuss this article in our forums View the full article

giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adressen und Telefonnummern, LinkedIn-URLs und Profilnamen, Berufsbezeichnungen, Angaben zu Arbeitgebern und dem beruflichen Werdegang, Ausbildung, Abschlüsse, Zertifizierungen Standortdaten, Sprachen, Fähigkeiten, Funktionen, Social-Media-Konten, sowie Bild-URLs (eindeutige Profile). Laut Cybernews deutetet die Datenbankstruktur darauf hin, dass die Datenbank mittels LinkedIn-Scraping erstellt wurde. Es sei schwierig, das Alter der LinkedIn-Daten zu bestimmen, heißt es im Forschungsbericht. Zeitstempel würden zeigen, dass die Datensätze im Jahr 2025 erfasst oder aktualisiert wurden. Die Forscher vermuten allerdings, dass einige Daten bereits einige Jahre alt sein könnten. Möglicherweise stammen sie aus großen LinkedIn-Leaks. Bereits im Jahr 2021 behaupteten Cyberkriminelle, an Hunderte Millionen LinkedIn-Datensätze gelangt zu sein. Bisher ist unklar, wem die Datenbank gehört. Cybernews zufolge gibt es jedoch Hinweise auf ein Unternehmen im Bereich Lead-Generierung. Wie lange die Datenbank öffentlich zugänglich war, ist ebenfalls nicht bekannt. Der Betreiber hat sie erst zwei Tage, nachdem die Forscher das Leck am 25. November 2025 entdeckten, abgesichert. Warum ist das Datenleck gefährlich? Cybernews weist darauf hin, dass solch große Kontaktdatenbanken Unternehmen zwar viel Zeit sparen können, aber auch ein großes Sicherheitsrisiko bergen: „Wenn sie ungeschützt bleiben, kann ein einziger offengelegter Datensatz die Privatsphäre von Millionen von Nutzern gefährden.“ Ungesicherte Datenbanken mit personen- und unternehmensbezogenen Informationen sind ein attraktives Ziel für Cyberangreifer, um gezielte Phishing-Attacken zu starten. Zudem könnten sie CEOs aus den Datensätzen auswählen und Betrugsangriffe durchführen. Darüber hinaus lassen sich die persönlichen Mitarbeiterdaten für gezielte Social-Engineering-Angriffe nutzen. View the full article

giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adressen und Telefonnummern, LinkedIn-URLs und Profilnamen, Berufsbezeichnungen, Angaben zu Arbeitgebern und dem beruflichen Werdegang, Ausbildung, Abschlüsse, Zertifizierungen Standortdaten, Sprachen, Fähigkeiten, Funktionen, Social-Media-Konten, sowie Bild-URLs (eindeutige Profile). Laut Cybernews deutetet die Datenbankstruktur darauf hin, dass die Datenbank mittels LinkedIn-Scraping erstellt wurde. Es sei schwierig, das Alter der LinkedIn-Daten zu bestimmen, heißt es im Forschungsbericht. Zeitstempel würden zeigen, dass die Datensätze im Jahr 2025 erfasst oder aktualisiert wurden. Die Forscher vermuten allerdings, dass einige Daten bereits einige Jahre alt sein könnten. Möglicherweise stammen sie aus großen LinkedIn-Leaks. Bereits im Jahr 2021 behaupteten Cyberkriminelle, an Hunderte Millionen LinkedIn-Datensätze gelangt zu sein. Bisher ist unklar, wem die Datenbank gehört. Cybernews zufolge gibt es jedoch Hinweise auf ein Unternehmen im Bereich Lead-Generierung. Wie lange die Datenbank öffentlich zugänglich war, ist ebenfalls nicht bekannt. Der Betreiber hat sie erst zwei Tage, nachdem die Forscher das Leck am 25. November 2025 entdeckten, abgesichert. Warum ist das Datenleck gefährlich? Cybernews weist darauf hin, dass solch große Kontaktdatenbanken Unternehmen zwar viel Zeit sparen können, aber auch ein großes Sicherheitsrisiko bergen: „Wenn sie ungeschützt bleiben, kann ein einziger offengelegter Datensatz die Privatsphäre von Millionen von Nutzern gefährden.“ Ungesicherte Datenbanken mit personen- und unternehmensbezogenen Informationen sind ein attraktives Ziel für Cyberangreifer, um gezielte Phishing-Attacken zu starten. Zudem könnten sie CEOs aus den Datensätzen auswählen und Betrugsangriffe durchführen. Darüber hinaus lassen sich die persönlichen Mitarbeiterdaten für gezielte Social-Engineering-Angriffe nutzen. View the full article

Apple's highly anticipated foldable iPhone could face supply shortages into 2027 despite a planned launch next year, according to analyst Ming-Chi Kuo. Kuo said in a new research note: "Development of the foldable iPhone is behind earlier expectations, but the product is still expected to [sic] announce in 2H26. Due to early-stage yield and ramp-up challenges, smooth shipments may not occur until 2027. With limited supply and expected strong demand, the foldable iPhone could be facing shortages until at least the end of 2026."The warning suggests Apple's ambitious foldable device will face manufacturing hurdles when it enters mass production. Foxconn was expected to begin limited production of the device before the end of this year, but a dearth of reports on that front could potentially mean that the "iPhone Fold" is still in the engineering validation stage. Kuo's forecast of production challenges is reminiscent of concerns previously raised by Mizuho Securities, which suggested the launch could slip to 2027 if Apple takes longer to finalize design elements like the hinge mechanism. For his part, Kuo appears to be saying that Apple is still on course to announce the device in the fall of 2026, but it could end up shipping the device in large volumes later than planned. iPhone Fold: Launch, Pricing, and What to Expect From Apple's Foldable The foldable iPhone is expected to feature a book-style design with an approximately 5.3- to 5.5-inch outer display and a 7.8-inch inner screen. It will reportedly use liquid metal hinges to achieve a virtually crease-free display and is expected to be priced between $2,000 and $2,500, making it Apple's most expensive iPhone ever.Tags: Foldable iPhone, Ming-Chi Kuo This article, "Kuo: iPhone Fold Production Challenges Could Limit Supply Next Year" first appeared on MacRumors.com Discuss this article in our forums View the full article

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of whatView the full article

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stoleView the full article