reporter

A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert. “Vendors typically downplay the severity of a vulnerability,” says Curtis Dukes, executive VP for security best practices at the Center for Internet Security, “but HPE did not – it’s a 10.” The vulnerability is remotely executable by an unauthenticated user, he added, and it impacts every recent version of the suite. On top of that, he pointed out, OneView is a central manager of IT infrastructure in organizations. “For these reasons, the patch should be implemented immediately,” Dukes said. “Adversaries, nation-state, and criminal gangs alike know there is a window of opportunity and are likely working on an exploit.” HPE says in its advisory that the vulnerability, CVE-2025-37164, affects all versions between 5.20 and 10.20. It can be resolved by applying a security hotfix, which must be reapplied after an appliance upgrade from HPE OneView version 6.60.xx to 7.00.00, as well as after any HPE Synergy Composer reimage. HPE offers separate hotfixes for HPE OneView virtual appliance and HPE Synergy Composer. The advisory adds that any third party security patches that are to be installed on systems running HPE software products should be applied in accordance with the customer’s patch management policy. Asked for comment, an HPE spokesperson said the company has nothing to say beyond its advisory, other than to urge admins to download and install the patches as soon as possible. Jack Bicer, director of vulnerability research at Action1, said that because this vulnerability can be exploited without authentication or any user interaction, it is “an extremely severe security issue. There are no available workarounds, so the patch should be applied immediately. Until the patch can be applied, restrict network access to the OneView management interface to trusted administrative networks only.” HPE describes OneView as a solution that simplifies infrastructure lifecycle management across compute storage and networking through a unified API. It allows admins to create a catalogue of workload-optimized infrastructure templates so more general IT staff can rapidly and reliably provision resources. These templates can quickly provision physical, virtual, and containerized systems, setting up BIOS settings, local RAID configuration, firmware baseline, shared storage and more. HPE says software-defined intelligence allows IT to run multiple applications simultaneously with repeatable templates that ensure high reliability, consistency, and control. The vendor also says the embedded automation speeds provisioning and lowers operating expenses. The most recent major vulnerability in OneView was revealed in June: CVE-2025-37101, a local elevation of privilege issue which relates specifically to OneView for VMware vCenter. If exploited, an attacker with read only privilege could upgrade their access to allow them to perform admin actions. View the full article

TikTok has agreed to sell its U.S. operations to an investment group that includes Oracle, Silver Lake, and UAE-based company MGX, reports Axios. The "TikTok USDS Joint Venture LLC" that includes the three companies will own 45 percent of TikTok, while ByteDance will keep close to 20 percent. Existing investors will continue to hold the remaining shares. The U.S. group will handle U.S. data protection and content moderation, while also maintaining algorithm security. It has been tasked with retraining the content recommendation algorithm on U.S. user data to "ensure the content feed is free from outside manipulation." Oracle will be in charge of auditing and validating compliance with National Security Terms. The agreement states that the USDS Joint Venture will "operate as an independent entity" that has authority over U.S. data protection, while TikTok's global U.S. entities will manage global product interoperability along with e-commerce, advertising, and marketing. With the sale, TikTok will be able to continue operating in the United States while complying with the 2024 Protecting Americans From Foreign Adversary Controlled Applications Act. The act required TikTok parent company ByteDance to sell TikTok's U.S. operations to a non-Chinese company or be banned from operating in the United States. TikTok was briefly banned in January, but Donald Trump signed an executive order granting an extension that brought it back. The ban has been extended multiple times since then to provide additional time for a deal to be established. The agreement is set to go into effect on January 22.Tag: TikTok This article, "TikTok U.S. Sale to Oracle-Led Group Set to Close in January" first appeared on MacRumors.com Discuss this article in our forums View the full article

Since the AirPods Pro 3 launched, there have been complaints from users who have noticed a static-like sound or a crackling issue when using the earbuds, particularly when Active Noise Cancellation is on but no media is playing. Users have also run into strange high-pitched whistling sounds that happen intermittently. We shared the issues back in late October, and despite two subsequent firmware updates, the problems haven't been solved. Apple released ‌AirPods Pro 3‌ firmware version 8B25 in November, and firmware version 8B30 on December 10. Feedback from users who have installed the firmware updates indicate that the noise issues have not been addressed. Affected users are hearing static noises with Active Noise Cancellation on, sometimes with media playing and sometimes without. There have also been reports of problems with latency and sound syncing when watching videos. Some ‌AirPods Pro 3‌ users have had their AirPods replaced by Apple, but replacement earbuds have had the same issue, so it's not clear if there is a hardware fix for the problem. Apple's latest firmware updates have not provided details on what's included, specifying only "bug fixes and other improvements." This article, "AirPods Pro 3's Static and Noise Issues Haven't Been Resolved" first appeared on MacRumors.com Discuss this article in our forums View the full article

Epic Games is not going to bring Fortnite to iOS in Japan as promised because of the fees imposed by Apple's new App Store rules, ‌Epic Games‌ CEO Tim Sweeney said on social media. Sweeney complained that Apple did not comply with Japan's Mobile Software Competition Act "honestly" and instead "launched another travesty of obstruction and lawbreaking in gross disrespect to the government and people of Japan." Back in 2024 when the MSCA passed, Sweeney said that Epic would launch Fortnite in Japan in late 2025. He made the announcement before he was aware of how Apple planned to comply with the MSCA. Sweeney accused Apple of charging "competition-crushing" junk fees, including a five percent fee on revenue from apps distributed through alternate app marketplaces. ‌Epic Games‌ would need to pay Apple a five percent fee on all revenue generated via game purchases made through an ‌Epic Games‌ Store in Japan, or 15 percent on digital purchases through a web link if the Fortnite app were to be distributed through the ‌App Store‌. Obviously, real competition won't happen, and consumers won't benefit, when Apple abuses its position between users and competitors to obstruct honest dealing between them. This is another sad day in the history of relationships between platform makers, developers, and consumers, and we will be raising our complaints with the Japanese Fair Trade Commission. Sweeney said that ‌Epic Games‌ plans to raise complaints with the Japanese Fair Trade Commission. Apple says that it worked with Japanese regulators when establishing its new rules to comply with the MSCA, so it is not clear if ‌Epic Games‌ will be able to persuade Japan to implement more stringent restrictions. Japan's rules allow Apple to be compensated for its intellectual property, and Japan's interoperability rules allow Apple to refuse requests in situations where privacy and security would be compromised. Along with allowing for alternative app marketplaces, the MSCA adds support for alternate payment methods and allows Japanese users to set new functionality for the iPhone's Side Button. ‌Epic Games‌ was able to bring the ‌Epic Games‌ Store to the European Union, but Apple does have a 0.50 euro Core Technology Fee for marketplaces there, too. The Core Technology Fee will transition to a five percent Core Technology Commission for all developers in the EU starting on January 1, 2026, so the fees will be very similar to the Japan fees.Tags: Epic Games, Fortnite, Japan This article, "Fortnite Not Coming to iOS in Japan as Epic Games CEO Accuses Apple of 'Obstruction and Lawbreaking'" first appeared on MacRumors.com Discuss this article in our forums View the full article

Apple Maps no longer offers a Flyover feature that provides users with automated tours of notable landmarks in major cities. The Flyover option appears to have been nixed around when iOS 26 launched, but its removal went largely unnoticed. Flyover city tours were introduced in 2014 with iOS 8 and OS X Yosemite, using Flyover imagery to generate an aerial tour. Most cities with Flyover imagery supported the tour feature, but it may not have been used often since Apple was able to quietly discontinue it. Flyover imagery has not been removed and over 350 cities continue to have 3D Flyover imagery that highlights landmarks, parks, important buildings, and more with a bird's-eye view. Apple uses imagery collected with small military-grade planes that created detailed maps of buildings from above for Flyover. The feature is not available in some areas due to privacy and security concerns. Flyover city tours used to be accessible by tapping on the Flyover icon when searching for a city, but that option has now been removed.Tag: Apple Maps This article, "Apple Quietly Discontinued Flyover City Tours in Apple Maps" first appeared on MacRumors.com Discuss this article in our forums View the full article

macOS Tahoe introduced a bug that causes a Studio Display connected to a Mac to flicker every so often, and subsequent updates only seem to have made the issue worse. Mac users with the Studio Display have been complaining about intermittent flickering since the update launched in September. There are also complaints from users who have other kinds of displays, so it might be a bug that is affecting more than one type of external monitor. We have experienced this issue with a MacBook Pro running macOS Tahoe connected to a Studio Display, and the macOS Tahoe 26.1 and macOS Tahoe 26.2 updates haven't improved the situation at all. In fact, the flickering seems to be getting worse in recent days. Flickering happens most often when switching between apps that feature stark white backgrounds, or scrolling through webpages on light backgrounds. Any app can cause the flickering, and sometimes it just seems to be random. When flickering occurs, it's typically a brief flicker, but the display can also flicker several times in a row for a few seconds at a time. Switching from dark content to light content can almost always trigger a flicker on affected machines. It's not clear what is causing the issue, but given that multiple Studio Display owners are experiencing it, it's likely some kind of software issue that could be addressed with new Studio Display firmware rather than a hardware problem.Related Roundup: macOS Tahoe 26Related Forum: macOS Tahoe This article, "macOS Tahoe Bug Causes Studio Display Flickering Issues" first appeared on MacRumors.com Discuss this article in our forums View the full article

Just a day after Apple announced alternative app marketplace support for iOS users in Japan, AltStore PAL has launched in the country. iPhone and iPad users in Japan can download the alternative app marketplace from the AltStore website, and then use the AltStore to download apps without having to go through Apple's App Store. Prospective AltStore users need to be physically located in Japan, and have a Japanese ‌App Store‌ account. Devices also need to be running iOS/iPadOS 26.2 or later. AltStore developer Riley Testut said that Apple did not provide a heads up about the ‌App Store‌ rule changes that went into effect yesterday, but the marketplace was able to launch within a few hours because it has been live in the European Union for months now. To celebrate AltStore PAL's launch in Japan, users can get a month of free Patreon access with patron-exclusive features. AltStore is free to download, but the AltStore Patreon provides access to beta updates for the popular Delta game emulator. Along with Delta, AltStore PAL offers several other apps created by independent developers, some of which have functionality that's not allowed in the standard ‌App Store‌. Apps distributed through AltStore PAL are able to monetize through Patreon subscriptions. Apple is allowing alternative app marketplaces to meet the requirements of the Mobile Software Competition Act (MSCA) that went into effect on December 18. Marketplace apps are required to pay Apple a five percent Core Technology Commission. Alternative app marketplaces require authorization from Apple to operate, and are able to distribute apps that have also been notarized by Apple. The notarization process checks for basic functionality and ensures that apps do not include malware, but marketplace apps are not subject to the same content requirements, and Apple has little content oversight.Tags: AltStore, Japan This article, "AltStore Available in Japan One Day After Apple Enables Alternative App Marketplaces" first appeared on MacRumors.com Discuss this article in our forums View the full article

Amazon today has dropped the price of the new M5 MacBook Pro to $1,349.99, down from $1,599.00. This is the 10-Core model with 16GB RAM and 512GB SSD, and it's a match of the all-time low price on the M5 MacBook Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Additionally, the 16GB/1TB M5 MacBook Pro has hit $1,549.99 on Amazon, which is another $249 discount on the notebook. Both models have estimated delivery dates that are after Christmas, but if you've been waiting for a return of the best prices we've ever seen on these models, now's definitely a good time to buy. $249 OFF14-inch M5 MacBook Pro (16GB RAM/512GB) for $1,349.99 $249 OFF14-inch M5 MacBook Pro (16GB RAM/1TB) for $1,549.99 This version of the MacBook Pro just launched in October and it comes with the newest M5 chip, which offers up to 15% faster CPU performance and up to 45% faster graphics when compared to the M4 chip. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Apple's New M5 MacBook Pro Hits $1,349.99 on Amazon ($249 Off)" first appeared on MacRumors.com Discuss this article in our forums View the full article

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine. Termed ‘GhostPairing’ by researchers at security company Gen Digital (owner of Norton, Avast, Avira, and AVG), no passwords or account details are needed to execute the attack, which was recently detected in Czechia. All the attacker has to do is persuade a user to click on a malicious link sent to them as a WhatsApp message purporting to reveal a Facebook photo. In the most common variant of the attack, this throws up a fake page which asks the user to verify themselves by entering their mobile number. This number is then forwarded by the attackers to WhatsApp to initiate the ‘link device via phone number’ feature which adds new devices to an account. WhatsApp generates an 8-digit pairing code, which is intercepted and forwarded to the user. The user, who sees a new pairing prompt in WhatsApp, enters this code to confirm the pairing. Unfortunately, this adds the attacker’s browser session as a ‘trusted device.’ Unless the user becomes suspicious, it’s game over: the attacker now has full access to their account, messages, and message history, as well as the ability to view messages as they are sent and received. “After their device is linked, the attacker does not need to exploit anything else. They have the same capabilities that any user has when connecting WhatsApp Web on their own computer,” said Gen Digital’s researchers. “Everything happens inside the boundaries of the feature set that WhatsApp intended.” Worse, the attackers can also send messages that impersonate the user to spread the campaign to the victim’s contacts and WhatsApp groups. E2EE bypass GhostPairing is an example of an attack that exploits one of WhatsApp’s biggest draws: signing up, connecting to other users, and adding up to four additional devices to an account is incredibly convenient. It’s one reason why WhatsApp has become so popular. All users need to join is a phone number, with no username or password to remember. Another draw is that the app is built on end-to-end encryption (E2EE) privacy in which the private keys used to secure messages are stored on the device itself. This should make it impossible to eavesdrop on private messages without either having physical access to the device or remotely infecting it with malware. GhostPairing demonstrates that a social engineering attack can bypass this. Interestingly, although still possible, the attack is less practical when asking users to pair via QR codes. That offers some reassurance for users of messaging apps such as Signal, which only allows pairing requests via QR Codes. Defending WhatsApp Users can check which devices are paired via WhatsApp via Settings > Linked Devices. A rogue device link will appear here. Despite having access to a user’s WhatsApp account, the attacker can’t revoke their device access, which must be initiated by the primary device. Another tip is to enable two-step PIN verification. This won’t stop the attacker accessing messages but will mean they can’t change the primary email address. The threat to enterprises is that large numbers of employees use WhatsApp as well as communicating in larger employee discussion groups. The risk is that many of these won’t be documented and will therefore be overlooked by security teams. The recommendation is to assume that multiple groups do exist and educate users to report suspicious phishing or spam from unknown numbers. The message should be clear: WhatsApp messaging might look private, but the app itself has gaps that attackers can exploit. GhostPairing comes only weeks after university researchers uncovered a major WhatsApp flaw that allowed them to discover the mobile numbers of the app’s 3.5 billion global user base. Earlier this year, Meta discovered a weakness in the WhatsApp Desktop app that could be used to target Windows users. And it’s not only WhatsApp; researchers recently uncovered a hack affecting the company that created a modified version of Signal for use by senior US politicians. View the full article

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "View the full article

Apple in macOS Tahoe 26.2 introduced Edge Light, a clever new feature that turns your Mac's display into a virtual ring light during video calls. Instead of fumbling with external lighting equipment, your Mac can now illuminate your face automatically when you're sitting in a dark room. Basically, Edge Light adds a soft glow around the edges of your display to brighten your face during video conferences. But it's far from just a simple screen border effect. Edge Light uses your Mac's Neural Engine to analyze your face, size, and position in the frame to deliver accurate lighting, while the Image Signal Processor fine-tunes brightness to match your environment. The feature is even aware enough to know when your cursor approaches the display edge. When it does, Edge Light automatically recedes, allowing you to still access on-screen content without it interfering. What You'll Need Edge Light works on any Mac with Apple silicon (M1 or later). It's compatible with all video conferencing apps and even extends to external cameras and the Apple Studio Display when connected to an Apple silicon Mac. How to Turn On Edge Light Once you've updated to macOS Tahoe 26.2 or later, enabling Edge Light takes just a couple of clicks: Open a supporting video call app (FaceTime, Zoom, or WebEx, for example). Click the green video conferencing menu bar item at the top of your screen. Select Edge Light from the drop-down menu. To adjust the lighting intensity and color temperature, click the down chevron next to Edge Light. You'll see two sliders that let you customize the brightness and warmth of the effect to suit your preferences. If you own a Mac released in 2024 or later, you can turn on automatic Edge Light activation. Once enabled, your Mac will detect when you're in a dimly lit environment and turn the feature on without any manual input. Simply look for the automatic toggle in the video call dropdown menu, immediately below the expanded Edge Light options.Tag: FaceTime This article, "Use Edge Light for Better Video Calls in macOS" first appeared on MacRumors.com Discuss this article in our forums View the full article

While it appears that the iMac will not be updated in 2025, rumors indicate that Apple is planning some big changes for the all-in-one desktop computer. Below, we recap what has been rumored for the iMac over the next two to three years. Current Model: M4 Chip As a refresher, Apple last updated the 24-inch iMac in October 2024. Key upgrades included the M4 chip, up to 32GB of RAM, a 12-megapixel Center Stage camera, a nano-texture display option, Thunderbolt 4 ports, and new color options. The overall design of the iMac has not changed since April 2021. Next Model: M5 Chip Apple will likely update the iMac with an M5 chip next year, but no other changes have been rumored yet, so expect a spec bump for now. If the iMac receives some of the upgrades that the 14-inch MacBook Pro with the M5 chip did, the next iMac could be available with up to 4TB of storage (up from 2TB), and up to 2× faster SSD performance compared to the previous model. iMac Pro With M5 Max Chip? Earlier this year, Apple accidentally released a macOS kernel debug kit that contained internal product codenames, including for what appears to be an iMac with an M5 Max chip. It is unclear if the 24-inch iMac would be updated with M5 and M5 Max chips simultaneously next year, or if Apple plans to re-release a separate, higher-end iMac Pro with the M5 Max. The previous Intel-based iMac Pro was discontinued in March 2021. 32-Inch iMac? It has been nearly four years since Apple discontinued the 27-inch iMac, as part of its move away from Intel processors. Since then, the 24-inch iMac has been Apple's only all-in-one desktop computer, with no larger model available. In October 2023, Apple supply chain analyst Ming-Chi Kuo predicted that a higher-end 32-inch iMac with mini-LED backlighting would be released in 2025, but it appears that rumor was wrong given that the year is nearly over. Kuo has not commented on a larger iMac in a long time, so it is unclear if Apple plans to release such a product. In November 2023, Apple announced that it had no plans to release a new version of the 27-inch iMac with an Apple silicon chip at that time. Instead, Apple recommended pairing its standalone Studio Display with a Mac Studio or Mac mini. Perhaps this was Apple ruling out a larger iMac entirely, but only time will tell, and decisions can change. Wishful thinking: a 32-inch iMac Pro with an M5 Max chip and mini-LED backlighting. OLED Display South Korean publication The Elec this week reported that Apple is planning to release a 24-inch iMac with an OLED display in 2027 or 2028. The primary benefit of OLED technology compared to the current iMac's LCD is better overall image quality, with higher contrast ratio and deeper blacks. Like the iPad Pro, the iMac could go from LCD to mini-LED to OLED over the years. Bookmark our iMac roundup to stay up to date with the latest rumors.Related Roundup: iMacBuyer's Guide: iMac (Caution)Related Forum: iMac This article, "iMac Rumor Recap: OLED Display, M5 Max, 32-Inch Model, and More" first appeared on MacRumors.com Discuss this article in our forums View the full article

Ask any chief information security officer (CISO) what keeps them up at night and you’ll likely get a familiar list of persistent threats: ransomware, AI-enabled nation-state actors and in-the-wild exploitation of vulnerabilities hiding in an ever-expanding digital footprint. For years, the role has been defined by a state of constant vigilance, a reactive posture against an unending siege. In nearly every conversation I now have with CISOs, I ask them what they would do if they could reclaim 25% of their time. What I hear aren’t wishes for more tropical vacations. Instead, the responses form a new bucket list focused on innovation and transformation. Energized by AI’s power and potential, CISOs are creating lists that paint a picture of a new-normal state for security that is proactive, deeply human-centric and autonomous. This isn’t about adding another blinking box to the security stack; it’s a practical — and at times profound — roadmap for re-engineering the very function of security. It’s about fundamentally shifting the paradigm of how security creates value, moving from a cost center to an innovation center that truly enables the business. Based on my conversations, here are the top three themes that characterize the innovative CISO’s new collective bucket list. From tactical debt to strategic foresight Before a CISO can focus on the horizon, they must first solidify the ground beneath their feet. The first theme on every CISO’s list is the desire to build a foundation of excellence that enables truly proactive strategy. This starts with clearing out the tactical debt that consumes so much time. Leaders are eager to finally tackle housekeeping — tying up the 10% of projects left at 90% completion. In security, that last 10% is far from insignificant. It comprises unpatched systems, misconfigured or neglected cloud assets, and other open doors that attackers could walk right through. These incomplete projects represent not only a persistent security gap but also a significant waste of budget and resources that CISOs are desperate to reclaim. This foundational work extends to the entire ecosystem. Leaders want the time to analyze all vendor assessments methodically. In an age of interconnected APIs and third-party dependencies, a CISO’s defense is only as strong as its weakest vendor. They are constantly thinking about the next Log4j scenario and know that without a proper handle on supply-chain risk, their entire strategy rests on a house of cards. Finally, clearing the decks means nailing every last plan of action and milestone (POAM) from their audits. This goes beyond simple box-checking to demonstrating institutional integrity. It proves to the board and to regulators that security is a mature, accountable and continuous process, not just a perpetual game of whack-a-mole played in the wake of a bad report. By clearing the decks and closing existing gaps, they can shift their focus to the bigger picture: preventative security that stops attacks before they happen. This foundational excellence gives them the credibility and mental space to devote crucial time to the calculus of risk; for example, analyzing whether faster detection capabilities allow them to adjust or dial back specific preventive controls. It also enables more effective strategic communication with the board, framed in the language of business acceptance and risk tolerance. Building a unified, integrated defense The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps for attackers to exploit. CISOs aim to develop innovative processes and solutions that integrate disparate teams. As one leader eloquently described it to me, the ultimate goal is a “beautiful web of automations.” For example, this means automating control evidence across all security tools so that when an auditor requests proof of compliance, it’s generated in seconds — not through a three-week fire drill that diverts 10 analysts from their primary responsibilities. It’s a vision that allows all security functions to work together seamlessly, with AI correlating data from all sources to provide a single, unified picture of risk. This integration extends beyond the security team itself. A key priority is bringing “the harmony of security into legal” from a privacy perspective and deeply embedding compliance into security engineering. In a world of GDPR, CCPA and a patchwork of other regulations, privacy is no longer just a legal concern: it’s a core security and engineering challenge. The CISOs want to partner with their general counsels to embed privacy-by-design into the development life cycle, rather than just react to data breaches or privacy requests. This vision is also pragmatic. CISOs are tired of shelfware — the expensive, complex tools their teams are too busy to deploy correctly. Their list includes time for strategic problem-solving: digging into their existing platforms to find creative ways to up their game, rather than just chasing the next silver-bullet solution. It’s about creative engineering to build an environment that, as one CISO told me, “just works.” Security as a human-led business enabler Finally, the CISO bucket list is profoundly human. This begins with a profound shift in mindset, from being a gatekeeper to being a partner. Their ultimate objective is business enablement through effective risk management, freeing leaders from being dragged into operational tasks and allowing them to function as true C-suite peers. This requires investing time in understanding the business by sitting with product managers, joining sales calls and learning what drives revenue. While AI can automate tasks, it cannot build trust. CISOs are adamant about carving out time for human engagement — building relationships with partners, mentoring associates and collaborating with fellow executives. This is the irreplaceable human work that creates the political capital and cross-functional alignment needed to drive real change. This human-centric view is also the key to solving security’s most persistent challenge: the talent gap. The bucket list is filled with a passionate desire to invest in people. Internally, this means doubling down on talent that can grow and innovate. CISOs want to provide their team members with the time and budget to obtain the desired education credits and the space for genuine innovation. This isn’t just a nice-to-have; it’s a critical retention strategy. It’s how they keep their top analysts from burning out due to alert fatigue and empower them to solve the company’s most unique and challenging problems. Externally, this passion extends to giving back to the community, engaging with middle and high schools to cultivate the next generation of defenders and solving the talent pipeline problem at its root. By fostering an environment of learning and innovation, CISOs empower their people to achieve the final — and perhaps most important — item on their bucket list: the time to break and reinvent the inefficient security processes they have all observed and been forced to live with throughout their careers. The future is human-led and AI-powered Taken together, these bucket list themes paint a clear picture of the future of security leadership. It’s a future where CISOs are no longer just the chief defenders, but strategic business partners who cultivate resilience and enable innovation. Achieving this vision means shifting from chasing alerts to anticipating threats, empowering security professionals to do their most meaningful work and leveraging AI not to replace human expertise, but to amplify it. The goal is to build a security function that is as intelligent, adaptive and creative as the humans at its core. That is the future we should all strive for. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via aView the full article

It's getting more and more difficult to find good deals with guaranteed Christmas delivery, but today Amazon has a match of the record low price on the AirPods Pro 3, as well as delivery before December 25. There's also a solid discount on the AirPods 4 on Amazon, but holiday delivery dates are slipping into late December for that one. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Apple's AirPods Pro 3 have hit $199.00 today on Amazon, down from $249.00. This is a match of the all-time low price on the AirPods Pro 3, and it beats the Black Friday price we saw last month by about $20. $50 OFFAirPods Pro 3 for $199.00 Secondly, you can get the AirPods 4 without ANC for $74.00, down from $129.00. This is a solid second-best price on this model, and just $5 away from the all-time low price we saw during Black Friday. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Update: Stock on the AirPods 4 has been fluctuating all morning, but the $74.00 discount may return soon. If it does we will update this article again. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Get the AirPods Pro 3 for $199 on Amazon With Christmas Delivery" first appeared on MacRumors.com Discuss this article in our forums View the full article

giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adressen und Telefonnummern, LinkedIn-URLs und Profilnamen, Berufsbezeichnungen, Angaben zu Arbeitgebern und dem beruflichen Werdegang, Ausbildung, Abschlüsse, Zertifizierungen Standortdaten, Sprachen, Fähigkeiten, Funktionen, Social-Media-Konten, sowie Bild-URLs (eindeutige Profile). Laut Cybernews deutetet die Datenbankstruktur darauf hin, dass die Datenbank mittels LinkedIn-Scraping erstellt wurde. Es sei schwierig, das Alter der LinkedIn-Daten zu bestimmen, heißt es im Forschungsbericht. Zeitstempel würden zeigen, dass die Datensätze im Jahr 2025 erfasst oder aktualisiert wurden. Die Forscher vermuten allerdings, dass einige Daten bereits einige Jahre alt sein könnten. Möglicherweise stammen sie aus großen LinkedIn-Leaks. Bereits im Jahr 2021 behaupteten Cyberkriminelle, an Hunderte Millionen LinkedIn-Datensätze gelangt zu sein. Bisher ist unklar, wem die Datenbank gehört. Cybernews zufolge gibt es jedoch Hinweise auf ein Unternehmen im Bereich Lead-Generierung. Wie lange die Datenbank öffentlich zugänglich war, ist ebenfalls nicht bekannt. Der Betreiber hat sie erst zwei Tage, nachdem die Forscher das Leck am 25. November 2025 entdeckten, abgesichert. Warum ist das Datenleck gefährlich? Cybernews weist darauf hin, dass solch große Kontaktdatenbanken Unternehmen zwar viel Zeit sparen können, aber auch ein großes Sicherheitsrisiko bergen: „Wenn sie ungeschützt bleiben, kann ein einziger offengelegter Datensatz die Privatsphäre von Millionen von Nutzern gefährden.“ Ungesicherte Datenbanken mit personen- und unternehmensbezogenen Informationen sind ein attraktives Ziel für Cyberangreifer, um gezielte Phishing-Attacken zu starten. Zudem könnten sie CEOs aus den Datensätzen auswählen und Betrugsangriffe durchführen. Darüber hinaus lassen sich die persönlichen Mitarbeiterdaten für gezielte Social-Engineering-Angriffe nutzen. View the full article

giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adressen und Telefonnummern, LinkedIn-URLs und Profilnamen, Berufsbezeichnungen, Angaben zu Arbeitgebern und dem beruflichen Werdegang, Ausbildung, Abschlüsse, Zertifizierungen Standortdaten, Sprachen, Fähigkeiten, Funktionen, Social-Media-Konten, sowie Bild-URLs (eindeutige Profile). Laut Cybernews deutetet die Datenbankstruktur darauf hin, dass die Datenbank mittels LinkedIn-Scraping erstellt wurde. Es sei schwierig, das Alter der LinkedIn-Daten zu bestimmen, heißt es im Forschungsbericht. Zeitstempel würden zeigen, dass die Datensätze im Jahr 2025 erfasst oder aktualisiert wurden. Die Forscher vermuten allerdings, dass einige Daten bereits einige Jahre alt sein könnten. Möglicherweise stammen sie aus großen LinkedIn-Leaks. Bereits im Jahr 2021 behaupteten Cyberkriminelle, an Hunderte Millionen LinkedIn-Datensätze gelangt zu sein. Bisher ist unklar, wem die Datenbank gehört. Cybernews zufolge gibt es jedoch Hinweise auf ein Unternehmen im Bereich Lead-Generierung. Wie lange die Datenbank öffentlich zugänglich war, ist ebenfalls nicht bekannt. Der Betreiber hat sie erst zwei Tage, nachdem die Forscher das Leck am 25. November 2025 entdeckten, abgesichert. Warum ist das Datenleck gefährlich? Cybernews weist darauf hin, dass solch große Kontaktdatenbanken Unternehmen zwar viel Zeit sparen können, aber auch ein großes Sicherheitsrisiko bergen: „Wenn sie ungeschützt bleiben, kann ein einziger offengelegter Datensatz die Privatsphäre von Millionen von Nutzern gefährden.“ Ungesicherte Datenbanken mit personen- und unternehmensbezogenen Informationen sind ein attraktives Ziel für Cyberangreifer, um gezielte Phishing-Attacken zu starten. Zudem könnten sie CEOs aus den Datensätzen auswählen und Betrugsangriffe durchführen. Darüber hinaus lassen sich die persönlichen Mitarbeiterdaten für gezielte Social-Engineering-Angriffe nutzen. View the full article

Apple's highly anticipated foldable iPhone could face supply shortages into 2027 despite a planned launch next year, according to analyst Ming-Chi Kuo. Kuo said in a new research note: "Development of the foldable iPhone is behind earlier expectations, but the product is still expected to [sic] announce in 2H26. Due to early-stage yield and ramp-up challenges, smooth shipments may not occur until 2027. With limited supply and expected strong demand, the foldable iPhone could be facing shortages until at least the end of 2026."The warning suggests Apple's ambitious foldable device will face manufacturing hurdles when it enters mass production. Foxconn was expected to begin limited production of the device before the end of this year, but a dearth of reports on that front could potentially mean that the "iPhone Fold" is still in the engineering validation stage. Kuo's forecast of production challenges is reminiscent of concerns previously raised by Mizuho Securities, which suggested the launch could slip to 2027 if Apple takes longer to finalize design elements like the hinge mechanism. For his part, Kuo appears to be saying that Apple is still on course to announce the device in the fall of 2026, but it could end up shipping the device in large volumes later than planned. iPhone Fold: Launch, Pricing, and What to Expect From Apple's Foldable The foldable iPhone is expected to feature a book-style design with an approximately 5.3- to 5.5-inch outer display and a 7.8-inch inner screen. It will reportedly use liquid metal hinges to achieve a virtually crease-free display and is expected to be priced between $2,000 and $2,500, making it Apple's most expensive iPhone ever.Tags: Foldable iPhone, Ming-Chi Kuo This article, "Kuo: iPhone Fold Production Challenges Could Limit Supply Next Year" first appeared on MacRumors.com Discuss this article in our forums View the full article

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of whatView the full article

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stoleView the full article

Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run malicious code, new research from CheckMarx shows. HITL dialogs are a safety backstop (a final “are you sure?”) that the agents run before executing sensitive actions like running code, modifying files, or touching system resources. Checkmarx researchers described it as an HITL dialog forging technique they’re calling Lies-in-the-Loop (LITL), where malicious instructions are embedded into AI prompts in ways that mislead users reviewing approval dialogs. The research findings reveal that keeping a human in the loop is not enough to neutralize prompt-level abuse. Once users can’t reliably trust what they’re being asked to approve, HITL stops being a guardrail and becomes an attack surface. “The Lies-in-the-Loop (LITL) attack exploits the trust users place in these approval dialogs,” CheckMarx researchers said in a blog post. “By manipulating what the dialog displays, attackers turn the safeguard into a weapon — once the prompt looks safe, users approve it without question.” Dialog forging turns oversight into an attack primitive The problem stems from how AI systems present confirmation dialogs to users. HITL workflows typically summarize the action an AI agent wants to perform, expecting the human reviewer to spot anything suspicious before clicking approve. CheckMarx demonstrated that attackers can manipulate these dialogs by hiding or misrepresenting malicious instructions, like padding payloads with benign-looking text, pushing dangerous commands out of the visible view, or crafting prompts that cause the AI to generate misleading summaries of what will actually execute. In terminal-style interfaces, especially, long or formatted outputs make this kind of deception easy to miss. Since many AI agents operate with elevated privileges, a single misled approval can translate directly into code execution, running OS commands, file system access, or downstream compromise, according to CheckMarx findings. Beyond padding or truncation, the researchers also described other dialog-forging techniques that abuse how confirmation is rendered. By leveraging Markdown rendering and layout behaviors, attackers can visually separate benign text from hidden commands or manipulate summaries so the human-visible description isn’t malicious. “The fact that attackers can theoretically break out of the Markdown syntax used for the HITL dialog, presenting the user with fake UI, can lead to much more sophisticated LITL attacks that can go practically undetected,” the researchers added. Defensive steps for agents and users Checkmarx recommended measures primarily for AI agent developers, urging them to treat HITL dialogs as potentially manipulative rather than inherently trustworthy. Recommended steps include constraining how dialogs are rendered, limiting the use of complex UI formatting, and clearly separating human-visible summaries from the underlying actions that will be executed. The researchers also advised validating approved operations to ensure they match what the user was shown at confirmation time. For AI users, they noted that agents operating in richer UI environments can make deceptive behavior easier to detect than text-only terminals. “For instance, VS Code extensions provide full Markdown rendering capabilities, whereas terminals typically display content using basic ASCII characters,” they said. CheckMarx said the issue was disclosed to Anthropic and Microsoft, both of which acknowledged the report but did not classify it as a security vulnerability. Neither company immediately responded to CSO’s request for comments. View the full article

Apple is working on a 24-inch iMac featuring an OLED display, with the aim of completing development as early as 2027, claims a new report out of Korea. According to The Elec, Apple has sent requests for information to Samsung Display and LG Display regarding development of a 24-inch OLED panel for the iMac. Current 24-inch iMacs use a 4.5K Retina display, which is an LCD panel with LED backlighting. The specs apparently being discussed include 600 nits of brightness and a pixel density of 218 PPI. If accurate, that would match the current 24-inch iMac's resolution but deliver a 20% brightness boost over the existing 4.5K Retina display's 500-nit maximum, making it equivalent to the brightness of Apple's Studio Display – though that also uses an inferior LCD panel. OLED display technology benefits from several other advantages beyond brighter screens, such as deeper blacks with higher contrast, improved power efficiency, and other enhancements. This is the first report we've seen suggesting Apple plans to bring OLED technology to its all-in-one desktop lineup. The company has already committed to OLED displays for future MacBook Pro models, with 14-inch and 16-inch versions expected to enter production next year using Samsung Display's 8th-generation IT OLED manufacturing line. OLED versions of its MacBook Air models are expected to follow. For the iMac display, both Samsung and LG Display are expected to propose their respective large-format OLED technologies rather than the RGB OLED method Apple traditionally prefers. Samsung would likely pitch its quantum dot OLED panels, while LG Display would offer its white OLED solution. Both manufacturers are reportedly developing 5-stack configurations that add an extra green layer to improve brightness compared to current 4-stack designs. The report suggests Apple prefers RGB OLED, where light and color generate at the subpixel level, but this technology apparently hasn't yet scaled reliably to the 20-30 inch range needed for desktop displays. Both panel makers are said to be exploring RGB OLED as a longer-term option. Apple aims to complete iMac OLED panel development by 2027 or 2028, but the finished product could launch after that timeline. A recent but separate report has claimed Apple is developing a high-end iMac featuring the M5 Max chip, but there is currently no indication that OLED is destined for this rumored model. Apple could refresh the 24-inch iMac with an updated M5 chip at some point next year.Related Roundup: iMacTags: OLED, The ElecBuyer's Guide: iMac (Caution)Related Forum: iMac This article, "Report: Apple Developing 24-Inch OLED iMac With 600 Nits Brightness" first appeared on MacRumors.com Discuss this article in our forums View the full article

DevOpsSchool Services help companies work faster and better with modern tools. Businesses struggle with slow software delivery and complex systems. DevOpsSchool Services offer complete solutions from planning to support that make teams more productive.​ These services save time and money while improving software quality. Companies see faster releases and fewer problems. Teams focus on creating value instead of fixing daily issues. Why Modern Services Matter Today Software needs to update quickly to stay competitive. Old ways cause delays and mistakes. DevOpsSchool Services bring teams together for smooth work. They cover everything from code to cloud. This helps small startups and big companies alike. Results show 50% faster delivery and better customer satisfaction.​ Main DevOpsSchool Services List Here are the main services: DevOps as a Service: Full setup of pipelines and monitoring DevSecOps as a Service: Safe coding from start to end SRE as a Service: Keep systems running smoothly 24/7 MLOps as a Service: Put AI models into real use AIOps as a Service: Smart tools to find problems fast DataOps as a Service: Clean data flow for better decisions NoOps as a Service: No manual work needed FinOps as a Service: Smart cloud spending GitOps as a Service: Code controls everything Corporate Training: Team skill building Consulting Services: Expert advice for your needs Support Services: Help anytime you need it​ DevOps vs DevSecOps vs SRE Comparison ServiceBest ForKey FocusTypical ResultsDevOpsSpeedAutomation50% faster releasesDevSecOpsSafetySecurity checks80% less breachesSREReliabilityUptime99.9% availabilityMLOpsAIModel deployment3x faster AI useFinOpsCostsCloud bills30% savings Choose based on your biggest needs.​ How DevOpsSchool Services Work Each service follows simple steps: Talk about your problems and goals Plan the right tools and setup Build and test in safe areas Move to live systems carefully Watch and improve daily Train your team to take over Stay supported as you grow This method works for all company sizes. Hiring Process with DevOpsSchool Services Simple hiring steps: Share your team needs Get matched experts Start with small projects Scale to full teams Train your staff Smooth handover Companies save 40% on hiring costs. DevOpsSchool Platform Excellence DevOpsSchool leads training worldwide with offices in India, USA, Europe, UAE, UK, Singapore, Australia. They trained 50,000+ from 100+ countries since starting to fix real work problems. Special features: Live classes with real experts Practice labs like production Job help with 500+ partners 24/7 chat support Money back if not happy Company training for 1000+ firms Free trial lessons​ From startup first pipelines to enterprise 10,000 node clouds. Rajesh Kumar Leads Services Services guided by Rajesh Kumar, DevOpsSchool founder with 20+ years in banking, healthcare, online shops, government work. Started Unix 2000, cloud 2008, Docker 2013, Kubernetes 2016. Real wins: Fixed night crashes for billion dollar banks Trained 25,000+ now at Google, Amazon 90% exam pass rate programs 500+ YouTube videos, 2M views Books used in 50+ schools Speaks KubeCon, AWS events Helps startup leaders build clouds Rajesh shares real mistakes like access lockouts or holiday crashes. Students pass exams fast, get top jobs quick. Service Pricing Overview Simple plans fit all budgets: Service TypeHourlyPackage (10 hrs)EnterprisePhone/EmailINR 5KINR 45KCustomLive Online–INR 50KCustomFull Project––Quote All include training and handover.​ Tool Support Coverage Wide range of tools covered: Code Tools: Git, GitHub, GitLab, Bitbucket Build Tools: Maven, Gradle, Jenkins Package Tools: Nexus, Artifactory, Docker Config Tools: Ansible, Puppet, Chef Cloud: AWS, Azure, GCP services 500+ tools supported. Real Company Results Success stories from clients: Bank: Cut release time from weeks to hours Healthcare: 99.99% uptime for patient data Shop: Handle 10x sales without crash Startup: Saved 60% cloud costs first month Measurable business wins. Getting Started Simple Steps Easy way to begin: Email your needs Free 30 min call Get custom plan Start small pilot Scale success Full team training No long contracts needed. Common Problems Solved Services fix daily pains: Slow software updates High cloud bills System crashes Team confusion Security scares 80% problems gone in 3 months. Training Paths for Teams Build skills step by step: Beginner: Basic tools, simple pipelines Intermediate: Cloud, security, monitoring Advanced: GitOps, MLOps, SRE Expert: Multi-cloud, AIOps, FinOps Custom for your team level. Support Options Available Help when needed: TypeSpeedCostPhoneInstantHourlyEmail2 hoursPackageLiveScheduledProject24/7AlwaysEnterprise Round the clock coverage. Making the Right Choice Pick services matching needs: Startups: DevOps + Training Growing: DevSecOps + MLOps Enterprise: SRE + FinOps + GitOps All: Support always included Tailored recommendations free. Conclusion and Overview DevOpsSchool Services make software work simple and fast. From basic automation to advanced AI, they cover all needs. Start small, grow big with expert help. Overview: Full guide to all DevOpsSchool Services with plans, pricing, steps, results, and team training. Perfect for any company size. Contact Details: Email: [email protected] Phone & WhatsApp (India): +91 7004 215 841 Phone & WhatsApp (USA): +1 (469) 756-6329 DevOpsSchool View the full article

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities acrossView the full article

Kubernetes interviewing, hiring and assessments help teams find good container experts. Companies have trouble spotting real Kubernetes skills when people use big words but lack real work experience. kubernetes interviewing, hiring and assessments give simple ways to find engineers who can fix pods, grow clusters, keep 99.9% uptime, and recover from problems in real situations.​ Bad hires waste months learning and cost a lot when services break in production. Good tests find setup problems, security holes, and growth issues before they cause big trouble. Smart teams use real hands-on tests instead of book questions to build strong teams. Why Kubernetes Skills Matter Now Containers changed how apps move between test and live systems. Kubernetes became the main tool to run thousands of containers for big companies. Now every cloud team from small startups to huge businesses uses K8s clusters for important work. Good interviews show who can fix broken pods during busy sales times. Smart hiring picks workers with real experience in team setups, backup plans, and cost savings. Real tests prove they can handle daily cluster work. Companies with good K8s workers save 40% on running costs and ship features 5x faster.​ Common Kubernetes Interview Problems Hiring managers make the same mistakes that waste time. Many ask basic “What is Kubernetes?” questions that get Google answers. Book learning misses who can’t fix real cluster problems. No hands-on tests hide big skill gaps. Skipping security questions lets bad setups into live systems. No growth tests show panic when traffic jumps. Use simple kubernetes interviewing, hiring and assessments that show real work ability. Key Kubernetes Skills to Check Test these daily work skills that show true ability. Basic Setup: Nodes, pods, deployments, services – when to use each. Networking: Connection tools, doorways, team rules. Storage: Disk space, database setups, backups. Security: User rules, safe settings, secret storage. Fixing Problems: Logs, events, kubectl commands. Growing: Auto pod add, cluster size change. Watching: Charts, alerts, health checks. Test each with timed real problems.​ Kubernetes Interview Questions Table Use these tested questions for all levels. AreaSample QuestionGood Answer ShowsSkill TestedPodsFix pod that ran out of memorySets limits correctlyDaily resource workDeploymentsUpdate stuck halfwayChecks status/historySafe updatesServicesWhen use each type?Right choicesNetwork basicsSecurityMake view-only userSafe rulesSecurity habitsHelmUpdate app safelyRight commandsApp package skillStorageDisk won’t work – fixFinds storage problemDatabase workGrowthCPU slow in busy timeAuto growth setupSpeed fixesSecurity CheckFind bad imagesScan tools usedSafe builds Easy for new hires, hard for seniors.​ Hands-On Test Plan Use real work tests instead of paper questions. Run Sample App: Web server with copies. Grow & Update: Auto grow + safe change. Network Test: Web door with safe connection. Database Test: Long-running app with disk. Fix Broken: Kill pod, make it work again. Lock Down: Team rules + user limits. Backup Test: Save and restore data. Auto Deploy: From code to live. 90 minutes. Score on finish + good habits. Kubernetes Hiring Steps Simple path from paper to job offer. Check Resumes: Must show kubectl work. Quick Call: 15 min setup talk. Home Work: Small app setup (4 hours). Live Test: Shared test cluster. Team Check: Work with group. Fit Talk: Team style match. Offer: Good pay + training help. Cuts hiring time by half. DevOpsSchool Kubernetes Training DevOpsSchool leads Kubernetes classes worldwide with offices in India, USA, Europe, UAE, UK, Singapore, and Australia. Founded to solve real industry problems, they’ve trained over 50,000 professionals from 100+ countries. Their platform offers live classes, recorded videos, lab practice, job help, and certification support. Why DevOpsSchool stands out: Real production-like labs matching AWS EKS, Azure AKS, Google GKE Lifetime access to all course materials and updates Job placement help with 500+ hiring partners 24/7 doubt clearing through Slack and forums Money-back guarantee on certification courses Corporate training for 1000+ companies worldwide Free demo classes before enrollment​ They serve startups needing first Kubernetes clusters to enterprises running 10,000+ node clusters. Rajesh Kumar Teaches Kubernetes Classes led by Rajesh Kumar, founder of DevOpsSchool with 20+ years experience across banking, healthcare, e-commerce, and government projects. Rajesh started with Unix systems in 2000, moved to cloud in 2008, mastered Docker in 2013, and built his first Kubernetes cluster in 2016. Rajesh’s real achievements: Fixed 3AM cluster crashes for banks processing $1B+ daily Trained 25,000+ students who now work at Google, Amazon, Microsoft Built Kubernetes certification training used by 90% pass rate Created 500+ YouTube videos with 2M+ total views Wrote books on DevOps and Kubernetes used in 50+ universities Speaks at KubeCon, AWS re:Invent, DevOps Days conferences Mentors startup CTOs building cloud platforms Rajesh teaches from personal failures – like the time wrong RBAC locked out entire production, or when bad Helm values crashed 500 pods during Black Friday. His students pass CKA/CKAD first try and land jobs at FAANG companies within 3 months. Test Scoring Guide Fair grading stops bad choices. SkillMax ScoreMust DoWeightApp Run20No stop during changeHighNetwork15Right connectionsHighStorage15Data saved rightMediumSafety15User limits workHighFix Problems20Finds real causeHighAuto Tools10Code to liveMediumNotes10Clear stepsLow 80+ = good hire. Certs vs Real Work CertGood ForWeak AtBest WithCKABasic commandsBig design6 months workCKADApp setupDaily runAuto deployCKSSafetyNeeds basics firstUser rulesReal WorkLive fixesHard to checkAny cert Best: Cert + 6 months work. Warning Signs in Interviews Skip these people. Can’t explain pod steps. Deletes pods wrong way. No own code examples. Thinks wrong about deployments. Can’t read kubectl output. No limits set. No package tool use. Ask about last real fix.​ Build Test Systems Easy setups for fair tests. Tools: Local test clusters. Cloud free plans. Balance tools. Storage add-ons. Test Ideas: Team space rules. Backup check. Split traffic test. Code auto run. Watch setup. Team Growth Plans Hire right for team size. Team SizeWho to HireTest FocusClusters per Person1-3All skillsEverything14-10Split rolesSpecial work310+Big plannersMany clusters5 Cost of Bad Hires Real money loss. Find fee: $20K Learn time pay: 3 months One crash: $100K/hour Team slow: 6 months fix Total: $250K+ $5K test saves millions. Good Job Ads Get right people. textKubernetes Worker Needed - Ran 50+ node live clusters - Fixed crashes with kubectl - Made custom tools - Network + storage work - Multi cloud Online Interview Tips Good remote tests. Use online clusters. Share screen live. Time limits. Team watch. Record check. New Hire Start Plan Fast to good work. See live systems. Join team chat. Test bad events. Watch night duty. First code change. Exam money back. Check Hiring Success Watch these numbers. Work start: <60 days First fix: <90 days Exam pass: 90% Stay 1 year: 85% Help uptime. Conclusion and Overview Kubernetes interviewing, hiring and assessments make strong teams. Skip book tests. Use real work proof. Work with DevOpsSchool and Rajesh Kumar for best results. Overview: Full guide with test plans, scores, steps, start plans, and results check. Perfect for finding good Kubernetes workers. Contact Details: Email: [email protected] Phone & WhatsApp (India): +91 7004 215 841 Phone & WhatsApp (USA): +1 (469) 756-6329 DevOpsSchool View the full article