reporter

Apple today provided beta testers with the first releases of upcoming iOS 26.2, iPadOS 26.2, tvOS 26.2, and watchOS 26.2 updates for testing purposes. The public betas come a couple of days after Apple provided the betas to developers. Anyone can download and install public betas, and all that's required is to sign up on Apple's beta site. Once you've opted in, the software can be downloaded through the Software Update section in the Settings app on each device. iOS 26.3 introduces a simpler way for iPhone users to transfer their data to an Android device when switching platforms, plus it includes a Notification Forwarding feature for third-party wearables in the European Union. It will allow notifications to be forwarded from the ‌iPhone‌ to a third-party device. No new features have been found in the other beta updates as of yet. We're expecting iOS 26.3, iPadOS 26.3, and the other software to come out somewhere around the end of January.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26 This article, "Apple Releases First iOS 26.3 and iPadOS 26.3 Public Betas" first appeared on MacRumors.com Discuss this article in our forums View the full article

Samsung kicked off a holiday sale last week, and this event has expanded recently with even more great deals on monitors, TVs, Galaxy smartphones, and home appliances. Many of these deals are the exact same all-time low prices we tracked during Black Friday and Cyber Monday. Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Regarding TVs, there are quite a few models of The Frame TV on sale, including a new all-time low price on The Frame Pro models. You can get the 2025 65-inch The Frame TV for $1,199.99 ($600 off), as well as The Frame Pro for $1,999.00 ($1,200 off). $1,200 OFFThe Frame Pro for $1,999.00 This is also a good time to purchase a Samsung monitor, with hundreds of monitor deals available during the event. One of the best markdowns is on the 57-inch Odyssey Neo G9 Curved Gaming Monitor, available for $1,499.99, down from $2,299.99. If you're looking to add a second monitor to your workstation, you'll also find a few smaller options, like the 32-inch ViewFinity S7 for $299.99, down from $459.99. For even more potential savings, eligible shoppers have the chance to get additional discounts through Samsung offer programs. These programs provide extra discounts for students, military, and employees of select businesses, and they provide up to 30 percent extra savings on Samsung's website, so be sure to check whether you're eligible for any of these programs. Monitors 27-inch Odyssey G3 Monitor - $139.99, down from $229.99 32-inch ViewFinity S70A UHD Monitor - $299.99, down from $459.99 34-inch ViewFinity S6 Monitor - $399.99, down from $799.99 43-inch Odyssey Neo G7 Smart Gaming Monitor - $549.99, down from $999.99 27-inch Odyssey OLED G6 Gaming Monitor - $599.99, down from $899.99 49-inch Odyssey G9 Gaming Monitor - $777.99, down from $1,299.99 49-inch Odyssey OLED G9 Monitor - $899.99, down from $1,799.99 55-inch Odyssey Ark 2nd Gen - $1,299.99, down from $2,699.99 57-inch Odyssey Neo G9 Curved Gaming Monitor - $1,499.99, down from $2,299.99 TVs 55-inch QLED QEF1 Smart TV - $379.99, down from $599.99 55-inch QLED Q7F Smart TV - $399.99, down from $529.99 55-inch QLED Q8F Smart TV - $599.99, down from $749.99 75-inch Vision AI Smart TV - $679.99, down from $1,199.99 50-inch The Frame - $799.99, down from $1,099.99 75-inch Neo QLED QN70F Smart TV - $1,199.99, down from $1,599.99 65-inch The Frame - $1,199.99, down from $1,799.99 (extra $100 off available through offer programs) 55-inch OLED S95F Smart TV - $1,899.99, down from $2,299.99 75-inch The Frame Pro - $1,999.99, down from $3,199.99 85-inch The Frame Pro - $3,299.99, down from $4,299.99 (extra $660 off available through offer programs) 85-inch Neo QLED QN90F Smart TV - $2,299.99, down from $4,499.99 Appliances Bespoke Smart Dishwasher - $899.99, down from $1,299.00 Large Capacity Side-by-Side Fridge - $999.00, down from $1,666.00 4-Door French Door Fridge - $1,799.00, down from $2,999.00 Bespoke All-in-One Combo Washer/Dryer - $2,099.00, down from $3,299.00 Mega Capacity 3-Door French Door Fridge - $2,499.00, down from $3,499.00 Bespoke 4-Door Flex Fridge - $2,050.00, down from $4,099.00 Bespoke 4-Door Flex Fridge - $3,399.99, down from $4,999.00 Galaxy Products Galaxy XR - Save up to $1,140 with the Explorer Pack Galaxy S25 Ultra - Save up to $700 in instant trade-in credit Galaxy Ring - Get up to $150 trade-in credit Galaxy Watch Ultra - Save up to $250 Galaxy Watch 8 - Save up to $200 If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Samsung Expands Holiday Sale With Major Discounts on Popular Monitors and TVs" first appeared on MacRumors.com Discuss this article in our forums View the full article

An internal Apple kernel debug kit suggests Apple has tested a MacBook with the A15 chip, alongside a separate A18 Pro-based MacBook that appears to be closer to a shippable product. The information comes from internal kernel debug kit files used by Apple engineers. The kit was accidentally released on Apple's website earlier this year, but it was quickly pulled after information started leaking out of it. Within the Mac-related entries, there is a line that explicitly describes an unreleased MacBook configuration running an A15 chip. The row appears under a project label "mac14p" on a platform labeled H14P. MacRumors believes this A15 MacBook corresponds to the codename J267. In the same dataset, there is also a separate MacBook entry tied to the A18 Pro. It has the identifier J700 and is described as using an A18 Pro chip with a "Sunrise" wireless subsystem attributed to MediaTek. Compared with the A15 test configuration, the A18 Pro MacBook entry reads more like a defined product configuration, since it is identified with a specific internal codename and accompanying subsystem details. It is also highly unlikely that Apple would release a Mac powered by the A15 Bionic in 2026, almost five years after the chip was introduced. A MacBook with the A18 Pro chip would be markedly more capable, future-proof, and in-step with the company's current selection of chips. The A15 MacBook was almost certainly used as an unreleased test platform ahead of widely reported plans to release a low-cost MacBook with an iPhone chip. The original Apple silicon Mac mini Developer Transition Kit featured an A12Z chip, but all Apple silicon Macs available to consumers have featured M-series chips. Rumors suggest the low-cost MacBook will launch next year, featuring the A18 Pro chip, a 13-inch display, and silver, blue, pink, and yellow color options. This article, "Apple Tested a MacBook With the A15 Chip" first appeared on MacRumors.com Discuss this article in our forums View the full article

You can get the 13-inch M4 MacBook Air (256GB) for $749.00 today on Amazon, down from $999.00, with guaranteed Christmas delivery for select colors. This price matches the Amazon all-time low price on the M4 MacBook Air, and there are similar lows on other models with higher storage. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. If you're looking for the larger model, you can get the 15-inch 256GB computer for $949.00, down from $1,199.00. You'll also find many of the 512GB models of the 13-inch and 15-inch M4 MacBook Air on sale this week. $250 OFF13-inch M4 MacBook Air (256GB) for $749.00 $250 OFF15-inch M4 MacBook Air (256GB) for $949.00 If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple Deals This article, "Amazon Brings Back All-Time Low Prices on M4 MacBook Air With Christmas Delivery" first appeared on MacRumors.com Discuss this article in our forums View the full article

Containers are the universal path to production for most developers, and Docker has always been the steward of the ecosystem. Docker Hub has over 20 billion monthly pulls, with nearly 90% of organizations now relying on containers in their software delivery workflows. That gives us a responsibility: to help secure the software supply chain for the world. Why? Supply-chain attacks are exploding. In 2025, they caused more than $60 billion in damage, tripling from 2021. No one is safe. Every language, every ecosystem, every build and distribution step is a target. For this reason, we launched Docker Hardened Images (DHI), a secure, minimal, production-ready set of images, in May 2025, and since then have hardened over 1,000 images and helm charts in our catalog. Today, we are establishing a new industry standard by making DHI freely available and open source to everyone who builds software. All 26 Million+ developers in the container ecosystem. DHI is fully open and free to use, share, and build on with no licensing surprises, backed by an Apache 2.0 license. DHI now gives the world a secure, minimal, production-ready foundation from the very first pull. If it sounds too good to be true, here’s the bottom line up front: every developer and every application can (and should!) use DHI without restrictions. When you need continuous security patching, applied in under 7 days, images for regulated industries (e.g., FIPS, FedRAMP), you want to build customized images on our secure build infrastructure, or you need security patches beyond end-of-life, DHI has commercial offerings. Simple. Since the introduction of DHI, enterprises like Adobe and Qualcomm have bet on Docker for securing their entire enterprise to achieve the most stringent levels of compliance, while startups like Attentive and Octopus Deploy have accelerated their ability to get compliance and sell to larger businesses. Now everyone and every application can build securely from the first docker build. Unlike other opaque or proprietary hardened images, DHI is compatible with Alpine and Debian, trusted and familiar open source foundations teams already know and can adopt with minimal change. And while some vendors suppress CVEs in their feed to maintain a green scanner, Docker is always transparent, even when we’re still working on patches, because we fundamentally believe you should always know what your security posture is. The result: dramatically reduced CVEs (guaranteed near zero in DHI Enterprise), images up to 95 percent smaller, and secure defaults without ever compromising transparency or trust. There’s more. We’ve already built Hardened Helm Charts to leverage DHI images in Kubernetes environments; those are open source too. And today, we’re expanding that foundation with Hardened MCP Servers. We’re bringing DHI’s security principles to the MCP interface layer, the backbone of every agentic app. And starting now, you can run hardened versions of the MCP servers developers rely on most: Mongo, Grafana, GitHub, and more. And this is just the beginning. In the coming months, we will extend this hardened foundation across the entire software stack with hardened libraries, hardened system packages, and other secure components everyone depends on. The goal is simple: be able to secure your application from main() down. The philosophy of Docker Hardened Images Base images define your application’s security from the very first layer, so it’s critical to know exactly what goes into them. Here’s how we approach it. First: total transparency in every part of our minimal, opinionated, secure images. DHI uses a distroless runtime to shrink the attack surface while keeping the tools developers rely on. But security is more than minimalism; it requires full transparency. Too many vendors blur the truth with proprietary CVE scoring, downgraded vulnerabilities, or vague promises about reaching SLSA Build Level 3. DHI takes a different path. Every image includes a complete and verifiable SBOM. Every build provides SLSA Build Level 3 provenance. Every vulnerability is assessed using transparent public CVE data; we won’t hide vulnerabilities when we haven’t fixed them. Every image comes with proof of authenticity. The result: a secure foundation you can trust, built with clarity, verified with evidence, and delivered without compromise. Second: Migrating to secure images takes real work, and no one should pretend otherwise. But as you’d expect from Docker, we’ve focused on making the DX incredibly easy to use. As we mentioned before, DHI is built on the open source foundations the world already trusts, Debian and Alpine, so teams can adopt it with minimal friction. We’re reducing that friction even more: Docker’s AI assistant can scan your existing containers and recommend or even apply equivalent hardened images; the feature is experimental as this is day one, but we’ll quickly GA it as we learn from real world migrations. Lastly: we think about the most aggressive SLAs and longest support times and make certain that every piece of DHI can support that when you need it. DHI Enterprise, the commercial offering of DHI, includes a 7-day commitment for critical CVE remediation, with a roadmap toward one day or less. For regulated industries and mission-critical systems, this level of trust is mandatory. Achieving it is hard. It demands deep test automation and the ability to maintain patches that diverge from upstream until they are accepted. That is why most organizations cannot do this on their own. In addition, DHI Enterprise allows organizations to easily customize DHI images, leveraging Docker’s build infrastructure which takes care of the full image lifecycle management for you, ensuring that build provenance and compliance is maintained. For example, typically organizations need to add certificates and keys, system packages, scripts, and so on. DHI’s build service makes this trivial. Because our patching SLAs and our build service carry real operational cost, DHI has historically been one commercial offering. But our vision has always been broader. This level of security should be available to everyone, and the timing matters. Now that the evidence, infrastructure, and industry partnerships are in place, we are delivering on that vision. That is why today we are making Docker Hardened Images free and open source. This move carries the same spirit that defined Docker Official Images over a decade ago. We made them free, kept them free, and backed them with clear docs, best practices, and consistent maintenance. That foundation became the starting point for millions of developers and partners. Now we’re doing it again. DHI being free is powered by a rapidly growing ecosystem of partners, from Google, MongoDB, and the CNCF delivering hardened images to security platforms like Snyk and JFrog Xray integrating DHI directly into their scanners. Together, we are building a unified, end-to-end supply chain that raises the security bar for the entire industry. “Docker’s move to make its hardened images freely available under Apache 2.0 underscores its strong commitment to the open source ecosystem. Many CNCF projects can already be found in the DHI catalog, and giving the broader community access to secure, well-maintained building blocks helps us strengthen the software supply chain together. It’s exciting to see Docker continue to invest in open collaboration and secure container infrastructure.” Jonathan Bryce Executive Director at the Cloud Native Computing Foundation “Software supply chain attacks are a severe industry problem. Making Docker Hardened Images free and pervasive should underpin faster, more secure software delivery across the industry by making the right thing the easy thing for developers.” James Governor Analyst and Co-founder, RedMonk “Security shouldn’t be a premium feature. By making hardened images free, Docker is letting every developer, not just big enterprises, start with a safer foundation. We love seeing tools that reduce noise and toil, and we’re ready to run these secure workloads on Google Cloud from day one” Ryan J. Salva Senior Director of Product at Google, Developer Experiences “At MongoDB, we believe open source plays a central role in how modern software is built, enabling flexibility, choice, and developer productivity. That’s why we’re excited about free Docker Hardened Images for MongoDB. These images provide trusted, ready-to-deploy building blocks on proven Linux foundations such as Alpine and Debian, and with an Apache 2.0 license, they remain fully open source and free for anyone to use. With Docker Hub’s global reach and MongoDB’s commitment to reliability and safety, we are making it easier to build with confidence on a secure and open foundation for the future” Jim Scharf Chief Technology Officer, MongoDB “We’re excited to partner with Docker to deliver secure, enterprise-grade AI workloads from development to production. With over 50 million users and the majority of Fortune 500 trusting Anaconda to help them operate at enterprise scale securely, this partnership with Docker brings that same foundation to Docker Hardened Images. This enables teams to spend less time managing risk and more time innovating, while reducing the time from idea to production.” David DeSanto Chief Executive Officer, Anaconda “Socket stops malicious packages at install time, and Docker Hardened Images (DHI) give those packages a trustworthy place to run. With free DHI, teams get both layers of protection without lifting a finger. Pull a hardened image, run npm install, and the Socket firewall embedded in the DHI is already working for you. That is what true secure-by-default should look like, and we’re excited to partner with Docker and make it happen at their scale.” Feross Aboukhadijeh Founder and CEO, Socket “Teams building with Temporal orchestrate mission-critical workflows, and Docker is how they deploy those services in production. Making Docker Hardened Images freely available gives our users a very strong foundation for those workflows from day one, and Extended Lifecycle Support helps them keep long running systems secure without constant replatforming.” Maxim Fateev Chief Technology Officer, Temporal “At CircleCI, we know teams need to validate code as fast as they can generate it—and that starts with a trusted foundation. Docker Hardened Images eliminate a critical validation bottleneck by providing pre-secured, continuously verified components right from the start, helping teams ship fast, with confidence.” Rob Zuber Chief Technology Officer, CircleCI “We evaluated multiple options for hardened base images and chose Docker Hardened Images (DHI) for its alignment with our supply chain security posture, developer tooling compatibility, Docker’s maturity in this space, and integration with our existing infrastructure. Our focus was on balancing trust, maintainability, and ecosystem compatibility.” Vikram Sethi Principal Scientist, Adobe A Secure Path for Every Team and Business Everyone now has a secure foundation to start from with DHI. But businesses of all shapes and sizes often need more. Compliance requirements and risk tolerance may demand CVE patches ahead of upstream the moment the source becomes available. Companies operating in enterprise or government sectors must meet strict standards such as FIPS or STIG. And because production can never stop, many organizations need security patching to continue even after upstream support ends. That is why we now offer three DHI options, each built for a different security reality. Docker Hardened Images: Free for Everyone. DHI is the foundation modern software deserves: minimal hardened images, easy migration, full transparency, and an open ecosystem built on Alpine and Debian. Docker Hardened Images (DHI) Enterprise: DHI Enterprise delivers the guarantees that organizations, governments, and institutions with strict security or regulatory demands rely on. FIPS-enabled and STIG-ready images. Compliance with CIS benchmarks. SLA-backed remediations they can trust for critical CVEs in under 7 days. And those SLAs keep getting shorter as we push toward one-day (or less) critical fixes. For teams that need more control, DHI Enterprise delivers. Change your images. Configure runtimes. Install tools like curl. Add certificates. DHI Enterprise gives you unlimited customization, full catalog access, and the ability to shape your images on your terms while staying secure. DHI Extended Lifecycle Support (ELS): ELS is a paid add-on to DHI Enterprise, built to solve one of software’s hardest problems. When upstream support ends, patches stop but vulnerabilities don’t. Scanners light up, auditors demand answers, and compliance frameworks expect verified fixes. ELS ends that cycle with up to five additional years of security coverage, continuous CVE patches, updated SBOMs and provenance, and ongoing signing and auditability for compliance. You can learn more about these options here. Here’s how to get started Securing the container ecosystem is something we do together. Today, we’re giving the world a stronger foundation to build on. Now we want every developer, every open source project, every software vendor, and every platform to make Docker Hardened Images the default. Join our launch webinar to get hands-on and learn what’s new. Start using Docker Hardened Images today for free. Explore the docs and bring DHI into your workflows Join our partner program and help raise the security bar for everyone. Lastly, we are just getting started, and if you’re reading this and want to help build the future of container security, we’d love to meet you. Join us. Authors’ Notes Christian Dupuis Today’s announcement marks a watershed moment for our industry. Docker is fundamentally changing how applications are built-secure by default for every developer, every organization, and every open-source project. This moment fills me with pride as it represents the culmination of years of work: from the early days at Atomist building an event-driven SBOM and vulnerability management system, the foundation that still underpins Docker Scout today, to unveiling DHI earlier this year, and now making it freely available to all. I am deeply grateful to my incredible colleagues and friends at Docker who made this vision a reality, and to our partners and customers who believed in us from day one and shaped this journey with their guidance and feedback. Yet while this is an important milestone, it remains just that, a milestone. We are far from done, with many more innovations on the horizon. In fact, we are already working on what comes next. Security is a team sport, and today Docker opened the field to everyone. Let’s play. Michael Donovan I joined Docker to positively impact as many developers as possible. This launch gives every developer the right to secure their applications without adding toil to their workload. It represents a monumental shift in the container ecosystem and the digital experiences we use every day. I’m extremely proud of the product we’ve built and the customers we serve every day. I’ve had the time of my life building this with our stellar team and I’m more excited than ever for what’s to come next. View the full article

Apple has made the battery replacement process easier for the 14-inch M5 MacBook Pro, allowing users of its self-service repair program to replace just the battery, without removing other internal components. Before now, manual battery replacement on what is currently Apple's only M5-powered MacBook Pro required swapping out several modules alongside the battery itself. However, the new process Apple has introduced only requires removing the bottom case and the battery management unit flex cable before accessing the battery. Apple is now selling standalone battery modules through its Self Service Repair Store. Apart from the cost of the necessary repair tools, the replacement battery costs $209.25, and users can get a $22.50 credit by returning their old battery. Apple has also published a detailed repair manual to guide users and independent repair shops through the procedure. The manual includes step-by-step instructions for safely removing the rear case, discharging the battery, removing the old battery's adhesive strips, and installing the replacement unit. The change tackles a concern raised by iFixit in its October teardown of the M5 MacBook Pro, which found battery replacement to be one of the device's most challenging repairability aspects. That said, with 14 disassembly steps and 27 reassembly steps, it's probably still a job most users would rather leave to a professional. Apple launched its self-service repair program in 2022, giving customers access to genuine parts, tools, and repair manuals for select iPhones, iPads, Macs, Studio Displays, and Beats Pill speakers. The company says the program is "intended for individuals who are experienced with the complexities of repairing electronic devices."Tag: Self Service Repair This article, "M5 MacBook Pro Gets Easier Battery Replacement Process" first appeared on MacRumors.com Discuss this article in our forums View the full article

JumpCloud’s Remote Assist for Windows agent contained a critical local privilege escalation flaw, allowing full system compromise. Disclosed by XM Cyber, the vulnerability stems from insecure file operations during uninstall or update flows that execute with Windows NT AUTHORITY\SYSTEM privileges. The bug could allow a low-privileged local user to elevate themselves to full system control or induce denial-of-service conditions on corporate machines. JumpCloud’s agent is widely used in enterprise environments as part of its cloud-based Directory-as-a-service platform, managing device access and remote support features across Windows endpoints. According to XM Cyber’s Hillel Pinto, attackers only need a local foothold to exploit the flaw, generally obtainable from phishing, remote support sessions, or developer machines. Systems running Remote Assist for Windows before version 0.317 are vulnerable and need to be updated immediately to mitigate risks. Privileged uninstall in a untrusted temp space The flaw, tracked as CVE-2025-34352 and rated at CVSS 8.5 out of 10, highlights risks from improper handling of privileged operations on Windows endpoints. During uninstall or update operations, the JumpCloud agent triggers the Remote Assist uninstaller with system-level privileges, the highest possible authority in Windows. However, that routine performs create, write, execute, and delete actions on files in a user-writable %TEMP% subdirectory without validating the trustworthiness of the path or resetting access control lists. Because the uninstaller performs privileged file operations inside a user-controlled %TEMP% directory, a low-privileged attacker can abuse those operations to overwrite or delete protected system files. “What we have is a JumpCloud process with NT AUTHORITY\SYSTEM privileges that is deleting, writing, and executing a file with a predictable filename from an untrusted path,” Pinto said in a blog post. “The core of the exploit involves Link Following, utilizing mount points and symbolic links to redirect the privileged I/O operation.” Full privilege escalation and denial of service The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS). By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that give them a system-level command prompt. System access on an enterprise endpoint effectively grants control over policy enforcement, credential theft paths, and lateral movement capabilities. Alternatively, attackers can get the privileged process to write arbitrary data to sensitive system files (such as drivers), corrupting them and forcing blue screen of death (BSOD) conditions. This not only knocks machines offline but can require substantial remediation effort, particularly across distributed fleets. Pinto said that updating to JumpCloud Remote Assist for Windows version 0.317.0 or later will remediate this issue. “My team and I responsibly disclosed the vulnerability to JumpCloud, which confirmed the findings and promptly released a patch.” While >NIST’s National Vulnerability Database (NVD) marks the flaw as fixed and references the JumpCloud Agent release notes for patching, there is currently no note dedicated to the flaw on the page or on JumpCloud’s support site. JumpCloud did not immediately respond to CSO’s request for comments. View the full article

Unlike some Android phones, iPhones don't have a dedicated notification LED that lights up when you get a call, text, or other alert. What iPhones do include is an optional Accessibility feature for the deaf and hard of hearing that blinks the rear camera flash and provides a visual cue for incoming notifications. And in iOS 26.2, Apple has added the ability to flash the front display, too. Even if your hearing is fine, having a visual cue for incoming alerts can be handy to have if, say, you're in a quiet environment like a library and don't want to create a disturbance. What's more, in iOS 26.2, you can choose for both the display and the camera LED to flash. That way, you'll see the alert flash whichever way your iPhone is lying on a table. How to Enable Flash for Alerts Follow the steps below to turn on screen flash for alerts on your ‌iPhone‌ running iOS 26.2. Open the Settings app on your iPhone, then tap Accessibility. Under "Hearing," tap Audio & Visual. Scroll to the bottom and tap Flash for Alerts. Toggle on Flash for Alerts, then tap LED Flash, Screen, or Both.You'll see that the last menu includes toggle switches so that you can control whether the flash happens when your device is unlocked, as well as if it should flash when in silent mode. This article, "Make Your iPhone Display Flash for Alerts" first appeared on MacRumors.com Discuss this article in our forums View the full article

Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084 und CVE-2023-22518 in Confluence oder CVE-2023-2753 in Veeam Backup aus. Laut den von Amazon gesammelten Telemetriedaten hat sich die Gruppe in diesem Jahr jedoch stark auf Fehlkonfigurationen konzentriert und sich von Zero-Day- oder N-Day-Schwachstellen abgewendet. Die Hauptziele waren demnach Enterprise Router und Routing-Infrastrukturen, VPN-Konzentratoren und Remote-Access-Gateways, Netzwerkmanagement-Appliances, Kollaborations- und Wiki-Plattformen sowie Cloud-basierte Projektmanagementsysteme. „Diese taktische Anpassung ermöglicht die gleichen operativen Ergebnisse, nämlich das Sammeln von Anmeldedaten und laterale Bewegungen innerhalb der Online-Dienste und Infrastrukturen der Opfer, während gleichzeitig die Entdeckungsgefahr und der Ressourcenaufwand der Akteure reduziert werden“, so die Security-Spezialisten. Verbindungen zu Sandworm und Curly COMrades Die Telemetriedaten zeigen, dass es Überschneidungen zwischen der Infrastruktur der Gruppe und Sandworm gibt, die auch als APT44 und Seashell Blizzard bekannt ist und mit dem russischen Militärgeheimdienst GRU in Verbindung steht. Zudem besteht ein Zusammenhang mit einer Gruppe, deren Aktivitäten in der Vergangenheit von Bitdefender unter dem Namen Curly COMrades dokumentiert wurden. Es könnte sich jedoch um zusammenarbeitende Untergruppen innerhalb des GRU handeln: Während die von Amazon verfolgte Gruppe den ersten Zugriff und die laterale Bewegung übernimmt, stellt Curly COMrades die Persistenz des Hosts durch seine benutzerdefinierten Malware-Implantate CurlyShell und CurlCat sicher. Amazon entdeckte Angriffe auf Netzwerk-Edge-Geräte von Kunden, die auf AWS-EC2-Instanzen gehostet werden. Dabei stellten die Angreifer über von ihnen kontrollierte IP-Adressen dauerhafte Verbindungen her. Dies deutet auf einen interaktiven Zugriff auf die kompromittierten Geräte hin. Abgriff von Anmeldedaten Die Sicherheitsforscher beobachteten auch Credential-Replay-Angriffe auf andere Online-Dienste der Opfer, bei denen gestohlene Domain-Anmeldedaten nach der Kompromittierung von Netzwerk-Edge-Geräten verwendet wurden. Das Amazon-Team geht davon aus, dass die Täter Anmeldedaten sammeln, indem sie die Funktionen der kompromittierten Geräte zur Erfassung und Analyse des Datenverkehrs nutzen. „Die zeitliche Lücke zwischen der Kompromittierung der Geräte und den Authentifizierungsversuchen gegen die Dienste der Opfer deutet eher auf eine passive Sammlung als auf einen aktiven Diebstahl von Anmeldedaten hin“, heißt es im Forschungsbericht. Beim Abfangen des Netzwerkverkehrs gehen die Angreifer ähnlich vor wie Sandworm. Die gezielte Ausrichtung auf Netzwerk-Edge-Geräte versetzt sie dabei in die Lage, Anmeldedaten während der Übertragung abzufangen. Tipps zum Schutz für KRITIS-Betreiber Die Gruppe konzentriert sich stark auf den Energiesektor. Dazu zählen zudem MSSPs (Managed Security Service Provider) mit Kunden aus der Energieversorgung. Die Angreifer haben jedoch auch Technologie- und Cloud-Dienstleister sowie TK-Anbieter in mehreren Regionen ins Visier genommen. Amazon rät Unternehmen, ihre Netzwerk-Edge-Geräte auf unauthorisierte Packet Capture Files oder -Dienstprogramme zu überprüfen. Zudem wird empfohlen, Gerätekonfigurationen zu checken und Verwaltungsschnittstellen zu isolieren sowie eine Multi-Faktor-Authentifizierung zu implementieren. Unternehmen sollten außerdem Authentifizierungsprotokolle prüfen und Authentifizierungsversuche aus unerwarteten geografischen Standorten überwachen. Zudem empfiehlt sich, eine Anomalieerkennung für Authentifizierungsmuster für alle Online-Dienste zu implementieren. Auch die Verwendung von Klartextprotokollen, die Anmeldedaten während der Übertragung offenlegen könnten, sollte kontrolliert werden. Der Amazon-Bericht enthält zudem Indikatoren für Kompromittierungen im Zusammenhang mit dieser Angriffskampagne sowie spezifische Sicherheitsempfehlungen speziell für AWS-Umgebungen. (jm) View the full article

Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084 und CVE-2023-22518 in Confluence oder CVE-2023-2753 in Veeam Backup aus. Laut den von Amazon gesammelten Telemetriedaten hat sich die Gruppe in diesem Jahr jedoch stark auf Fehlkonfigurationen konzentriert und sich von Zero-Day- oder N-Day-Schwachstellen abgewendet. Die Hauptziele waren demnach Enterprise Router und Routing-Infrastrukturen, VPN-Konzentratoren und Remote-Access-Gateways, Netzwerkmanagement-Appliances, Kollaborations- und Wiki-Plattformen sowie Cloud-basierte Projektmanagementsysteme. „Diese taktische Anpassung ermöglicht die gleichen operativen Ergebnisse, nämlich das Sammeln von Anmeldedaten und laterale Bewegungen innerhalb der Online-Dienste und Infrastrukturen der Opfer, während gleichzeitig die Entdeckungsgefahr und der Ressourcenaufwand der Akteure reduziert werden“, so die Security-Spezialisten. Verbindungen zu Sandworm und Curly COMrades Die Telemetriedaten zeigen, dass es Überschneidungen zwischen der Infrastruktur der Gruppe und Sandworm gibt, die auch als APT44 und Seashell Blizzard bekannt ist und mit dem russischen Militärgeheimdienst GRU in Verbindung steht. Zudem besteht ein Zusammenhang mit einer Gruppe, deren Aktivitäten in der Vergangenheit von Bitdefender unter dem Namen Curly COMrades dokumentiert wurden. Es könnte sich jedoch um zusammenarbeitende Untergruppen innerhalb des GRU handeln: Während die von Amazon verfolgte Gruppe den ersten Zugriff und die laterale Bewegung übernimmt, stellt Curly COMrades die Persistenz des Hosts durch seine benutzerdefinierten Malware-Implantate CurlyShell und CurlCat sicher. Amazon entdeckte Angriffe auf Netzwerk-Edge-Geräte von Kunden, die auf AWS-EC2-Instanzen gehostet werden. Dabei stellten die Angreifer über von ihnen kontrollierte IP-Adressen dauerhafte Verbindungen her. Dies deutet auf einen interaktiven Zugriff auf die kompromittierten Geräte hin. Abgriff von Anmeldedaten Die Sicherheitsforscher beobachteten auch Credential-Replay-Angriffe auf andere Online-Dienste der Opfer, bei denen gestohlene Domain-Anmeldedaten nach der Kompromittierung von Netzwerk-Edge-Geräten verwendet wurden. Das Amazon-Team geht davon aus, dass die Täter Anmeldedaten sammeln, indem sie die Funktionen der kompromittierten Geräte zur Erfassung und Analyse des Datenverkehrs nutzen. „Die zeitliche Lücke zwischen der Kompromittierung der Geräte und den Authentifizierungsversuchen gegen die Dienste der Opfer deutet eher auf eine passive Sammlung als auf einen aktiven Diebstahl von Anmeldedaten hin“, heißt es im Forschungsbericht. Beim Abfangen des Netzwerkverkehrs gehen die Angreifer ähnlich vor wie Sandworm. Die gezielte Ausrichtung auf Netzwerk-Edge-Geräte versetzt sie dabei in die Lage, Anmeldedaten während der Übertragung abzufangen. Tipps zum Schutz für KRITIS-Betreiber Die Gruppe konzentriert sich stark auf den Energiesektor. Dazu zählen zudem MSSPs (Managed Security Service Provider) mit Kunden aus der Energieversorgung. Die Angreifer haben jedoch auch Technologie- und Cloud-Dienstleister sowie TK-Anbieter in mehreren Regionen ins Visier genommen. Amazon rät Unternehmen, ihre Netzwerk-Edge-Geräte auf unauthorisierte Packet Capture Files oder -Dienstprogramme zu überprüfen. Zudem wird empfohlen, Gerätekonfigurationen zu checken und Verwaltungsschnittstellen zu isolieren sowie eine Multi-Faktor-Authentifizierung zu implementieren. Unternehmen sollten außerdem Authentifizierungsprotokolle prüfen und Authentifizierungsversuche aus unerwarteten geografischen Standorten überwachen. Zudem empfiehlt sich, eine Anomalieerkennung für Authentifizierungsmuster für alle Online-Dienste zu implementieren. Auch die Verwendung von Klartextprotokollen, die Anmeldedaten während der Übertragung offenlegen könnten, sollte kontrolliert werden. Der Amazon-Bericht enthält zudem Indikatoren für Kompromittierungen im Zusammenhang mit dieser Angriffskampagne sowie spezifische Sicherheitsempfehlungen speziell für AWS-Umgebungen. (jm) View the full article

Apple is in talks with suppliers to manage iPhone chip assembly and packaging in India for the first time, reports The Economic Times. "Exploratory conversations" are said to have taken place with semiconductor company CG Semi, which is constructing one of India's first outsourced semiconductor assembly and test (OSAT) facilities in Sanand, Gujarat. From the report, citing people with knowledge of the matter: "The companies are in the very initial stages of discussion," one of them said. "It is not clear what chips will be packaged out of the Sanand facility at this stage, but it will likely be display chips." The person added that this may be the "beginning of an uphill climb" for CG Semi since if talks progress, it will have to pass Apple's stringent quality standards to clinch the deal. "Apple is already in talks with several companies for a number of other supply chain functions, and very few will end up on their supplier list," the person said.As the report mentions, Apple sources its iPhone display panels from the world's three leading OLED manufacturers: Samsung Display, LG Display, and BOE. The display driver ICs used with these panels are supplied by companies such as Samsung, Novatek, Himax, and LX Semicon, which in turn rely mainly on chip fabrication and packaging facilities in South Korea, Taiwan, and China. If the discussions between Apple and CG Semi bear fruit, the move would be another example of Apple pivoting to India as a major supply chain and manufacturing hub. Apple reportedly assembled $22 billion worth of iPhones in India during the 12 months ending in March 2025, a nearly 60% increase over the previous year. Foxconn, Tata Electronics, and Pegatron now operate facilities in India focused on ‌iPhone‌ manufacturing. Apple is apparently aiming to manufacture the majority of iPhones sold in the United States in India by the end of 2026.Tag: India This article, "Apple Explores iPhone Chip Packaging in India for the First Time" first appeared on MacRumors.com Discuss this article in our forums View the full article

TypeScript with NestJS is now one of the most reliable combinations for building clean, scalable backend applications. Companies across Pune and India need developers who can design strong APIs and services using TypeScript and NestJS. If you want to grow as a backend or full-stack developer, TypeScript with NestJs Training In Pune is a practical way to learn these skills through real examples and guided practice. What TypeScript and NestJS Offer TypeScript is a superset of JavaScript that adds static typing, so many mistakes are caught while writing code, not later during runtime. This makes large codebases easier to maintain, refactor, and scale. NestJS is a Node.js framework built around TypeScript that uses a clear structure with modules, controllers, and services, which keeps growing applications organized. With NestJS, routes are defined using decorators like @Controller(), @Get(), and @Post(), and dependency injection lets you share and reuse services cleanly. The framework integrates well with databases such as PostgreSQL, MongoDB, and MySQL, and works smoothly with testing tools like Jest. Together, TypeScript and NestJS help teams build predictable, testable, and production-ready backends. TypeScript improves code safety and readability NestJS offers a modular architecture and clear patterns Both support modern testing and database integration Why TypeScript with NestJS Skills Are Important Organizations choose TypeScript with NestJS because it reduces production bugs and makes it easier to add new features without breaking existing code. Typed code and a structured framework help teams maintain quality as projects grow. This is why many companies in Pune’s tech hubs, such as Hinjewadi, Magarpatta, and Kharadi, look for developers who already understand this stack. These skills are used across domains like fintech, e-commerce, SaaS products, and enterprise applications. Developers with TypeScript and NestJS knowledge can work on APIs, microservices, and cloud-native systems, and often find opportunities for remote and freelance work as well. Example career path: RoleTypical Focus AreaJunior Backend DevBuild APIs, fix bugs, write basic testsMid-level DeveloperDesign modules, integrate databases, mentor juniorsSenior DeveloperLead design, performance tuning, security reviewsTech Lead / ArchitectDefine architecture, guide teams, code reviews What You Learn in TypeScript with NestJS Training In Pune A complete TypeScript with NestJs Training In Pune should take you from basics to job-ready skills in a step-by-step way. The training usually combines concepts, live coding, and project work so you understand both “why” and “how”. Key learning areas: TypeScript fundamentals: variables, types, interfaces, enums, generics, classes, inheritance, and modules NestJS basics: project setup, folder structure, modules, controllers, services, and request lifecycle REST API design: endpoints, query and path parameters, request bodies, DTOs, and validation Database integration: connecting to PostgreSQL, MongoDB, or MySQL using TypeORM, entities, CRUD operations, and migrations Security: authentication, authorization, guards, roles, and protecting endpoints Middleware and interceptors: logging, error handling, and cross-cutting concerns Testing: unit tests and end-to-end tests with Jest Deployment: packaging apps with Docker and understanding simple deployment workflows By the end, you usually complete at least one real-world style project that brings together all these topics into a working backend application. Training Modes, Duration, and Pricing The program around Pune offers flexible formats so both students and working professionals can join: Self-learning video mode (8–12 hours): Pre-recorded sessions you can watch at your own speed. Good for independent learners who like to pause and replay topics. Live interactive online batch (8–12 hours): Scheduled live classes with an instructor and group. You can ask questions, follow live demos, and get feedback during the session. One-to-one live online (8–12 hours): Direct one-on-one sessions with a trainer, suited to people who want fully personalized pacing and attention. Corporate training (2–3 days): Short and intensive programs for teams, either online or in classroom mode, often tailored to a company’s projects. Training overview: DurationModeBest ForPrice (Approx)8 – 12 HoursSelf-learning using videoFlexible, self-paced learners₹4,9998 – 12 HoursLive & interactive online batchMost working professionals₹24,9998 – 12 HoursOne-to-one live & interactive onlineLearners needing personal focus₹59,9992 – 3 DaysCorporate (online/classroom)Teams and corporate groupsContact for fee Group discounts are often available if multiple learners join together, which helps teams or friends share the cost. Why Choose DevOpsSchool for This Training DevOpsSchool is known as a specialist platform for DevOps, cloud, automation, containers, and programming-focused training, including TypeScript with NestJS. Since its start, it has helped thousands of learners from India and abroad upgrade their skills and move into better roles in IT and software development. The platform focuses strongly on practical learning and long-term support: Lifetime access to an LMS that holds class recordings, notes, and slides Trainers with over a decade of real industry experience Real-time project work instead of only simple code samples Web-based tutorials, training notes, and structured learning paths Interview preparation kits and practice questions Because of this, DevOpsSchool acts like a long-term learning partner that supports you even after the course ends, not just a short-term class provider. Learn Under the Guidance of Rajesh Kumar The TypeScript with NestJS programs are guided and mentored by senior trainers like Rajesh Kumar, who brings more than 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud platforms. He has trained thousands of professionals worldwide and helped many companies adopt modern DevOps practices and stable backend systems. Highlights of Rajesh Kumar’s profile: Over two decades of real project work in software delivery and infrastructure Hands-on experience designing CI/CD pipelines and scalable backend architectures Strong knowledge of container tools, scripting, automation, and cloud-native design Known for breaking down complex topics into simple, clear explanations Focus on real project examples and scenarios rather than only theory Learners often mention that his teaching style makes tough backend concepts easier to understand, even for those who are new to TypeScript or NestJS. Detailed Agenda Highlights The course usually follows a clear agenda that moves from fundamentals to advanced topics: Getting started with TypeScript Why TypeScript, its main features, syntax, and basic tooling Setting up the environment using editors and the TypeScript compiler Writing first TypeScript classes and small examples Typing, variables, and functions Static vs dynamic typing, type inference, any type, and primitives Working with objects, functions, and arrow functions Using interfaces and function types for cleaner contracts Object-oriented programming in TypeScript Classes, constructors, access modifiers, inheritance, and abstract classes Generics for reusable components and collections Advanced TypeScript features Modules, namespaces, decorators, and type definition files Working with third-party libraries and type declarations NestJS introduction and project setup Creating a new NestJS project, understanding its structure Creating modules, controllers, and services Building APIs with NestJS RESTful endpoints, routing, parameters, and request/response handling Data Transfer Objects (DTOs) and validation logic Database integration and persistence Configuring databases with TypeORM Creating entities, repositories, and performing CRUD operations Security, testing, and deployment Authentication, guards, and role-based access Writing unit and e2e tests with Jest Basic Dockerization and deployment concepts Extra Support and Ongoing Learning After enrolling in TypeScript with NestJS training, you usually get ongoing support that makes it easier to continue learning: 24×7 access to class recordings through LMS Detailed slide decks and downloadable notes for each module Lab setup guides for both cloud-based and local environments Interview question banks for TypeScript and NestJS roles Example projects that you can extend for your own practice If you miss any live class, you can catch up by watching recordings, and in many cases you can revisit topics in future batches if needed. Lab Setup and System Requirements To follow along with hands-on work, you should have: A laptop or desktop with Windows, macOS, or Linux At least 2GB RAM and around 20GB free disk space Node.js installed, plus a code editor like Visual Studio Code A stable internet connection for live classes and downloads Labs often use a prepared cloud environment for demos, and trainers guide you to set up your own local or cloud-based development setup so you can keep practicing after the course. Career Benefits and Job Roles Once you complete TypeScript with NestJs Training In Pune and have built a few working projects, you can start applying for roles such as: TypeScript / Node.js backend developer NestJS developer building APIs and microservices Full-stack developer (if you also know a frontend framework) API engineer working on integrations and backend services Backend architect or senior engineer over time These roles are useful in product-based companies, service firms, startups, and large enterprises alike. Because TypeScript and NestJS are widely accepted in the industry, they also open doors to remote roles and freelance assignments. Conclusion and Overview TypeScript with NestJs Training In Pune gives you a solid, practical base in backend development using a modern stack. You learn how TypeScript helps write safer and more maintainable code, how NestJS provides structure and patterns for complex applications, and how to connect everything into real, working backend services. With guidance from an experienced institute like DevOpsSchool and expert mentoring from Rajesh Kumar, you gain both skills and confidence for real projects and interviews. If you are serious about a long-term backend or full-stack development career in Pune’s growing IT landscape, this training path is a strong and realistic choice that aligns with current industry needs. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

TypeScript with NestJs Training In Hyderabad is one of the fastest-growing tech skills today. Companies across Hyderabad want developers who can build strong back-end systems and make apps run fast and safely. If you want to start or grow your programming career, getting proper TypeScript with NestJs Training In Hyderabad is the first step to success. This training helps you learn both the TypeScript language and the NestJS framework with clear examples and real projects. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build back-end programs and web services. Instead of writing simple JavaScript that can break easily, TypeScript with NestJS uses types, structure, and good patterns to keep programs safe and easy to grow. Developers write code that checks for mistakes early and handles many users without slowing down. TypeScript is a superset of JavaScript, created by Microsoft, that adds type checking to catch errors before the code runs. NestJS is a framework built on Node.js that organizes apps into modules, controllers, and services, which makes big projects easier to manage. Normal JavaScript can hide bugs until runtime. TypeScript adds type rules like “this must be a string” or “this must be a number”, so many issues are found while coding. NestJS then uses decorators like @Get(), @Post(), and others to define routes, while dependency injection lets you reuse services cleanly. NestJS works well with databases such as PostgreSQL, MongoDB, and MySQL, so you can build full back-end systems from one place. TypeScript helps catch mistakes early with strong typing NestJS gives a clean structure for large, growing apps Works with popular databases like PostgreSQL, MongoDB, and MySQL Why TypeScript and NestJS Skills Are in High Demand Companies that use TypeScript with NestJS see big improvements in how their apps behave. Web applications become faster, handle more users at once, and crash less. Because code is typed and well-structured, new features can be added without breaking older parts. This is why many Hyderabad IT companies and startups are now actively hiring developers with TypeScript and NestJS experience. Here is a simple view of possible salary ranges: Job LevelSalary Range (Lakh Per Year)What You’ll DoJunior Developer5 – 12Build basic APIs, fix simple bugsMid-Level Developer12 – 20Design app structure, add databases, featuresSenior Developer22 – 35Lead projects, design cloud-ready systemsNestJS Lead30+Guide teams, review and plan architectures These ranges can change by company and experience, but they show that there is good room for growth. The same skills also help you work on microservices, mobile back-ends, and SaaS applications used by customers around the world. Strong demand in Hitech City, Gachibowli, and other Hyderabad IT hubs Good pay growth from junior to lead roles Skills useful in many domains like e-commerce, banking, and product startups What Good TypeScript NestJS Training Should Include Good training should not only be theory on slides. You need to see how real applications are built, step by step. A strong TypeScript with NestJs Training In Hyderabad should teach TypeScript as a language and NestJS as a framework through hands-on labs and clear examples. You should come away with both the concepts and working code. A complete training usually covers: TypeScript basics and advanced features Setting up a NestJS project and understanding its folder structure Writing controllers, services, and modules Building REST APIs to handle real requests You should also learn how to: Use guards to protect routes and check login Use pipes for validating and transforming input data Use interceptors and middleware for logging and cross-cutting logic Connect to databases using an ORM like TypeORM and perform CRUD operations When you work on small and medium projects during the course, you build real confidence. This also gives you code samples to show in interviews. About DevOpsSchool: Your Training Partner DevOpsSchool is a leading training platform for DevOps, cloud, automation, containers, and programming skills, including TypeScript and NestJS. Since 2016, it has helped thousands of learners from India, USA, Europe, and the UK move into better roles. Many professionals in Hyderabad and other cities started with their programs and then joined top IT companies and startups. What makes DevOpsSchool special is its long-term support and practical focus. You get lifetime access to their Learning Management System (LMS), which holds class recordings, notes, slides, and step-by-step tutorials. Trainers usually have 10–15 or more years of real industry experience and pay close attention to learner questions. The training gives you real project work rather than only simple examples, so you learn how tools are used in real life. Key features you typically get: Lifetime technical support for clearing doubts even after the course Lifetime LMS access for recordings, notes, and guides Interview-kit with common questions and answers Training notes, web-based tutorials, and detailed slides This combination of strong content and ongoing help makes DevOpsSchool a good partner for long-term growth, not just a one-time class. Learn from Expert Rajesh Kumar The TypeScript with NestJS programs are guided by senior trainers like Rajesh Kumar, who has over 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud technologies. He has trained thousands of engineers worldwide and advised many well-known companies on modernizing their software delivery processes. Rajesh Kumar brings: More than two decades of real hands-on work across DevOps and cloud Experience designing CI/CD pipelines and scalable back-end architectures Deep knowledge of container platforms, scripting, and automation tools A practical teaching style focused on real project examples Learners appreciate his simple explanations for complex topics. He makes sure that even those who are new to back-end development can follow along. Instead of just talking about theory, he shows how tools are used in real projects, which helps you imagine your own future work more clearly. Learning Modes and Training Duration The TypeScript with NestJS training linked to Hyderabad offers flexible modes so you can pick what fits best for your schedule and learning style: Self-learning using video (8–12 hours): Watch pre-recorded videos at your own speed. You can pause, rewind, and repeat lessons, which is helpful if you are busy or like to learn slowly. Live & interactive online batch (8–12 hours): Attend live online classes with an instructor and a group of other learners. You can ask questions, see live demos, and get feedback on your work. One-to-one live & interactive online (8–12 hours): Study directly with a trainer in private sessions. This suits learners who want focused attention or have special goals. Corporate (online/classroom) for 2–3 days: Short, intensive training for company teams, either online or in classroom mode, often tailored for their projects. A simple overview: Duration (Approx)ModeBest For8 – 12 HrsSelf learning using videoIndependent, flexible learners8 – 12 HrsLive & interactive online batchMost working professionals8 – 12 HrsOne to One live & interactive onlineLearners needing personal focus2 – 3 DaysCorporate (online/classroom)Office and project teams Group discounts are commonly available when multiple people join together, which is good for friends or colleagues who want to learn in a batch. What You’ll Learn in the Hyderabad Program The TypeScript with NestJs Training In Hyderabad is usually structured to take you from the basics to more advanced topics step by step. This makes it easier for both beginners and experienced developers coming from JavaScript or another language. Main learning areas include: TypeScript essentials: Variables, basic and advanced types, interfaces, enums, generics, classes, inheritance, and modules. You learn how to use TypeScript to write cleaner and safer code. NestJS foundations: Installing and setting up a NestJS project, understanding the folder structure, creating modules, controllers, and services, and how requests flow through the app. API development: Building RESTful endpoints, handling query parameters, path parameters, and request bodies, plus using DTOs and validation to clean incoming data. Database connectivity: Connecting to PostgreSQL, MongoDB, or MySQL using an ORM like TypeORM. Creating entities, doing CRUD operations, and managing migrations. Security and middleware: Implementing guards for authentication and authorization, adding pipes for validation and transformation, using interceptors and middleware for logging and error handling. Testing and deployment basics: Writing and running automated tests for critical parts of the system, packaging the app with tools like Docker, and understanding simple deployment flows. By the end of the course, you normally complete at least one real-time, scenario-based project that ties together all these skills into a working application. Extra Support and Learning Resources To ensure that you keep learning even after the live sessions, the program usually includes rich resources and support options. For TypeScript with NestJS training, you can expect: 24×7 access to class recordings via the LMS Full slide decks and notes from each module Step-by-step lab setup instructions for AWS or local virtual machines Interview question banks and sample answers for developer roles Example projects you can study and extend for your portfolio If you ever miss a live session, you can watch the recording or rejoin the topic in a later batch, depending on the training policy. This flexibility makes it easier to balance learning with work or personal tasks. System Requirements and Lab Setup To follow the hands-on parts, you usually need: A Windows, Mac, or Linux system At least 2GB of RAM and around 20GB free disk space Node.js and a code editor like Visual Studio Code installed Hands-on work is often done using DevOpsSchool’s cloud setup, where trainers run demos in a prepared environment. You also get guidance to set up your own TypeScript and NestJS lab using AWS free tier or local virtual machines so you can continue practicing after the course. Career Benefits After Training After you complete the TypeScript with NestJs Training In Hyderabad and build a few real projects, you can apply for roles such as: TypeScript / Node.js back-end developer NestJS developer for APIs and microservices Full-stack developer (when combined with a front-end framework) API engineer in product or service companies In the long run, you can move into senior engineer, architect, or team lead roles where you design systems and guide other developers. Because TypeScript and NestJS are popular worldwide, these skills can also support remote work and freelance opportunities, not just local roles in Hyderabad. Conclusion and Overview TypeScript with NestJs Training In Hyderabad gives you a strong, modern base in back-end development. You learn how TypeScript makes code safer, how NestJS gives structure to large applications, and how to build, test, and deploy real services. With the backing of an experienced training provider like DevOpsSchool and expert guidance from Rajesh Kumar, you get both knowledge and the confidence to use it in real projects. If you want a stable, well-paid development career in Hyderabad’s tech industry, this path is a practical and future-ready choice. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

TypeScript with NestJs Training In Chennai is one of the fastest-growing tech skills today. Companies across Chennai want developers who can build strong back-end systems and make apps run fast and safely. If you want to start or grow your programming career, getting proper TypeScript with NestJs Training In Chennai is the first step to success. This training helps you learn both the TypeScript language and the NestJS framework with clear examples and real projects. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build back-end programs and web services. Instead of writing simple JavaScript that can break easily, TypeScript with NestJS uses types, structure, and good patterns to keep programs safe and easy to grow. Developers write code that checks for mistakes early and handles many users without slowing down. TypeScript is a superset of JavaScript, created by Microsoft, that adds type checking to catch errors before the code runs. NestJS is a framework built on Node.js that organizes apps into modules, controllers, and services, which makes big projects easier to manage. Normal JavaScript can hide bugs until runtime. TypeScript adds type rules like “this must be a string” or “this must be a number”, so many issues are found while coding. NestJS then uses decorators like @Get(), @Post(), and others to define routes, while dependency injection lets you reuse services cleanly. NestJS works well with databases such as PostgreSQL, MongoDB, and MySQL, so you can build full back-end systems from one place. TypeScript helps catch mistakes early with strong typing NestJS gives a clean structure for large, growing apps Works with popular databases like PostgreSQL, MongoDB, and MySQL Why TypeScript and NestJS Skills Are in High Demand Companies that use TypeScript with NestJS see big improvements in how their apps behave. Web applications become faster, handle more users at once, and crash less. Because code is typed and well-structured, new features can be added without breaking older parts. This is why many Chennai IT companies and startups are now actively hiring developers with TypeScript and NestJS experience. Here is a simple view of possible salary ranges: Job LevelSalary Range (Lakh Per Year)What You’ll DoJunior Developer5 – 12Build basic APIs, fix simple bugsMid-Level Developer12 – 20Design app structure, add databases, featuresSenior Developer22 – 35Lead projects, design cloud-ready systemsNestJS Lead30+Guide teams, review and plan architectures These ranges can change by company and experience, but they show that there is good room for growth. The same skills also help you work on microservices, mobile back-ends, and SaaS applications used by customers around the world. Strong demand in OMR, Guindy, and other Chennai IT hubs Good pay growth from junior to lead roles Skills useful in many domains like e-commerce, banking, and product startups What Good TypeScript NestJS Training Should Include Good training should not only be theory on slides. You need to see how real applications are built, step by step. A strong TypeScript with NestJs Training In Chennai should teach TypeScript as a language and NestJS as a framework through hands-on labs and clear examples. You should come away with both the concepts and working code. A complete training usually covers: TypeScript basics and advanced features Setting up a NestJS project and understanding its folder structure Writing controllers, services, and modules Building REST APIs to handle real requests You should also learn how to: Use guards to protect routes and check login Use pipes for validating and transforming input data Use interceptors and middleware for logging and cross-cutting logic Connect to databases using an ORM like TypeORM and perform CRUD operations When you work on small and medium projects during the course, you build real confidence. This also gives you code samples to show in interviews. About DevOpsSchool: Your Training Partner DevOpsSchool is a leading training platform for DevOps, cloud, automation, containers, and programming skills, including TypeScript and NestJS. Since 2016, it has helped thousands of learners from India, USA, Europe, and the UK move into better roles. Many professionals in Chennai and other cities started with their programs and then joined top IT companies and startups. What makes DevOpsSchool special is its long-term support and practical focus. You get lifetime access to their Learning Management System (LMS), which holds class recordings, notes, slides, and step-by-step tutorials. Trainers usually have 10–15 or more years of real industry experience and pay close attention to learner questions. The training gives you real project work rather than only simple examples, so you learn how tools are used in real life. Key features you typically get: Lifetime technical support for clearing doubts even after the course Lifetime LMS access for recordings, notes, and guides Interview-kit with common questions and answers Training notes, web-based tutorials, and detailed slides This combination of strong content and ongoing help makes DevOpsSchool a good partner for long-term growth, not just a one-time class. Learn from Expert Rajesh Kumar The TypeScript with NestJS programs are guided by senior trainers like Rajesh Kumar, who has over 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud technologies. He has trained thousands of engineers worldwide and advised many well-known companies on modernizing their software delivery processes. Rajesh Kumar brings: More than two decades of real hands-on work across DevOps and cloud Experience designing CI/CD pipelines and scalable back-end architectures Deep knowledge of container platforms, scripting, and automation tools A practical teaching style focused on real project examples Learners appreciate his simple explanations for complex topics. He makes sure that even those who are new to back-end development can follow along. Instead of just talking about theory, he shows how tools are used in real projects, which helps you imagine your own future work more clearly. Learning Modes and Training Duration The TypeScript with NestJS training linked to Chennai offers flexible modes so you can pick what fits best for your schedule and learning style: Self-learning using video (8–12 hours): Watch pre-recorded videos at your own speed. You can pause, rewind, and repeat lessons, which is helpful if you are busy or like to learn slowly. Live & interactive online batch (8–12 hours): Attend live online classes with an instructor and a group of other learners. You can ask questions, see live demos, and get feedback on your work. One-to-one live & interactive online (8–12 hours): Study directly with a trainer in private sessions. This suits learners who want focused attention or have special goals. Corporate (online/classroom) for 2–3 days: Short, intensive training for company teams, either online or in classroom mode, often tailored for their projects. A simple overview: Duration (Approx)ModeBest For8 – 12 HrsSelf learning using videoIndependent, flexible learners8 – 12 HrsLive & interactive online batchMost working professionals8 – 12 HrsOne to One live & interactive onlineLearners needing personal focus2 – 3 DaysCorporate (online/classroom)Office and project teams Group discounts are commonly available when multiple people join together, which is good for friends or colleagues who want to learn in a batch. What You’ll Learn in the Chennai Program The TypeScript with NestJs Training In Chennai is usually structured to take you from the basics to more advanced topics step by step. This makes it easier for both beginners and experienced developers coming from JavaScript or another language. Main learning areas include: TypeScript essentials: Variables, basic and advanced types, interfaces, enums, generics, classes, inheritance, and modules. You learn how to use TypeScript to write cleaner and safer code. NestJS foundations: Installing and setting up a NestJS project, understanding the folder structure, creating modules, controllers, and services, and how requests flow through the app. API development: Building RESTful endpoints, handling query parameters, path parameters, and request bodies, plus using DTOs and validation to clean incoming data. Database connectivity: Connecting to PostgreSQL, MongoDB, or MySQL using an ORM like TypeORM. Creating entities, doing CRUD operations, and managing migrations. Security and middleware: Implementing guards for authentication and authorization, adding pipes for validation and transformation, using interceptors and middleware for logging and error handling. Testing and deployment basics: Writing and running automated tests for critical parts of the system, packaging the app with tools like Docker, and understanding simple deployment flows. By the end of the course, you normally complete at least one real-time, scenario-based project that ties together all these skills into a working application. Extra Support and Learning Resources To ensure that you keep learning even after the live sessions, the program usually includes rich resources and support options. For TypeScript with NestJS training, you can expect: 24×7 access to class recordings via the LMS Full slide decks and notes from each module Step-by-step lab setup instructions for AWS or local virtual machines Interview question banks and sample answers for developer roles Example projects you can study and extend for your portfolio If you ever miss a live session, you can watch the recording or rejoin the topic in a later batch, depending on the training policy. This flexibility makes it easier to balance learning with work or personal tasks. System Requirements and Lab Setup To follow the hands-on parts, you usually need: A Windows, Mac, or Linux system At least 2GB of RAM and around 20GB free disk space Node.js and a code editor like Visual Studio Code installed Hands-on work is often done using DevOpsSchool’s cloud setup, where trainers run demos in a prepared environment. You also get guidance to set up your own TypeScript and NestJS lab using AWS free tier or local virtual machines so you can continue practicing after the course. Career Benefits After Training After you complete the TypeScript with NestJs Training In Chennai and build a few real projects, you can apply for roles such as: TypeScript / Node.js back-end developer NestJS developer for APIs and microservices Full-stack developer (when combined with a front-end framework) API engineer in product or service companies In the long run, you can move into senior engineer, architect, or team lead roles where you design systems and guide other developers. Because TypeScript and NestJS are popular worldwide, these skills can also support remote work and freelance opportunities, not just local roles in Chennai. Conclusion and Overview TypeScript with NestJs Training In Chennai gives you a strong, modern base in back-end development. You learn how TypeScript makes code safer, how NestJS gives structure to large applications, and how to build, test, and deploy real services. With the backing of an experienced training provider like DevOpsSchool and expert guidance from Rajesh Kumar, you get both knowledge and the confidence to use it in real projects. If you want a stable, well-paid development career in Chennai’s tech industry, this path is a practical and future-ready choice. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in einer Datenbank als unseriös oder betrügerisch erfasst ist, dann erscheint auf dem Smartphone-Display den Angaben zufolge der Hinweis “Vorsicht, möglicher Betrug!”. Vodafone ist voraus, O2 lässt auf sich warten Vodafone hat ein ähnliches Warnsystem bereits im Mai aktiviert, seither hat dieser Spam-Warner Firmenangaben zufolge bereits 50 Millionen Mal Alarm geschlagen. Nur 12 Prozent der Anrufe werden trotzdem angenommen, bei anonymen Anrufen – also wenn keine Nummer im Display erscheint – liegt die Annahmequote bei 60 Prozent. Die Anrufe, bei denen vorher der Betrugshinweis sichtbar war, dauerten laut Vodafone in 90 Prozent der Fälle weniger als 30 Sekunden – also sehr kurz, was ein gutes Zeichen ist: Vermutlich waren die allermeisten Angerufenen auf der Hut und legten ruckzuck wieder auf, noch bevor der Betrüger seine rhetorischen Winkelzüge vollziehen konnte. Die Betrugsanrufe kamen nicht nur aus Deutschland, sondern besonders häufig auch aus den Niederlanden, aus Österreich, Italien und dem Vereinigten Königreich. Betrüger wollen Bankdaten oder Passwörter “Betrüger sind oft sehr geschickt darin, Vertrauen aufzubauen – sei es durch vermeintliche Gewinnspiele oder Umfragen”, warnt Marc Atkins, Leiter der Cyber-Sicherheitszentrale von Vodafone Deutschland. Solche Methoden dienten häufig dazu, sensible Informationen wie Bankdaten oder Passwörter zu erlangen. “Seien Sie skeptisch und geben Sie keine persönlichen Daten am Telefon preis”, warnt der Sicherheitsexperte. Der dritte etablierte Handynetz-Betreiber in Deutschland, O2 Telefónica, hat noch kein solches Betrugswarnsystem für seine Kundinnen und Kunden aktiviert (dpa/jm). View the full article

Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in einer Datenbank als unseriös oder betrügerisch erfasst ist, dann erscheint auf dem Smartphone-Display den Angaben zufolge der Hinweis “Vorsicht, möglicher Betrug!”. Vodafone ist voraus, O2 lässt auf sich warten Vodafone hat ein ähnliches Warnsystem bereits im Mai aktiviert, seither hat dieser Spam-Warner Firmenangaben zufolge bereits 50 Millionen Mal Alarm geschlagen. Nur 12 Prozent der Anrufe werden trotzdem angenommen, bei anonymen Anrufen – also wenn keine Nummer im Display erscheint – liegt die Annahmequote bei 60 Prozent. Die Anrufe, bei denen vorher der Betrugshinweis sichtbar war, dauerten laut Vodafone in 90 Prozent der Fälle weniger als 30 Sekunden – also sehr kurz, was ein gutes Zeichen ist: Vermutlich waren die allermeisten Angerufenen auf der Hut und legten ruckzuck wieder auf, noch bevor der Betrüger seine rhetorischen Winkelzüge vollziehen konnte. Die Betrugsanrufe kamen nicht nur aus Deutschland, sondern besonders häufig auch aus den Niederlanden, aus Österreich, Italien und dem Vereinigten Königreich. Betrüger wollen Bankdaten oder Passwörter “Betrüger sind oft sehr geschickt darin, Vertrauen aufzubauen – sei es durch vermeintliche Gewinnspiele oder Umfragen”, warnt Marc Atkins, Leiter der Cyber-Sicherheitszentrale von Vodafone Deutschland. Solche Methoden dienten häufig dazu, sensible Informationen wie Bankdaten oder Passwörter zu erlangen. “Seien Sie skeptisch und geben Sie keine persönlichen Daten am Telefon preis”, warnt der Sicherheitsexperte. Der dritte etablierte Handynetz-Betreiber in Deutschland, O2 Telefónica, hat noch kein solches Betrugswarnsystem für seine Kundinnen und Kunden aktiviert (dpa/jm). View the full article

TypeScript with NestJs Training In Bangalore is one of the fastest-growing tech skills today. Companies all over Bangalore need good programmers who can build strong back-end systems and make apps work fast. If you’re looking to start a good career in this field, getting proper TypeScript with NestJs Training In Bangalore is the first step to success. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build computer back-end programs and web services. Instead of writing simple code that breaks easy, TypeScript with NestJS uses rules and good structure to make programs safe and easy to grow. Programmers write code that watches for mistakes and fixes small problems before they get big. Think of it like this: normal JavaScript code can have hidden mistakes. TypeScript adds type checks like “this must be a number” so you find problems early. NestJS is a tool built on Node.js that makes big apps simple with parts called modules, controllers, and services. It works with databases like PostgreSQL, MongoDB, MySQL. The main ideas include decorators like @Get() for web pages, dependency injection to share code easy, and guards to check user login. This makes clean code that teams can work on together. TypeScript finds mistakes early NestJS makes big apps simple Works with many databases Why TypeScript NestJS Skills Are in High Demand Companies using TypeScript with NestJS see big improvements. Their web apps load fast, handle many users, and have less crashes. Problems get fixed quick and they save money on fixes. Bangalore tech companies pay well for these skills. Here’s what you can earn at different levels: Job LevelSalary Range (Lakh)What You’ll DoJunior Developer5-12Build basic APIs, fix simple bugsMid-Level Developer12-20Design app structure, add databasesSenior Developer22-35Lead projects, make cloud appsNestJS Lead30+Guide teams, plan big systems These salary numbers show good growth in TypeScript NestJS careers in Bangalore. High demand from startups and big firms Fast salary growth possible Skills work for web and mobile back-end What Good TypeScript NestJS Training Should Include Good training teaches more than books. You need practice with real app problems programmers face daily. Best programs show automation tools, database setup, cloud work, and how to test code well. Quality TypeScript with NestJs Training In Bangalore covers important parts. You’ll learn type safety goals for clean code. Practice tools to find code problems quick. Build systems that handle many users without crash. Hands-on projects with real tools Database connection practice Testing and deployment skills Cloud integration basics About DevOpsSchool: Your Training Partner DevOpsSchool teaches TypeScript, NestJS, DevOps, cloud skills since 2016. They help students worldwide with centers in India, USA, Europe, UK. Thousands finished courses and got good jobs. Students like DevOpsSchool because lifetime support means ask questions anytime after class. Keep all videos, notes, slides forever. Teachers explain clear and patient. Real projects not just talk. Many say extra help made big difference. Teachers stay late to answer all questions. Lifetime video and material access 24/7 chat help anytime Real project work included Job ready skills focus Learn from Expert Rajesh Kumar When you join DevOpsSchool, learn from Rajesh Kumar, with over 20 years in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, Cloud. He taught thousands students and explains hard ideas simple for everyone. Rajesh shares true stories from work at IBM, Adobe, ServiceNow, Cotocus. Built systems for 500+ apps. Saved companies 2 million dollars on cloud. Helped Verizon, Nokia, World Bank. His style 80% practice, 20% talk makes learning easy. 20+ years real company work Trained 15,000+ people worldwide Practical examples from big projects Choose How You Want to Learn DevOpsSchool gives different ways to learn that fit you: Video Lessons: Watch recorded classes any time. Good for busy people or slow learning. Live Online Classes: Join real classes from home. Ask questions, talk with others. Private Coaching: One teacher just for you. Perfect for extra help or special needs. Company Training: Train whole team together. Good for office groups. Learn when you want Live talk with teachers Personal one-to-one help Training Costs and Time How LongLearning StylePriceGood For8-12 HoursVideo lessons₹4,999Budget friendly home learning8-12 HoursLive online class₹24,999Most students with teacher8-12 HoursPrivate coaching₹59,999Full personal attention2-3 DaysCompany trainingContact usOffice teams together These prices fit different needs and budgets. What You’ll Learn in the Course Training covers all you need for TypeScript NestJS. Learn basic types, interfaces, classes. Build NestJS modules, controllers, services. Add guards for login, pipes for clean data, interceptors for logs. Connect databases with TypeORM. Test with Jest. Use Docker for same setup. Deploy to cloud. New trends like microservices, REST APIs, GraphQL, validation, Swagger docs, WebSockets, authentication. 80-85% hands-on practice. TypeScript basics to advanced Full NestJS app building Database and testing practice Deployment ready skills Help That Continues After Training DevOpsSchool helps even after class ends. Ask questions on real work projects anytime. They give consulting for company SRE needs. Job support if stuck at work. This means you never alone building career. Lifetime question answers Job interview help Company consulting option Get Your Certification Finish training, get certificate that shows you know TypeScript NestJS. Employers recognize it proves real skills not just reading. Helps stand out in job search. Complete projects like real work to earn it. Certificate shows you can build apps. Learning Materials You’ll Receive Get helpful things with training: Complete notes for all topics Step guides to follow along Class slides for review Interview questions with answers Real project examples Video recordings to watch again These help learn in class and use later at work. Full notes and slides Interview prep kit Forever video access Career Options After Training Know TypeScript NestJS opens many jobs. Work as back-end developer, full-stack with React, API builder. Specialize in e-commerce, fintech apps. Move to lead roles guiding teams. Many do freelance or consulting. Skills good for startups and big companies. New Developments in TypeScript NestJS TypeScript NestJS grows fast. Now AI helps write better code. New tools show app health detailed. Companies test “chaos” breaking things safe to find weak spots. Learn now ready for today jobs and new ideas tomorrow. AI code helpers Better monitoring tools Chaos testing practice Why Training Location Matters Bangalore has different tech needs. Startups want fast APIs. Big firms need strong systems. Electronic City, Whitefield have many jobs. Know local needs helps prepare. Core skills work anywhere Bangalore tech world. Your Learning Path Start with TypeScript basics – types, classes. Practice NestJS setup, controllers. Add databases, testing. Finish with full projects deploy. Each step builds on last. Work practical exercises with real tools. End confident for job challenges. Conclusion and Overview TypeScript with NestJS Training in Bangalore gives skills for strong back-end jobs. Learn safe TypeScript, clean NestJS apps. Build real projects, get certificate, job help. DevOpsSchool top place lifetime support. Rajesh Kumar guides with 20+ years real know. Perfect Bangalore tech career start. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

Cloud access security brokers (CASBs) explained As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective. CASBs can be deployed on-premises or in the cloud; as a hardware appliance or software-only, as a proxy, reverse proxy, or through specific APIs. Enterprises have untold numbers of endpoints, both managed (corporate-owned devices) and unmanaged (devices owned by employees or third-party contractors). Endpoints can be on-premises or remote. And endpoints can include internet of things (IoT) devices. [ Download our editors’ PDF cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explained Why enterprises need cloud access security brokers (CASBs) What to look for in a cloud access security broker (CASB) tool Core cloud access security broker (CASB) services Leading cloud access security broker (CASB) vendors What to ask before cloud access security broker (CASB) tool Essential reading In a multicloud environment, each endpoint could connect to multiple cloud resources over the course of a single day — productivity apps (like Microsoft 365), SaaS apps (like Salesforce and Workday), collaboration apps (like Slack and Zoom), and cloud storage (like Amazon Web Services and Dropbox). Not to mention homegrown apps that have been migrated to the cloud, or apps that have been developed in the cloud (that is, cloud-native). CASBs sit between an organization’s endpoints and cloud resources, acting as a gateway that monitors everything that goes in or out, providing visibility into what users are doing in the cloud, enforcing access control policies, and looking out for security threats. Some vendors have begun incorporating additional features into core CASB functionality, such as data loss prevention (DLP), secure web gateway (SWG), cloud security posture management (CSPM), and user and entity behavior analytics (UEBA). However, it is important to note that CASBs are also a key component of a broader security strategy that goes by several names: Gartner calls that broader strategy Secure Service Edge (SSE), an integration of CASB, secure web gateway (SWG), and zero trust network access (ZTNA). According to Gartner, by 2026, 85% of organizations seeking to secure their web, SaaS, and private applications will obtain the security capabilities from a Security Service Edge (SSE) offering. The Gartner nomenclature has become the de facto standard. They and others have used a second acronym, Security Access Service Edge (SASE). IDC defines the category as network edge security as a service (NESaaS), with the same three core components: CASB, SWG, and ZTNA. “The network security market is in the process of a much-needed convergence trend. Security vendors have shifted from a focus on à la carte, individualized security services to a consolidated, cloud-delivered network security platform that treats individual services as optional modules,” IDC states. Why enterprises need cloud access security brokers (CASBs) The original use case for CASBs was to address shadow IT. When security execs deployed their first CASB tools, they were surprised to discover how many employees had their own personal cloud storage accounts, where they squirreled away corporate data. CASB tools can help security teams discover and monitor unauthorized or unmanaged cloud services being used by employees. This has grown to also include shadow AI services, as more enterprise users pick various machine learning models and use personal accounts to access public-facing generative AI tools. Today, CASBs encompass a variety of other use cases: Data protection: The COVID-19 pandemic drove employees to remote work and applications to the cloud, where they could be more easily accessed. The pandemic has passed, and many employees have returned to the office, but those applications and that data are still in the cloud. Organizations must protect sensitive data as it moves across a hybrid cloud environment. Today’s CASB often integrates DLP functionality. Compliance: Data privacy regulations continue to tighten. CASBs are an important tool in an organization’s overall regulatory compliance framework, enforcing data privacy policies. Remote workforce: Regardless of the location of employees, CASBs allow enterprises to implement more consistent security standards and secure remote access to cloud resources. Threat detection: CASBs can detect malicious activity, intrusion attempts, ransomware, and other types of security events. CASB tools can generate real-time alerts to enable quick response by security teams and feed these alerts into other security platforms to mitigate and resolve them. What to look for in a cloud access security brokers (CASB) tool From a purely functional perspective, there are four key features of a CASB tool: Visibility: CASBs provide comprehensive visibility into cloud usage, user activities, and data flows. Control: CASBs offer granular control over user permissions and data access. Data protection: CASB solutions provide data protection capabilities to safeguard sensitive information across multiple cloud services. Compliance: CASB tools help maintain compliance with data privacy regulations. Beyond those core features, organizations need to make sure the CASB tool well integrates with existing cloud services, applications, and security infrastructure. There are three deployment modes: forward proxy, reverse proxy and API-based. Most experts say that API-based CASBs provide better functionality, but organizations need to make sure that the vendor’s list of application programming interface (API) connections matches up with the organization’s inventory of cloud apps. Core CASB services Take note about the use or requirements for deploying various agents with each product. This is where the CASB vendors often place their secret sauce, which could be an issue depending on how agent-friendly or agent-adverse your IT department is. For example, Skyhigh uses a single agent that functions across all three operational modes. Some of the other CASBs have multiple agents — such as for specific functional areas like antivirus, DLP, or VPN — that can get messy, not to mention tough to deal with unmanaged endpoints such as personal mobile phones and embedded devices such as internet of things controllers. The following three basic services that all CASBs offer are at the core of what CASBs do and why you would buy one: Monitor and control your most sensitive data flows: CASBs were originally designed to stem the tide of shadow IT products and to control and make SaaS applications more secure. Now they have broadened their use and can fit into a variety of situations, including operating across multiple cloud providers and mixing SaaS, mobile, and on-premises applications, too. Apply uniform DLP policies across all servers and apps: As your data appetite increases, you need better ways to ensure that you aren’t leaking customer- and business-sensitive information, either through a malicious insider or inadvertently through a bad combination of security loopholes. While DLP products have been around for years, having DLP-like features in your CASB can be a nice way to track these potential weak spots, especially as more of your data moves into the cloud and is accessed by unmanaged mobile devices. Manage cloud-native encryption keys: Ideally, your CASB should automatically keep track of your encryption needs and keys so you don’t have to do this manually, and so you can encrypt more of your data. Some CASB tools are better at some things than others. For example: Bitglass has an Ajax virtual machine-like layer that handles near-real-time DLP on unmanaged devices. The only caveat is that these devices have to access data through their browsers. Some CASBs, such as Fortra, has field-level encryption on some SaaS structured data services, which can be a handy mechanism for protecting sensitive information. Beyond these basics, all CASBs offer the potential to operate in one (or more) of three different modes: Forward proxy, usually deployed with endpoint agents or VPN clients. Reverse proxy, which doesn’t require agents and can work better for unmanaged devices. API control, which provides visibility into data already stored in cloud repositories or data that is used in a cloud process that never enters a corporate network. Feature sets across CASB operational modes vary Part of the CASB evaluation challenge is understanding how the feature set extends to each operational mode if indeed the product operates in more than one mode. Broadcom’s Symantec CASB, for example, has reverse proxies just for Microsoft 365 and no other application. Meanwhile, Cisco Systems and Palo Alto Networks both offer API-only CASB products. Such differences mean you need to understand the types of protection and not just which apps are supported but how they are supported, and what is the exact API portfolio that is covered by each product. You really need the API support if you want to get granular with your CASB protection to understand the state of your public cloud security exposure and to stop any cloud-based malware too. API deployments also can trap cloud-to-cloud activities and to retrospectively inspect archived traffic flows. You will also need some level of proxying to handle application gateways and for implementing specific security policies. It pays to read the fine print and develop an appropriate test plan that will reveal the relevant features for each vendors’ product. Nice-to-have sets of CASB features: Conduct continuous risk assessments and compliance audits on demand: A CASB can show in a single place where a corporation has the most risk and summarizes issues that a security team can quickly focus on for suspicious behavior that other products couldn’t easily do. Forcepoint, Netskope, and Proofpoint all have nice risk summary dashboards that you can customize to display the things you need to understand how your environment is behaving and what needs immediate attention. Apply uniform adaptive authentication policies across all logins, servers, and apps: This should include read-only access (Gartner suggests this would be a good situation for unsanctioned SaaS services that are nonetheless needed), step-up authentication, and more granular access rights management. Identity management and single sign-on (SSO) tools are the usual go-to reasons for these sorts of tasks, and one important trend is that more CASBs are integrating with traditional SSO products. The trick is to understand that the typical level of integration happens (usually) in reverse proxy mode only, and the SSO authentication is only passed to the CASB at the initial application login moment. This means that if you want a more complete adaptive authentication to trap when more risky behavior happens, you will probably have to stick with your dedicated SSO product. As you can see, CASBs touch a lot of different existing security products across your enterprise. The challenge for successful integration is being able to understand these interactions and ensure that you overall security profile is enhanced rather than degraded with their use. Leading cloud access security broker (CASB) vendors The list of leading CASB vendors (in alphabetical order) includes pure-play companies as well as traditional security vendors that have added CASB capabilities to their portfolios either by acquisition or through internal development. Most vendors would not share their pricing details, but we have found approximate clues on AWS and Azure marketplaces where we could. Cloudflare CASB is an add-on to their One SASE platform, using the same overall agent. There is a free version for under 50 users which allows two SaaS components, and prices start at $7/user/month above that level, with custom pricing for larger installations. The CASB product is now four years old and integrates with visibility and control of various AI services such as ChatGPT and Google Gemini. It doesn’t support reverse proxies, includes DLP and integrates with the risk scores and metadata sources available with Microsoft’s cloud services, such as with protecting Office 365 documents and emails. Cisco Cloudlock:Cisco Systems has had a CASB since it acquired Cloudlock back in 2016. Cisco Cloudlock is a cloud-native CASB that protects users, data, and apps with an automated approach that uses APIs to manage the risks in the cloud app ecosystem. It integrates with Cisco’s SSE platform for its protective policies and a uniform dashboard. Cloudlock uses advanced machine learning algorithms to detect anomalies. It also provides DLP functionality and targets shadow IT with policy-based controls that can block dangerous activities, depending on permissions and risk levels. It uses machine learning to produce risk scores for more than 1,300 applications along with having tools to manage AI supply chains. Forcepoint ONE CASB: Forcepoint bought Bitglass in 2021, one of the original standalone CASB vendors and a leader in Gartner’s Magic Quadrant for CASB. Forcepoint has integrated Bitglass technology with its own DLP capabilities to provide an SSE solution. Forcepoint excels in monitoring and reporting on shadow IT, and its user analytics feature is popular. The software also supports a zero-trust architecture, providing device and user authentication. Pricing is $120 per user per year on AWS Marketplace. Fortra’s CASBis the result of acquiringendpoint protection vendor Lookout who previously acquired CASB innovator CipherCloud. Fortra now has a solid SSE platform that covers zero trust access controls, advanced DLP capabilities to automate the data discovery process, and supports a range of purpose-built integrations that covers identity access management and security orchestration, among others. It can provide visibility across managed and unmanaged cloud-based applications, users, endpoints, and data. Netskope CASB: One of the original pure-play CASB vendors, Netskope is a leader in CASBs as well as SSE. According to Forrester Research, Netskope has shown innovation across its technology stack, including significant investments in an impressive new private global network, artificial intelligence and generative AI security. Netskope merged SWG functionality into its CASB tool and sells separate in-line and API versions each for $35,000 per year for 100 users on AWS Marketplace. Palo Alto Networks Prisma CASB. Palo Alto Networks touts its CASB as being “next-generation,” based on the proposition that it’s less a standalone product and more of a range of integrated solutions such as inline security, SSPM, and enterprise DLP. The Palo Alto Networks CASB is designed to secure apps and data across cloud and hybrid workforce environments, protects data in transit between users and SaaS providers, facilities regulatory compliance and minimizes risks from shadow IT. Proofpoint’s CASB is focused on extending DLP and threat protection from email to cloud apps. Proofpoint takes a people-centric approach; it provides granular visibility into who creates sensitive data and who owns, downloads, uploads, shares and edits that data. It identifies users who have been successfully phished, and those who have been attacked the most by hackers. Skyhigh Security CASB supports all deployment modes and enables real-time control over user access to sanctioned and unsanctioned cloud services. Skyhigh (a unit of Indian IT tech provider Musarubra that also owns Trellix) focuses on providing comprehensive multimode coverage that feeds security events into a machine learning system to provide sophisticated event correlation, helping security teams to focus on real threats rather than false alarms. CASB is just part of its overall SSE platform which integrates across SWG, ZTNA, DSPM and DLP, along with remote browser isolation. Protective policies are developed platform-wide and include management of AI usage and prevention of shadow AI and crafting user risk scores from all these metrics. Pricing is based on per protected service per user per year, the unlimited services is $88/user/year, with extra charges for shadow services. Symantec, a division of Broadcom, offers its CloudSOC CASB to monitor and control the use of sanctioned SaaS apps through extensive API integrations and in-line traffic analysis. The Symantec CASB provides full visibility and automatic detection of high-risk users, compromised accounts, and malicious insiders. Individualized behavioral-based user threat scores allow fast identification of risky user accounts. The tool automates the classification regulated data flowing in and out of apps, and it enforces controls that align with corporate policies. The tool includes DLP functionality and CSPM. Versa’s CASB is part of its One Universal SSE Platform that contains a unified dashboard and policy rule set for a variety of security services, including DLP, ZTNA, applications firewall, analytics and reporting. All its modules were entirely developed in-house, include various AI-based tools, and it supports all three modes of operation. Users can create protective policies using natural language queries of its embedded AI, as well as explore alerts and remediations. Zscaler CASB offers inline, real-time capabilities and out-of-band scanning functionality to protect data, block threats, provide visibility, and assure compliance. Key features include agentless cloud browser isolation to secure BYOD and third-party devices where software installations are infeasible, advanced threat protection to stop malware from reaching cloud resources in real time, cloud sandboxing to detect new ransomware and other zero-day infections, shadow IT discovery to automatically identify unsanctioned apps used by employees and create a risk score for each. It uses AI to classify and detect data leaks and will have additional AI-based tools in early 2026. What to ask before buying a CASB tool Buying a CASB tool can be complex. There’s a laundry list of possible features that fall within the broad CASB definition (DLP, SWG, etc.) And CASB tools themselves are part of a larger trend toward SSE and SASE platforms that include features such as ZTNA or SD-WAN. Enterprises need to identify their specific pain points — whether that’s regulatory compliance or shadow IT — and select a vendor that meets their immediate needs and can also grow with the enterprise over time. Here are the key questions to ask yourself before buying a CASB tool: Do I have a good handle on what cloud services my users are accessing, including employees, contractors, and other third-parties? Do I have a solid data classification system in place, so that I know what types of data are sensitive or mission critical? Do I have policies in place for access control across both on-prem and cloud environments, including SaaS applications? Do I have clear objectives? What are my priorities when shopping for a CASB? How will a CASB tool integrate with my existing security infrastructure such as firewalls, endpoint protection and web gateways. Examine how it will protect my entire applications’ estate, including custom-written apps. What happens as I migrate apps from on-premises to the cloud or in reverse? Do I get DLP and SWG as part of the CASB, or are those additional modules? How will the purchase of a CASB tool play into my broader security roadmap that might include the adoption of SSE or SASE? What is the initial cost, as well as the longer-term total cost of ownership? Do I have the budget for a new tool? Can your product scale as my company grows? Does your product cover all the geographic regions where I operate? Do I have the inhouse staff to deploy and manage the tool on-premises, or should I take the cloud-based, managed service route? Essential reading How do you secure the cloud? New data points a way What is SASE? A cloud service that marries SD-WAN with security View the full article

A US Securities and Exchange Commission committee has recommended a new rule that would mandate companies to analyze and report all AI efforts — including decisions to not use AI for some purposes. Attorneys who have studied the proposal note that the AI rule — just like the SEC’s cybersecurity rule from about two years ago — won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of the SEC some 90 years ago, anything material has always required disclosure. But they theorize that the SEC committee believes that many public-company boards and their senior executives don’t fully understand the scope and potential impact of their various AI efforts. The new rule would force those executives to create committees and to formally review all AI decisions, potentially unearthing material issues that would otherwise not have occurred to those executives. Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, argues that this extra focus could make a significant difference for many enterprises. “It will help focus people. It puts it in front of everyone who needs to be thinking about AI,” Levine said. As for requiring companies to examine and disclose where they are either not using or where they might be underinvesting compared to rivals, Levine said that could help executives understand “that there is a risk that our implementation of AI may not keep up with stakeholders and competitors.” The proposed rule comes from the SEC Investor Advisory Committee (IAC) and was discussed during the Dec. 4 IAC meeting. Companies can write their own definitions of AI Another controversial aspect of the proposed rule is that it fails to define AI, instead instructing companies to write their own definitions. Some legal experts have suggested that the committee didn’t literally want companies to evaluate all uses of AI, given that the technology dates back to the 1950s and exists in some form in just about every piece of software that businesses use. They more likely intended for such evaluations to focus on relatively recent AI popularizations, especially generative AI and agentic AI. Under the proposed rule, companies would “self-define what they mean by artificial intelligence and then rely on that definition throughout its disclosures in describing AI-related risks, their AI deployment strategy if any and capital expenses and R&D expenditures related to the implementation and deployment of AI, amongst other material information.” Monica Washington Rothbaum, a senior attorney with J&Y Law, said that it would be “risky for a company to define AI differently” because it makes “apple to apple” investor comparisons difficult if not impossible. “Requiring companies to disclose AI-related risks is a smart move. But letting each company define AI however they see fit is a loophole waiting to be exploited. Without a consistent baseline, you risk turning disclosures into PR spin rather than meaningful accountability,” Rothbaum said. But Rothbaum does find value in forcing companies to disclose where management has opted to not use AI or to use it less than they might have otherwise. “Under-disclosing material risks like reliance on flawed AI models can expose companies to liability when things go wrong. Failing to invest in AI responsibly could also lead to competitive disadvantages that shareholders deserve to know about,” Rothbaum said. “This isn’t theoretical. AI is already shaping the way we look at hiring, customer service, and security. These are core operations that can affect a company’s value. If you can’t clearly explain how your AI decisions are made and who’s accountable for making them, then you’re already behind. Transparency like that has to be the cost of doing business today.” Braden Perry, a litigation, regulatory, and government investigations attorney with law firm Kennyhertz Perry, is not a fan of the proposed rule because he sees it unlikely to help investors make decisions. Asked the probability that such a rule would deliver useful information to investors and potential investors, Perry said, “None. In terms of an overall understanding from a shareholder, there will likely be zero usable information.” Will filing reveal anything useful? This concern is partly based on the many SEC cybersecurity filings that have used boilerplate language — and use SEC exemptions to reveal nothing specific. According to Perry, the key part of the AI definition portion is that the definition — once used — has to be used consistently throughout all filings. “Adopt a clear, enterprise-wide definition of AI and use it consistently across SEC filings, internal policies, and marketing, so you do not redefine the term to suit the story you want to tell in a given quarter,” Perry said. “The IAC recommendation explicitly contemplates requiring issuers to define what they mean by AI, in part because inconsistent definitions are already making disclosures hard for investors to compare. Allowing companies to define AI themselves is a double-edged sword, since it can either promote honest, business-specific clarity or invite opportunistic word games.” Some attorneys suggested that companies should be careful about AI phrasing or face potential actions from the SEC and the US Federal Trade Commission (FTC). “Be very cautious about AI marketing. The SEC has already shown, through its AI washing enforcement actions, that it is willing to charge firms that exaggerate their AI capabilities or mislead investors about how embedded AI is in their products and processes,” Perry said. “A disclosure regime that asks companies to explain where AI is used, how it is governed, and how it affects operations will only make it easier for the SEC to test whether those claims are real.” Lexi Reese, CEO of AI vendor Lanai, also expressed concern about allowing companies to write their own AI definitions. “Giving companies the freedom to define AI may reduce short-term compliance friction, but it creates exactly the kind of fragmented, incomparable disclosure environment that leaves investors guessing,” Reese said. “If one company calls an autonomous decision system AI and another calls the same thing a data-driven tool, their disclosures will look compliant while describing two different universes of risk.” AI specialist Rob Lee, chief of research for the cybersecurity training firm the SANS Institute, said the rule might prove helpful in raising board and C-level awareness about what companies are actually doing with AI. But as with the earlier SEC cybersecurity rule, Lee said he was unhappy that the rule includes “a massive number of get-out-of-jail-free cards. Who is going to actually disclose anything? What are they disclosing? They don’t even mention shadow IT. How do you track unsanctioned AI use in your company?” Not even all members of the IAC were happy with the rule’s phrasing. IAC member John Gulliver submitted an official dissent to the proposed rule, expressing particular concern with each company’s ability to write its own AI definition. “These definitions would likely change from year-to-year or quarter-to-quarter. I don’t see how this benefits investors,” Gulliver wrote. But he also said that he doubted the details required are realistic. The proposed rule would “require public companies to provide highly specific disclosures of how their use of AI impacts employees at their company and the company’s customers. It’s good that this is only required when the use of AI is financially material to the company. But unfortunately, I think this is an impossible task,” Gulliver wrote. “Does the SEC really have the AI expertise necessary to determine what these line-item disclosures should be? And how is a company supposed to know the precise impact of AI on hiring or their customers? There are many macroeconomic and industry-specific factors that affect jobs and customers. In my view, accurately isolating AI-specific impacts would be a difficult guessing game.” View the full article

DevOps Training in Hyderabad helps you get good computer jobs in India’s best tech city. Big companies like Microsoft, Google, Amazon, TCS, Infosys, Wipro, Accenture, and Deloitte have big offices in HITEC City, Gachibowli, and Madhapur. They need people who can make computer programs work fast and safe. This simple training teaches you to build programs, check them, send them to people, and watch them run good. It uses tools that all companies need every day.​ Why This Training is Good DevOps Training In Hyderabad teaches skills for jobs that pay 10 to 25 lakh rupees each year. You learn easy ways to do work without doing the same thing again and again. You find small problems before they make big trouble. You learn to work nicely with people who make programs and people who run computers. Numbers show 85 out of 100 students get job calls in 3 months. People with the training paper get 30% more money. The class is 20% talking and 80% doing real work like making online shops or bank apps. Right now Hyderabad has 200 or more DevOps jobs open in HITEC City.​ Send new work every day not every month Computer makers and runners work together good Get 30% more money with training paper What You Do Week by Week This training is 8 to 12 hours long over 2 to 4 easy weeks. Week 1 you learn Git to save all your work safe and Jira to make work lists like big companies do. Week 2 you learn Jenkins to make programs auto and Docker to put programs in safe little boxes. Week 3 you learn AWS to make cloud computers and Kubernetes to run many boxes together. Week 4 you learn Ansible to set up 100 computers at same time and do big projects. You make 3 real things: a shop program that sends fast, small programs on Kubernetes, and move everything to AWS cloud. You get a good paper and keep 200 videos, notes, and new things forever.​ Kind of ClassHoursMoneyGood ForWatch Videos12₹4,999Students and new peopleLive Online12₹24,999People with day jobsOne Teacher12₹59,999Learn fast peopleFor Offices2-3 daysAsk usGroups​ Make 3 real things yourself Get good paper from training Keep videos forever Tools You Learn to Use Training shows you how companies really work. Days 1-2 you practice Git ways to save work and Jira to list jobs. Days 3-5 you do Jenkins to send work auto, SonarQube to find 90% wrong things, Nexus to keep files safe like Netflix and NASA. Days 6-8 you use Docker to pack fast, Kubernetes to run many, Ansible for 100 computers together. Days 9-12 you set AWS computers and watch with Splunk or Datadog. You learn full way from idea to working program, Docker same on all, Kubernetes for big, AWS easy, Ansible no hands.​ Learn real company ways Stop 90% wrong things Use tools big companies like Good Jobs and True Stories Hyderabad has 2500 DevOps jobs now in big places and new shops. New workers get 5-10 lakh money, good workers 22-35 lakh. Trained people have 90% less trouble, work 5 times fast, save companies much money when computers stop. True stories: Ravi from Pune got 15 lakh job at Infosys in 45 days. Priya from Hyderabad got 22 lakh job at Deloitte in 3 months. New school people get 6-8 lakh at Swiggy or Zomato. You get job calls fast 85%, more money 30-50%, big companies call first, better jobs in 6-12 months.​ Job NameYears WorkMoney Per YearNeed To KnowNew Worker0-25-10 lakhDocker, Git, JenkinsNormal Worker3-512-20 lakhAWS, Kubernetes, watchOld Worker6+22-35 lakhMore cloud toolsBoss Worker8+30+ lakhLead people​ Get job calls fast More money quick Better jobs soon Your Kind Teacher Rajesh Kumar Rajesh Kumar is main teacher with 22 years work. He made work ways for 500 apps at Cotocus company. Saved 2 million dollars on AWS. Good at Kubernetes with paper. Worked IBM, Adobe, ServiceNow. Helped big companies Verizon and Nokia teach people. He tells simple for new people with 1000 true stories from 15 years help companies.​ Saved companies 2 million dollars Taught 15 thousand people Good Kubernetes teacher Why DevOpsSchool Good Place DevOpsSchool helped 8500 people get jobs. 4.8 out of 5 good mark on Google. Help 95% get jobs. Teachers know AWS 16 years. You get 200 videos, talk help any time, 500 jobs list, 1000 questions for jobs, help papers for tools, good paper templates for big companies.​ 8500 people have jobs now Very good mark 4.8/5 Keep everything forever Jobs Open in Hyderabad Now Microsoft has 25 jobs in Gachibowli. Google wants Kubernetes good people at Waverock. TCS Infosys take new people with Docker paper. Amazon gives 20 lakh plus for AWS work. 70% jobs let work from home.​ Microsoft 25 jobs now Amazon good money AWS Work from home many jobs Easy Way to Join Join in 5 minutes. Pick class money from 4999 to 59999 rupees. Write name and phone. Pay with phone money, card, or small parts. Get class right away. Weekend class for people with jobs.​ Start Good Computer Job DevOps Training In Hyderabad makes way for 15 lakh plus job money. Learn 12 tools, make 3 things, Rajesh Kumar helps 22 years. Join 8500 happy people. Talk to Us Now Email: [email protected] India Phone: +91 84094 92687 call or WhatsApp USA Phone: +1 (469) 756-6329 call or WhatsApp Website: DevOpsSchool View the full article

Übermäßig komplexe, unnötige oder unsinnige Sicherheitsmaßnahmen können Mitarbeiter nachhaltig frustrieren. Das schafft neue Risiken. Foto: vchal | shutterstock.com Je mehr Zwang besteht, Systeme und Daten zu schützen, desto besser ist es um die Security bestellt. So zumindest die Annahme einiger Unternehmen. Eine unzureichende User Experience ist in diesem Zusammenhang noch das geringste Übel. Im schlimmsten Fall werden übermäßig komplexe Sicherheitsmaßnahmen von den Mitarbeitern schlicht umgangen. Dabei ist es auch möglich, die Benutzerfreundlichkeit zu verbessern, ohne dafür die Security zu opfern. Im Folgenden haben wir die fünf häufigsten Fehler zusammengetragen, mit denen sich Unternehmen regelmäßig ins Security-Verderben bugsieren. Natürlich erfahren Sie bei dieser Gelegenheit auch, wie Sie es besser machen. 1. Security-Mindset vernachlässigen Wenn Ihre Mitarbeiter in Sachen Cybersecurity nicht mitziehen, wird es schwierig, Ihr Unternehmen abzusichern. Deswegen ist es essenziell, Ihre Belegschaft über die Risiken und die Lösungen, die diese beseitigen oder minimieren können, zu informieren. Das sollte auch keine Angelegenheit sein, die an IT- oder Security-Spezialisten “abgeschoben” wird, wie Yehudah Sunshine, Berater und Experte für Influencer-Marketing, unterstreicht: “Um ein effektives Bewusstsein für Cybersicherheit zu entwickeln, müssen Mitarbeiter entsprechend geschult werden. Dabei besteht die Herausforderung darin, mit Nicht-Experten so zu kommunizieren, dass sie das ‘Was’ und ‘Warum’ der Cybersicherheit verstehen.” Das erfordere einen klaren Fokus auf die Praxis, ohne dabei herablassend, manipulativ oder bestrafend zu wirken: “Es gilt, Ängste abzubauen. Die Mitarbeiter brauchen die Gewissheit, dass sie ehrlich über ihre Fehler kommunizieren können und nichts vertuschen müssen. Erst dann kommen sie in die Lage, dazu beizutragen, das Sicherheitsniveau ihres Unternehmens zu verbessern.” In diesem Zusammenhang ist für den Consultant zudem entscheidend, dass sämtliche Mitarbeiter mit an Bord sind: “Dazu gehört die Personalabteilung, das UX- und Technologie-Team. Wer an dieser Stelle spart, kann keine guten Ergebnisse erzielen.” 2. An IT-Sicherheit in Einheitsgröße glauben Um optimale Ergebnisse im Sinne der Cybersicherheit zu erzielen, gilt es, die richtige Balance zwischen Security und User-Komfort zu ermitteln. Das ist allerdings auch stark kontextabhängig, wie Sunshine verdeutlicht: “Bei Mitarbeitern in Regierungsbehörden wird beispielsweise in der Regel ein strengerer Maßstab angelegt als bei der Belegschaft eines Fast-Food-Restaurants.” Die Sicherheitsanforderungen einer Regierungsinstitution auf einen Schnellrestaurant-Betrieb anzuwenden, führt dagegen lediglich zu unnötigen Reibungsverlusten. Dahinter steht der grundlegende Fehler in vielen Security-Protokollen, allen Benutzern sämtliche Sicherheitsmaßnahmen aufzuerlegen – statt zwischen verschiedenen Usern und Bedürfnissen zu differenzieren. Joseph Steinberg, Autor von “Cybersecurity for Dummies“, bringt das Problem auf den Punkt: “Wenn man jede Aktion so behandelt, als ob sie zusätzliche Sicherheitsmaßnahmen erfordert, sinkt die Wahrscheinlichkeit, dass Anzeichen für echte Bedrohungen erkannt werden – und damit das Schutzniveau.” Er fügt hinzu: “Wenn das Risiko gering und das Vertrauen hoch ist, besteht keine Notwendigkeit, eine zusätzliche Sicherheitsebene hinzuzufügen. Das ist nur dann erforderlich, wenn das Risiko aufgrund der Art der Transaktion oder mangelnden Vertrauens höher ist.” 3. Komplexität mit mehr Sicherheit verwechseln Eine Mindestzeichenzahl, Groß und Kleinbuchstaben, Sonderzeichen, regelmäßige Passwort-Änderungen: Viele Unternehmen legen bei der Account-Erstellung strenge Maßstäbe an. Das Mehr an Komplexität beruht auf der Überzeugung, dass es für Angreifer mit steigender Variablen- oder Zeichenfolge zunehmend schwieriger wird, Passwörter zu knacken. Das stimme zwar in der Theorie, weiß Sicherheitsexperte Steinberg, in der Praxis sehe das allerdings anders aus: “Weil Menschen gerne in Muster verfallen, folgen auch die meisten Passwörter vorhersehbaren Mustern: Sie beginnen meist mit einem Großbuchstaben und enden oft mit einer Zahl, an die gegebenenfalls noch ein Sonderzeichen angehängt wird.” Dazu komme noch das Problem, dass die Komplexität selbst ein Security-Problem aufwerfen kann. Weil es schwierig sei, sich lange und komplexe Kennwörter zu merken, würden diese häufig auf Papierzetteln notiert oder im Browser gespeichert. Ein Unding, findet auch Softwareexpertin April McBroom und legt eine bessere Option nahe: “Nutzen Sie stattdessen einen Passwort-Manager. Sie könnten Passwörter auch durch Passcodes ersetzen – etwa mit Hilfe von Push-Benachrichtigungen oder einer Authentifizierungs-App.” 4. Auf Sicherheitsfragen verlassen Sicherheitsfragen sind auf dem Papier zunächst ein gutes Konzept. Wen Sie allerdings schon einmal solche Fragen unabsichtlich falsch beantwortet haben und anschließend aus Ihrem Account ausgesperrt waren, wissen Sie um die Frustration, die das mit sich bringt. Anstelle herkömmlicher Sicherheitsfragen empfiehlt Autor Steinberg, auf wissensbasierte Fragen mit einigen Abstufungen zu setzen, um kriminellen Hackern ihr Wirken zu erschweren: “Wenn jemand eine Schwester namens Mary hat, würde ich zu einer Multiple-Choice-Frage wie ‘Welche der folgenden Straßen verbinden Sie mit Mary?’ raten.” 5. Biometrie-Wunder erwarten Wenn von einer passwortlosen Zukunft die Rede ist, denken nicht wenige Menschen an biometrische Sicherheitsmaßnahmen wie Fingerabdruck-, Gesichts- oder Irisscans. Selbst wenn diese Maßnahmen wie vorgesehen funktionieren, sieht Steinberg zwei wesentliche Nachteile: “Zum einen könnten Kriminelle relativ leicht die Fingerabdrücke von berechtigten Personen abnehmen, um sich Zugang zu verschaffen – ein Vorgehen, dass bei Passwörtern nicht möglich ist. Zum anderen können etwa Fingerabdrücke nicht so einfach zurückgesetzt werden, wie das bei Kennwörtern der Fall ist.” Sinnvoller wäre es nach Meinung des Experten, auch im Bereich der biometrischen Security den jeweiligen Kontext mit einzubeziehen- Stichwort “Behavioral Biometrics“: “Die Verhaltensbiometrie beruht etwa darauf, wie schnell ein bestimmter Nutzer die für ein Passwort verwendeten Tasten drückt. Solche unsichtbaren biometrischen Daten sind der bessere Ansatz.” Es sei ein allgemeiner Fehler in Sachen Benutzererfahrung, so Steinberg weiter, davon auszugehen, dass es bei Security ausschließlich um Dinge geht, die sichtbar sind: “Je weniger der Benutzer sehen muss, desto besser. Das ist der Schlüssel, um negative Auswirkungen auf die User Experience zu minimieren.” (fm) Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. Jetzt CSO-Newsletter sichern View the full article

Threat actors aren’t wasting time taking advantage of newly-revealed vulnerabilities in Fortinet device authentication. Researchers at Arctic Wolf said they are seeing malicious single sign on (SSO) attempts trying to leverage the holes in FortiGate next generation firewalls since Fortinet alerted admins about the vulnerabilities on December 9. “We have seen tens of intrusions since December 12, 2025,” a spokesperson for Arctic Wolf Labs told CSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against large swaths of devices at once.” Arctic Wolf’s advisory says admins who see malicious activity in their logs should assume that hashed firewall credentials stored in the exfiltrated configurations have been compromised, and reset those credentials “as soon as possible.” On Tuesday, the US Cybersecurity and Infrastructure Security Agency added one of the vulnerabilities, CVE-2025-59718, to its Known Exploited Vulnerabilities (KEV) catalog. If a flaw is listed in the catalog, federal civilian executive branch agencies have to immediately remediate the affected product or service. CISA says that any listing should also be seen by private sector IT departments as a warning to prioritize their own remediation or patching. Among other things, hackers exploiting the vulnerabilities could access Fortinet device configuration files to accelerate a breach of security controls. The authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are in the Fortinet FortiOS operating system that runs FortiWeb, FortiProxy and FortiSwitchManager devices. If exploited, they may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication, if that feature is enabled on the device. For some admins, it may have been unknowingly turned on; when administrators register devices using the FortiCare product support portal, FortiCloud SSO is automatically enabled unless they disable the “Allow administrative login using FortiCloud SSO” setting on the registration page. To prevent being affected by this vulnerability, admins should turn off the FortiCloud login feature, if enabled, then upgrade software to the latest version before re-enabling the function. Fortinet acted quickly to patch the authentication bypass vulnerabilities, said Piyush Sharma, CEO of Tuskira, a vulnerability platform provider. “However,” he added, “the speed at which threat actors exploit newly discovered flaws continues to outpace traditional patch cycles, underscoring the critical need for agentic AI systems that provide continuous, real-time exposure management and autonomous threat response.” He noted that any configuration files that have been exfiltrated could allow hackers to map network architecture and identify vulnerable interfaces and points of failure to be used in targeted attack campaigns or exploitation, and weak passwords could be cracked offline and allow attackers to pass as legitimate users and move laterally across networks. “The combination of this information sets the stage for potentially dangerous and highly precise cyberattacks, which could lead to data theft or even total network compromise,” he warned. Vulnerable organizations that haven’t implemented Fortinet’s released patches should do so immediately, he said. As well, all organizations should practice credential rotation and implement principles of least privilege to prevent data from being unnecessarily leaked, he added. Beyond following Fortinet’s advice on upgrading its device software, Arctic Wolf also urges admins to follow the manufacturer’s best practices for hardening its devices. View the full article

There has been a whirlwind of rumors over the last few days, sourced from leaked internal software designed for the iPhone and the Mac, and news sites like The Information. Below, we have a quick recap of everything we've heard this week, which serves as a guide to Apple's product plans in 2026 and beyond. We've organized the info by likely release date, though there are some products that we don't have a timeline for. Keep in mind that the list features only rumors that we've heard over the last couple of days, so it's not a complete feature overview for each device. Early/Spring 2026 iPhone 17e (V159) - The ‌iPhone‌ 17e will use Apple's C1X modem instead of the C1, and it will include MagSafe support, which was missing from the iPhone 16e. It may not include an N1 wireless chip. AirTag 2 (B589) - Likely coming in early 2026. Expected to feature improved pairing, more detailed battery level reporting, and improvements to tracking AirTags that are moving and in crowded places. Home hub (J490 and J491) - Apple's home hub is expected to launch in spring 2026, around when iOS 26.4 comes out. Recent rumors suggest it will have a 1080p video camera, Face ID for authentication and to identify different people, profile switching, and support for Apple Intelligence. There are two models, one that's wall mounted and another that has a HomePod-like speaker base. HomePod mini 2 (B525) - A new HomePod mini is ready to launch at any time, so it could come in spring or even earlier in the year. It won't have Apple's N1 networking chip. Apple TV (J355) - A new Apple TV is reportedly ready to go, and it makes the most sense for it to launch alongside other home products slated for the early 2026 timeframe. Unknown home accessory (J229) - We don't know what this is, but it could be a camera, or standalone speaker base that can be added to the wall-mounted home hub after purchase. It could also be something else entirely. There are mentions of sensors in the code for this accessory. iPad 12 (J581 and J582) - The latest information suggests the iPad 12 will use Apple's A19 chip, which is the same chip that's in the iPhone 17. It's an unusual choice because iPads usually get older, more affordable chips. It isn't expected to include the N1 networking chip. It's expected early in 2026. M4 iPad Air (J707, J708, J737, J738) - 11-inch and 13-inch iPad Air models with M4 chips are rumored to be launching in early 2026. No major changes are expected except for the chip update. Low-Cost MacBook (J700) - Apple is working on a MacBook with the A18 Pro chip, and it's expected to launch early in 2026. It will be positioned as Apple's most affordable MacBook, competing with Chromebooks and cheaper Windows laptops. M5 MacBook Air (J813 and J815) - The MacBook Air is going to get updated with M5 chips as soon as early 2026. No other major changes are rumored. M5 Pro/Max MacBook Pro (J714c, J714s, J716c, J716s) - M5 Pro and M5 Max MacBook Pro models are coming soon. They might get a refresh early in 2026, because there are still rumors of another ‌MacBook Pro‌ refresh later in the year. September 2026 Foldable iPhone (V68) - The foldable ‌iPhone‌ will open book style, and will be wider than it is tall. It will look like a small iPad. When open, the display will be around 7.7 inches, and when closed, it will be around 5.3 inches. There will be a single front-facing camera in the top left, and no Dynamic Island. Display sizes could ultimately change, and Apple is reportedly seeing a high failure rate in current display production. iPhone 18 Pro and Pro Max (V63 and V64) - The TrueDepth camera system for ‌Face ID‌ will be under the display, eliminating the ‌Dynamic Island‌. There will be a cutout for the front-facing camera at the top left of the display. At least one rear camera will have a variable aperture that lets users control the amount of light that enters the lens. Overall design will be similar to the iPhone 17 Pro models. The A20 TSMC chip will support Wafer-Level Multi-Chip Module packaging for speed improvements that could bolster AI features and on-device processing capabilities. The iPhone 18 Pro models could have either a C1X modem or a C2 modem. iPad mini 8 (J510 and J511) - The iPad mini 8 could get OLED display technology and the A20 Pro chip, which is the same chip that's slated for the ‌iPhone 18‌ Pro models. That would suggest a fall launch alongside the ‌iPhone 18‌ Pro. There have also been rumors that it will use the A19 Pro that's in the ‌iPhone 17 Pro‌, and if that's the case, it could come earlier. Apple Watch Series 12 (N237 and N238) - The Apple Watch Series 12 is expected in September 2026. No major changes are rumored so far. Unknown Timing, But Likely 2026 Apple Studio Display 2 (J427 and J527) - There are two Apple displays in the works, that are expected to be followups to the Studio Display. These are likely to launch alongside new M5 Mac desktop machines. The two models could be different sizes or different display technology, as there are mini-LED rumors for the next-gen model. M5/M5 Pro Mac mini (J873g and J873s) - The Mac mini is going to get M5 and M5 Pro chips, but timing is unclear. It could be refreshed early in 2026, or it might come later alongside other desktop Mac updates. M5 Max/Ultra Mac Studio (J775c and J775d) - The Mac Studio will use the M5 Max and M5 Ultra chips, and it will likely be refreshed later in 2026 rather than earlier. iMac Pro (J833c) - Apple is working on a high-end iMac with an M5 Max chip, which suggests it will launch alongside other M5 Max models sometime in 2026. Prior rumors have suggested the device could have a display around 30 inches in size. M6 MacBook Pro (J804) - The entry-level ‌MacBook Pro‌ could be updated with an M6 chip toward the end of 2026. M6 Pro/Max MacBook Pro (K114c, K114s, K116c, K116s) - The M6 Pro and M6 Max ‌MacBook Pro‌ models will feature a major redesign with OLED display technology. So far, rumors suggest this could happen as soon as late 2026, though that would mean two ‌MacBook Pro‌ refreshes in 2026. It's not unheard of, but Apple might also opt to hold this update until early 2027. Apple Watch Ultra 4 (N240) - Apple is working on a fourth-generation version of the Apple Watch Ultra. It could come in September 2026 alongside the Series 12, but Apple doesn't update the Apple Watch Ultra on an annual basis. 2027 iPhone 18 - The ‌iPhone 18‌ will not launch in fall 2026 as expected, and will instead come in spring 2027. It will be an incremental update, and Apple may remove haptic feedback and touch sensing from the Camera Control button (it could also be removed from the 18 Pro models). iPhone 18e - Also slated for spring 2027, the ‌iPhone‌ 18e could launch alongside the ‌iPhone 18‌. It is expected to feature few changes. iPhone Air 2 (V62) - There is no second-generation iPhone Air planned for fall 2026 because Apple has delayed it. It could instead come in spring 2027. Apple is reportedly looking at adding a second camera to make the device more appealing to consumers. The next ‌iPhone Air‌ might also be more affordable. 20th Anniversary iPhone - The 2027 ‌iPhone‌ will have an "enclosure on the front and back that curves around the device edges," which allows for a bigger screen with no bezels. The Information says that it is not sure if the display itself will curve around the edges, but instead of a full metal frame, it has a "narrow metal band running around the midpoint of the device's edge. The selfie camera will move under the display, and it will be the first ‌iPhone‌ with no display cutouts at all. The 20th anniversary ‌iPhone‌ will launch in September 2027. Tabletop robot (J595) - Apple's tabletop robot with a thin robotic arm and swivel base is expected to be a more powerful version of the home hub. It's rumored to be launching sometime in 2027. AI smart glasses (N50/N401) - Apple paused work on all of its AR/VR headsets to focus instead on AI smart glasses that will compete with the Meta Ray-Bans. The AI smart glasses are expected in 2027, but it's possible Apple will unveil them in late 2026. N50 was the original codename, but Apple is now using N401. N401 covers the AI smart glasses, and a separate set of augmented reality glasses. Delayed or Canceled Foldable iPad - Apple planned a foldable ‌iPad‌ for release in 2026, but delayed the project and redirected resources to the foldable ‌iPhone‌ to ensure that device launches on time. Vision Air (N100) - The N100 is a lighter and cheaper version of the Vision Pro. It was originally rumored for 2027, but Apple has paused work on headsets to focus on AI smart glasses. AR glasses prototype (N421) - N421 is a prototype set of AR glasses, but Apple apparently canceled work on this product for now. AR glasses are still Apple's ultimate plan. Mac-connected AR glasses (N107) - Apple was working on AR glasses that would connect to a Mac to use the Mac's processor, but the project was scrapped. Cheaper Vision Pro (N109) - Apple was developing a second-generation Vision Pro that's more affordable, and it was a product distinct from the Vision Air. Work is currently paused. Unknown Products There are some codenames that were in Apple's leaked information that aren't associated with a known product as of yet. N110 - N110 is close to N109 and other N-series numbers Apple has used for its AR/VR headsets, so this could be a wearable. N209 - N2 numbers have previously been associated with the Apple Watch. N216 - N2 numbers have previously been associated with the Apple Watch. J349 - Possibly a Mac that was scrapped, but could also be an ‌Apple TV‌ or some kind of home device. J190 - The Mac Pro is J180, so this could be another ‌Mac Pro‌, but it's unclear. J226 - J226 is close to J229, the codename for an unknown home device, so it could be some kind of home-related accessory. Codename Key For Apple's internal codenames that it uses for Macs, the letter at the end of the number has significance. G - Base model M-series chip S - Pro version of the M-series chip C - Max version of the M-series chip D - Ultra version of the M-series chip Caveats Some of this information was pulled from an internal version of iOS 26 that Apple was working on around the late May 2025 timeline, while other information comes from internal kernel debug kit files that Apple accidentally leaked earlier this year. Apple's plans can always change. Devices can be scrapped, features can be removed, and launches can be pushed back. That's especially true of rumors about products coming in late 2026 or 2027, because production plans haven't been finalized. Read More We keep an upcoming products Apple guide that gets regular updates when new timeline information is made available. It's a good resource to bookmark and reference throughout the year to keep tabs on what Apple has planned. We have even more rumors about Apple's products in our device roundups and guides, which are also updated regularly. This article, "Apple's 2026 and 2027 Product Roadmap: Foldable iPhone, iPhone 18 Pro, M5 Macs, and More" first appeared on MacRumors.com Discuss this article in our forums View the full article

The Trump administration is pressuring the European Union to cut down on regulations that impact tech companies like Google, Apple, Amazon, and Meta. The Office of the United States Trade Representative today posted a message to the European Union on social media, threatening retaliation if the EU continues to target U.S. companies. The post says the U.S. will implement fees and restrictions on foreign services, and it specifically names European companies like Accenture, DHL, Mistral, SAP, Spotify, and Siemens. The European Union and certain EU Member States have persisted in a continuing course of discriminatory and harassing lawsuits, taxes, fines, and directives against U.S. service providers. U.S. services companies provide substantial free services to EU citizens and reliable enterprise services to EU companies, and they support millions of jobs and more than $100 billion in direct investment in Europe. The United States has raised concerns with the EU for years on these matters without meaningful engagement or basic acknowledgement of U.S. concerns. If the EU and EU Member States insist on continuing to restrict, limit, and deter the competitiveness of U.S. service providers through discriminatory means, the United States will have no choice but to begin using every tool at its disposal to counter these unreasonable measures. Should responsive measures be necessary, U.S. law permits the assessment of fees or restrictions on foreign services, among other actions. The United States will take a similar approach to other countries that pursue an EU-style strategy in this area. The EU's Digital Markets Act (DMA) and Digital Services Act (DSA) have forced Apple and other tech companies to make major changes to their services in the European Union, and several companies have faced fines. Earlier this year, Apple was fined 500 million euros and Meta was fined 200 million euros. Just this month, social network X was fined 120 million euros for DSA violations, and in September, Google was fined 2.95 billion euros for antitrust violations related to its adtech business. Separately, the U.S. House Judiciary Committee held a hearing today on the threat that "discriminatory foreign regulations" modeled after the Digital Markets Act pose to American innovation and competition. Witnesses included Competere Ltd. CEO Shanker Singham, Notre Dame Law professor Roger Alford, George Washington Competition and Innovation Lab Founding Director Aurelien Portuese, and Dirk Auer, Director of Competition Policy for the International Center for Law and Economics. During the hearing, Representative Scott Fitzgerald said the DMA isn't aimed at protecting consumers, but hobbling American companies. The DMA does not ask whether consumers have been harmed. It does not even ask whether a business has done anything wrong. It asks whether a company is large, successful, and, most importantly, American. If the answer is yes, the rules suddenly change. Common business practices are banned, innovation is treated as a threat, and foreign rivals are handed access to data and technology they could never build or earn on their own. That is not competition policy. That's forced redistribution. The Computer and Communications Industry Association said the DMA is discriminatory because it only applies to select companies, while NetChoice said the EU has "provided countries around the world with a blueprint" for similar regulatory measures. Unlike traditional antitrust and competition laws that apply to all companies, however, these DMA prohibitions apply only to designated companies, creating discriminatory treatment between designated and non-designated companies, where undesignated foreign rivals gain an unfair competitive advantage over designated American companies. President Donald Trump has previously criticized the "very unfair" European Union for fines levied on Apple and Google. In September, he threatened the EU with higher tariffs, which would disrupt trade framework established in July 2025. Trump said Apple should "get their money back" and that the U.S. "cannot let this happen to brilliant and unprecedented American Ingenuity."Tags: European Commission, European Union This article, "Trump Administration Threatens Retaliation Over EU's DMA and DSA Enforcement Against U.S. Tech" first appeared on MacRumors.com Discuss this article in our forums View the full article

A Russian state-sponsored cyberespionage group has been targeting energy companies and critical infrastructure providers by exploiting misconfigurations in network-edge devices. The group has been operating since at least 2021 and has exploited device misconfigurations before but also known vulnerabilities such as CVE-2022-26318 in WatchGuard Firebox and XTM appliances, CVE-2021-26084 and CVE-2023-22518 in Confluence or CVE-2023-2753 in Veeam Backup. However, according to telemetry collected by Amazon Threat Intelligence, the group has heavily focused on targeting misconfigurations this year, pivoting away from zero-day or N-day vulnerabilities. The main targets have been enterprise routers and routing infrastructure, VPN concentrators and remote access gateways, network management appliances, collaboration and wiki platforms and cloud-based project management systems. “This tactical adaptation enables the same operational outcomes, credential harvesting, and lateral movement into victim organizations’ online services and infrastructure, while reducing the actor’s exposure and resource expenditure,” the researchers found. Links to Sandworm and Curly COMrades According to Amazon’s telemetry, the group’s infrastructure has overlaps with Sandworm, a group also known as APT44 and Seashell Blizzard that’s associated with Russia’s military intelligence agency, the GRU. There are also overlaps with a group whose activity was documented in the past by security firm Bitdefender, under the name Curly COMrades. However, these could be subgroups within the GRU that work together, with the one tracked by Amazon handling initial access and lateral movement and Curly COMrades handling the host persistence through its CurlyShell and CurlCat custom malware implants. Amazon detected attacks against customer network edge appliances hosted on AWS EC2 instances with actor-controlled IP addresses achieving persistent connections that indicate interactive access to the compromised devices. Credential harvesting The researchers also observed credential replay attacks against victims’ other online services using stolen domain credentials following network edge device compromises. This indicates that the attackers are likely harvesting credentials by leveraging the traffic capturing and analysis capabilities of the compromised devices. “Time gap between device compromise and authentication attempts against victim services suggests passive collection rather than active credential theft,” the researchers found. Network traffic interception is consistent with Sandworm’s known tradecraft and the targeting of network edge devices specifically positions the attackers to intercept credentials in transit. How critical infrastructure providers can defend against this threat The group has a strong focus on the energy sector, with victims including electric utility companies, energy providers and even MSSPs with energy sector clients. However, it has also targeted technology and service cloud providers, as well as telecommunications companies across multiple regions. The Amazon Threat Intelligence team advises organizations to audit their network edge devices for packet capture files or utilities that shouldn’t be present, to review their device configurations and isolate management interfaces, and implement multi-factor authentication. Companies should also review authentication logs and monitor authentication attempts from unexpected geographic locations. Anomaly detection for authentication patterns should be implemented for all online services and the use of plain text protocols that could expose credentials in transit should be audited. The Amazon report includes indicators of compromise associated with this attack campaign as well as security recommendations specific to AWS environments. View the full article