reporter

Apple has made the battery replacement process easier for the 14-inch M5 MacBook Pro, allowing users of its self-service repair program to replace just the battery, without removing other internal components. Before now, manual battery replacement on what is currently Apple's only M5-powered MacBook Pro required swapping out several modules alongside the battery itself. However, the new process Apple has introduced only requires removing the bottom case and the battery management unit flex cable before accessing the battery. Apple is now selling standalone battery modules through its Self Service Repair Store. Apart from the cost of the necessary repair tools, the replacement battery costs $209.25, and users can get a $22.50 credit by returning their old battery. Apple has also published a detailed repair manual to guide users and independent repair shops through the procedure. The manual includes step-by-step instructions for safely removing the rear case, discharging the battery, removing the old battery's adhesive strips, and installing the replacement unit. The change tackles a concern raised by iFixit in its October teardown of the M5 MacBook Pro, which found battery replacement to be one of the device's most challenging repairability aspects. That said, with 14 disassembly steps and 27 reassembly steps, it's probably still a job most users would rather leave to a professional. Apple launched its self-service repair program in 2022, giving customers access to genuine parts, tools, and repair manuals for select iPhones, iPads, Macs, Studio Displays, and Beats Pill speakers. The company says the program is "intended for individuals who are experienced with the complexities of repairing electronic devices."Tag: Self Service Repair This article, "M5 MacBook Pro Gets Easier Battery Replacement Process" first appeared on MacRumors.com Discuss this article in our forums View the full article

JumpCloud’s Remote Assist for Windows agent contained a critical local privilege escalation flaw, allowing full system compromise. Disclosed by XM Cyber, the vulnerability stems from insecure file operations during uninstall or update flows that execute with Windows NT AUTHORITY\SYSTEM privileges. The bug could allow a low-privileged local user to elevate themselves to full system control or induce denial-of-service conditions on corporate machines. JumpCloud’s agent is widely used in enterprise environments as part of its cloud-based Directory-as-a-service platform, managing device access and remote support features across Windows endpoints. According to XM Cyber’s Hillel Pinto, attackers only need a local foothold to exploit the flaw, generally obtainable from phishing, remote support sessions, or developer machines. Systems running Remote Assist for Windows before version 0.317 are vulnerable and need to be updated immediately to mitigate risks. Privileged uninstall in a untrusted temp space The flaw, tracked as CVE-2025-34352 and rated at CVSS 8.5 out of 10, highlights risks from improper handling of privileged operations on Windows endpoints. During uninstall or update operations, the JumpCloud agent triggers the Remote Assist uninstaller with system-level privileges, the highest possible authority in Windows. However, that routine performs create, write, execute, and delete actions on files in a user-writable %TEMP% subdirectory without validating the trustworthiness of the path or resetting access control lists. Because the uninstaller performs privileged file operations inside a user-controlled %TEMP% directory, a low-privileged attacker can abuse those operations to overwrite or delete protected system files. “What we have is a JumpCloud process with NT AUTHORITY\SYSTEM privileges that is deleting, writing, and executing a file with a predictable filename from an untrusted path,” Pinto said in a blog post. “The core of the exploit involves Link Following, utilizing mount points and symbolic links to redirect the privileged I/O operation.” Full privilege escalation and denial of service The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS). By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that give them a system-level command prompt. System access on an enterprise endpoint effectively grants control over policy enforcement, credential theft paths, and lateral movement capabilities. Alternatively, attackers can get the privileged process to write arbitrary data to sensitive system files (such as drivers), corrupting them and forcing blue screen of death (BSOD) conditions. This not only knocks machines offline but can require substantial remediation effort, particularly across distributed fleets. Pinto said that updating to JumpCloud Remote Assist for Windows version 0.317.0 or later will remediate this issue. “My team and I responsibly disclosed the vulnerability to JumpCloud, which confirmed the findings and promptly released a patch.” While >NIST’s National Vulnerability Database (NVD) marks the flaw as fixed and references the JumpCloud Agent release notes for patching, there is currently no note dedicated to the flaw on the page or on JumpCloud’s support site. JumpCloud did not immediately respond to CSO’s request for comments. View the full article

Unlike some Android phones, iPhones don't have a dedicated notification LED that lights up when you get a call, text, or other alert. What iPhones do include is an optional Accessibility feature for the deaf and hard of hearing that blinks the rear camera flash and provides a visual cue for incoming notifications. And in iOS 26.2, Apple has added the ability to flash the front display, too. Even if your hearing is fine, having a visual cue for incoming alerts can be handy to have if, say, you're in a quiet environment like a library and don't want to create a disturbance. What's more, in iOS 26.2, you can choose for both the display and the camera LED to flash. That way, you'll see the alert flash whichever way your iPhone is lying on a table. How to Enable Flash for Alerts Follow the steps below to turn on screen flash for alerts on your ‌iPhone‌ running iOS 26.2. Open the Settings app on your iPhone, then tap Accessibility. Under "Hearing," tap Audio & Visual. Scroll to the bottom and tap Flash for Alerts. Toggle on Flash for Alerts, then tap LED Flash, Screen, or Both.You'll see that the last menu includes toggle switches so that you can control whether the flash happens when your device is unlocked, as well as if it should flash when in silent mode. This article, "Make Your iPhone Display Flash for Alerts" first appeared on MacRumors.com Discuss this article in our forums View the full article

Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084 und CVE-2023-22518 in Confluence oder CVE-2023-2753 in Veeam Backup aus. Laut den von Amazon gesammelten Telemetriedaten hat sich die Gruppe in diesem Jahr jedoch stark auf Fehlkonfigurationen konzentriert und sich von Zero-Day- oder N-Day-Schwachstellen abgewendet. Die Hauptziele waren demnach Enterprise Router und Routing-Infrastrukturen, VPN-Konzentratoren und Remote-Access-Gateways, Netzwerkmanagement-Appliances, Kollaborations- und Wiki-Plattformen sowie Cloud-basierte Projektmanagementsysteme. „Diese taktische Anpassung ermöglicht die gleichen operativen Ergebnisse, nämlich das Sammeln von Anmeldedaten und laterale Bewegungen innerhalb der Online-Dienste und Infrastrukturen der Opfer, während gleichzeitig die Entdeckungsgefahr und der Ressourcenaufwand der Akteure reduziert werden“, so die Security-Spezialisten. Verbindungen zu Sandworm und Curly COMrades Die Telemetriedaten zeigen, dass es Überschneidungen zwischen der Infrastruktur der Gruppe und Sandworm gibt, die auch als APT44 und Seashell Blizzard bekannt ist und mit dem russischen Militärgeheimdienst GRU in Verbindung steht. Zudem besteht ein Zusammenhang mit einer Gruppe, deren Aktivitäten in der Vergangenheit von Bitdefender unter dem Namen Curly COMrades dokumentiert wurden. Es könnte sich jedoch um zusammenarbeitende Untergruppen innerhalb des GRU handeln: Während die von Amazon verfolgte Gruppe den ersten Zugriff und die laterale Bewegung übernimmt, stellt Curly COMrades die Persistenz des Hosts durch seine benutzerdefinierten Malware-Implantate CurlyShell und CurlCat sicher. Amazon entdeckte Angriffe auf Netzwerk-Edge-Geräte von Kunden, die auf AWS-EC2-Instanzen gehostet werden. Dabei stellten die Angreifer über von ihnen kontrollierte IP-Adressen dauerhafte Verbindungen her. Dies deutet auf einen interaktiven Zugriff auf die kompromittierten Geräte hin. Abgriff von Anmeldedaten Die Sicherheitsforscher beobachteten auch Credential-Replay-Angriffe auf andere Online-Dienste der Opfer, bei denen gestohlene Domain-Anmeldedaten nach der Kompromittierung von Netzwerk-Edge-Geräten verwendet wurden. Das Amazon-Team geht davon aus, dass die Täter Anmeldedaten sammeln, indem sie die Funktionen der kompromittierten Geräte zur Erfassung und Analyse des Datenverkehrs nutzen. „Die zeitliche Lücke zwischen der Kompromittierung der Geräte und den Authentifizierungsversuchen gegen die Dienste der Opfer deutet eher auf eine passive Sammlung als auf einen aktiven Diebstahl von Anmeldedaten hin“, heißt es im Forschungsbericht. Beim Abfangen des Netzwerkverkehrs gehen die Angreifer ähnlich vor wie Sandworm. Die gezielte Ausrichtung auf Netzwerk-Edge-Geräte versetzt sie dabei in die Lage, Anmeldedaten während der Übertragung abzufangen. Tipps zum Schutz für KRITIS-Betreiber Die Gruppe konzentriert sich stark auf den Energiesektor. Dazu zählen zudem MSSPs (Managed Security Service Provider) mit Kunden aus der Energieversorgung. Die Angreifer haben jedoch auch Technologie- und Cloud-Dienstleister sowie TK-Anbieter in mehreren Regionen ins Visier genommen. Amazon rät Unternehmen, ihre Netzwerk-Edge-Geräte auf unauthorisierte Packet Capture Files oder -Dienstprogramme zu überprüfen. Zudem wird empfohlen, Gerätekonfigurationen zu checken und Verwaltungsschnittstellen zu isolieren sowie eine Multi-Faktor-Authentifizierung zu implementieren. Unternehmen sollten außerdem Authentifizierungsprotokolle prüfen und Authentifizierungsversuche aus unerwarteten geografischen Standorten überwachen. Zudem empfiehlt sich, eine Anomalieerkennung für Authentifizierungsmuster für alle Online-Dienste zu implementieren. Auch die Verwendung von Klartextprotokollen, die Anmeldedaten während der Übertragung offenlegen könnten, sollte kontrolliert werden. Der Amazon-Bericht enthält zudem Indikatoren für Kompromittierungen im Zusammenhang mit dieser Angriffskampagne sowie spezifische Sicherheitsempfehlungen speziell für AWS-Umgebungen. (jm) View the full article

Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084 und CVE-2023-22518 in Confluence oder CVE-2023-2753 in Veeam Backup aus. Laut den von Amazon gesammelten Telemetriedaten hat sich die Gruppe in diesem Jahr jedoch stark auf Fehlkonfigurationen konzentriert und sich von Zero-Day- oder N-Day-Schwachstellen abgewendet. Die Hauptziele waren demnach Enterprise Router und Routing-Infrastrukturen, VPN-Konzentratoren und Remote-Access-Gateways, Netzwerkmanagement-Appliances, Kollaborations- und Wiki-Plattformen sowie Cloud-basierte Projektmanagementsysteme. „Diese taktische Anpassung ermöglicht die gleichen operativen Ergebnisse, nämlich das Sammeln von Anmeldedaten und laterale Bewegungen innerhalb der Online-Dienste und Infrastrukturen der Opfer, während gleichzeitig die Entdeckungsgefahr und der Ressourcenaufwand der Akteure reduziert werden“, so die Security-Spezialisten. Verbindungen zu Sandworm und Curly COMrades Die Telemetriedaten zeigen, dass es Überschneidungen zwischen der Infrastruktur der Gruppe und Sandworm gibt, die auch als APT44 und Seashell Blizzard bekannt ist und mit dem russischen Militärgeheimdienst GRU in Verbindung steht. Zudem besteht ein Zusammenhang mit einer Gruppe, deren Aktivitäten in der Vergangenheit von Bitdefender unter dem Namen Curly COMrades dokumentiert wurden. Es könnte sich jedoch um zusammenarbeitende Untergruppen innerhalb des GRU handeln: Während die von Amazon verfolgte Gruppe den ersten Zugriff und die laterale Bewegung übernimmt, stellt Curly COMrades die Persistenz des Hosts durch seine benutzerdefinierten Malware-Implantate CurlyShell und CurlCat sicher. Amazon entdeckte Angriffe auf Netzwerk-Edge-Geräte von Kunden, die auf AWS-EC2-Instanzen gehostet werden. Dabei stellten die Angreifer über von ihnen kontrollierte IP-Adressen dauerhafte Verbindungen her. Dies deutet auf einen interaktiven Zugriff auf die kompromittierten Geräte hin. Abgriff von Anmeldedaten Die Sicherheitsforscher beobachteten auch Credential-Replay-Angriffe auf andere Online-Dienste der Opfer, bei denen gestohlene Domain-Anmeldedaten nach der Kompromittierung von Netzwerk-Edge-Geräten verwendet wurden. Das Amazon-Team geht davon aus, dass die Täter Anmeldedaten sammeln, indem sie die Funktionen der kompromittierten Geräte zur Erfassung und Analyse des Datenverkehrs nutzen. „Die zeitliche Lücke zwischen der Kompromittierung der Geräte und den Authentifizierungsversuchen gegen die Dienste der Opfer deutet eher auf eine passive Sammlung als auf einen aktiven Diebstahl von Anmeldedaten hin“, heißt es im Forschungsbericht. Beim Abfangen des Netzwerkverkehrs gehen die Angreifer ähnlich vor wie Sandworm. Die gezielte Ausrichtung auf Netzwerk-Edge-Geräte versetzt sie dabei in die Lage, Anmeldedaten während der Übertragung abzufangen. Tipps zum Schutz für KRITIS-Betreiber Die Gruppe konzentriert sich stark auf den Energiesektor. Dazu zählen zudem MSSPs (Managed Security Service Provider) mit Kunden aus der Energieversorgung. Die Angreifer haben jedoch auch Technologie- und Cloud-Dienstleister sowie TK-Anbieter in mehreren Regionen ins Visier genommen. Amazon rät Unternehmen, ihre Netzwerk-Edge-Geräte auf unauthorisierte Packet Capture Files oder -Dienstprogramme zu überprüfen. Zudem wird empfohlen, Gerätekonfigurationen zu checken und Verwaltungsschnittstellen zu isolieren sowie eine Multi-Faktor-Authentifizierung zu implementieren. Unternehmen sollten außerdem Authentifizierungsprotokolle prüfen und Authentifizierungsversuche aus unerwarteten geografischen Standorten überwachen. Zudem empfiehlt sich, eine Anomalieerkennung für Authentifizierungsmuster für alle Online-Dienste zu implementieren. Auch die Verwendung von Klartextprotokollen, die Anmeldedaten während der Übertragung offenlegen könnten, sollte kontrolliert werden. Der Amazon-Bericht enthält zudem Indikatoren für Kompromittierungen im Zusammenhang mit dieser Angriffskampagne sowie spezifische Sicherheitsempfehlungen speziell für AWS-Umgebungen. (jm) View the full article

Apple is in talks with suppliers to manage iPhone chip assembly and packaging in India for the first time, reports The Economic Times. "Exploratory conversations" are said to have taken place with semiconductor company CG Semi, which is constructing one of India's first outsourced semiconductor assembly and test (OSAT) facilities in Sanand, Gujarat. From the report, citing people with knowledge of the matter: "The companies are in the very initial stages of discussion," one of them said. "It is not clear what chips will be packaged out of the Sanand facility at this stage, but it will likely be display chips." The person added that this may be the "beginning of an uphill climb" for CG Semi since if talks progress, it will have to pass Apple's stringent quality standards to clinch the deal. "Apple is already in talks with several companies for a number of other supply chain functions, and very few will end up on their supplier list," the person said.As the report mentions, Apple sources its iPhone display panels from the world's three leading OLED manufacturers: Samsung Display, LG Display, and BOE. The display driver ICs used with these panels are supplied by companies such as Samsung, Novatek, Himax, and LX Semicon, which in turn rely mainly on chip fabrication and packaging facilities in South Korea, Taiwan, and China. If the discussions between Apple and CG Semi bear fruit, the move would be another example of Apple pivoting to India as a major supply chain and manufacturing hub. Apple reportedly assembled $22 billion worth of iPhones in India during the 12 months ending in March 2025, a nearly 60% increase over the previous year. Foxconn, Tata Electronics, and Pegatron now operate facilities in India focused on ‌iPhone‌ manufacturing. Apple is apparently aiming to manufacture the majority of iPhones sold in the United States in India by the end of 2026.Tag: India This article, "Apple Explores iPhone Chip Packaging in India for the First Time" first appeared on MacRumors.com Discuss this article in our forums View the full article

TypeScript with NestJS is now one of the most reliable combinations for building clean, scalable backend applications. Companies across Pune and India need developers who can design strong APIs and services using TypeScript and NestJS. If you want to grow as a backend or full-stack developer, TypeScript with NestJs Training In Pune is a practical way to learn these skills through real examples and guided practice. What TypeScript and NestJS Offer TypeScript is a superset of JavaScript that adds static typing, so many mistakes are caught while writing code, not later during runtime. This makes large codebases easier to maintain, refactor, and scale. NestJS is a Node.js framework built around TypeScript that uses a clear structure with modules, controllers, and services, which keeps growing applications organized. With NestJS, routes are defined using decorators like @Controller(), @Get(), and @Post(), and dependency injection lets you share and reuse services cleanly. The framework integrates well with databases such as PostgreSQL, MongoDB, and MySQL, and works smoothly with testing tools like Jest. Together, TypeScript and NestJS help teams build predictable, testable, and production-ready backends. TypeScript improves code safety and readability NestJS offers a modular architecture and clear patterns Both support modern testing and database integration Why TypeScript with NestJS Skills Are Important Organizations choose TypeScript with NestJS because it reduces production bugs and makes it easier to add new features without breaking existing code. Typed code and a structured framework help teams maintain quality as projects grow. This is why many companies in Pune’s tech hubs, such as Hinjewadi, Magarpatta, and Kharadi, look for developers who already understand this stack. These skills are used across domains like fintech, e-commerce, SaaS products, and enterprise applications. Developers with TypeScript and NestJS knowledge can work on APIs, microservices, and cloud-native systems, and often find opportunities for remote and freelance work as well. Example career path: RoleTypical Focus AreaJunior Backend DevBuild APIs, fix bugs, write basic testsMid-level DeveloperDesign modules, integrate databases, mentor juniorsSenior DeveloperLead design, performance tuning, security reviewsTech Lead / ArchitectDefine architecture, guide teams, code reviews What You Learn in TypeScript with NestJS Training In Pune A complete TypeScript with NestJs Training In Pune should take you from basics to job-ready skills in a step-by-step way. The training usually combines concepts, live coding, and project work so you understand both “why” and “how”. Key learning areas: TypeScript fundamentals: variables, types, interfaces, enums, generics, classes, inheritance, and modules NestJS basics: project setup, folder structure, modules, controllers, services, and request lifecycle REST API design: endpoints, query and path parameters, request bodies, DTOs, and validation Database integration: connecting to PostgreSQL, MongoDB, or MySQL using TypeORM, entities, CRUD operations, and migrations Security: authentication, authorization, guards, roles, and protecting endpoints Middleware and interceptors: logging, error handling, and cross-cutting concerns Testing: unit tests and end-to-end tests with Jest Deployment: packaging apps with Docker and understanding simple deployment workflows By the end, you usually complete at least one real-world style project that brings together all these topics into a working backend application. Training Modes, Duration, and Pricing The program around Pune offers flexible formats so both students and working professionals can join: Self-learning video mode (8–12 hours): Pre-recorded sessions you can watch at your own speed. Good for independent learners who like to pause and replay topics. Live interactive online batch (8–12 hours): Scheduled live classes with an instructor and group. You can ask questions, follow live demos, and get feedback during the session. One-to-one live online (8–12 hours): Direct one-on-one sessions with a trainer, suited to people who want fully personalized pacing and attention. Corporate training (2–3 days): Short and intensive programs for teams, either online or in classroom mode, often tailored to a company’s projects. Training overview: DurationModeBest ForPrice (Approx)8 – 12 HoursSelf-learning using videoFlexible, self-paced learners₹4,9998 – 12 HoursLive & interactive online batchMost working professionals₹24,9998 – 12 HoursOne-to-one live & interactive onlineLearners needing personal focus₹59,9992 – 3 DaysCorporate (online/classroom)Teams and corporate groupsContact for fee Group discounts are often available if multiple learners join together, which helps teams or friends share the cost. Why Choose DevOpsSchool for This Training DevOpsSchool is known as a specialist platform for DevOps, cloud, automation, containers, and programming-focused training, including TypeScript with NestJS. Since its start, it has helped thousands of learners from India and abroad upgrade their skills and move into better roles in IT and software development. The platform focuses strongly on practical learning and long-term support: Lifetime access to an LMS that holds class recordings, notes, and slides Trainers with over a decade of real industry experience Real-time project work instead of only simple code samples Web-based tutorials, training notes, and structured learning paths Interview preparation kits and practice questions Because of this, DevOpsSchool acts like a long-term learning partner that supports you even after the course ends, not just a short-term class provider. Learn Under the Guidance of Rajesh Kumar The TypeScript with NestJS programs are guided and mentored by senior trainers like Rajesh Kumar, who brings more than 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud platforms. He has trained thousands of professionals worldwide and helped many companies adopt modern DevOps practices and stable backend systems. Highlights of Rajesh Kumar’s profile: Over two decades of real project work in software delivery and infrastructure Hands-on experience designing CI/CD pipelines and scalable backend architectures Strong knowledge of container tools, scripting, automation, and cloud-native design Known for breaking down complex topics into simple, clear explanations Focus on real project examples and scenarios rather than only theory Learners often mention that his teaching style makes tough backend concepts easier to understand, even for those who are new to TypeScript or NestJS. Detailed Agenda Highlights The course usually follows a clear agenda that moves from fundamentals to advanced topics: Getting started with TypeScript Why TypeScript, its main features, syntax, and basic tooling Setting up the environment using editors and the TypeScript compiler Writing first TypeScript classes and small examples Typing, variables, and functions Static vs dynamic typing, type inference, any type, and primitives Working with objects, functions, and arrow functions Using interfaces and function types for cleaner contracts Object-oriented programming in TypeScript Classes, constructors, access modifiers, inheritance, and abstract classes Generics for reusable components and collections Advanced TypeScript features Modules, namespaces, decorators, and type definition files Working with third-party libraries and type declarations NestJS introduction and project setup Creating a new NestJS project, understanding its structure Creating modules, controllers, and services Building APIs with NestJS RESTful endpoints, routing, parameters, and request/response handling Data Transfer Objects (DTOs) and validation logic Database integration and persistence Configuring databases with TypeORM Creating entities, repositories, and performing CRUD operations Security, testing, and deployment Authentication, guards, and role-based access Writing unit and e2e tests with Jest Basic Dockerization and deployment concepts Extra Support and Ongoing Learning After enrolling in TypeScript with NestJS training, you usually get ongoing support that makes it easier to continue learning: 24×7 access to class recordings through LMS Detailed slide decks and downloadable notes for each module Lab setup guides for both cloud-based and local environments Interview question banks for TypeScript and NestJS roles Example projects that you can extend for your own practice If you miss any live class, you can catch up by watching recordings, and in many cases you can revisit topics in future batches if needed. Lab Setup and System Requirements To follow along with hands-on work, you should have: A laptop or desktop with Windows, macOS, or Linux At least 2GB RAM and around 20GB free disk space Node.js installed, plus a code editor like Visual Studio Code A stable internet connection for live classes and downloads Labs often use a prepared cloud environment for demos, and trainers guide you to set up your own local or cloud-based development setup so you can keep practicing after the course. Career Benefits and Job Roles Once you complete TypeScript with NestJs Training In Pune and have built a few working projects, you can start applying for roles such as: TypeScript / Node.js backend developer NestJS developer building APIs and microservices Full-stack developer (if you also know a frontend framework) API engineer working on integrations and backend services Backend architect or senior engineer over time These roles are useful in product-based companies, service firms, startups, and large enterprises alike. Because TypeScript and NestJS are widely accepted in the industry, they also open doors to remote roles and freelance assignments. Conclusion and Overview TypeScript with NestJs Training In Pune gives you a solid, practical base in backend development using a modern stack. You learn how TypeScript helps write safer and more maintainable code, how NestJS provides structure and patterns for complex applications, and how to connect everything into real, working backend services. With guidance from an experienced institute like DevOpsSchool and expert mentoring from Rajesh Kumar, you gain both skills and confidence for real projects and interviews. If you are serious about a long-term backend or full-stack development career in Pune’s growing IT landscape, this training path is a strong and realistic choice that aligns with current industry needs. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

TypeScript with NestJs Training In Hyderabad is one of the fastest-growing tech skills today. Companies across Hyderabad want developers who can build strong back-end systems and make apps run fast and safely. If you want to start or grow your programming career, getting proper TypeScript with NestJs Training In Hyderabad is the first step to success. This training helps you learn both the TypeScript language and the NestJS framework with clear examples and real projects. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build back-end programs and web services. Instead of writing simple JavaScript that can break easily, TypeScript with NestJS uses types, structure, and good patterns to keep programs safe and easy to grow. Developers write code that checks for mistakes early and handles many users without slowing down. TypeScript is a superset of JavaScript, created by Microsoft, that adds type checking to catch errors before the code runs. NestJS is a framework built on Node.js that organizes apps into modules, controllers, and services, which makes big projects easier to manage. Normal JavaScript can hide bugs until runtime. TypeScript adds type rules like “this must be a string” or “this must be a number”, so many issues are found while coding. NestJS then uses decorators like @Get(), @Post(), and others to define routes, while dependency injection lets you reuse services cleanly. NestJS works well with databases such as PostgreSQL, MongoDB, and MySQL, so you can build full back-end systems from one place. TypeScript helps catch mistakes early with strong typing NestJS gives a clean structure for large, growing apps Works with popular databases like PostgreSQL, MongoDB, and MySQL Why TypeScript and NestJS Skills Are in High Demand Companies that use TypeScript with NestJS see big improvements in how their apps behave. Web applications become faster, handle more users at once, and crash less. Because code is typed and well-structured, new features can be added without breaking older parts. This is why many Hyderabad IT companies and startups are now actively hiring developers with TypeScript and NestJS experience. Here is a simple view of possible salary ranges: Job LevelSalary Range (Lakh Per Year)What You’ll DoJunior Developer5 – 12Build basic APIs, fix simple bugsMid-Level Developer12 – 20Design app structure, add databases, featuresSenior Developer22 – 35Lead projects, design cloud-ready systemsNestJS Lead30+Guide teams, review and plan architectures These ranges can change by company and experience, but they show that there is good room for growth. The same skills also help you work on microservices, mobile back-ends, and SaaS applications used by customers around the world. Strong demand in Hitech City, Gachibowli, and other Hyderabad IT hubs Good pay growth from junior to lead roles Skills useful in many domains like e-commerce, banking, and product startups What Good TypeScript NestJS Training Should Include Good training should not only be theory on slides. You need to see how real applications are built, step by step. A strong TypeScript with NestJs Training In Hyderabad should teach TypeScript as a language and NestJS as a framework through hands-on labs and clear examples. You should come away with both the concepts and working code. A complete training usually covers: TypeScript basics and advanced features Setting up a NestJS project and understanding its folder structure Writing controllers, services, and modules Building REST APIs to handle real requests You should also learn how to: Use guards to protect routes and check login Use pipes for validating and transforming input data Use interceptors and middleware for logging and cross-cutting logic Connect to databases using an ORM like TypeORM and perform CRUD operations When you work on small and medium projects during the course, you build real confidence. This also gives you code samples to show in interviews. About DevOpsSchool: Your Training Partner DevOpsSchool is a leading training platform for DevOps, cloud, automation, containers, and programming skills, including TypeScript and NestJS. Since 2016, it has helped thousands of learners from India, USA, Europe, and the UK move into better roles. Many professionals in Hyderabad and other cities started with their programs and then joined top IT companies and startups. What makes DevOpsSchool special is its long-term support and practical focus. You get lifetime access to their Learning Management System (LMS), which holds class recordings, notes, slides, and step-by-step tutorials. Trainers usually have 10–15 or more years of real industry experience and pay close attention to learner questions. The training gives you real project work rather than only simple examples, so you learn how tools are used in real life. Key features you typically get: Lifetime technical support for clearing doubts even after the course Lifetime LMS access for recordings, notes, and guides Interview-kit with common questions and answers Training notes, web-based tutorials, and detailed slides This combination of strong content and ongoing help makes DevOpsSchool a good partner for long-term growth, not just a one-time class. Learn from Expert Rajesh Kumar The TypeScript with NestJS programs are guided by senior trainers like Rajesh Kumar, who has over 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud technologies. He has trained thousands of engineers worldwide and advised many well-known companies on modernizing their software delivery processes. Rajesh Kumar brings: More than two decades of real hands-on work across DevOps and cloud Experience designing CI/CD pipelines and scalable back-end architectures Deep knowledge of container platforms, scripting, and automation tools A practical teaching style focused on real project examples Learners appreciate his simple explanations for complex topics. He makes sure that even those who are new to back-end development can follow along. Instead of just talking about theory, he shows how tools are used in real projects, which helps you imagine your own future work more clearly. Learning Modes and Training Duration The TypeScript with NestJS training linked to Hyderabad offers flexible modes so you can pick what fits best for your schedule and learning style: Self-learning using video (8–12 hours): Watch pre-recorded videos at your own speed. You can pause, rewind, and repeat lessons, which is helpful if you are busy or like to learn slowly. Live & interactive online batch (8–12 hours): Attend live online classes with an instructor and a group of other learners. You can ask questions, see live demos, and get feedback on your work. One-to-one live & interactive online (8–12 hours): Study directly with a trainer in private sessions. This suits learners who want focused attention or have special goals. Corporate (online/classroom) for 2–3 days: Short, intensive training for company teams, either online or in classroom mode, often tailored for their projects. A simple overview: Duration (Approx)ModeBest For8 – 12 HrsSelf learning using videoIndependent, flexible learners8 – 12 HrsLive & interactive online batchMost working professionals8 – 12 HrsOne to One live & interactive onlineLearners needing personal focus2 – 3 DaysCorporate (online/classroom)Office and project teams Group discounts are commonly available when multiple people join together, which is good for friends or colleagues who want to learn in a batch. What You’ll Learn in the Hyderabad Program The TypeScript with NestJs Training In Hyderabad is usually structured to take you from the basics to more advanced topics step by step. This makes it easier for both beginners and experienced developers coming from JavaScript or another language. Main learning areas include: TypeScript essentials: Variables, basic and advanced types, interfaces, enums, generics, classes, inheritance, and modules. You learn how to use TypeScript to write cleaner and safer code. NestJS foundations: Installing and setting up a NestJS project, understanding the folder structure, creating modules, controllers, and services, and how requests flow through the app. API development: Building RESTful endpoints, handling query parameters, path parameters, and request bodies, plus using DTOs and validation to clean incoming data. Database connectivity: Connecting to PostgreSQL, MongoDB, or MySQL using an ORM like TypeORM. Creating entities, doing CRUD operations, and managing migrations. Security and middleware: Implementing guards for authentication and authorization, adding pipes for validation and transformation, using interceptors and middleware for logging and error handling. Testing and deployment basics: Writing and running automated tests for critical parts of the system, packaging the app with tools like Docker, and understanding simple deployment flows. By the end of the course, you normally complete at least one real-time, scenario-based project that ties together all these skills into a working application. Extra Support and Learning Resources To ensure that you keep learning even after the live sessions, the program usually includes rich resources and support options. For TypeScript with NestJS training, you can expect: 24×7 access to class recordings via the LMS Full slide decks and notes from each module Step-by-step lab setup instructions for AWS or local virtual machines Interview question banks and sample answers for developer roles Example projects you can study and extend for your portfolio If you ever miss a live session, you can watch the recording or rejoin the topic in a later batch, depending on the training policy. This flexibility makes it easier to balance learning with work or personal tasks. System Requirements and Lab Setup To follow the hands-on parts, you usually need: A Windows, Mac, or Linux system At least 2GB of RAM and around 20GB free disk space Node.js and a code editor like Visual Studio Code installed Hands-on work is often done using DevOpsSchool’s cloud setup, where trainers run demos in a prepared environment. You also get guidance to set up your own TypeScript and NestJS lab using AWS free tier or local virtual machines so you can continue practicing after the course. Career Benefits After Training After you complete the TypeScript with NestJs Training In Hyderabad and build a few real projects, you can apply for roles such as: TypeScript / Node.js back-end developer NestJS developer for APIs and microservices Full-stack developer (when combined with a front-end framework) API engineer in product or service companies In the long run, you can move into senior engineer, architect, or team lead roles where you design systems and guide other developers. Because TypeScript and NestJS are popular worldwide, these skills can also support remote work and freelance opportunities, not just local roles in Hyderabad. Conclusion and Overview TypeScript with NestJs Training In Hyderabad gives you a strong, modern base in back-end development. You learn how TypeScript makes code safer, how NestJS gives structure to large applications, and how to build, test, and deploy real services. With the backing of an experienced training provider like DevOpsSchool and expert guidance from Rajesh Kumar, you get both knowledge and the confidence to use it in real projects. If you want a stable, well-paid development career in Hyderabad’s tech industry, this path is a practical and future-ready choice. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

TypeScript with NestJs Training In Chennai is one of the fastest-growing tech skills today. Companies across Chennai want developers who can build strong back-end systems and make apps run fast and safely. If you want to start or grow your programming career, getting proper TypeScript with NestJs Training In Chennai is the first step to success. This training helps you learn both the TypeScript language and the NestJS framework with clear examples and real projects. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build back-end programs and web services. Instead of writing simple JavaScript that can break easily, TypeScript with NestJS uses types, structure, and good patterns to keep programs safe and easy to grow. Developers write code that checks for mistakes early and handles many users without slowing down. TypeScript is a superset of JavaScript, created by Microsoft, that adds type checking to catch errors before the code runs. NestJS is a framework built on Node.js that organizes apps into modules, controllers, and services, which makes big projects easier to manage. Normal JavaScript can hide bugs until runtime. TypeScript adds type rules like “this must be a string” or “this must be a number”, so many issues are found while coding. NestJS then uses decorators like @Get(), @Post(), and others to define routes, while dependency injection lets you reuse services cleanly. NestJS works well with databases such as PostgreSQL, MongoDB, and MySQL, so you can build full back-end systems from one place. TypeScript helps catch mistakes early with strong typing NestJS gives a clean structure for large, growing apps Works with popular databases like PostgreSQL, MongoDB, and MySQL Why TypeScript and NestJS Skills Are in High Demand Companies that use TypeScript with NestJS see big improvements in how their apps behave. Web applications become faster, handle more users at once, and crash less. Because code is typed and well-structured, new features can be added without breaking older parts. This is why many Chennai IT companies and startups are now actively hiring developers with TypeScript and NestJS experience. Here is a simple view of possible salary ranges: Job LevelSalary Range (Lakh Per Year)What You’ll DoJunior Developer5 – 12Build basic APIs, fix simple bugsMid-Level Developer12 – 20Design app structure, add databases, featuresSenior Developer22 – 35Lead projects, design cloud-ready systemsNestJS Lead30+Guide teams, review and plan architectures These ranges can change by company and experience, but they show that there is good room for growth. The same skills also help you work on microservices, mobile back-ends, and SaaS applications used by customers around the world. Strong demand in OMR, Guindy, and other Chennai IT hubs Good pay growth from junior to lead roles Skills useful in many domains like e-commerce, banking, and product startups What Good TypeScript NestJS Training Should Include Good training should not only be theory on slides. You need to see how real applications are built, step by step. A strong TypeScript with NestJs Training In Chennai should teach TypeScript as a language and NestJS as a framework through hands-on labs and clear examples. You should come away with both the concepts and working code. A complete training usually covers: TypeScript basics and advanced features Setting up a NestJS project and understanding its folder structure Writing controllers, services, and modules Building REST APIs to handle real requests You should also learn how to: Use guards to protect routes and check login Use pipes for validating and transforming input data Use interceptors and middleware for logging and cross-cutting logic Connect to databases using an ORM like TypeORM and perform CRUD operations When you work on small and medium projects during the course, you build real confidence. This also gives you code samples to show in interviews. About DevOpsSchool: Your Training Partner DevOpsSchool is a leading training platform for DevOps, cloud, automation, containers, and programming skills, including TypeScript and NestJS. Since 2016, it has helped thousands of learners from India, USA, Europe, and the UK move into better roles. Many professionals in Chennai and other cities started with their programs and then joined top IT companies and startups. What makes DevOpsSchool special is its long-term support and practical focus. You get lifetime access to their Learning Management System (LMS), which holds class recordings, notes, slides, and step-by-step tutorials. Trainers usually have 10–15 or more years of real industry experience and pay close attention to learner questions. The training gives you real project work rather than only simple examples, so you learn how tools are used in real life. Key features you typically get: Lifetime technical support for clearing doubts even after the course Lifetime LMS access for recordings, notes, and guides Interview-kit with common questions and answers Training notes, web-based tutorials, and detailed slides This combination of strong content and ongoing help makes DevOpsSchool a good partner for long-term growth, not just a one-time class. Learn from Expert Rajesh Kumar The TypeScript with NestJS programs are guided by senior trainers like Rajesh Kumar, who has over 20 years of experience in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, and cloud technologies. He has trained thousands of engineers worldwide and advised many well-known companies on modernizing their software delivery processes. Rajesh Kumar brings: More than two decades of real hands-on work across DevOps and cloud Experience designing CI/CD pipelines and scalable back-end architectures Deep knowledge of container platforms, scripting, and automation tools A practical teaching style focused on real project examples Learners appreciate his simple explanations for complex topics. He makes sure that even those who are new to back-end development can follow along. Instead of just talking about theory, he shows how tools are used in real projects, which helps you imagine your own future work more clearly. Learning Modes and Training Duration The TypeScript with NestJS training linked to Chennai offers flexible modes so you can pick what fits best for your schedule and learning style: Self-learning using video (8–12 hours): Watch pre-recorded videos at your own speed. You can pause, rewind, and repeat lessons, which is helpful if you are busy or like to learn slowly. Live & interactive online batch (8–12 hours): Attend live online classes with an instructor and a group of other learners. You can ask questions, see live demos, and get feedback on your work. One-to-one live & interactive online (8–12 hours): Study directly with a trainer in private sessions. This suits learners who want focused attention or have special goals. Corporate (online/classroom) for 2–3 days: Short, intensive training for company teams, either online or in classroom mode, often tailored for their projects. A simple overview: Duration (Approx)ModeBest For8 – 12 HrsSelf learning using videoIndependent, flexible learners8 – 12 HrsLive & interactive online batchMost working professionals8 – 12 HrsOne to One live & interactive onlineLearners needing personal focus2 – 3 DaysCorporate (online/classroom)Office and project teams Group discounts are commonly available when multiple people join together, which is good for friends or colleagues who want to learn in a batch. What You’ll Learn in the Chennai Program The TypeScript with NestJs Training In Chennai is usually structured to take you from the basics to more advanced topics step by step. This makes it easier for both beginners and experienced developers coming from JavaScript or another language. Main learning areas include: TypeScript essentials: Variables, basic and advanced types, interfaces, enums, generics, classes, inheritance, and modules. You learn how to use TypeScript to write cleaner and safer code. NestJS foundations: Installing and setting up a NestJS project, understanding the folder structure, creating modules, controllers, and services, and how requests flow through the app. API development: Building RESTful endpoints, handling query parameters, path parameters, and request bodies, plus using DTOs and validation to clean incoming data. Database connectivity: Connecting to PostgreSQL, MongoDB, or MySQL using an ORM like TypeORM. Creating entities, doing CRUD operations, and managing migrations. Security and middleware: Implementing guards for authentication and authorization, adding pipes for validation and transformation, using interceptors and middleware for logging and error handling. Testing and deployment basics: Writing and running automated tests for critical parts of the system, packaging the app with tools like Docker, and understanding simple deployment flows. By the end of the course, you normally complete at least one real-time, scenario-based project that ties together all these skills into a working application. Extra Support and Learning Resources To ensure that you keep learning even after the live sessions, the program usually includes rich resources and support options. For TypeScript with NestJS training, you can expect: 24×7 access to class recordings via the LMS Full slide decks and notes from each module Step-by-step lab setup instructions for AWS or local virtual machines Interview question banks and sample answers for developer roles Example projects you can study and extend for your portfolio If you ever miss a live session, you can watch the recording or rejoin the topic in a later batch, depending on the training policy. This flexibility makes it easier to balance learning with work or personal tasks. System Requirements and Lab Setup To follow the hands-on parts, you usually need: A Windows, Mac, or Linux system At least 2GB of RAM and around 20GB free disk space Node.js and a code editor like Visual Studio Code installed Hands-on work is often done using DevOpsSchool’s cloud setup, where trainers run demos in a prepared environment. You also get guidance to set up your own TypeScript and NestJS lab using AWS free tier or local virtual machines so you can continue practicing after the course. Career Benefits After Training After you complete the TypeScript with NestJs Training In Chennai and build a few real projects, you can apply for roles such as: TypeScript / Node.js back-end developer NestJS developer for APIs and microservices Full-stack developer (when combined with a front-end framework) API engineer in product or service companies In the long run, you can move into senior engineer, architect, or team lead roles where you design systems and guide other developers. Because TypeScript and NestJS are popular worldwide, these skills can also support remote work and freelance opportunities, not just local roles in Chennai. Conclusion and Overview TypeScript with NestJs Training In Chennai gives you a strong, modern base in back-end development. You learn how TypeScript makes code safer, how NestJS gives structure to large applications, and how to build, test, and deploy real services. With the backing of an experienced training provider like DevOpsSchool and expert guidance from Rajesh Kumar, you get both knowledge and the confidence to use it in real projects. If you want a stable, well-paid development career in Chennai’s tech industry, this path is a practical and future-ready choice. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in einer Datenbank als unseriös oder betrügerisch erfasst ist, dann erscheint auf dem Smartphone-Display den Angaben zufolge der Hinweis “Vorsicht, möglicher Betrug!”. Vodafone ist voraus, O2 lässt auf sich warten Vodafone hat ein ähnliches Warnsystem bereits im Mai aktiviert, seither hat dieser Spam-Warner Firmenangaben zufolge bereits 50 Millionen Mal Alarm geschlagen. Nur 12 Prozent der Anrufe werden trotzdem angenommen, bei anonymen Anrufen – also wenn keine Nummer im Display erscheint – liegt die Annahmequote bei 60 Prozent. Die Anrufe, bei denen vorher der Betrugshinweis sichtbar war, dauerten laut Vodafone in 90 Prozent der Fälle weniger als 30 Sekunden – also sehr kurz, was ein gutes Zeichen ist: Vermutlich waren die allermeisten Angerufenen auf der Hut und legten ruckzuck wieder auf, noch bevor der Betrüger seine rhetorischen Winkelzüge vollziehen konnte. Die Betrugsanrufe kamen nicht nur aus Deutschland, sondern besonders häufig auch aus den Niederlanden, aus Österreich, Italien und dem Vereinigten Königreich. Betrüger wollen Bankdaten oder Passwörter “Betrüger sind oft sehr geschickt darin, Vertrauen aufzubauen – sei es durch vermeintliche Gewinnspiele oder Umfragen”, warnt Marc Atkins, Leiter der Cyber-Sicherheitszentrale von Vodafone Deutschland. Solche Methoden dienten häufig dazu, sensible Informationen wie Bankdaten oder Passwörter zu erlangen. “Seien Sie skeptisch und geben Sie keine persönlichen Daten am Telefon preis”, warnt der Sicherheitsexperte. Der dritte etablierte Handynetz-Betreiber in Deutschland, O2 Telefónica, hat noch kein solches Betrugswarnsystem für seine Kundinnen und Kunden aktiviert (dpa/jm). View the full article

Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in einer Datenbank als unseriös oder betrügerisch erfasst ist, dann erscheint auf dem Smartphone-Display den Angaben zufolge der Hinweis “Vorsicht, möglicher Betrug!”. Vodafone ist voraus, O2 lässt auf sich warten Vodafone hat ein ähnliches Warnsystem bereits im Mai aktiviert, seither hat dieser Spam-Warner Firmenangaben zufolge bereits 50 Millionen Mal Alarm geschlagen. Nur 12 Prozent der Anrufe werden trotzdem angenommen, bei anonymen Anrufen – also wenn keine Nummer im Display erscheint – liegt die Annahmequote bei 60 Prozent. Die Anrufe, bei denen vorher der Betrugshinweis sichtbar war, dauerten laut Vodafone in 90 Prozent der Fälle weniger als 30 Sekunden – also sehr kurz, was ein gutes Zeichen ist: Vermutlich waren die allermeisten Angerufenen auf der Hut und legten ruckzuck wieder auf, noch bevor der Betrüger seine rhetorischen Winkelzüge vollziehen konnte. Die Betrugsanrufe kamen nicht nur aus Deutschland, sondern besonders häufig auch aus den Niederlanden, aus Österreich, Italien und dem Vereinigten Königreich. Betrüger wollen Bankdaten oder Passwörter “Betrüger sind oft sehr geschickt darin, Vertrauen aufzubauen – sei es durch vermeintliche Gewinnspiele oder Umfragen”, warnt Marc Atkins, Leiter der Cyber-Sicherheitszentrale von Vodafone Deutschland. Solche Methoden dienten häufig dazu, sensible Informationen wie Bankdaten oder Passwörter zu erlangen. “Seien Sie skeptisch und geben Sie keine persönlichen Daten am Telefon preis”, warnt der Sicherheitsexperte. Der dritte etablierte Handynetz-Betreiber in Deutschland, O2 Telefónica, hat noch kein solches Betrugswarnsystem für seine Kundinnen und Kunden aktiviert (dpa/jm). View the full article

TypeScript with NestJs Training In Bangalore is one of the fastest-growing tech skills today. Companies all over Bangalore need good programmers who can build strong back-end systems and make apps work fast. If you’re looking to start a good career in this field, getting proper TypeScript with NestJs Training In Bangalore is the first step to success. What is TypeScript with NestJS? TypeScript with NestJS is a smart way to build computer back-end programs and web services. Instead of writing simple code that breaks easy, TypeScript with NestJS uses rules and good structure to make programs safe and easy to grow. Programmers write code that watches for mistakes and fixes small problems before they get big. Think of it like this: normal JavaScript code can have hidden mistakes. TypeScript adds type checks like “this must be a number” so you find problems early. NestJS is a tool built on Node.js that makes big apps simple with parts called modules, controllers, and services. It works with databases like PostgreSQL, MongoDB, MySQL. The main ideas include decorators like @Get() for web pages, dependency injection to share code easy, and guards to check user login. This makes clean code that teams can work on together. TypeScript finds mistakes early NestJS makes big apps simple Works with many databases Why TypeScript NestJS Skills Are in High Demand Companies using TypeScript with NestJS see big improvements. Their web apps load fast, handle many users, and have less crashes. Problems get fixed quick and they save money on fixes. Bangalore tech companies pay well for these skills. Here’s what you can earn at different levels: Job LevelSalary Range (Lakh)What You’ll DoJunior Developer5-12Build basic APIs, fix simple bugsMid-Level Developer12-20Design app structure, add databasesSenior Developer22-35Lead projects, make cloud appsNestJS Lead30+Guide teams, plan big systems These salary numbers show good growth in TypeScript NestJS careers in Bangalore. High demand from startups and big firms Fast salary growth possible Skills work for web and mobile back-end What Good TypeScript NestJS Training Should Include Good training teaches more than books. You need practice with real app problems programmers face daily. Best programs show automation tools, database setup, cloud work, and how to test code well. Quality TypeScript with NestJs Training In Bangalore covers important parts. You’ll learn type safety goals for clean code. Practice tools to find code problems quick. Build systems that handle many users without crash. Hands-on projects with real tools Database connection practice Testing and deployment skills Cloud integration basics About DevOpsSchool: Your Training Partner DevOpsSchool teaches TypeScript, NestJS, DevOps, cloud skills since 2016. They help students worldwide with centers in India, USA, Europe, UK. Thousands finished courses and got good jobs. Students like DevOpsSchool because lifetime support means ask questions anytime after class. Keep all videos, notes, slides forever. Teachers explain clear and patient. Real projects not just talk. Many say extra help made big difference. Teachers stay late to answer all questions. Lifetime video and material access 24/7 chat help anytime Real project work included Job ready skills focus Learn from Expert Rajesh Kumar When you join DevOpsSchool, learn from Rajesh Kumar, with over 20 years in DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, Cloud. He taught thousands students and explains hard ideas simple for everyone. Rajesh shares true stories from work at IBM, Adobe, ServiceNow, Cotocus. Built systems for 500+ apps. Saved companies 2 million dollars on cloud. Helped Verizon, Nokia, World Bank. His style 80% practice, 20% talk makes learning easy. 20+ years real company work Trained 15,000+ people worldwide Practical examples from big projects Choose How You Want to Learn DevOpsSchool gives different ways to learn that fit you: Video Lessons: Watch recorded classes any time. Good for busy people or slow learning. Live Online Classes: Join real classes from home. Ask questions, talk with others. Private Coaching: One teacher just for you. Perfect for extra help or special needs. Company Training: Train whole team together. Good for office groups. Learn when you want Live talk with teachers Personal one-to-one help Training Costs and Time How LongLearning StylePriceGood For8-12 HoursVideo lessons₹4,999Budget friendly home learning8-12 HoursLive online class₹24,999Most students with teacher8-12 HoursPrivate coaching₹59,999Full personal attention2-3 DaysCompany trainingContact usOffice teams together These prices fit different needs and budgets. What You’ll Learn in the Course Training covers all you need for TypeScript NestJS. Learn basic types, interfaces, classes. Build NestJS modules, controllers, services. Add guards for login, pipes for clean data, interceptors for logs. Connect databases with TypeORM. Test with Jest. Use Docker for same setup. Deploy to cloud. New trends like microservices, REST APIs, GraphQL, validation, Swagger docs, WebSockets, authentication. 80-85% hands-on practice. TypeScript basics to advanced Full NestJS app building Database and testing practice Deployment ready skills Help That Continues After Training DevOpsSchool helps even after class ends. Ask questions on real work projects anytime. They give consulting for company SRE needs. Job support if stuck at work. This means you never alone building career. Lifetime question answers Job interview help Company consulting option Get Your Certification Finish training, get certificate that shows you know TypeScript NestJS. Employers recognize it proves real skills not just reading. Helps stand out in job search. Complete projects like real work to earn it. Certificate shows you can build apps. Learning Materials You’ll Receive Get helpful things with training: Complete notes for all topics Step guides to follow along Class slides for review Interview questions with answers Real project examples Video recordings to watch again These help learn in class and use later at work. Full notes and slides Interview prep kit Forever video access Career Options After Training Know TypeScript NestJS opens many jobs. Work as back-end developer, full-stack with React, API builder. Specialize in e-commerce, fintech apps. Move to lead roles guiding teams. Many do freelance or consulting. Skills good for startups and big companies. New Developments in TypeScript NestJS TypeScript NestJS grows fast. Now AI helps write better code. New tools show app health detailed. Companies test “chaos” breaking things safe to find weak spots. Learn now ready for today jobs and new ideas tomorrow. AI code helpers Better monitoring tools Chaos testing practice Why Training Location Matters Bangalore has different tech needs. Startups want fast APIs. Big firms need strong systems. Electronic City, Whitefield have many jobs. Know local needs helps prepare. Core skills work anywhere Bangalore tech world. Your Learning Path Start with TypeScript basics – types, classes. Practice NestJS setup, controllers. Add databases, testing. Finish with full projects deploy. Each step builds on last. Work practical exercises with real tools. End confident for job challenges. Conclusion and Overview TypeScript with NestJS Training in Bangalore gives skills for strong back-end jobs. Learn safe TypeScript, clean NestJS apps. Build real projects, get certificate, job help. DevOpsSchool top place lifetime support. Rajesh Kumar guides with 20+ years real know. Perfect Bangalore tech career start. Contact Now 📧 Email: [email protected] 📱 Phone & WhatsApp (India): +91 84094 92687 📱 Phone & WhatsApp (USA): +1 (469) 756-6329 🌐 Website: DevOpsSchool View the full article

Cloud access security brokers (CASBs) explained As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective. CASBs can be deployed on-premises or in the cloud; as a hardware appliance or software-only, as a proxy, reverse proxy, or through specific APIs. Enterprises have untold numbers of endpoints, both managed (corporate-owned devices) and unmanaged (devices owned by employees or third-party contractors). Endpoints can be on-premises or remote. And endpoints can include internet of things (IoT) devices. [ Download our editors’ PDF cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explained Why enterprises need cloud access security brokers (CASBs) What to look for in a cloud access security broker (CASB) tool Core cloud access security broker (CASB) services Leading cloud access security broker (CASB) vendors What to ask before cloud access security broker (CASB) tool Essential reading In a multicloud environment, each endpoint could connect to multiple cloud resources over the course of a single day — productivity apps (like Microsoft 365), SaaS apps (like Salesforce and Workday), collaboration apps (like Slack and Zoom), and cloud storage (like Amazon Web Services and Dropbox). Not to mention homegrown apps that have been migrated to the cloud, or apps that have been developed in the cloud (that is, cloud-native). CASBs sit between an organization’s endpoints and cloud resources, acting as a gateway that monitors everything that goes in or out, providing visibility into what users are doing in the cloud, enforcing access control policies, and looking out for security threats. Some vendors have begun incorporating additional features into core CASB functionality, such as data loss prevention (DLP), secure web gateway (SWG), cloud security posture management (CSPM), and user and entity behavior analytics (UEBA). However, it is important to note that CASBs are also a key component of a broader security strategy that goes by several names: Gartner calls that broader strategy Secure Service Edge (SSE), an integration of CASB, secure web gateway (SWG), and zero trust network access (ZTNA). According to Gartner, by 2026, 85% of organizations seeking to secure their web, SaaS, and private applications will obtain the security capabilities from a Security Service Edge (SSE) offering. The Gartner nomenclature has become the de facto standard. They and others have used a second acronym, Security Access Service Edge (SASE). IDC defines the category as network edge security as a service (NESaaS), with the same three core components: CASB, SWG, and ZTNA. “The network security market is in the process of a much-needed convergence trend. Security vendors have shifted from a focus on à la carte, individualized security services to a consolidated, cloud-delivered network security platform that treats individual services as optional modules,” IDC states. Why enterprises need cloud access security brokers (CASBs) The original use case for CASBs was to address shadow IT. When security execs deployed their first CASB tools, they were surprised to discover how many employees had their own personal cloud storage accounts, where they squirreled away corporate data. CASB tools can help security teams discover and monitor unauthorized or unmanaged cloud services being used by employees. This has grown to also include shadow AI services, as more enterprise users pick various machine learning models and use personal accounts to access public-facing generative AI tools. Today, CASBs encompass a variety of other use cases: Data protection: The COVID-19 pandemic drove employees to remote work and applications to the cloud, where they could be more easily accessed. The pandemic has passed, and many employees have returned to the office, but those applications and that data are still in the cloud. Organizations must protect sensitive data as it moves across a hybrid cloud environment. Today’s CASB often integrates DLP functionality. Compliance: Data privacy regulations continue to tighten. CASBs are an important tool in an organization’s overall regulatory compliance framework, enforcing data privacy policies. Remote workforce: Regardless of the location of employees, CASBs allow enterprises to implement more consistent security standards and secure remote access to cloud resources. Threat detection: CASBs can detect malicious activity, intrusion attempts, ransomware, and other types of security events. CASB tools can generate real-time alerts to enable quick response by security teams and feed these alerts into other security platforms to mitigate and resolve them. What to look for in a cloud access security brokers (CASB) tool From a purely functional perspective, there are four key features of a CASB tool: Visibility: CASBs provide comprehensive visibility into cloud usage, user activities, and data flows. Control: CASBs offer granular control over user permissions and data access. Data protection: CASB solutions provide data protection capabilities to safeguard sensitive information across multiple cloud services. Compliance: CASB tools help maintain compliance with data privacy regulations. Beyond those core features, organizations need to make sure the CASB tool well integrates with existing cloud services, applications, and security infrastructure. There are three deployment modes: forward proxy, reverse proxy and API-based. Most experts say that API-based CASBs provide better functionality, but organizations need to make sure that the vendor’s list of application programming interface (API) connections matches up with the organization’s inventory of cloud apps. Core CASB services Take note about the use or requirements for deploying various agents with each product. This is where the CASB vendors often place their secret sauce, which could be an issue depending on how agent-friendly or agent-adverse your IT department is. For example, Skyhigh uses a single agent that functions across all three operational modes. Some of the other CASBs have multiple agents — such as for specific functional areas like antivirus, DLP, or VPN — that can get messy, not to mention tough to deal with unmanaged endpoints such as personal mobile phones and embedded devices such as internet of things controllers. The following three basic services that all CASBs offer are at the core of what CASBs do and why you would buy one: Monitor and control your most sensitive data flows: CASBs were originally designed to stem the tide of shadow IT products and to control and make SaaS applications more secure. Now they have broadened their use and can fit into a variety of situations, including operating across multiple cloud providers and mixing SaaS, mobile, and on-premises applications, too. Apply uniform DLP policies across all servers and apps: As your data appetite increases, you need better ways to ensure that you aren’t leaking customer- and business-sensitive information, either through a malicious insider or inadvertently through a bad combination of security loopholes. While DLP products have been around for years, having DLP-like features in your CASB can be a nice way to track these potential weak spots, especially as more of your data moves into the cloud and is accessed by unmanaged mobile devices. Manage cloud-native encryption keys: Ideally, your CASB should automatically keep track of your encryption needs and keys so you don’t have to do this manually, and so you can encrypt more of your data. Some CASB tools are better at some things than others. For example: Bitglass has an Ajax virtual machine-like layer that handles near-real-time DLP on unmanaged devices. The only caveat is that these devices have to access data through their browsers. Some CASBs, such as Fortra, has field-level encryption on some SaaS structured data services, which can be a handy mechanism for protecting sensitive information. Beyond these basics, all CASBs offer the potential to operate in one (or more) of three different modes: Forward proxy, usually deployed with endpoint agents or VPN clients. Reverse proxy, which doesn’t require agents and can work better for unmanaged devices. API control, which provides visibility into data already stored in cloud repositories or data that is used in a cloud process that never enters a corporate network. Feature sets across CASB operational modes vary Part of the CASB evaluation challenge is understanding how the feature set extends to each operational mode if indeed the product operates in more than one mode. Broadcom’s Symantec CASB, for example, has reverse proxies just for Microsoft 365 and no other application. Meanwhile, Cisco Systems and Palo Alto Networks both offer API-only CASB products. Such differences mean you need to understand the types of protection and not just which apps are supported but how they are supported, and what is the exact API portfolio that is covered by each product. You really need the API support if you want to get granular with your CASB protection to understand the state of your public cloud security exposure and to stop any cloud-based malware too. API deployments also can trap cloud-to-cloud activities and to retrospectively inspect archived traffic flows. You will also need some level of proxying to handle application gateways and for implementing specific security policies. It pays to read the fine print and develop an appropriate test plan that will reveal the relevant features for each vendors’ product. Nice-to-have sets of CASB features: Conduct continuous risk assessments and compliance audits on demand: A CASB can show in a single place where a corporation has the most risk and summarizes issues that a security team can quickly focus on for suspicious behavior that other products couldn’t easily do. Forcepoint, Netskope, and Proofpoint all have nice risk summary dashboards that you can customize to display the things you need to understand how your environment is behaving and what needs immediate attention. Apply uniform adaptive authentication policies across all logins, servers, and apps: This should include read-only access (Gartner suggests this would be a good situation for unsanctioned SaaS services that are nonetheless needed), step-up authentication, and more granular access rights management. Identity management and single sign-on (SSO) tools are the usual go-to reasons for these sorts of tasks, and one important trend is that more CASBs are integrating with traditional SSO products. The trick is to understand that the typical level of integration happens (usually) in reverse proxy mode only, and the SSO authentication is only passed to the CASB at the initial application login moment. This means that if you want a more complete adaptive authentication to trap when more risky behavior happens, you will probably have to stick with your dedicated SSO product. As you can see, CASBs touch a lot of different existing security products across your enterprise. The challenge for successful integration is being able to understand these interactions and ensure that you overall security profile is enhanced rather than degraded with their use. Leading cloud access security broker (CASB) vendors The list of leading CASB vendors (in alphabetical order) includes pure-play companies as well as traditional security vendors that have added CASB capabilities to their portfolios either by acquisition or through internal development. Most vendors would not share their pricing details, but we have found approximate clues on AWS and Azure marketplaces where we could. Cloudflare CASB is an add-on to their One SASE platform, using the same overall agent. There is a free version for under 50 users which allows two SaaS components, and prices start at $7/user/month above that level, with custom pricing for larger installations. The CASB product is now four years old and integrates with visibility and control of various AI services such as ChatGPT and Google Gemini. It doesn’t support reverse proxies, includes DLP and integrates with the risk scores and metadata sources available with Microsoft’s cloud services, such as with protecting Office 365 documents and emails. Cisco Cloudlock:Cisco Systems has had a CASB since it acquired Cloudlock back in 2016. Cisco Cloudlock is a cloud-native CASB that protects users, data, and apps with an automated approach that uses APIs to manage the risks in the cloud app ecosystem. It integrates with Cisco’s SSE platform for its protective policies and a uniform dashboard. Cloudlock uses advanced machine learning algorithms to detect anomalies. It also provides DLP functionality and targets shadow IT with policy-based controls that can block dangerous activities, depending on permissions and risk levels. It uses machine learning to produce risk scores for more than 1,300 applications along with having tools to manage AI supply chains. Forcepoint ONE CASB: Forcepoint bought Bitglass in 2021, one of the original standalone CASB vendors and a leader in Gartner’s Magic Quadrant for CASB. Forcepoint has integrated Bitglass technology with its own DLP capabilities to provide an SSE solution. Forcepoint excels in monitoring and reporting on shadow IT, and its user analytics feature is popular. The software also supports a zero-trust architecture, providing device and user authentication. Pricing is $120 per user per year on AWS Marketplace. Fortra’s CASBis the result of acquiringendpoint protection vendor Lookout who previously acquired CASB innovator CipherCloud. Fortra now has a solid SSE platform that covers zero trust access controls, advanced DLP capabilities to automate the data discovery process, and supports a range of purpose-built integrations that covers identity access management and security orchestration, among others. It can provide visibility across managed and unmanaged cloud-based applications, users, endpoints, and data. Netskope CASB: One of the original pure-play CASB vendors, Netskope is a leader in CASBs as well as SSE. According to Forrester Research, Netskope has shown innovation across its technology stack, including significant investments in an impressive new private global network, artificial intelligence and generative AI security. Netskope merged SWG functionality into its CASB tool and sells separate in-line and API versions each for $35,000 per year for 100 users on AWS Marketplace. Palo Alto Networks Prisma CASB. Palo Alto Networks touts its CASB as being “next-generation,” based on the proposition that it’s less a standalone product and more of a range of integrated solutions such as inline security, SSPM, and enterprise DLP. The Palo Alto Networks CASB is designed to secure apps and data across cloud and hybrid workforce environments, protects data in transit between users and SaaS providers, facilities regulatory compliance and minimizes risks from shadow IT. Proofpoint’s CASB is focused on extending DLP and threat protection from email to cloud apps. Proofpoint takes a people-centric approach; it provides granular visibility into who creates sensitive data and who owns, downloads, uploads, shares and edits that data. It identifies users who have been successfully phished, and those who have been attacked the most by hackers. Skyhigh Security CASB supports all deployment modes and enables real-time control over user access to sanctioned and unsanctioned cloud services. Skyhigh (a unit of Indian IT tech provider Musarubra that also owns Trellix) focuses on providing comprehensive multimode coverage that feeds security events into a machine learning system to provide sophisticated event correlation, helping security teams to focus on real threats rather than false alarms. CASB is just part of its overall SSE platform which integrates across SWG, ZTNA, DSPM and DLP, along with remote browser isolation. Protective policies are developed platform-wide and include management of AI usage and prevention of shadow AI and crafting user risk scores from all these metrics. Pricing is based on per protected service per user per year, the unlimited services is $88/user/year, with extra charges for shadow services. Symantec, a division of Broadcom, offers its CloudSOC CASB to monitor and control the use of sanctioned SaaS apps through extensive API integrations and in-line traffic analysis. The Symantec CASB provides full visibility and automatic detection of high-risk users, compromised accounts, and malicious insiders. Individualized behavioral-based user threat scores allow fast identification of risky user accounts. The tool automates the classification regulated data flowing in and out of apps, and it enforces controls that align with corporate policies. The tool includes DLP functionality and CSPM. Versa’s CASB is part of its One Universal SSE Platform that contains a unified dashboard and policy rule set for a variety of security services, including DLP, ZTNA, applications firewall, analytics and reporting. All its modules were entirely developed in-house, include various AI-based tools, and it supports all three modes of operation. Users can create protective policies using natural language queries of its embedded AI, as well as explore alerts and remediations. Zscaler CASB offers inline, real-time capabilities and out-of-band scanning functionality to protect data, block threats, provide visibility, and assure compliance. Key features include agentless cloud browser isolation to secure BYOD and third-party devices where software installations are infeasible, advanced threat protection to stop malware from reaching cloud resources in real time, cloud sandboxing to detect new ransomware and other zero-day infections, shadow IT discovery to automatically identify unsanctioned apps used by employees and create a risk score for each. It uses AI to classify and detect data leaks and will have additional AI-based tools in early 2026. What to ask before buying a CASB tool Buying a CASB tool can be complex. There’s a laundry list of possible features that fall within the broad CASB definition (DLP, SWG, etc.) And CASB tools themselves are part of a larger trend toward SSE and SASE platforms that include features such as ZTNA or SD-WAN. Enterprises need to identify their specific pain points — whether that’s regulatory compliance or shadow IT — and select a vendor that meets their immediate needs and can also grow with the enterprise over time. Here are the key questions to ask yourself before buying a CASB tool: Do I have a good handle on what cloud services my users are accessing, including employees, contractors, and other third-parties? Do I have a solid data classification system in place, so that I know what types of data are sensitive or mission critical? Do I have policies in place for access control across both on-prem and cloud environments, including SaaS applications? Do I have clear objectives? What are my priorities when shopping for a CASB? How will a CASB tool integrate with my existing security infrastructure such as firewalls, endpoint protection and web gateways. Examine how it will protect my entire applications’ estate, including custom-written apps. What happens as I migrate apps from on-premises to the cloud or in reverse? Do I get DLP and SWG as part of the CASB, or are those additional modules? How will the purchase of a CASB tool play into my broader security roadmap that might include the adoption of SSE or SASE? What is the initial cost, as well as the longer-term total cost of ownership? Do I have the budget for a new tool? Can your product scale as my company grows? Does your product cover all the geographic regions where I operate? Do I have the inhouse staff to deploy and manage the tool on-premises, or should I take the cloud-based, managed service route? Essential reading How do you secure the cloud? New data points a way What is SASE? A cloud service that marries SD-WAN with security View the full article

A US Securities and Exchange Commission committee has recommended a new rule that would mandate companies to analyze and report all AI efforts — including decisions to not use AI for some purposes. Attorneys who have studied the proposal note that the AI rule — just like the SEC’s cybersecurity rule from about two years ago — won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of the SEC some 90 years ago, anything material has always required disclosure. But they theorize that the SEC committee believes that many public-company boards and their senior executives don’t fully understand the scope and potential impact of their various AI efforts. The new rule would force those executives to create committees and to formally review all AI decisions, potentially unearthing material issues that would otherwise not have occurred to those executives. Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, argues that this extra focus could make a significant difference for many enterprises. “It will help focus people. It puts it in front of everyone who needs to be thinking about AI,” Levine said. As for requiring companies to examine and disclose where they are either not using or where they might be underinvesting compared to rivals, Levine said that could help executives understand “that there is a risk that our implementation of AI may not keep up with stakeholders and competitors.” The proposed rule comes from the SEC Investor Advisory Committee (IAC) and was discussed during the Dec. 4 IAC meeting. Companies can write their own definitions of AI Another controversial aspect of the proposed rule is that it fails to define AI, instead instructing companies to write their own definitions. Some legal experts have suggested that the committee didn’t literally want companies to evaluate all uses of AI, given that the technology dates back to the 1950s and exists in some form in just about every piece of software that businesses use. They more likely intended for such evaluations to focus on relatively recent AI popularizations, especially generative AI and agentic AI. Under the proposed rule, companies would “self-define what they mean by artificial intelligence and then rely on that definition throughout its disclosures in describing AI-related risks, their AI deployment strategy if any and capital expenses and R&D expenditures related to the implementation and deployment of AI, amongst other material information.” Monica Washington Rothbaum, a senior attorney with J&Y Law, said that it would be “risky for a company to define AI differently” because it makes “apple to apple” investor comparisons difficult if not impossible. “Requiring companies to disclose AI-related risks is a smart move. But letting each company define AI however they see fit is a loophole waiting to be exploited. Without a consistent baseline, you risk turning disclosures into PR spin rather than meaningful accountability,” Rothbaum said. But Rothbaum does find value in forcing companies to disclose where management has opted to not use AI or to use it less than they might have otherwise. “Under-disclosing material risks like reliance on flawed AI models can expose companies to liability when things go wrong. Failing to invest in AI responsibly could also lead to competitive disadvantages that shareholders deserve to know about,” Rothbaum said. “This isn’t theoretical. AI is already shaping the way we look at hiring, customer service, and security. These are core operations that can affect a company’s value. If you can’t clearly explain how your AI decisions are made and who’s accountable for making them, then you’re already behind. Transparency like that has to be the cost of doing business today.” Braden Perry, a litigation, regulatory, and government investigations attorney with law firm Kennyhertz Perry, is not a fan of the proposed rule because he sees it unlikely to help investors make decisions. Asked the probability that such a rule would deliver useful information to investors and potential investors, Perry said, “None. In terms of an overall understanding from a shareholder, there will likely be zero usable information.” Will filing reveal anything useful? This concern is partly based on the many SEC cybersecurity filings that have used boilerplate language — and use SEC exemptions to reveal nothing specific. According to Perry, the key part of the AI definition portion is that the definition — once used — has to be used consistently throughout all filings. “Adopt a clear, enterprise-wide definition of AI and use it consistently across SEC filings, internal policies, and marketing, so you do not redefine the term to suit the story you want to tell in a given quarter,” Perry said. “The IAC recommendation explicitly contemplates requiring issuers to define what they mean by AI, in part because inconsistent definitions are already making disclosures hard for investors to compare. Allowing companies to define AI themselves is a double-edged sword, since it can either promote honest, business-specific clarity or invite opportunistic word games.” Some attorneys suggested that companies should be careful about AI phrasing or face potential actions from the SEC and the US Federal Trade Commission (FTC). “Be very cautious about AI marketing. The SEC has already shown, through its AI washing enforcement actions, that it is willing to charge firms that exaggerate their AI capabilities or mislead investors about how embedded AI is in their products and processes,” Perry said. “A disclosure regime that asks companies to explain where AI is used, how it is governed, and how it affects operations will only make it easier for the SEC to test whether those claims are real.” Lexi Reese, CEO of AI vendor Lanai, also expressed concern about allowing companies to write their own AI definitions. “Giving companies the freedom to define AI may reduce short-term compliance friction, but it creates exactly the kind of fragmented, incomparable disclosure environment that leaves investors guessing,” Reese said. “If one company calls an autonomous decision system AI and another calls the same thing a data-driven tool, their disclosures will look compliant while describing two different universes of risk.” AI specialist Rob Lee, chief of research for the cybersecurity training firm the SANS Institute, said the rule might prove helpful in raising board and C-level awareness about what companies are actually doing with AI. But as with the earlier SEC cybersecurity rule, Lee said he was unhappy that the rule includes “a massive number of get-out-of-jail-free cards. Who is going to actually disclose anything? What are they disclosing? They don’t even mention shadow IT. How do you track unsanctioned AI use in your company?” Not even all members of the IAC were happy with the rule’s phrasing. IAC member John Gulliver submitted an official dissent to the proposed rule, expressing particular concern with each company’s ability to write its own AI definition. “These definitions would likely change from year-to-year or quarter-to-quarter. I don’t see how this benefits investors,” Gulliver wrote. But he also said that he doubted the details required are realistic. The proposed rule would “require public companies to provide highly specific disclosures of how their use of AI impacts employees at their company and the company’s customers. It’s good that this is only required when the use of AI is financially material to the company. But unfortunately, I think this is an impossible task,” Gulliver wrote. “Does the SEC really have the AI expertise necessary to determine what these line-item disclosures should be? And how is a company supposed to know the precise impact of AI on hiring or their customers? There are many macroeconomic and industry-specific factors that affect jobs and customers. In my view, accurately isolating AI-specific impacts would be a difficult guessing game.” View the full article

DevOps Training in Hyderabad helps you get good computer jobs in India’s best tech city. Big companies like Microsoft, Google, Amazon, TCS, Infosys, Wipro, Accenture, and Deloitte have big offices in HITEC City, Gachibowli, and Madhapur. They need people who can make computer programs work fast and safe. This simple training teaches you to build programs, check them, send them to people, and watch them run good. It uses tools that all companies need every day.​ Why This Training is Good DevOps Training In Hyderabad teaches skills for jobs that pay 10 to 25 lakh rupees each year. You learn easy ways to do work without doing the same thing again and again. You find small problems before they make big trouble. You learn to work nicely with people who make programs and people who run computers. Numbers show 85 out of 100 students get job calls in 3 months. People with the training paper get 30% more money. The class is 20% talking and 80% doing real work like making online shops or bank apps. Right now Hyderabad has 200 or more DevOps jobs open in HITEC City.​ Send new work every day not every month Computer makers and runners work together good Get 30% more money with training paper What You Do Week by Week This training is 8 to 12 hours long over 2 to 4 easy weeks. Week 1 you learn Git to save all your work safe and Jira to make work lists like big companies do. Week 2 you learn Jenkins to make programs auto and Docker to put programs in safe little boxes. Week 3 you learn AWS to make cloud computers and Kubernetes to run many boxes together. Week 4 you learn Ansible to set up 100 computers at same time and do big projects. You make 3 real things: a shop program that sends fast, small programs on Kubernetes, and move everything to AWS cloud. You get a good paper and keep 200 videos, notes, and new things forever.​ Kind of ClassHoursMoneyGood ForWatch Videos12₹4,999Students and new peopleLive Online12₹24,999People with day jobsOne Teacher12₹59,999Learn fast peopleFor Offices2-3 daysAsk usGroups​ Make 3 real things yourself Get good paper from training Keep videos forever Tools You Learn to Use Training shows you how companies really work. Days 1-2 you practice Git ways to save work and Jira to list jobs. Days 3-5 you do Jenkins to send work auto, SonarQube to find 90% wrong things, Nexus to keep files safe like Netflix and NASA. Days 6-8 you use Docker to pack fast, Kubernetes to run many, Ansible for 100 computers together. Days 9-12 you set AWS computers and watch with Splunk or Datadog. You learn full way from idea to working program, Docker same on all, Kubernetes for big, AWS easy, Ansible no hands.​ Learn real company ways Stop 90% wrong things Use tools big companies like Good Jobs and True Stories Hyderabad has 2500 DevOps jobs now in big places and new shops. New workers get 5-10 lakh money, good workers 22-35 lakh. Trained people have 90% less trouble, work 5 times fast, save companies much money when computers stop. True stories: Ravi from Pune got 15 lakh job at Infosys in 45 days. Priya from Hyderabad got 22 lakh job at Deloitte in 3 months. New school people get 6-8 lakh at Swiggy or Zomato. You get job calls fast 85%, more money 30-50%, big companies call first, better jobs in 6-12 months.​ Job NameYears WorkMoney Per YearNeed To KnowNew Worker0-25-10 lakhDocker, Git, JenkinsNormal Worker3-512-20 lakhAWS, Kubernetes, watchOld Worker6+22-35 lakhMore cloud toolsBoss Worker8+30+ lakhLead people​ Get job calls fast More money quick Better jobs soon Your Kind Teacher Rajesh Kumar Rajesh Kumar is main teacher with 22 years work. He made work ways for 500 apps at Cotocus company. Saved 2 million dollars on AWS. Good at Kubernetes with paper. Worked IBM, Adobe, ServiceNow. Helped big companies Verizon and Nokia teach people. He tells simple for new people with 1000 true stories from 15 years help companies.​ Saved companies 2 million dollars Taught 15 thousand people Good Kubernetes teacher Why DevOpsSchool Good Place DevOpsSchool helped 8500 people get jobs. 4.8 out of 5 good mark on Google. Help 95% get jobs. Teachers know AWS 16 years. You get 200 videos, talk help any time, 500 jobs list, 1000 questions for jobs, help papers for tools, good paper templates for big companies.​ 8500 people have jobs now Very good mark 4.8/5 Keep everything forever Jobs Open in Hyderabad Now Microsoft has 25 jobs in Gachibowli. Google wants Kubernetes good people at Waverock. TCS Infosys take new people with Docker paper. Amazon gives 20 lakh plus for AWS work. 70% jobs let work from home.​ Microsoft 25 jobs now Amazon good money AWS Work from home many jobs Easy Way to Join Join in 5 minutes. Pick class money from 4999 to 59999 rupees. Write name and phone. Pay with phone money, card, or small parts. Get class right away. Weekend class for people with jobs.​ Start Good Computer Job DevOps Training In Hyderabad makes way for 15 lakh plus job money. Learn 12 tools, make 3 things, Rajesh Kumar helps 22 years. Join 8500 happy people. Talk to Us Now Email: [email protected] India Phone: +91 84094 92687 call or WhatsApp USA Phone: +1 (469) 756-6329 call or WhatsApp Website: DevOpsSchool View the full article

Übermäßig komplexe, unnötige oder unsinnige Sicherheitsmaßnahmen können Mitarbeiter nachhaltig frustrieren. Das schafft neue Risiken. Foto: vchal | shutterstock.com Je mehr Zwang besteht, Systeme und Daten zu schützen, desto besser ist es um die Security bestellt. So zumindest die Annahme einiger Unternehmen. Eine unzureichende User Experience ist in diesem Zusammenhang noch das geringste Übel. Im schlimmsten Fall werden übermäßig komplexe Sicherheitsmaßnahmen von den Mitarbeitern schlicht umgangen. Dabei ist es auch möglich, die Benutzerfreundlichkeit zu verbessern, ohne dafür die Security zu opfern. Im Folgenden haben wir die fünf häufigsten Fehler zusammengetragen, mit denen sich Unternehmen regelmäßig ins Security-Verderben bugsieren. Natürlich erfahren Sie bei dieser Gelegenheit auch, wie Sie es besser machen. 1. Security-Mindset vernachlässigen Wenn Ihre Mitarbeiter in Sachen Cybersecurity nicht mitziehen, wird es schwierig, Ihr Unternehmen abzusichern. Deswegen ist es essenziell, Ihre Belegschaft über die Risiken und die Lösungen, die diese beseitigen oder minimieren können, zu informieren. Das sollte auch keine Angelegenheit sein, die an IT- oder Security-Spezialisten “abgeschoben” wird, wie Yehudah Sunshine, Berater und Experte für Influencer-Marketing, unterstreicht: “Um ein effektives Bewusstsein für Cybersicherheit zu entwickeln, müssen Mitarbeiter entsprechend geschult werden. Dabei besteht die Herausforderung darin, mit Nicht-Experten so zu kommunizieren, dass sie das ‘Was’ und ‘Warum’ der Cybersicherheit verstehen.” Das erfordere einen klaren Fokus auf die Praxis, ohne dabei herablassend, manipulativ oder bestrafend zu wirken: “Es gilt, Ängste abzubauen. Die Mitarbeiter brauchen die Gewissheit, dass sie ehrlich über ihre Fehler kommunizieren können und nichts vertuschen müssen. Erst dann kommen sie in die Lage, dazu beizutragen, das Sicherheitsniveau ihres Unternehmens zu verbessern.” In diesem Zusammenhang ist für den Consultant zudem entscheidend, dass sämtliche Mitarbeiter mit an Bord sind: “Dazu gehört die Personalabteilung, das UX- und Technologie-Team. Wer an dieser Stelle spart, kann keine guten Ergebnisse erzielen.” 2. An IT-Sicherheit in Einheitsgröße glauben Um optimale Ergebnisse im Sinne der Cybersicherheit zu erzielen, gilt es, die richtige Balance zwischen Security und User-Komfort zu ermitteln. Das ist allerdings auch stark kontextabhängig, wie Sunshine verdeutlicht: “Bei Mitarbeitern in Regierungsbehörden wird beispielsweise in der Regel ein strengerer Maßstab angelegt als bei der Belegschaft eines Fast-Food-Restaurants.” Die Sicherheitsanforderungen einer Regierungsinstitution auf einen Schnellrestaurant-Betrieb anzuwenden, führt dagegen lediglich zu unnötigen Reibungsverlusten. Dahinter steht der grundlegende Fehler in vielen Security-Protokollen, allen Benutzern sämtliche Sicherheitsmaßnahmen aufzuerlegen – statt zwischen verschiedenen Usern und Bedürfnissen zu differenzieren. Joseph Steinberg, Autor von “Cybersecurity for Dummies“, bringt das Problem auf den Punkt: “Wenn man jede Aktion so behandelt, als ob sie zusätzliche Sicherheitsmaßnahmen erfordert, sinkt die Wahrscheinlichkeit, dass Anzeichen für echte Bedrohungen erkannt werden – und damit das Schutzniveau.” Er fügt hinzu: “Wenn das Risiko gering und das Vertrauen hoch ist, besteht keine Notwendigkeit, eine zusätzliche Sicherheitsebene hinzuzufügen. Das ist nur dann erforderlich, wenn das Risiko aufgrund der Art der Transaktion oder mangelnden Vertrauens höher ist.” 3. Komplexität mit mehr Sicherheit verwechseln Eine Mindestzeichenzahl, Groß und Kleinbuchstaben, Sonderzeichen, regelmäßige Passwort-Änderungen: Viele Unternehmen legen bei der Account-Erstellung strenge Maßstäbe an. Das Mehr an Komplexität beruht auf der Überzeugung, dass es für Angreifer mit steigender Variablen- oder Zeichenfolge zunehmend schwieriger wird, Passwörter zu knacken. Das stimme zwar in der Theorie, weiß Sicherheitsexperte Steinberg, in der Praxis sehe das allerdings anders aus: “Weil Menschen gerne in Muster verfallen, folgen auch die meisten Passwörter vorhersehbaren Mustern: Sie beginnen meist mit einem Großbuchstaben und enden oft mit einer Zahl, an die gegebenenfalls noch ein Sonderzeichen angehängt wird.” Dazu komme noch das Problem, dass die Komplexität selbst ein Security-Problem aufwerfen kann. Weil es schwierig sei, sich lange und komplexe Kennwörter zu merken, würden diese häufig auf Papierzetteln notiert oder im Browser gespeichert. Ein Unding, findet auch Softwareexpertin April McBroom und legt eine bessere Option nahe: “Nutzen Sie stattdessen einen Passwort-Manager. Sie könnten Passwörter auch durch Passcodes ersetzen – etwa mit Hilfe von Push-Benachrichtigungen oder einer Authentifizierungs-App.” 4. Auf Sicherheitsfragen verlassen Sicherheitsfragen sind auf dem Papier zunächst ein gutes Konzept. Wen Sie allerdings schon einmal solche Fragen unabsichtlich falsch beantwortet haben und anschließend aus Ihrem Account ausgesperrt waren, wissen Sie um die Frustration, die das mit sich bringt. Anstelle herkömmlicher Sicherheitsfragen empfiehlt Autor Steinberg, auf wissensbasierte Fragen mit einigen Abstufungen zu setzen, um kriminellen Hackern ihr Wirken zu erschweren: “Wenn jemand eine Schwester namens Mary hat, würde ich zu einer Multiple-Choice-Frage wie ‘Welche der folgenden Straßen verbinden Sie mit Mary?’ raten.” 5. Biometrie-Wunder erwarten Wenn von einer passwortlosen Zukunft die Rede ist, denken nicht wenige Menschen an biometrische Sicherheitsmaßnahmen wie Fingerabdruck-, Gesichts- oder Irisscans. Selbst wenn diese Maßnahmen wie vorgesehen funktionieren, sieht Steinberg zwei wesentliche Nachteile: “Zum einen könnten Kriminelle relativ leicht die Fingerabdrücke von berechtigten Personen abnehmen, um sich Zugang zu verschaffen – ein Vorgehen, dass bei Passwörtern nicht möglich ist. Zum anderen können etwa Fingerabdrücke nicht so einfach zurückgesetzt werden, wie das bei Kennwörtern der Fall ist.” Sinnvoller wäre es nach Meinung des Experten, auch im Bereich der biometrischen Security den jeweiligen Kontext mit einzubeziehen- Stichwort “Behavioral Biometrics“: “Die Verhaltensbiometrie beruht etwa darauf, wie schnell ein bestimmter Nutzer die für ein Passwort verwendeten Tasten drückt. Solche unsichtbaren biometrischen Daten sind der bessere Ansatz.” Es sei ein allgemeiner Fehler in Sachen Benutzererfahrung, so Steinberg weiter, davon auszugehen, dass es bei Security ausschließlich um Dinge geht, die sichtbar sind: “Je weniger der Benutzer sehen muss, desto besser. Das ist der Schlüssel, um negative Auswirkungen auf die User Experience zu minimieren.” (fm) Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. Jetzt CSO-Newsletter sichern View the full article

Threat actors aren’t wasting time taking advantage of newly-revealed vulnerabilities in Fortinet device authentication. Researchers at Arctic Wolf said they are seeing malicious single sign on (SSO) attempts trying to leverage the holes in FortiGate next generation firewalls since Fortinet alerted admins about the vulnerabilities on December 9. “We have seen tens of intrusions since December 12, 2025,” a spokesperson for Arctic Wolf Labs told CSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against large swaths of devices at once.” Arctic Wolf’s advisory says admins who see malicious activity in their logs should assume that hashed firewall credentials stored in the exfiltrated configurations have been compromised, and reset those credentials “as soon as possible.” On Tuesday, the US Cybersecurity and Infrastructure Security Agency added one of the vulnerabilities, CVE-2025-59718, to its Known Exploited Vulnerabilities (KEV) catalog. If a flaw is listed in the catalog, federal civilian executive branch agencies have to immediately remediate the affected product or service. CISA says that any listing should also be seen by private sector IT departments as a warning to prioritize their own remediation or patching. Among other things, hackers exploiting the vulnerabilities could access Fortinet device configuration files to accelerate a breach of security controls. The authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are in the Fortinet FortiOS operating system that runs FortiWeb, FortiProxy and FortiSwitchManager devices. If exploited, they may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication, if that feature is enabled on the device. For some admins, it may have been unknowingly turned on; when administrators register devices using the FortiCare product support portal, FortiCloud SSO is automatically enabled unless they disable the “Allow administrative login using FortiCloud SSO” setting on the registration page. To prevent being affected by this vulnerability, admins should turn off the FortiCloud login feature, if enabled, then upgrade software to the latest version before re-enabling the function. Fortinet acted quickly to patch the authentication bypass vulnerabilities, said Piyush Sharma, CEO of Tuskira, a vulnerability platform provider. “However,” he added, “the speed at which threat actors exploit newly discovered flaws continues to outpace traditional patch cycles, underscoring the critical need for agentic AI systems that provide continuous, real-time exposure management and autonomous threat response.” He noted that any configuration files that have been exfiltrated could allow hackers to map network architecture and identify vulnerable interfaces and points of failure to be used in targeted attack campaigns or exploitation, and weak passwords could be cracked offline and allow attackers to pass as legitimate users and move laterally across networks. “The combination of this information sets the stage for potentially dangerous and highly precise cyberattacks, which could lead to data theft or even total network compromise,” he warned. Vulnerable organizations that haven’t implemented Fortinet’s released patches should do so immediately, he said. As well, all organizations should practice credential rotation and implement principles of least privilege to prevent data from being unnecessarily leaked, he added. Beyond following Fortinet’s advice on upgrading its device software, Arctic Wolf also urges admins to follow the manufacturer’s best practices for hardening its devices. View the full article

There has been a whirlwind of rumors over the last few days, sourced from leaked internal software designed for the iPhone and the Mac, and news sites like The Information. Below, we have a quick recap of everything we've heard this week, which serves as a guide to Apple's product plans in 2026 and beyond. We've organized the info by likely release date, though there are some products that we don't have a timeline for. Keep in mind that the list features only rumors that we've heard over the last couple of days, so it's not a complete feature overview for each device. Early/Spring 2026 iPhone 17e (V159) - The ‌iPhone‌ 17e will use Apple's C1X modem instead of the C1, and it will include MagSafe support, which was missing from the iPhone 16e. It may not include an N1 wireless chip. AirTag 2 (B589) - Likely coming in early 2026. Expected to feature improved pairing, more detailed battery level reporting, and improvements to tracking AirTags that are moving and in crowded places. Home hub (J490 and J491) - Apple's home hub is expected to launch in spring 2026, around when iOS 26.4 comes out. Recent rumors suggest it will have a 1080p video camera, Face ID for authentication and to identify different people, profile switching, and support for Apple Intelligence. There are two models, one that's wall mounted and another that has a HomePod-like speaker base. HomePod mini 2 (B525) - A new HomePod mini is ready to launch at any time, so it could come in spring or even earlier in the year. It won't have Apple's N1 networking chip. Apple TV (J355) - A new Apple TV is reportedly ready to go, and it makes the most sense for it to launch alongside other home products slated for the early 2026 timeframe. Unknown home accessory (J229) - We don't know what this is, but it could be a camera, or standalone speaker base that can be added to the wall-mounted home hub after purchase. It could also be something else entirely. There are mentions of sensors in the code for this accessory. iPad 12 (J581 and J582) - The latest information suggests the iPad 12 will use Apple's A19 chip, which is the same chip that's in the iPhone 17. It's an unusual choice because iPads usually get older, more affordable chips. It isn't expected to include the N1 networking chip. It's expected early in 2026. M4 iPad Air (J707, J708, J737, J738) - 11-inch and 13-inch iPad Air models with M4 chips are rumored to be launching in early 2026. No major changes are expected except for the chip update. Low-Cost MacBook (J700) - Apple is working on a MacBook with the A18 Pro chip, and it's expected to launch early in 2026. It will be positioned as Apple's most affordable MacBook, competing with Chromebooks and cheaper Windows laptops. M5 MacBook Air (J813 and J815) - The MacBook Air is going to get updated with M5 chips as soon as early 2026. No other major changes are rumored. M5 Pro/Max MacBook Pro (J714c, J714s, J716c, J716s) - M5 Pro and M5 Max MacBook Pro models are coming soon. They might get a refresh early in 2026, because there are still rumors of another ‌MacBook Pro‌ refresh later in the year. September 2026 Foldable iPhone (V68) - The foldable ‌iPhone‌ will open book style, and will be wider than it is tall. It will look like a small iPad. When open, the display will be around 7.7 inches, and when closed, it will be around 5.3 inches. There will be a single front-facing camera in the top left, and no Dynamic Island. Display sizes could ultimately change, and Apple is reportedly seeing a high failure rate in current display production. iPhone 18 Pro and Pro Max (V63 and V64) - The TrueDepth camera system for ‌Face ID‌ will be under the display, eliminating the ‌Dynamic Island‌. There will be a cutout for the front-facing camera at the top left of the display. At least one rear camera will have a variable aperture that lets users control the amount of light that enters the lens. Overall design will be similar to the iPhone 17 Pro models. The A20 TSMC chip will support Wafer-Level Multi-Chip Module packaging for speed improvements that could bolster AI features and on-device processing capabilities. The iPhone 18 Pro models could have either a C1X modem or a C2 modem. iPad mini 8 (J510 and J511) - The iPad mini 8 could get OLED display technology and the A20 Pro chip, which is the same chip that's slated for the ‌iPhone 18‌ Pro models. That would suggest a fall launch alongside the ‌iPhone 18‌ Pro. There have also been rumors that it will use the A19 Pro that's in the ‌iPhone 17 Pro‌, and if that's the case, it could come earlier. Apple Watch Series 12 (N237 and N238) - The Apple Watch Series 12 is expected in September 2026. No major changes are rumored so far. Unknown Timing, But Likely 2026 Apple Studio Display 2 (J427 and J527) - There are two Apple displays in the works, that are expected to be followups to the Studio Display. These are likely to launch alongside new M5 Mac desktop machines. The two models could be different sizes or different display technology, as there are mini-LED rumors for the next-gen model. M5/M5 Pro Mac mini (J873g and J873s) - The Mac mini is going to get M5 and M5 Pro chips, but timing is unclear. It could be refreshed early in 2026, or it might come later alongside other desktop Mac updates. M5 Max/Ultra Mac Studio (J775c and J775d) - The Mac Studio will use the M5 Max and M5 Ultra chips, and it will likely be refreshed later in 2026 rather than earlier. iMac Pro (J833c) - Apple is working on a high-end iMac with an M5 Max chip, which suggests it will launch alongside other M5 Max models sometime in 2026. Prior rumors have suggested the device could have a display around 30 inches in size. M6 MacBook Pro (J804) - The entry-level ‌MacBook Pro‌ could be updated with an M6 chip toward the end of 2026. M6 Pro/Max MacBook Pro (K114c, K114s, K116c, K116s) - The M6 Pro and M6 Max ‌MacBook Pro‌ models will feature a major redesign with OLED display technology. So far, rumors suggest this could happen as soon as late 2026, though that would mean two ‌MacBook Pro‌ refreshes in 2026. It's not unheard of, but Apple might also opt to hold this update until early 2027. Apple Watch Ultra 4 (N240) - Apple is working on a fourth-generation version of the Apple Watch Ultra. It could come in September 2026 alongside the Series 12, but Apple doesn't update the Apple Watch Ultra on an annual basis. 2027 iPhone 18 - The ‌iPhone 18‌ will not launch in fall 2026 as expected, and will instead come in spring 2027. It will be an incremental update, and Apple may remove haptic feedback and touch sensing from the Camera Control button (it could also be removed from the 18 Pro models). iPhone 18e - Also slated for spring 2027, the ‌iPhone‌ 18e could launch alongside the ‌iPhone 18‌. It is expected to feature few changes. iPhone Air 2 (V62) - There is no second-generation iPhone Air planned for fall 2026 because Apple has delayed it. It could instead come in spring 2027. Apple is reportedly looking at adding a second camera to make the device more appealing to consumers. The next ‌iPhone Air‌ might also be more affordable. 20th Anniversary iPhone - The 2027 ‌iPhone‌ will have an "enclosure on the front and back that curves around the device edges," which allows for a bigger screen with no bezels. The Information says that it is not sure if the display itself will curve around the edges, but instead of a full metal frame, it has a "narrow metal band running around the midpoint of the device's edge. The selfie camera will move under the display, and it will be the first ‌iPhone‌ with no display cutouts at all. The 20th anniversary ‌iPhone‌ will launch in September 2027. Tabletop robot (J595) - Apple's tabletop robot with a thin robotic arm and swivel base is expected to be a more powerful version of the home hub. It's rumored to be launching sometime in 2027. AI smart glasses (N50/N401) - Apple paused work on all of its AR/VR headsets to focus instead on AI smart glasses that will compete with the Meta Ray-Bans. The AI smart glasses are expected in 2027, but it's possible Apple will unveil them in late 2026. N50 was the original codename, but Apple is now using N401. N401 covers the AI smart glasses, and a separate set of augmented reality glasses. Delayed or Canceled Foldable iPad - Apple planned a foldable ‌iPad‌ for release in 2026, but delayed the project and redirected resources to the foldable ‌iPhone‌ to ensure that device launches on time. Vision Air (N100) - The N100 is a lighter and cheaper version of the Vision Pro. It was originally rumored for 2027, but Apple has paused work on headsets to focus on AI smart glasses. AR glasses prototype (N421) - N421 is a prototype set of AR glasses, but Apple apparently canceled work on this product for now. AR glasses are still Apple's ultimate plan. Mac-connected AR glasses (N107) - Apple was working on AR glasses that would connect to a Mac to use the Mac's processor, but the project was scrapped. Cheaper Vision Pro (N109) - Apple was developing a second-generation Vision Pro that's more affordable, and it was a product distinct from the Vision Air. Work is currently paused. Unknown Products There are some codenames that were in Apple's leaked information that aren't associated with a known product as of yet. N110 - N110 is close to N109 and other N-series numbers Apple has used for its AR/VR headsets, so this could be a wearable. N209 - N2 numbers have previously been associated with the Apple Watch. N216 - N2 numbers have previously been associated with the Apple Watch. J349 - Possibly a Mac that was scrapped, but could also be an ‌Apple TV‌ or some kind of home device. J190 - The Mac Pro is J180, so this could be another ‌Mac Pro‌, but it's unclear. J226 - J226 is close to J229, the codename for an unknown home device, so it could be some kind of home-related accessory. Codename Key For Apple's internal codenames that it uses for Macs, the letter at the end of the number has significance. G - Base model M-series chip S - Pro version of the M-series chip C - Max version of the M-series chip D - Ultra version of the M-series chip Caveats Some of this information was pulled from an internal version of iOS 26 that Apple was working on around the late May 2025 timeline, while other information comes from internal kernel debug kit files that Apple accidentally leaked earlier this year. Apple's plans can always change. Devices can be scrapped, features can be removed, and launches can be pushed back. That's especially true of rumors about products coming in late 2026 or 2027, because production plans haven't been finalized. Read More We keep an upcoming products Apple guide that gets regular updates when new timeline information is made available. It's a good resource to bookmark and reference throughout the year to keep tabs on what Apple has planned. We have even more rumors about Apple's products in our device roundups and guides, which are also updated regularly. This article, "Apple's 2026 and 2027 Product Roadmap: Foldable iPhone, iPhone 18 Pro, M5 Macs, and More" first appeared on MacRumors.com Discuss this article in our forums View the full article

The Trump administration is pressuring the European Union to cut down on regulations that impact tech companies like Google, Apple, Amazon, and Meta. The Office of the United States Trade Representative today posted a message to the European Union on social media, threatening retaliation if the EU continues to target U.S. companies. The post says the U.S. will implement fees and restrictions on foreign services, and it specifically names European companies like Accenture, DHL, Mistral, SAP, Spotify, and Siemens. The European Union and certain EU Member States have persisted in a continuing course of discriminatory and harassing lawsuits, taxes, fines, and directives against U.S. service providers. U.S. services companies provide substantial free services to EU citizens and reliable enterprise services to EU companies, and they support millions of jobs and more than $100 billion in direct investment in Europe. The United States has raised concerns with the EU for years on these matters without meaningful engagement or basic acknowledgement of U.S. concerns. If the EU and EU Member States insist on continuing to restrict, limit, and deter the competitiveness of U.S. service providers through discriminatory means, the United States will have no choice but to begin using every tool at its disposal to counter these unreasonable measures. Should responsive measures be necessary, U.S. law permits the assessment of fees or restrictions on foreign services, among other actions. The United States will take a similar approach to other countries that pursue an EU-style strategy in this area. The EU's Digital Markets Act (DMA) and Digital Services Act (DSA) have forced Apple and other tech companies to make major changes to their services in the European Union, and several companies have faced fines. Earlier this year, Apple was fined 500 million euros and Meta was fined 200 million euros. Just this month, social network X was fined 120 million euros for DSA violations, and in September, Google was fined 2.95 billion euros for antitrust violations related to its adtech business. Separately, the U.S. House Judiciary Committee held a hearing today on the threat that "discriminatory foreign regulations" modeled after the Digital Markets Act pose to American innovation and competition. Witnesses included Competere Ltd. CEO Shanker Singham, Notre Dame Law professor Roger Alford, George Washington Competition and Innovation Lab Founding Director Aurelien Portuese, and Dirk Auer, Director of Competition Policy for the International Center for Law and Economics. During the hearing, Representative Scott Fitzgerald said the DMA isn't aimed at protecting consumers, but hobbling American companies. The DMA does not ask whether consumers have been harmed. It does not even ask whether a business has done anything wrong. It asks whether a company is large, successful, and, most importantly, American. If the answer is yes, the rules suddenly change. Common business practices are banned, innovation is treated as a threat, and foreign rivals are handed access to data and technology they could never build or earn on their own. That is not competition policy. That's forced redistribution. The Computer and Communications Industry Association said the DMA is discriminatory because it only applies to select companies, while NetChoice said the EU has "provided countries around the world with a blueprint" for similar regulatory measures. Unlike traditional antitrust and competition laws that apply to all companies, however, these DMA prohibitions apply only to designated companies, creating discriminatory treatment between designated and non-designated companies, where undesignated foreign rivals gain an unfair competitive advantage over designated American companies. President Donald Trump has previously criticized the "very unfair" European Union for fines levied on Apple and Google. In September, he threatened the EU with higher tariffs, which would disrupt trade framework established in July 2025. Trump said Apple should "get their money back" and that the U.S. "cannot let this happen to brilliant and unprecedented American Ingenuity."Tags: European Commission, European Union This article, "Trump Administration Threatens Retaliation Over EU's DMA and DSA Enforcement Against U.S. Tech" first appeared on MacRumors.com Discuss this article in our forums View the full article

A Russian state-sponsored cyberespionage group has been targeting energy companies and critical infrastructure providers by exploiting misconfigurations in network-edge devices. The group has been operating since at least 2021 and has exploited device misconfigurations before but also known vulnerabilities such as CVE-2022-26318 in WatchGuard Firebox and XTM appliances, CVE-2021-26084 and CVE-2023-22518 in Confluence or CVE-2023-2753 in Veeam Backup. However, according to telemetry collected by Amazon Threat Intelligence, the group has heavily focused on targeting misconfigurations this year, pivoting away from zero-day or N-day vulnerabilities. The main targets have been enterprise routers and routing infrastructure, VPN concentrators and remote access gateways, network management appliances, collaboration and wiki platforms and cloud-based project management systems. “This tactical adaptation enables the same operational outcomes, credential harvesting, and lateral movement into victim organizations’ online services and infrastructure, while reducing the actor’s exposure and resource expenditure,” the researchers found. Links to Sandworm and Curly COMrades According to Amazon’s telemetry, the group’s infrastructure has overlaps with Sandworm, a group also known as APT44 and Seashell Blizzard that’s associated with Russia’s military intelligence agency, the GRU. There are also overlaps with a group whose activity was documented in the past by security firm Bitdefender, under the name Curly COMrades. However, these could be subgroups within the GRU that work together, with the one tracked by Amazon handling initial access and lateral movement and Curly COMrades handling the host persistence through its CurlyShell and CurlCat custom malware implants. Amazon detected attacks against customer network edge appliances hosted on AWS EC2 instances with actor-controlled IP addresses achieving persistent connections that indicate interactive access to the compromised devices. Credential harvesting The researchers also observed credential replay attacks against victims’ other online services using stolen domain credentials following network edge device compromises. This indicates that the attackers are likely harvesting credentials by leveraging the traffic capturing and analysis capabilities of the compromised devices. “Time gap between device compromise and authentication attempts against victim services suggests passive collection rather than active credential theft,” the researchers found. Network traffic interception is consistent with Sandworm’s known tradecraft and the targeting of network edge devices specifically positions the attackers to intercept credentials in transit. How critical infrastructure providers can defend against this threat The group has a strong focus on the energy sector, with victims including electric utility companies, energy providers and even MSSPs with energy sector clients. However, it has also targeted technology and service cloud providers, as well as telecommunications companies across multiple regions. The Amazon Threat Intelligence team advises organizations to audit their network edge devices for packet capture files or utilities that shouldn’t be present, to review their device configurations and isolate management interfaces, and implement multi-factor authentication. Companies should also review authentication logs and monitor authentication attempts from unexpected geographic locations. Anomaly detection for authentication patterns should be implemented for all online services and the use of plain text protocols that could expose credentials in transit should be audited. The Amazon report includes indicators of compromise associated with this attack campaign as well as security recommendations specific to AWS environments. View the full article

The next-generation HomePod mini won't include Apple's new N1 networking chip, according to code analysis provided by a MacRumors tipster. A macOS kernel debug kit distributed by Apple earlier this year included information on a number of upcoming devices, including the ‌HomePod mini‌ 2. Code associated with the ‌HomePod mini‌ 2 mentions the "Sunrise" wireless system, which is what Apple calls Bluetooth/Wi-Fi chips sourced from MediaTek. The N1 is called "Centauri" in Apple's internal systems. Based on the Sunrise mention, it appears that the ‌HomePod mini‌ 2 won't be upgraded with the N1 networking chip, which contradicts some prior rumors we've heard about it. Bloomberg's Mark Gurman has suggested that both the Apple TV and ‌HomePod mini‌ will use Apple's N1 chip in the past. It appears that Apple plans to use the N1 chip for premium devices, while entry-level products will stick with cheaper MediaTek hardware for now. The upcoming ‌HomePod mini‌ 2, the iPhone 17e, the iPad 12, and the A18 Pro MacBook are all expected to use MediaTek chips instead of Apple's chip. The N1 was introduced in the iPhone 17 models, and it is Apple's first in-house networking chip. It supports Bluetooth 6, Wi-Fi 7, and Thread. Because it was designed by Apple, it better integrates with other hardware and software in Apple devices, leading to improved efficiency and reliability.Related Roundup: HomePod miniBuyer's Guide: HomePod Mini (Don't Buy)Related Forum: HomePod, HomeKit, CarPlay, Home & Auto Technology This article, "Apple's HomePod Mini 2 Might Not Get This Rumored Feature After All" first appeared on MacRumors.com Discuss this article in our forums View the full article

Apple's next-generation iPad mini will be equipped with an A20 Pro chip, according to a MacRumors tipster who analyzed a macOS kernel debug kit containing internal Apple codenames. The kit was accidentally released on Apple's website earlier this year, but it was quickly pulled after information started leaking out of it. A previous rumor indicated that the next iPad mini would be powered by the A19 Pro chip, which debuted in the iPhone 17 Pro, but our tipster is confident the codenames actually point towards the device using an unreleased A20 Pro chip. We cannot say for sure whether the next iPad mini will use the A19 Pro or A20 Pro. It is possible that Apple initially tested a model with the A19 Pro, but the company's plans do change from time to time. If the iPad mini will next be updated in September or October of 2026, perhaps Apple ultimately decided to give it the A20 Pro. In September 2021, Apple introduced the A15 Bionic chip across the iPhone 13 mini, iPhone 13, iPhone 13 Pro, iPhone 13 Pro Max, and iPad mini all at once. But over the years, the iPad mini has not always received Apple's newest A-series chip at the time it was updated, so the A19 Pro cannot be entirely ruled out at this time. iPhone 18 Pro models are also expected to use the A20 Pro chip, which will reportedly be fabricated with TSMC's advanced 2nm process. Other rumored features for the next iPad mini include an OLED display, a redesigned speaker system with vibration technology, and a water-resistant design. Bloomberg's Mark Gurman previously reported that the next iPad mini could be unveiled as early as next year. The current ‌iPad mini‌ was unveiled in October 2024, with key features including an A17 Pro chip and Apple Intelligence support.Related Roundup: iPad miniBuyer's Guide: iPad Mini (Neutral)Related Forum: iPad This article, "Next iPad Mini With OLED Display Now Rumored to Feature A20 Pro Chip" first appeared on MacRumors.com Discuss this article in our forums View the full article

OpenAI added several new features to its flagship ChatGPT product today, introducing Apple Music support and upgraded image generation capabilities. ChatGPT has supported app integrations since earlier this year, and it will soon work with Apple Music. With ‌Apple Music‌ integration, ChatGPT will be able to make music recommendations and playlists based on listening history and user suggestions. Music recommendations made by ChatGPT will be able to be clicked to open the ‌Apple Music‌ app on desktop or on an iOS device. ‌Apple Music‌ is not available as an app integration just yet, but it is coming in the near future. Along with ‌Apple Music‌ support, ChatGPT now has better image generation capabilities. ChatGPT Images is able to generate images up to 4x faster, and can make precise edits to an image while preserving details. OpenAI says that ChatGPT can tweak only the details you want updated, keeping lighting, composition, and people's appearance consistent across inputs, outputs, and edits. The new model "excels" at adding, subtracting, combining, blending, and transposing for more realistic image creations using real photographs. It is better at adding text to images and altering layouts, and OpenAI says that it follows instructions more reliably than the prior-generation version. With the update, the ability to generate some specific art styles like anime has regressed and it is no longer as good at altering images featuring many people, but OpenAI says that using preset filters can help, and the previous version of the image generator remains available to use. ChatGPT Images, an image editing experience built into ChatGPT, includes dozens of preset styles and prompts that users can try out. It's available in the mobile app and on the web. The updated Images model is rolling out today for all ChatGPT users, as is the new Images experience built into ChatGPT. ChatGPT's new image functionality will allow it to better compete with Google's Nano Banana image generator.Tags: ChatGPT, OpenAI This article, "ChatGPT Gets Apple Music Integration and New Image Generator" first appeared on MacRumors.com Discuss this article in our forums View the full article

Apple is hosting an Apple Watch Activity Challenge on Sunday, December 21 to honor World Meditation Day. The challenge will show up for Apple Watch owners starting on December 19. Apple first did a World Meditation Day Activity Challenge in May 2024, but later in 2024, the date of World Meditation Day was moved to December 21 by the United Nations General Assembly. December 21 coincides with the timing of the winter solstice in the Northern Hemisphere, marking a time when days are short and nights are long. Before 2024, World Meditation Day was informally observed on May 21, but it had not been officially designated as a UN-recognized international day. Apple Watch owners can earn the Meditation Day badge by recording five or more mindful minutes with the Mindfulness app or any app that adds mindful minutes to the Health app. Time to celebrate World Meditation Day! On December 21, record five mindful minutes or more with the Mindfulness app or any app that adds mindful minutes to Health to earn this special badge. Apple Watch owners who earn the Meditation Day award will unlock a dedicated badge in the Fitness app, and a series of animated stickers that can be used in the Messages app. Back in October, Apple also did a similar Mindful Month Activity Challenge, bringing awareness to mental health, self care, meditation, and mindfulness.Tag: Activity Challenge This article, "Apple Celebrating World Meditation Day With December 21 Apple Watch Activity Challenge" first appeared on MacRumors.com Discuss this article in our forums View the full article

In line with previous rumors, The Information today reported that Apple is planning to release a special 20th-anniversary iPhone less than two years from now. The report said the device will have a seamless design, with a curved glass enclosure and no cutouts in the display. Apple is expected to move Face ID under the screen starting with the iPhone 18 Pro models next year, and the report said the 20th-anniversary iPhone will also feature an under-screen front camera. The publication said it could not yet learn if the display itself will curve around the edges, as shown in our conceptual mockup above. Nevertheless, it appears that Apple is working on a very ambitious design for the 20th-anniversary iPhone, much like the iPhone X was a game-changer for the iPhone's 10th-anniversary. At a minimum, the report said the 20th-anniversary iPhone will lack bezels around the screen for a true edge-to-edge experience. It said the device has only a "narrow metal band running around the midpoint of the device's edge, where the buttons sit." Many of these details were previously reported by Bloomberg's Mark Gurman. Apple is expected to release the 20th-anniversary iPhone around September 2027, so it is still early, and the device's design could change. If these rumors pan out, though, the 20th-anniversary iPhone could be something out of a dream.Tags: 20th-Anniversary iPhone, The Information This article, "The iPhone of Your Dreams is Reportedly Less Than Two Years Away" first appeared on MacRumors.com Discuss this article in our forums View the full article