Skip to content
View in the app

A better way to browse. Learn more.
hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Show all categories

Apple Announces New Collaboration With Sydney Opera House

Apple and the Sydney Opera House today announced a yearlong collaboration to help inspire the next generation of creatives in Australia. The effort will expand access to initiatives that support art, design, and culture in the country.


Through this collaboration, Apple and the Opera House will focus on interactive programming and experiences for young people in Australia. Apple said it will be the founding partner of a new international children's festival being presented later this year. Apple will also support the Opera House's Centre for Creativity and explore new ways to enhance Opera House programming and experiences through technology.

From March 25 to March 27, the Opera House's eastern sails will be illuminated with artwork created in the Procreate app on the iPad by a group of 10 emerging Australian artists. Through free Today at Apple sessions, the public will have the opportunity to create and submit artwork for potential illumination as well.

"The yearlong collaboration with the Sydney Opera House and Illuminating Creativity is a celebration of this legacy, bringing together the incredible talent of Australian artists and the transformative power of iPad and Procreate," said Apple's marketing chief Greg Joswiak. "We are thrilled to be working with such an iconic Australian cultural landmark to help inspire the next generation of creatives."

More details are available on the Apple Newsroom website in Australia.Tags: Australia, Procreate
This article, "Apple Announces New Collaboration With Sydney Opera House" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

LeakBase marketplace unplugged by cops in 14 countries

The LeakBase cyberforum, considered one of the world’s largest online marketplaces for cybercriminals to buy and sell stolen data and cybercrime tools, has been seized by the US, and arrests have also been made in other countries.
The US Department of Justice said Thursday that earlier this week, law enforcement agencies in 14 countries took synchronized action against the site and its 142,000 users, capturing its data and two of the domains used by the forum. Law enforcement also executed search warrants, made arrests, and conducted interviews in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
“Prevention messages” were also sent to LeakBase members.
According to the US and Europol, the European police co-operative, the captured database included credential pairs (usernames and associated passwords), credit and debit card numbers, and bank account and routing information, as well as other sensitive business and personally identifiable information.
The action started March 3, when around 100 enforcement actions, including arrests and house searches, were conducted worldwide. These included measures against 37 of the most active LeakBase users. The so-called technical phase, the seizure of the forum’s domain and database, took place the next day. That, Europol said, enabled the unmasking of multiple users who believed they were operating anonymously.
“By contacting suspects through their preferred digital platforms, investigators delivered a clear message: no one is truly invisible online,” said Europol.
Law enforcement authorities are proactively continuing to trace digital trails to unmask additional offenders and establish their real-world identities, it added.
Sending a strong signal to cybercriminals
However, one expert says IT leaders shouldn’t hold out much hope that, with this data, law enforcement authorities may be able to warn organizations that they’ve been hacked, or use the data to help victim firms plug vulnerabilities.
“In the current climate of the geopolitical turbulence, data sharing between law enforcement and private sector is quite unlikely,” said Ilia  Kolochenko, CEO of Swiss-based Immuniweb. “Moreover, in many jurisdictions, such data sharing may be illegal as it almost inevitably contains data stolen from third parties.”
While this operation “marks another remarkable victory of law enforcement over global cybercrime,” he added, “practical benefits will probably remain modest.
“First, the most dangerous and active cyber mercenaries and state-backed hacking groups are well prepared for a possible seizure of such marketplaces, and leave virtually no digital traces or other incriminating evidence that could help identify them.
“Second, even if due to a mistake or omission some cybercriminals will be unmasked, most of them enjoy immunity in non-extradition jurisdictions. Finally, clandestine operators of such marketplaces almost always have a backup and Plan B, swiftly resurrecting like a hydra within several days or weeks.
“In sum, while this operation sends a strong signal that cyber offenders will be prosecuted, global cybercrime will continue as usual,” he said.
Garrett Carstens, senior vice-president of intel operations at Intel 471, said CSOs should view the LeakBase takedown as a positive development, but not as a decisive one or one that will translate into easily measurable reduction in cyber risk on its own. “Takedowns can create short-term disruption, intelligence opportunities, and friction for criminals,” he said, “yet the ecosystem typically adapts quickly via migration to other forums or more resilient distribution channels, such as Telegram.”
It’s good news tactically, he said, but it will have limited strategic impact unless paired with follow-on actions such as arrests, financial interdiction, or other forms of sustained pressure.
Carstens said to evaluate whether this, or other, takedowns matter for their organization, infosec leaders could track various metrics including, but not limited to, recent fraud activity such as credential-stuffing and account takeover attempts, how quickly any known exposed data appears on alternate forums/Telegram after a disruption, and the appearance of new phishing kits, new proxy services, and new bot patterns after a takedown.
Global effort
Thanks to international co-operation, a number of criminal marketplaces have been seized in recent years, including BreachForums and RaidForums.
Law enforcement agencies involved in various ways in this week’s takedown came from Australia, Belgium, Canada, Germany, Greece, Kosovo, Malaysia, Netherlands, Poland, Portugal, Romania, Spain, the United Kingdom and the US.
News of the seizure comes the day after the IT infrastructure hosting the Tycoon2FA phishing-as-a-service operation was dismantled.
The takedown of LeakBase “disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking and account credentials,” said US assistant attorney general A. Tysen Duva. “This operation illustrates the strength of the United States and our international partners working across the globe to dismantle a critical cybercriminal forum.”
In a statement, Edvardas Šileris, head of Europol’s European Cybercrime Centre, said the operation “shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable. This is a clear message to cybercriminals everywhere: if you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”
View the full article
CSOonline

First MacBook Neo Benchmarks Are In: Here's How It Compares to the M1 MacBook Air

Benchmarks for the new MacBook Neo surfaced today, and unsurprisingly, CPU performance is almost identical to the iPhone 16 Pro. The ‌MacBook Neo‌ uses the same 6-core A18 Pro chip that was first introduced in the iPhone 16 Pro, but it has one fewer GPU core.


The ‌MacBook Neo‌ earned a single-core score of 3461 and a multi-core score of 8668, along with a Metal score of 31286.

Here's how the Neo's scores compare to ‌iPhone 16‌ Pro and other devices that make apt comparisons:

iPhone 16 Pro - 3445 single-core, 8624 multi-core, 32575 Metal
M1 MacBook Air - 2346 single-core, 8342 multi-core, 33148 Metal
M4 MacBook Air - 3696 single-core, 14730 multi-core, 54630 Metal
M3 iPad Air - 3048 single-core, 11678 multi-core, 44395 Metal
iPad 11 - 2587 single-core, 6036 multi-core, 19395 Metal

Since the ‌MacBook Neo‌ has one fewer GPU core than the ‌iPhone 16‌ Pro, it makes sense to see a slightly lower Metal score.

When comparing the ‌MacBook Neo‌'s performance to existing Macs, the A18 Pro's multi-core performance is on par with the M1 chip in the MacBook Air, but single-core performance is much higher than it was with the ‌M1‌. It's closer to the M3 or M4 chip.

High single-core performance is a good fit for the ‌MacBook Neo‌ audience, because single-core speeds are important for activities like web browsing, using document apps, and streaming video. The ‌MacBook Neo‌ isn't really built for video editing, music creation, 3D modeling, and similar tasks where multi-core performance makes more of a difference.

Apple does not compare ‌MacBook Neo‌ performance to other Macs, iPads, or iPhones. The company's low-cost MacBook focuses on competing with similar-priced Windows PCs and Chromebooks. In its marketing materials, Apple says the A18 Pro is up to 50 percent faster for "everyday tasks" than the bestselling PC with the latest shipping Intel Core Ultra 5. It's also up to 3x faster for on-device AI workloads and up to 2x faster for photo editing.

We're only seeing one benchmark result so far, so averages could be slightly different when more Neo machines are benchmarked, but the scores are right in line with what's expected.

The ‌MacBook Neo‌ is priced starting at $599, and it is available for preorder now. It is set to launch on March 11.Related Roundup: MacBook Neo
This article, "First MacBook Neo Benchmarks Are In: Here's How It Compares to the M1 MacBook Air" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's M5 Max Chip Achieves a New Record in First Benchmark Result

The first Geekbench 6 result for a 16-inch MacBook Pro with the M5 Max chip surfaced today, and Apple has achieved record-breaking performance.


In this unconfirmed result, the M5 Max with an 18-core CPU achieved a score of 29,233 for multi-core CPU performance, which tops the 27,726 score achieved by the Mac Studio's M3 Ultra chip with a 32-core CPU. M5 Max is now the fastest Apple silicon chip ever, and it even topped every other consumer PC processor in the Geekbench database.

In terms of multi-core CPU performance, the M5 Max is up to 5% faster than the M3 Ultra, and up to 15% faster than the M4 Max chip with a 16-core CPU.

Here is a comparison of the multi-core CPU results:16-inch MacBook Pro with M5 Max (18-core CPU): 29,233 (one result)
Mac Studio with M3 Ultra (32-core CPU): 27,726 (average of all results)
Mac Studio with M4 Max (16-core CPU): 26,166 (average of all results)
16-inch MacBook Pro with M4 Max (16-core CPU): 25,702 (average of all results)As for single-core CPU performance, the M5 Max with an 18-core CPU achieved a score of 4,268 in this single Geekbench result, which is line with the regular M5 chip in the base model 14-inch MacBook Pro released back in October. Again, the M5 series of chips are unsurprisingly the fastest Apple silicon chips ever released.

Stay tuned for coverage of additional benchmarks, including Metal scores for graphics.

MacBook Pro models with M5 Pro and M5 Max are available to pre-order now, and they will begin arriving to customers and launch in stores on March 11.Related Roundup: MacBook ProTags: Benchmarks, GeekbenchBuyer's Guide: MacBook Pro (Buy Now)Related Forum: MacBook Pro
This article, "Apple's M5 Max Chip Achieves a New Record in First Benchmark Result" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Seeds Revised Third Betas of iOS 26.4 and iPadOS 26.4 to Developers, New Public Betas

Apple today seeded revised third betas of the upcoming iOS 26.4 and iPadOS 26.4 updates to developers for testing purposes, with the software coming three days after Apple provided the initial beta to developers. Apple has also released a new version of iOS 26.4 and iPadOS 26.4 for public beta testers.


Registered developers and public beta testers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

iOS 26.4 and iPadOS 26.4 add multiple new features to the ‌iPhone‌ and the ‌iPad‌. A Playlist Playground feature in Apple Music lets you generate songs for any idea, mood, emotion, or activity using a text-based prompt. There's also a Concerts Near You feature for finding local shows, and a redesigned look for albums and playlists with full-page artwork.

Apple Podcasts is getting native video podcasting capabilities that will make it easier to create, distribute, and monetize video podcast content through the Podcasts app. Video episodes will integrate with existing Apple podcasts features, like personalized recommendations and editorial suggestions.

Apple is testing end-to-end encryption for RCS, which will eventually bring full encryption to text conversations between Android and ‌iPhone‌ users. Apple is testing ‌RCS‌ with iPhone-to-iPhone conversations and iPhone-to-Android conversations.

Stolen Device Protection is enabled by default, there's a new ambient music widget, new average bedtime metrics in the sleep app, and plenty more. All of the features in iOS 26.4 can be found in our iOS 26.4 beta features guide.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Revised Third Betas of iOS 26.4 and iPadOS 26.4 to Developers, New Public Betas" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Missing From Apple's Announcements: iPad 12 With Apple Intelligence

In his newsletter over the weekend, Bloomberg's Mark Gurman said Apple was likely to announce at least some but possibly not all of the following products between March 2 and March 4: the iPhone 17e, MacBook Pros, MacBook Airs, updated entry-level iPad and iPad Air models, and a lower-cost MacBook with an iPhone chip.


As it turns out, Apple announced nearly all of those products, with the sole exception being an updated entry-level iPad. In fact, we got two more products on top, in the form of an updated Studio Display and a higher-end Studio Display XDR.

Apple is not expected to unveil any additional products this week, so the wait for an iPad 12 continues for now. The device is expected to have two key upgrades over the iPad 11, including a faster A18 chip and Apple Intelligence support. In fact, one rumor claimed that the iPad 12 might even be powered by Apple's latest A19 chip.

No other major changes have been rumored so far for the iPad 12, so we expect the device to have the same overall design as the current model.

Apple Intelligence is already available on all other current-generation iPad models, including the iPad mini, iPad Air, and iPad Pro.

Apple released the iPad 11 with an A16 chip in March 2025, with U.S. pricing starting at $349.Related Roundup: iPadBuyer's Guide: iPad (Don't Buy)Related Forum: iPad
This article, "Missing From Apple's Announcements: iPad 12 With Apple Intelligence" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Mac Studio 512GB RAM Option Disappears Amid Global DRAM Shortage

Apple quietly updated Mac Studio configuration options this week, removing the 512GB memory upgrade. As of yesterday, there is no option to purchase a ‌Mac Studio‌ with 512GB RAM, with the machine now maxing out at 256GB.


The ‌Mac Studio‌ starts with 36GB RAM, but there were upgrades ranging from 48GB to 512GB, with the higher tier upgrades limited to the M3 Ultra chip. Now there are options ranging from 48GB to 256GB, with wait times into May for the 256GB upgrade.

Apple has also raised the price for the 256GB RAM upgrade option. It used to cost $1,600 to go from 96GB to 256GB on the high-end M3 Ultra machine, but now it costs $2,000. 512GB was $4,000 when it was available.

Apple has likely removed the option to purchase 512GB of memory because of global DRAM shortages that have dried up supply and caused prices to soar, and it's also probably why shipping times for a configuration with 256GB RAM range into May.

Demand for the ‌Mac Studio‌ has increased due to consumers seeking machines suitable for running local AI agents, which could also be a wait time factor.

Memory scarcity is already having an effect on DRAM pricing, and it could affect PC and smartphone sales in the months to come. Apple is able to absorb higher memory costs in the short term, and it is well-positioned to minimize the effect on consumers because it is better able to secure available DRAM supply than smaller companies.

We are expecting M5 Max and M5 Ultra versions of the ‌Mac Studio‌ in 2026, but it is not yet clear when Apple might release an update.

(Thanks, Ólafur!)Related Roundup: Mac StudioBuyer's Guide: Mac Studio (Caution)Related Forum: Mac Studio
This article, "Mac Studio 512GB RAM Option Disappears Amid Global DRAM Shortage" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Download Apple's New MacBook Neo Wallpapers

While the MacBook Neo does not launch until next week, Apple's colorful new wallpapers designed for the laptop are included in the macOS 26.3.1 update.


MacBook Neo is available in Blush, Citrus, Indigo, and Silver finishes, and there is a Mac wallpaper available for each, with download links below:Blush
Citrus
Indigo
SilverApple's Mac User Guide explains how to change a Mac's wallpaper.Related Roundups: MacBook Neo, macOS TahoeRelated Forum: macOS Tahoe
This article, "Download Apple's New MacBook Neo Wallpapers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

AirTag 1 Gets Major Discount With 4-Pack at $64

Apple's first-generation AirTag 4-Pack has dropped to $64.00 this week on Amazon, down from the original price of $99.00. Free shipping options have a delivery estimate around March 10, while Prime members should be able to get it delivered a few days sooner.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Overall, this is a solid second-best price on the AirTag 4-pack that's within $1 of the Amazon all-time low price. Deals on the 1-Pack have been fluctuating for a few days and are currently gone, but an all-time low price could return soon.

$35 OFFAirTag 4-Pack for $64.00

These first generation models will eventually stop being sold by third-party retailers like Amazon, so if you've been waiting for a deal now is the time to buy. Apple just debuted the all-new AirTag, featuring longer range for tracking items and a louder speaker.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirTag 1 Gets Major Discount With 4-Pack at $64" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Cisco issues emergency patches for critical firewall vulnerabilities

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two ‘perfect 10’ vulnerabilities in the company’s Secure Firewall Management Center (FMC) Software.
Overall, the March 4 release, the first of its semiannual firewall updates for 2026, addresses 25 security advisories covering 48 individual CVEs.
The biggest concerns will be the FMC flaws, CVE-2026-20079 and CVE-2026-20131, the first of which is an authentication bypass weakness, and the second involving insecure deserialization. Both are rated ‘critical’ with maximum CVSS scores of 10.
The weaknesses relate to the platform’s web management interface and give unauthenticated root access. This will make them big targets for attackers using reverse engineering tools to reveal the workings of the underlying flaws.
This hasn’t happened yet – neither has been reported as being under exploitation – but there is no question attackers will quickly pounce on them if they can.
Cisco said of CVE-2026-20079: “An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.”
And CVE-2026-20131 is described thusly: “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”
There are no workarounds for either if these vulnerabilities, Cisco said. However, for CVE-2026-20131, it noted, “If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.”
In short, if they can’t patch right now, admins should ensure that the FMC is not exposed until that happens.
Other vulnerabilities
Of the remaining flaws, a further six are rated ‘high’, with CVSS scores of between 7.2 and 8.6. These include the Firewall Management Center SQL injection vulnerabilities CVE-2026-20001, CVE-2026-20002, and CVE-2026-20003, all remotely exploitable by an authenticated attacker. Again, no workarounds are possible.
CVE-2026-20039, rated 8.6 (‘critical’), is a flaw affecting the VPN web server in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software which could allow an unauthenticated attacker to induce a denial of service state.
Additionally, CVE-2026-20082, also rated 8.6, could allow an unauthenticated attacker to cause incoming TCP SYN packets to be dropped incorrectly in the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software.
The procedure for patching the flaws addressed in the March update varies depending on the software version installed. Cisco recommends using its software checker to determine the appropriate update. Alternatively, admins can consult the tables in the Cisco Secure Firewall Threat Defense Compatibility Guide.
Déjà vu
Critical-rated flaws and zero days have become a regular occurrence in Cisco patching rounds in the last couple of years, now almost seen as ‘zero-day events’ in themselves.
Security teams will be reminded of last September’s emergency patches addressing similar web services flaws affecting Cisco’s Secure Firewall Adaptive Security Appliance (ASA) VPN and Cisco Secure Firewall Threat Defense (FTD) software.
Of these, CVE-2025-20333 and CVE-2025-20362 were under zero-day exploitation, while the third, CVE-2025-20363, was seen as being under imminent threat. The attacks were serious enough that Cisco published an “event response” bulletin providing more detail on reported exploits and indicators of compromise.

View the full article
CSOonline

Apple Explains 'MacBook Neo' Name

Until a last-minute leak revealed the MacBook Neo name, it was widely assumed that Apple's lower-cost MacBook would simply be named "MacBook." After all, Apple offered a plain "MacBook" from 2006 to 2012, and again from 2015 to 2019. In the end, Apple did go with MacBook Neo branding, and it has explained why in a new interview.


In short, Apple said MacBook Neo sounds fresh.

"We wanted something that felt fun and friendly, and fresh, and felt like it really suited the spirit of this product," said Colleen Novielli, a Mac product marketing director, in conversation with TechRadar's Lance Ulanoff.

Indeed, Apple has emphasized the MacBook Neo's newness.

"MacBook Neo is new, exciting, original, and HERE," said Apple's marketing chief Greg Joswiak, in a social media post on Wednesday. "With a beautiful aluminum design, 13-inch Liquid Retina display, 16 hours of battery life, and the power of Apple silicon, you'll fly through everyday tasks. It'll be love at first Mac."

Many of the MacBook Neo lifestyle images that Apple shared show young people. The more affordable laptop will undoubtedly be popular with students.


The colorful MacBook Neo starts at just $599 in the U.S., and at an even lower $499 for college students. Available in Blush, Citrus, Indigo, and Silver, the MacBook Neo is powered by a version of the A18 Pro chip from the iPhone, and it is equipped with a 13-inch display, up to 512GB of storage, and a non-configurable 8GB of RAM.

With the MacBook Neo, which launches on Wednesday, March 11, Apple could reshape the lower-end laptop market in a big way.Related Roundup: MacBook Neo
This article, "Apple Explains 'MacBook Neo' Name" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

M3 vs. M4 iPad Air Buyer's Guide: All Differences Compared

Apple's latest iPad Air is a minor upgrade over last year's model, but there are still some changes worth noting beyond a new chip.


The eighth-generation ‌iPad Air‌ builds on the foundation of last year's model with a series of specific upgrades focused on performance, memory, and connectivity. While the overall design and experience remains the same, the newer model introduces Apple's M4 chip, additional unified memory, Apple-designed wireless hardware, and support for newer connectivity standards. Here's everything that differs between the 2025 and 2026 ‌iPad Air‌ models:



‌iPad Air‌ (seventh-generation, 2025)
‌iPad Air‌ (eighth-generation, 2026)


M3 chip
M4 chip


8GB unified memory
12GB unified memory


Broadcom wireless chip
Apple N1 wireless chip


Wi-Fi 6E connectivity
Wi-Fi 7 connectivity


Bluetooth 5.3 connectivity
Bluetooth 6 connectivity


Qualcomm SDX70M 5G modem
Apple C1X modem




The largest change between the two models is the transition from Apple's M3 chip to the newer M4 chip. Beyond modest CPU performance gains, the M4 introduces architectural improvements that increase transistor count, boost machine learning performance, improve memory bandwidth, and enhance efficiency through updated fabrication technology and redesigned cores.



M3 Chip
M4 Chip


Made using TSMC's 3nm technology (N3)
Made using TSMC's enhanced ‌3nm‌ technology (N3E)


Based on iPhone 15 Pro's A17 Pro chip (2023)
Based on iPhone 16's A18 chip (2024)


25 billion transistors
28 billion transistors (+12%)


8-core CPU
(4 performance + 4 efficiency cores)
8-core CPU
(3 performance + 5 efficiency cores)


4.05 GHz CPU clock speed
4.3 GHz CPU clock speed


16-core Neural Engine, 18 trillion operations per second
16-core Neural Engine, 38 trillion operations per second (+111%)


LPDDR5 memory
LPDDR5X memory


100 GB/s memory bandwidth
120 GB/s memory bandwidth (+20%)



Dedicated display engine


GPU with standard power efficiency
More power-efficient GPU: Maintains performance with significantly less power




Overall, the upgrade from the 2025 iPad Air to the 2026 ‌iPad Air‌ is minor. The new model introduces a faster M4 chip, more unified memory, and newer wireless technologies, but the broader experience remains fundamentally unchanged in any noticeable way.

Apple itself signals how incremental the update is: the company continues to advertise the same battery life, despite the introduction of the more efficient C1X modem, and the device retains identical color options and even the same marketing wallpapers. For the overwhelming majority of ‌iPad Air‌ users, the performance difference between the two models is likely to be negligible, especially for everyday tasks.

The new ‌iPad Air‌ is primarily aimed at buyers who simply want a capable, well-balanced iPad rather than those seeking a major upgrade from a more recent model. The Air continues to occupy the middle ground in Apple's lineup, offering significantly more power and capability than the entry-level ‌iPad‌ while remaining substantially less expensive than the iPad Pro. The transition to the M4 chip, additional memory, and newer connectivity standards like Wi-Fi 7 means that new buyers receive more modern hardware and longer-term headroom, making the device somewhat more future-proof.

For existing users, however, there is little reason to upgrade. Anyone using an M3-based ‌iPad Air‌ will see minimal real-world benefits from moving to the M4 model, and even owners of M1 or M2 versions are unlikely to experience transformative improvements in typical use. Instead, the update simply ensures that customers purchasing a new ‌iPad Air‌ today receive Apple's newer underlying technology in a familiar package.Related Roundup: iPad Air Buyer's Guide: iPad Air (Buy Now)Related Forum: iPad
This article, "M3 vs. M4 iPad Air Buyer's Guide: All Differences Compared" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system.View the full article
Hacker News

Apple's Brand New M4 iPad Air Gets First Cash Discount at Best Buy, Up to $50 Off

It's Apple pre-order week, and we've already covered all of the offers you can find on iPhone 17e, MacBook Neo, MacBook Air, and MacBook Pro. In addition to these deals, Best Buy is providing $40 in savings on the new 128GB Wi-Fi M4 iPad Air, with My Best Buy Plus/Total members getting an extra $10 off.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

With this discount, all shoppers can get the 128GB Wi-Fi M4 iPad Air for $559.00, down from $599.00. If you have a My Best Buy Plus/Total membership, you can get the tablet for $549.00.

$40 OFFM4 iPad Air (128GB Wi-Fi) for $559.00
$40 OFFM4 iPad Air (128GB Cell) for $709.00

Otherwise, Best Buy is offering $50 discounts on all other models of the M4 iPad Air, but these require a My Best Buy Plus/Total membership. Only the 128GB models have a discount available to all shoppers.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Apple's Brand New M4 iPad Air Gets First Cash Discount at Best Buy, Up to $50 Off" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

iPhone 17e Has 8GB of RAM as Expected

Apple does not advertise RAM amounts in iPhones, but MacRumors has confirmed this information through Apple's developer tool Xcode.


Like the iPhone 16e, the iPhone 17e is equipped with 8GB of RAM, according to the Xcode data. This was the expected amount of RAM, and it is the minimum required for a device to be compatible with Apple Intelligence.

This means both the standard iPhone 17 model and the lower-end iPhone 17e are equipped with the A19 chip and 8GB of RAM. However, the iPhone 17e has a slightly limited 4-core GPU, while the iPhone 17 has a 5-core GPU.

iPhone 17e can be pre-ordered now and launches on Wednesday, March 11.Related Roundup: iPhone 17e
This article, "iPhone 17e Has 8GB of RAM as Expected" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

This iOS Exploit Kit Has 23 Attacks – But Lockdown Mode Stops It Cold

Google's Threat Intelligence Group (GTIG) has a new report out about a powerful iOS exploit kit called "Coruna," which traveled from a surveillance vendor's customer to a Russian espionage group to Chinese cybercriminals, revealing a sophisticated exploit "supply chain" in the process.


Described as one of the most comprehensive iOS exploit toolkits to have been documented publicly, Coruna targets iPhones running iOS 13.0 through iOS 17.2.1, containing 23 exploits across four years of iOS versions.

According to GTIG, it was first spotted in February 2025, when it was used by a customer of a commercial surveillance vendor. By summer 2025, the same framework appeared in watering hole attacks (where an attacker compromises websites that their intended targets are likely to visit) by a suspected Russian espionage group targeting Ukrainian users.

Then, in late in 2025, a China-based, financially motivated actor deployed it across a large network of fake financial and crypto websites. GTIG said it was unclear how the exploit kit got passed from actor to actor, but that it suggests an active market for "second hand" zero-day exploits.

As for the kit, it's described as extremely well-engineered. When someone visits an infected website, it figures out what kind of iPhone they're using and what software version it's running, then picks the right attack for that specific device. If the user has Apple's Lockdown Mode turned on, the kit bails – it doesn't even try.

The attack code is scrambled with strong encryption, so it's hard for security researchers to intercept and analyze, and it's packaged in a custom format that the developers apparently invented themselves. The code also includes detailed notes written in English explaining how it all works, and uses attack techniques that haven't been seen publicly before, according to GTIG's analysis.

The kit targets cryptocurrency wallets and financial data, and is capable of hooking into 18 different crypto apps to exfiltrate wallet credentials. The payload can decode QR codes from images on disk, and it also has a module to analyze blobs of text to look for BIP39 word sequences or very specific keywords like "backup phrase" or "bank account." It even scans Apple Notes for typical seed phrases.

Anyone still on iOS 17.2.1 or earlier is potentially vulnerable to the exploit kit, which doesn't work against newer iOS versions, so make sure to update if you can. Otherwise, the takeaway seems to be that Apple's Lockdown Mode is doing its job to ward off such a powerful exploit kit, and that can only be good news for those who enable it.Tags: Cybersecurity, Security
This article, "This iOS Exploit Kit Has 23 Attacks – But Lockdown Mode Stops It Cold" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New Apple TV and HomePod Mini Are Still Missing, Here's Why

Apple this week unveiled seven products, ranging from the iPhone 17e to the MacBook Neo, but new Apple TV and HomePod mini models were not among them.


Given that there have been rumors about the next-generation Apple TV and HomePod mini since all the way back in late 2024, some customers are wondering why the devices have yet to launch, and the answer likely relates to Siri.

In September, Bloomberg's Mark Gurman reported that the next Apple TV and HomePod mini would both support the more personalized version of Siri powered by Apple Intelligence. Apple originally aimed to release the revamped Siri last year, but it was pushed back, and the Apple TV and HomePod mini are likely delayed as a result. We suspect that Apple's long-rumored smart home hub is also held up by the Siri delay.

In January, Apple and Google announced that Google Gemini will help power future Apple Intelligence features, including a more personalized Siri coming this year. Apple has yet to provide a more specific timeframe, but Gurman reported that the personalized Siri features are currently slated for either iOS 26.5 or iOS 27.

iOS 26.5 will likely be released in May, following a beta testing period beginning in April. iOS 27 will debut at Apple's annual developers conference WWDC in June, and that update should be released to all users in September. Accordingly, the new Apple TV and HomePod mini might not be announced until April to September this year.

Earlier rumors claimed the next Apple TV would be equipped with the A17 Pro chip, which is the oldest chip that supports Apple Intelligence. The device is also expected to feature Apple's N1 chip for Wi-Fi 7, Bluetooth 6, and Thread.

As for the HomePod mini, it is expected to use an Apple Watch's S9 chip or newer, but it is not entirely clear how that chip would be capable enough to support the revamped Siri powered by Apple Intelligence. Other rumored features include the N1 chip, improved sound quality, a newer Ultra Wideband chip, and a red color option.

The current Apple TV was unveiled in October 2022, while the HomePod mini debuted in October 2020, so both devices are due for upgrades. Hopefully, the more personalized Siri arrives in the next few months, and the two devices follow soon after.Related Roundups: Apple TV, HomePod miniBuyer's Guide: Apple TV (Don't Buy), HomePod Mini (Don't Buy)Related Forums: Apple TV and Home Theater, HomePod, HomeKit, CarPlay, Home & Auto Technology
This article, "New Apple TV and HomePod Mini Are Still Missing, Here's Why" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a suspected Russian espionage group and then by Chinese cybercriminals, highlighting what researchers describe as an active secondary market for high-end zero-day exploits.
“How this proliferation occurred is unclear, but suggests an active market for ‘second hand’ zero-day exploits,” Google Threat Intelligence Group (GTIG) wrote in a blog post. “Multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.”
The exploit kit, named Coruna by its developers, contains five full iOS exploit chains built from a total of 23 individual exploits targeting iPhones running iOS 13.0 through iOS 17.2.1 – a range spanning devices released from September 2019 through December 2023,
Mobile security firm iVerify independently discovered and reverse-engineered the same toolkit, and published corroborating research the same day. It described the toolkit, which it calls CryptoWaters, as the first observed mass exploitation of iOS devices by a financially motivated criminal group.
Three threat actors, one toolkit
GTIG first detected elements of Coruna in February 2025, when researchers captured parts of an iOS exploit chain used by a customer of an unnamed commercial surveillance company. The framework fingerprinted target devices, identified their iPhone model and iOS version, and delivered the appropriate WebKit remote code execution exploit silently, the blog post said.
The same framework resurfaced in summer 2025, this time repurposed by UNC6353, a suspected Russian espionage group, which embedded it as hidden iframes on compromised Ukrainian websites spanning industrial equipment, retail, and ecommerce sectors, according to Google. It said it worked with Ukraine’s CERT-UA to clean up all compromised websites.
By year end the same kit had appeared across a large network of fake Chinese financial websites operated by UNC6691, a financially motivated, China-based threat actor. Unlike the earlier targeted deployments, iVerify confirmed the exploit chains contained no geolocation filtering, means any vulnerable iPhone visiting those pages was at risk.
VIPs aren’t the only ones at risk from this malware, said Everest Group senior analyst Gautam Goel. “GTIG’s writeup is notable precisely because it shows surveillance-grade exploit chains moving from targeted use to broad-scale criminal campaigns.”
A payload built to drain cryptocurrency wallets
In the case of UNC6691, GTIG said, that broad-scale criminal campaign had a specific financial objective.
The payload at the end of Coruna’s exploit chain, which GTIG tracks as Plasmagrid, is not conventional surveillance software. It injects itself into powerd, a daemon running as root on iOS, and is built specifically to steal cryptocurrency, according to GTIG.
Plasmagrid hooks into 18 cryptocurrency wallet applications, including MetaMask, Phantom, Exodus, and Uniswap, to exfiltrate credentials. It scans images for QR codes and parses Apple Notes for seed phrases and keywords such as “backup phrase” and “bank account.” GTIG said code comments within the implant are written in Chinese, and some appear to have been generated by a large language model. iVerify added that its independent analysis found additional modules targeting WhatsApp beyond those identified by GTIG, and noted the kit appeared to be in active development.
What Coruna reveals about the spyware market
The case has renewed scrutiny of the commercial surveillance industry’s assurances that its tools remain under controlled, targeted use. Sanchit Vir Gogia, chief analyst at Greyhound Research, said the pattern reveals a structural problem. “The ecosystem includes exploit acquisition programs, vulnerability brokers and secondary markets that facilitate the circulation of offensive capabilities,” Gogia said. “Regulating a single category of vendor does little to address the underlying supply chain.”
Goel said the timeline makes the policy failure concrete. “Even if the first buyer claims lawful targeted use, the capability itself can proliferate into criminal ecosystems within months,” he said. Google acknowledged the broader policy challenge, noting its participation in the Pall Mall Process, an international initiative focused on limiting the misuse of commercial cyber intrusion capabilities.
Enterprise mobile security under scrutiny
The Coruna kit is not effective against the latest version of iOS. GTIG urged all iPhone users to update their devices immediately, and recommended enabling Lockdown Mode where updates are not possible, noting the kit is engineered to abort on devices running in that mode. Google has added all identified domains to Safe Browsing. Indicators of compromise are available in a free GTIG collection on VirusTotal.
Analysts said the remediation advice, while necessary, exposes a deeper architectural gap. “Most enterprise mobile security programs were built around device management rather than device integrity,” Gogia said. “They were never designed to detect exploitation that occurs within the operating system itself.”
Goel put it more starkly. “Coruna sits under MDM and app-layer controls,” he said. “If an attacker can reliably get WebKit code execution and break out toward kernel-level access, the device can lie about its own state, and many policy controls become irrelevant in practice.”
View the full article
CSOonline

ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happeningView the full article
Hacker News

Europol: Großer Markt für gestohlene Daten geschlossen

PixelBiss – shutterstock.com
Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die europäische Polizeibehörde in Den Haag mitteilte. Die Server des Marktes waren in Amsterdam. Die Daten wurden sichergestellt.
In 14 Ländern hatten Ermittler an einem gemeinsamen Aktionstag am Dienstag zugegriffen. Es gab nach Europol-Angaben rund 100 Einsätze vor allem gegen die 37 Hauptnutzer der Plattform. 
«Zentrale Drehscheibe»
Leakbase war Europol zufolge eine «zentrale Drehscheibe im Ökosystem der Cyberkriminalität». Die Plattform hatte sich auf den Handel mit gestohlenen Daten spezialisiert. Sie war nach Angaben von Europol offen im Internet zugänglich. 
«Plattformen dieser Art sind der Motor für Cyberkriminalität», teilte die Amsterdamer Polizei mit. Die Cybercrime-Experten warnten auch, dass gestohlene Daten immer wieder weiterverkauft und für verschiedene Arten von Betrug missbraucht würden. Es ist unklar, wie viele Menschen Opfer der Praktiken geworden sind. 
Auf der bisherigen Website ist nun eine Nachricht der Polizei zu sehen: «Der Handel mit gestohlenen Daten ist strafbar. Jeder hinterlässt online Spuren.»
14 Länder beteiligt
Die Ermittlungen waren nach Informationen des Cybercrime-Teams der Amsterdamer Polizei 2023 in den Niederlanden begonnen worden. Sie seien schnell erweitert worden, auch Ermittler in Deutschland waren demnach beteiligt. Die Amsterdamer Polizei arbeitete eng mit dem amerikanischen FBI zusammen. Europol koordinierte die Aktion. (dpa/ad)
View the full article
CSOonline

Europol: Großer Markt für gestohlene Daten geschlossen

PixelBiss – shutterstock.com
Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die europäische Polizeibehörde in Den Haag mitteilte. Die Server des Marktes waren in Amsterdam. Die Daten wurden sichergestellt.
In 14 Ländern hatten Ermittler an einem gemeinsamen Aktionstag am Dienstag zugegriffen. Es gab nach Europol-Angaben rund 100 Einsätze vor allem gegen die 37 Hauptnutzer der Plattform. 
«Zentrale Drehscheibe»
Leakbase war Europol zufolge eine «zentrale Drehscheibe im Ökosystem der Cyberkriminalität». Die Plattform hatte sich auf den Handel mit gestohlenen Daten spezialisiert. Sie war nach Angaben von Europol offen im Internet zugänglich. 
«Plattformen dieser Art sind der Motor für Cyberkriminalität», teilte die Amsterdamer Polizei mit. Die Cybercrime-Experten warnten auch, dass gestohlene Daten immer wieder weiterverkauft und für verschiedene Arten von Betrug missbraucht würden. Es ist unklar, wie viele Menschen Opfer der Praktiken geworden sind. 
Auf der bisherigen Website ist nun eine Nachricht der Polizei zu sehen: «Der Handel mit gestohlenen Daten ist strafbar. Jeder hinterlässt online Spuren.»
14 Länder beteiligt
Die Ermittlungen waren nach Informationen des Cybercrime-Teams der Amsterdamer Polizei 2023 in den Niederlanden begonnen worden. Sie seien schnell erweitert worden, auch Ermittler in Deutschland waren demnach beteiligt. Die Amsterdamer Polizei arbeitete eng mit dem amerikanischen FBI zusammen. Europol koordinierte die Aktion. (dpa/ad)
View the full article
CSOonline

Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders

Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could becomeView the full article
Hacker News

MacBook Neo Expected to 'Reshape' Laptop Market in Major Way

Apple's new MacBook Neo could help the company grow notebook shipments by nearly 8% this year, even as the broader laptop market faces a hefty downturn, according to a new report from TrendForce.


The research firm estimates global notebook shipments will fall 9.2% year-over-year in 2026, with the potential for steeper declines if demand stays weak. Rising memory and CPU costs are said to have pushed most PC makers to pare back their product lines and play it safe with inventory. Meanwhile, Apple is going in the other direction.

Announced on Wednesday with a starting price of $599, the MacBook Neo is targeting the $500-$800 mainstream segment, which is typically dominated by Windows laptops and Chromebooks aimed at education and general productivity users. With an education discount, the Neo's starting price drops to $499 – well below the $1,000 floor that has defined the MacBook lineup for years.

TrendForce projects Apple's notebook shipments will grow 7.7% in 2026, lifting macOS market share to 13.2%. The MacBook Neo alone could account for 4 to 5 million units shipped, according to the firm. That said, the report notes that a deciding factor may be how consumers respond to the 8GB memory configuration, given that Apple doesn't offer a RAM upgrade option.

TrendForce credits Apple's in-house silicon and standardized product specs for Apple's ability to undercut competitors on price just as component costs are rising. Custom Apple silicon chips reduce dependence on external CPU suppliers, while Apple's concentrated memory configurations are said to give the company stronger bargaining power with suppliers. It's a different story for Windows OEMs, which tend to have more fragmented product portfolios that make cost management harder when component costs are volatile.


The MacBook Neo launches next Wednesday, March 11. If it manages to gain traction in the entry-level segment, TrendForce claims it could reshape the pricing dynamics across the global notebook market.Tag: TrendForce
This article, "MacBook Neo Expected to 'Reshape' Laptop Market in Major Way" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form of two differentView the full article
Hacker News

NotebookLM Now Creates Cinematic Video Overviews Out of Your Notes

Google's NotebookLM AI-based tool can now turn your research and notes into fully animated "cinematic" videos – an advancement over its original video overview feature that was introduced last year.


Before now, video overviews were limited to generating slideshows of your research and writing, but the new Cinematic Video Overview feature uses Gemini 3, Nano Banana Pro, and Veo 3 models to generate animated visuals "to help you learn and engage with the topics you care about," says Google.

Google says Gemini acts as a creative director, making hundreds of structural and stylistic decisions to best tell the story with your sources. It determines the best narrative, visual style and format, and also refines its own work to ensure consistency.


Cinematic Video Overviews are available in English for Google AI Ultra subscribers over 18 on web and mobile, and there's a maximum of 20 overviews generated per day. The NotebookLM app is available on the App Store for iPhone and iPad.Tag: Google
This article, "NotebookLM Now Creates Cinematic Video Overviews Out of Your Notes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Europol schließt riesigen Markt für gestohlene Daten

Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die europäische Polizeibehörde in Den Haag mitteilte. Die Server des Marktes waren in Amsterdam. Die Daten wurden sichergestellt.
In 14 Ländern hatten Ermittler an einem gemeinsamen Aktionstag am Dienstag zugegriffen. Es gab nach Europol-Angaben rund 100 Einsätze vor allem gegen die 37 Hauptnutzer der Plattform. 
“Zentrale Drehscheibe”
Leakbase war Europol zufolge eine “zentrale Drehscheibe im Ökosystem der Cyberkriminalität”. Die Plattform hatte sich auf den Handel mit gestohlenen Daten spezialisiert. Sie war nach Angaben von Europol offen im Internet zugänglich. 
“Plattformen dieser Art sind der Motor für Cyberkriminalität”, teilte die Amsterdamer Polizei mit. Die Cybercrime-Experten warnten auch, dass gestohlene Daten immer wieder weiterverkauft und für verschiedene Arten von Betrug missbraucht würden. Es ist unklar, wie viele Menschen Opfer der Praktiken geworden sind. 
Auf der bisherigen Website ist nun eine Nachricht der Polizei zu sehen: “Der Handel mit gestohlenen Daten ist strafbar. Jeder hinterlässt online Spuren.”
14 Länder beteiligt
Die Ermittlungen waren nach Informationen des Cybercrime-Teams der Amsterdamer Polizei 2023 in den Niederlanden begonnen worden. Sie seien schnell erweitert worden, auch Ermittler in Deutschland waren demnach beteiligt. Die Amsterdamer Polizei arbeitete eng mit dem amerikanischen FBI zusammen. Europol koordinierte die Aktion. (dpa/rs)
View the full article
CSOonline

Europol schließt riesigen Markt für gestohlene Daten

Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die europäische Polizeibehörde in Den Haag mitteilte. Die Server des Marktes waren in Amsterdam. Die Daten wurden sichergestellt.
In 14 Ländern hatten Ermittler an einem gemeinsamen Aktionstag am Dienstag zugegriffen. Es gab nach Europol-Angaben rund 100 Einsätze vor allem gegen die 37 Hauptnutzer der Plattform. 
“Zentrale Drehscheibe”
Leakbase war Europol zufolge eine “zentrale Drehscheibe im Ökosystem der Cyberkriminalität”. Die Plattform hatte sich auf den Handel mit gestohlenen Daten spezialisiert. Sie war nach Angaben von Europol offen im Internet zugänglich. 
“Plattformen dieser Art sind der Motor für Cyberkriminalität”, teilte die Amsterdamer Polizei mit. Die Cybercrime-Experten warnten auch, dass gestohlene Daten immer wieder weiterverkauft und für verschiedene Arten von Betrug missbraucht würden. Es ist unklar, wie viele Menschen Opfer der Praktiken geworden sind. 
Auf der bisherigen Website ist nun eine Nachricht der Polizei zu sehen: “Der Handel mit gestohlenen Daten ist strafbar. Jeder hinterlässt online Spuren.”
14 Länder beteiligt
Die Ermittlungen waren nach Informationen des Cybercrime-Teams der Amsterdamer Polizei 2023 in den Niederlanden begonnen worden. Sie seien schnell erweitert worden, auch Ermittler in Deutschland waren demnach beteiligt. Die Amsterdamer Polizei arbeitete eng mit dem amerikanischen FBI zusammen. Europol koordinierte die Aktion. (dpa/rs)
View the full article
CSOonline

Top 10 AI Incident Response Tools in 2026: Features, Pros, Cons & Comparison

Introduction
In 2026, cybersecurity incidents are becoming more sophisticated, and organizations must respond quickly and effectively to mitigate the risks. AI incident response tools have emerged as critical solutions, harnessing the power of artificial intelligence to detect, analyze, and respond to security threats. These tools automate the incident response process, reducing the time spent identifying and addressing threats while enhancing the efficiency of security teams.
As cyberattacks continue to evolve, traditional security measures are no longer enough. This is where AI-powered incident response tools come into play, providing advanced threat detection, rapid mitigation, and ongoing analysis to minimize potential damage. When choosing an AI incident response tool, organizations should consider key factors such as ease of integration, scalability, real-time response capabilities, and comprehensive reporting.
In this blog post, we’ll explore the Top 10 AI Incident Response Tools for 2026, diving into their features, pros, cons, and comparing them based on their suitability for different business needs.
Top 10 AI Incident Response Tools in 2026
1. Console

Short Description: Console is an AI-powered IT agent platform that automates internal service operations and incident handling. It enables organizations to triage, prioritize, and resolve operational incidents using intelligent routing, SLA-backed workflows, and automated remediation across integrated systems.
Key Features:
AI-driven incident triage and routing Configurable priority tiers with response and resolution SLAs Dedicated incident tracking with structured ownership Automated cross-system remediation via playbooks and integrations Built-in broadcasts for stakeholder communication during incidents Pros:
Combines AI automation with structured incident management Accelerates resolution through execution, not just alerting Integrates with existing IT tools rather than replacing them Cons:
Not designed for deep security analytics or SIEM-level threat detection Focused primarily on internal IT and operational incidents 2. Splunk Phantom
Short Description: Splunk Phantom is a robust security orchestration, automation, and response (SOAR) platform that uses AI to streamline incident management and automate responses across multiple security systems. Key Features: AI-driven automation of security workflows Extensive integration capabilities Incident tracking and analysis Customizable playbooks for response Real-time reporting and insights Pros: Flexible integration with a wide range of security tools Scalable for businesses of all sizes Cons: Complex setup for new users Pricing can be a concern for smaller businesses 3. CrowdStrike Falcon
Short Description: CrowdStrike Falcon uses AI to prevent, detect, and respond to cyber threats in real-time. Its cloud-native design ensures scalability and ease of deployment. Key Features: Real-time AI-powered threat detection Endpoint protection and analysis Automated response workflows Cloud-native scalability Threat intelligence sharing Pros: Excellent for endpoint protection Easy to deploy and manage Cons: Can be costly for smaller organizations Limited customization for specific use cases 4. Darktrace
Short Description: Darktrace uses machine learning to detect and respond to cyber threats within an organization’s network. Its self-learning AI adapts to new threats in real-time. Key Features: Self-learning AI that adapts to emerging threats Autonomous response with minimal human intervention Threat visualizations and comprehensive reporting Scalable across multiple industries Real-time threat monitoring Pros: Highly effective at detecting novel threats Minimal manual intervention required Cons: High cost for full deployment Can be resource-heavy for smaller systems 5. Fortinet FortiSOAR
Short Description: FortiSOAR is an AI-powered security orchestration tool designed to automate the response to security incidents, improving both speed and accuracy. Key Features: AI-driven response automation Threat intelligence integration Incident management dashboards Collaboration tools for team response Customizable playbooks Pros: Seamless integration with other Fortinet security solutions Scalable and adaptable for different industries Cons: Requires specialized knowledge for setup Pricing may not be accessible for all companies 6. ServiceNow Security Incident Response
Short Description: ServiceNow’s Security Incident Response tool integrates AI to automate workflows, ensuring quick detection and remediation of incidents. Key Features: AI-powered automated incident workflows Seamless integration with ServiceNow ITSM Threat intelligence integration Real-time incident management Customizable reporting Pros: Strong integration with existing IT systems Easy-to-use interface Cons: Can be too simplistic for larger organizations with complex needs Requires ServiceNow platform for full functionality 7. LogRhythm
Short Description: LogRhythm is an AI-driven security intelligence platform that combines log management, threat detection, and incident response to help organizations mitigate risks effectively. Key Features: AI-based automated incident responses Comprehensive log and event management Threat detection and correlation User and entity behavior analytics Customizable alerting and reporting Pros: Comprehensive suite for security monitoring Easy to integrate with existing systems Cons: Can be resource-intensive Steep learning curve for new users 8. Palo Alto Networks Cortex XSOAR
Short Description: Cortex XSOAR by Palo Alto Networks is an AI-powered SOAR platform that automates threat detection and response, improving the efficiency of security operations. Key Features: AI-powered automated responses and playbooks Threat intelligence integration Incident management and collaboration tools Real-time analytics and reporting Customizable automation and workflows Pros: Seamless integration with Palo Alto’s security tools Excellent scalability Cons: Can be overwhelming for smaller teams High implementation cost 9. Swimlane
Short Description: Swimlane offers AI-driven security automation for enterprises, improving response times and reducing human error in incident management. Key Features: Automated response workflows Threat detection and analysis using AI Scalable and customizable for various industries Collaboration tools for team-based response Real-time dashboards and reporting Pros: Intuitive interface and easy to use Highly customizable workflows Cons: Expensive for small businesses Requires dedicated resources for optimal use 10. Siemplify
Short Description: Siemplify is an AI-powered security orchestration platform that automates workflows and incident responses, enhancing security operations efficiency. Key Features: AI-based incident response automation Real-time threat monitoring Incident tracking and analytics Playbook-driven response workflows Integration with a wide range of security tools Pros: Highly customizable workflows Simple and intuitive user interface Cons: Requires advanced knowledge for setup High price point for small organizations Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRating (G2/Capterra)IBM QRadar AdvisorLarge enterprisesCloud, On-premAI-powered threat analysisStarts at $X4.5/5Splunk PhantomEnterprises and MSSPsCloud, On-premSecurity orchestrationStarts at $X4.3/5CrowdStrike FalconEndpoint protection for SMBsCloud, On-premReal-time endpoint protectionStarts at $X4.7/5DarktraceEnterprises and SMBsCloud, On-premSelf-learning AICustom4.6/5FortiSOARLarge enterprisesCloud, On-premIntegration with Fortinet toolsStarts at $X4.2/5ServiceNow Security IRSMBs and enterprisesCloudSeamless ITSM integrationStarts at $X4.1/5LogRhythmEnterprises and MSSPsCloud, On-premThreat detection and correlationStarts at $X4.3/5Cortex XSOAREnterprises and MSSPsCloud, On-premCustomizable workflowsCustom4.6/5SwimlaneLarge enterprisesCloud, On-premUser-friendly interfaceStarts at $X4.4/5SiemplifySMBs and enterprisesCloud, On-premIncident trackingCustom4.3/5 Which AI Incident Response Tool Is Right for You?
Choosing the right AI incident response tool depends on various factors such as your organization’s size, security needs, budget, and the complexity of your IT infrastructure. Here’s a quick decision-making guide:
Large Enterprises: Tools like IBM QRadar Advisor, Splunk Phantom, and Darktrace are best for large organizations with complex security needs, as they offer deep analytics, real-time responses, and scalability. SMBs: If you’re a small to mid-sized business, CrowdStrike Falcon and Siemplify offer cost-effective solutions without compromising on effectiveness. MSSPs: LogRhythm, Palo Alto Networks Cortex XSOAR, and Swimlane are great options, providing flexibility and integration with multiple security systems. Conclusion
AI incident response tools are essential in 2026 to combat the growing complexity of cyber threats. By leveraging AI and machine learning, these tools enable organizations to respond faster and more effectively. The right tool for your organization depends on your specific needs—whether you require deep analytics, robust integrations, or streamlined workflows. As cyber threats continue to evolve, investing in a top-tier AI incident response tool will help future-proof your organization’s security posture.
SEO Meta Description: Discover the top 10 AI incident response tools in 2026. Explore key features, pros, cons, and a comparison guide to help you select the best solution for your organization.
FAQs
Q1: What is AI Incident Response?
A1: AI incident response involves using artificial intelligence to automate and enhance the detection, analysis, and remediation of cybersecurity threats.
Q2: How do AI-powered tools improve incident response?
A2: AI-powered tools improve incident response by automating workflows, detecting threats faster, and providing real-time recommendations for effective mitigation.
Q3: Are these tools suitable for small businesses?
A3: Yes, some tools like CrowdStrike Falcon and Siemplify are designed for small and medium-sized businesses, offering affordable solutions without compromising security.
Q4: How do I integrate AI incident response tools with my existing systems?
A4: Most AI incident response tools offer integration with SIEM systems, firewalls, and other security technologies. Check the vendor’s documentation for specific integration guides.
Q5: What factors should I consider when choosing an AI incident response tool?
A5: Consider factors like cost, scalability, ease of integration, real-time capabilities, and the level of support provided by the vendor.
View the full article
reporter

MacBook Neo Compatible With New Studio Displays, But There's a Catch

Apple's low-cost MacBook Neo is compatible with the company's new Studio Displays, but its output will be scaled to 4K resolution at 60Hz.


Apple confirmed the compatibility and output limitation with 9to5Mac.

With pricing starting at $1,599, the regular Studio Display runs at 5K with a maximum 60Hz refresh rate. Meanwhile, the all-new 5K Studio Display XDR is capable of up to 120Hz and pricing starts at $3,299.

Apple calls the refreshed Studio Display "the perfect companion to Mac," but if you were planning on using it as an external display for a new MacBook Neo, there are other options available at significantly lower price points.

If you still have a Mac with an Intel chip inside, you're not going to want to pick up one of the new Studio Display or Studio Display XDR models either – neither model will work with an Intel-based Mac.

The $599 MacBook Neo‌ and the new Studio Displays are available to pre-order now, with availability beginning on Wednesday, March 11.
This article, "MacBook Neo Compatible With New Studio Displays, But There's a Catch" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, orView the full article
Hacker News

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning border crossing appealsView the full article
Hacker News

Apple Music Rolling Out Disclosure Tags for AI-Made Songs

Apple Music is rolling out a new metadata system called Transparency Tags, which indicates when AI has been used in the creation of music hosted on the platform.


According to Music Business Worldwide, Apple sent a newsletter to industry partners on Wednesday to explain how it will roll out the new set of metadata.

The system covers four categories including artwork, track, composition (lyrics), and music video. Labels and distributors can begin applying the tags immediately. Apple describes the tags as optional for now, noting that if omitted, no AI is assumed.

Apple said it defers to content providers to determine what qualifies as AI-generated, and that it treats the tags similarly to genres, credits, and other existing metadata. The company describes it as a first step toward industry-wide transparency around AI-generated music.
Apple's approach contrasts with the route taken by competitors like Deezer, which has built its own detection infrastructure to independently identify AI-generated tracks, but it's not 100% accurate all the time. With Apple's tags, there isn't a visible enforcement or cross-verification process in place.

Deezer reports that it receives over 60,000 fully AI-generated tracks per day, with synthetic content now accounting for roughly 39% of all music delivered to the platform. Up to 85% of streams on AI-generated music were fraudulent in 2025, according to Deezer's data.

Apple's system is voluntary, or at least it is for now. Whether labels and distributors will actually use it remains to be seen.Tag: Apple Music
This article, "Apple Music Rolling Out Disclosure Tags for AI-Made Songs" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

State-affiliated hackers set up for critical OT attacks that operators may not detect

Several state-linked threat groups known for breaking into operational technology (OT) networks have shifted their focus over the past year from gaining and maintaining access to actively mapping out ways to disrupt physical industrial processes. The shift poses a significant threat because fewer than one in 10 OT networks have monitoring in place to detect such activity, according to industrial cybersecurity firm Dragos.
The group that Dragos tracks as Voltzite, which other researchers have linked to China’s Volt Typhoon campaign, was observed manipulating engineering workstations inside US energy and pipeline networks to determine what operational conditions could trigger process shutdowns — elevating the group to Stage 2 of Dragos’ ICS (industrial control system) Cyber Kill Chain.
Another group called Kamacite has shifted from corporate supply-chain targeting to directly scanning US industrial control devices for four months, mapping specific control loops. Its partner group Electrum, which has exhibited techniques that overlap with those of Russia’s GRU Sandworm team, struck Polish energy infrastructure in December in what Dragos calls the first major cyberattack on distributed energy resources (DERs).
“I think a reasonable assessment is that those teams — state teams, government, military, intelligence teams — are being told by their leadership: ‘You know what? It’s not just about getting access. We might want to leverage that access within a 12-month period,’” Robert M. Lee, CEO and co-founder of Dragos, said during a media briefing that accompanied the release of the company’s annual ICS/OT cybersecurity report. “And when you hear that as an offensive team, that’s when you go ahead and develop that out.” 
Lee, who previously held defensive and offensive cyber roles in the US military and the intelligence community, warned that given how little visibility most OT asset owners have into their own networks, some compromised sites will likely never be cleaned up. And that’s a scary reality because the disruptive capabilities these groups are setting up now could be triggered in the event of a geopolitical conflict.
The access-broker model comes to ICS
Voltzite compromised Sierra Wireless Airlink cellular gateways used in US energy and midstream pipeline operations, then pivoted to engineering workstations where it dumped configuration files and alarm data to understand what conditions would trigger process shutdowns.
The group also used the JDY botnet for reconnaissance across the energy, oil and gas, and defense sectors, scanning VPN appliances from F5, Palo Alto, and Citrix. Less than 5% of environments Dragos assessed had the PowerShell execution logging needed to detect Voltzite’s techniques.
Sylvanite, one of three new threat groups that Dragos identified in 2025, acts as an access broker for Voltzite, rapidly weaponizing vulnerabilities in network-edge devices and handing off footholds to Voltzite for deeper infiltration. Sylvanite exploited an Ivanti EPMM zero-day vulnerability at a US utility in May 2025 before Ivanti issued a patch and separately used a SAP NetWeaver zero-day in April. It also installed persistent web shells on F5 appliances and harvested Office 365 tokens and credentials from LDAP databases.
Lee described the Sylvanite-Voltzite pairing as a two-team structure that suggests a mature, well-resourced state operation, either a government team working with a contractor or lab, or two separate agencies. This division of labor across multiple teams has been adopted by multiple nation-state threat actors as it shortens the compromise-to-operational-readiness timeline from weeks to days.
Another group dubbed Azurite which has overlaps with what other researchers track as the Chinese Flax Typhoon group, infiltrated OT environments across manufacturing, defense, automotive, electric, and oil and gas organizations in the US, Europe, Taiwan, Japan, and Australia.
The group exfiltrated alarm data, configuration files, project files, and process information from engineering workstations, and was not deterred by public exposure, law enforcement infrastructure takedowns, or government sanctions. Dragos believes this activity is highly likely preparation for offensive operations in the event of geopolitical conflict.
Last year, the company also began tracking Pyroxene, a group that has technical overlaps with activity the US government has attributed to Iran’s Islamic Revolutionary Guard Corps. Pyroxene specializes in supply-chain attacks to pivot from IT networks into industrial control environments and operates in tandem with another group dubbed Parisite, which provides initial access.
The group deployed wiper malware against multiple Israeli organizations during the 12-day Iran-Israel conflict in June 2025 and conducted a watering-hole attack against a water utility serving the Haifa Bay Port area in late 2024. Its targets span aviation, aerospace, defense, and maritime sectors across the US, Western Europe, Israel, and the UAE.
Russia’s OT attack teams expand beyond Ukraine
The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.
Kamacite, which serves as the access-and-reconnaissance arm that enables Electrum’s destructive operations, ran a four-month campaign from March to July 2025 scanning internet-exposed US industrial control devices, including Schneider Electric variable-frequency drives, smart HMIs, Accuenergy power meters, and Sierra Wireless cellular gateways.
The scanning was not opportunistic, Dragos said. Kamacite targeted specific device types in sequence, suggesting the group was mapping entire control loops rather than probing for isolated vulnerabilities.
Earlier in the year, Kamacite targeted attendees of a Gas Infrastructure Europe conference in Munich, engaging targets in multi-day, native-language spear-phishing conversations. The group also targeted at least 25 Ukrainian industrial companies across 10 regions in a sustained supply-chain campaign.
Electrum, the operational arm that carries out destructive attacks, struck Polish energy infrastructure in late December 2025 in what Dragos describes as the first major coordinated cyberattack against DERs worldwide.
The attack targeted roughly 30 wind farms, solar installations, and a combined heat and power plant, exploiting internet-facing Fortinet devices configured with default credentials and no multi-factor authentication. The attackers deployed wiper malware that destroyed data on HMIs and corrupted firmware on OT devices, causing operators to lose visibility and control over the facilities.
Dragos attributed the Poland attack to Electrum with moderate confidence. Lee said the same style of attack in the US, Australia, or the Nordic countries, where grids rely more heavily on distributed energy resources, could have been “potentially catastrophic.”
“Some of the defender teams across NATO countries stopped worrying as much about certain Russian threat groups because they stopped seeing them,” Lee said. “I’m saying it looks like they might come back to a theater near you and now with a heck of a lot more experience. So keep up on what’s going on in Ukraine, and try to apply those lessons learned, because it could be very impactful for you.”
Electrum also developed two new wiper malware variants in 2025. PathWiper, discovered in June but active since March, uses a more thorough and methodical approach for data destruction compared to HermeticWiper, the wiper malware that Sandworm used against Ukrainian targets hours before the Russian invasion started. A second wiper variant was discovered in December.
The group is also known to use pro-Russia hacktivist personas to mask their involvement in attacks. In May, the Solntsepek persona that Electrum used on several occasions conducted destructive operations against eight Ukrainian internet service providers.
OT operators lack visibility to detect threats
Less than 10% of OT networks worldwide have any security monitoring in place, according to Dragos’ data. And 90% of asset owners the firm works with still cannot detect the techniques Electrum used to take down Ukraine’s power grid a decade ago, Lee said.
In tabletop exercises the company conducted in 2025, 88% of participants had trouble detecting threats, 94% had difficulty with containment, and 82% struggled to activate their incident response plans. During real-world engagements, a third of incident response cases began not with an alert from a product but with an operator noticing something seemed wrong, and in most of those cases, the data needed to investigate the incident had never been collected.
Dragos also found that 82% of OT asset owners lack defined criteria for when an operational anomaly should trigger a cybersecurity investigation. On top of that, 81% of environments assessed had poor IT/OT network segmentation, and 56% of penetration tests found that attackers could move laterally inside OT networks using legitimate system tools without being detected.
“We’ve told our community, build a big glass house, but the moment that perimeter is breached, like, I don’t know, good luck,” Lee said, noting that roughly 90% of security guidance for OT environments focuses on perimeter defense (“patch, passwords, antivirus, access controls, secure mode access”), with less than 10% addressing detection and response once intruders are inside the network.
Dragos calls visibility the foundational control so building network monitoring and improving segmentation is of utmost importance. The firm’s vulnerability analysis found that only 3% of ICS vulnerabilities require immediate patching, while 71% can be addressed through basic network hygiene and 27% pose minimal operational risk.
In the US new NERC CIP-015 regulations will require bulk electric system operators to implement internal network security monitoring within three years for high-criticality sites and five years for medium-criticality ones. But the requirement applies only to the electric sector, leaving water, oil and gas, and manufacturing without comparable mandates.
“We’re going to have to live with the reality that a portion of our infrastructure is currently compromised and will remain compromised at the current trajectory of the [ICS] community,” Lee said.
View the full article
CSOonline

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishingView the full article
Hacker News

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access the forum's website ("leakbase[.]la") are nowView the full article
Hacker News

14 old software bugs that took way too long to squash

In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old — and there was no patch available, and no expectation that one would be forthcoming.
Fortunately, that’s because the system in question was Marvin Minsky’s 1967 implementation of a Universal Turing Machine, which, despite its momentous theoretical importance for the field of computer science, had never actually been built into a real-world computer. But in the decade or so after Minsky’s design, the earliest versions of Unix and DOS came into use, and their descendants are still with us today in the 21st century. Some of those systems have had bugs lurking beneath the surface for years or even decades.
Here are 14 noteworthy bugs that, once long dormant, took over a decade to be discovered and fixed — in descending order of how long they went unaddressed.
Libpng graphics library flaw
Age: 30 years
Date introduced: 1995
Date fixed: February 2026
Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.
The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster image file. Although difficult to exploit, the vulnerability potentially poses an information disclosure or remote code execution risk.
The vulnerable png_set_quantize function, previously called png_set_dither, is rarely used. This in combination with the difficulty of exploitation mean that the flaw earns a CVSS score of 8.3, rating it as a “high” rather than “critical” risk.
Nonetheless many Linux distributions (Debian, Red Hat, Ubuntu), desktop apps, and some Java runtimes rely on vulnerable versions of the library and need to be patched.
PrintDemon
Age: 24 years
Date introduced: 1996
Date fixed: May 2020
Printers are a frequent pain point for IT because there are a lot of models, they aren’t made by the same vendors who make computers and operating systems, and users expect to plug them in and start printing. Microsoft in its early years battled to make installing a printer driver relatively easy and painless. But a bug found in 2020, dubbed PrintDemon, showed that maybe they took that a bit too far back in the ’90s — and paid for it for decades.
The core of the vulnerability lies in three facts: Non-administrative users can add printers to a Windows machine; the underlying mechanics make it possible to print to a file rather than a physical printing device; and crucial printing services on Windows run with system privileges. That means that, if you do it right, you can build a “printer” driver that can create a file (even an executable one) anywhere on the filesystem (even in privileged directories). There are plenty of exploits that have been cooked up to take advantage of these design flaws — Stuxnet, it turns out, was one of them — but PrintDemon was a real doozy, made possible because Microsoft’s fixes over the years had been patches rather than a complete rebuild of the printing subsystem.
As Winsider described it, “With very subtle file system modifications, you can achieve file copy/write behavior that is not attributable to any process, especially after a reboot … with a carefully crafted port name, you can imagine simply having the Spooler drop a [portable executable] file anywhere on disk for you.” Sounds like bad news!
win32k.sys vulnerabilities
Age: 23 years
Date introduced: 1996
Date fixed: 2019
Two big vulnerabilities were detected in the Win32 API in Microsoft Windows in 2019. The first, found in April, was a Use-After-Free vulnerability, in which OS coding errors made it possible for programs to access system memory that should’ve been protected; this vulnerability was detected by security researchers when they discovered malicious hackers attempting to use it in the wild to gain control of computers. The other, discovered in December, was an elevation-of-privilege vulnerability lurking in the OS’s window switching functionality; this vulnerability was similarly discovered in the course of active attacks, which simulated keystrokes to create memory leaks.
Both vulnerabilities have their origins in the early days of Windows. “The problem originates from the time when WIN32K made its debut with Windows NT 4.0, when much of Win32’s graphics engine was moved from user level to kernel to boost performance,” explained Boris Larin, senior security researcher at Kaspersky, back in 2019. And while these two vulnerabilities have been patched, that long-ago decision on the part of Microsoft has had much broader effects — and probably will continue to do so, Larin said then. “Throughout the years, the WIN32K component has been responsible for more than a half of all kernel security vulnerabilities discovered in Windows.”
PuTTY heap overflow
Age: 20 years, 9 months
Date introduced: January 1999
Date fixed: October 2019
PuTTY is a free and open-source suite of tools that includes a serial console, a terminal emulator, and various network file transfer applications, with SSH and other encryption schemes built in. It was originally released to bring tools Unix admins took for granted to Windows and Mac OS, but has expanded its scope and is now in wide use on Unix systems as well. While PuTTY was designed to secure network connections, it turns out there was a vulnerability lurking at its heart. This was a heap overflow that could be triggered by a too-short SSH key, which could result in crashing PuTTY or even remote code execution.
The vulnerability was submitted to HackerOne as part of a bug bounty program, netting the submitter a $3,645 reward and a thank you from the PuTTY team, which noted that the bug had been present in the very earliest versions of the source code, back to 1999.
SIGRed DNS vulnerability
Age: 17 years
Date introduced: 2003
Date fixed: 2020
DNS is one of the underrated backbones of the internet, the system by which your computer knows what IP address correlates to any given URL. The system is hierarchical, with requests sent up and down the pyramid looking for DNS servers that know the answer to the question, “Where is this computer?” As a result, DNS has been built into all major operating systems.
In 2020, Microsoft disclosed a critical vulnerability in its own version of DNS, which had been lurking in the code for 17 years. The vulnerability, dubbed SIGRed by its discoverers at Check Point, was a buffer overflow flaw in Windows DNS servers that could be triggered by exploit code tucked into a DNS packet’s signature. A malicious nameserver could send such packets in response to requests, bypassing most security protections and potentially gaining remote access to the Microsoft DNS server. The attack would be potentially wormable, meaning that it could be automated and spread without user intervention.
Python tarfile vulnerability rises again
Age: 15 years
Date introduced: 2007
Date fixed: September 2022
Cybersecurity company Trellix discovered that CVE-2007-4559, a vulnerability affecting Python’s tarfile module first identified in 2007, continued to affect hundreds of thousands of repositories up until at least September 2022.
“While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module,” Kasimir Schulz, a vulnerability researcher for Trellix’s Threat Labs, wrote on the firm’s blog. “Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was in fact CVE-2007-4559.”
According to NIST, CVE-2007-4559 is a directory traversal vulnerability in the extract and extractall functions in the tarfile module in Python that allows user-assisted remote attackers to overwrite arbitrary files via a “..” sequence in filenames in a TAR archive.
Bad actors can create exploits with as few as six lines of code added to the tarfile module, which allows users to add a filter to parse and modify a file’s metadata before it is added to the tar archive, Schulz said. CVE-2007-4559 “is incredibly easy to exploit, requiring little to no knowledge about complicated security topics. Due to this fact and the prevalence of the vulnerability in the wild, Python’s tarfile module has become a massive supply chain issue threatening infrastructure around the world.” Trellix has found more than 300,000 repositories affected by the vulnerability.
Trellix developed a scanning utility to identify the vulnerability and patched a number of open-source repositories.
Linux SCSI subsystem bugs
Age: 15 years
Date introduced: 2006
Date fixed: March 2021
SCSI, a 1980s-era data transfer standard, is still in use in some contexts today, and Linux, always intended to be as flexible and universal as possible, still has an extensive SCSI subsystem for those systems that need it. These modules are available via automatic module loading, in which the OS grabs and installs the system code it needs when it needs it — helpful if you find yourself plugging a SCSI drive into your Linux machine and don’t want to hunt down the necessary supporting code.
Cybersecurity consultancy Grimm posted an extensive breakdown of several bugs in this Linux SCSI code that they discovered in March 2021. One was a buffer overflow vulnerability that could allow a normal user to gain root privileges, and the others were errors where information from the kernel could be leaked to user space, and all could be used to get privileged information or as part of a DoS attack on the affected machine. Grimm dates the bugs back to 2006 and dryly notes that they’re “an indication of a lack of security-conscious programming practices that was prevalent at the time this code was developed.”
Domain Time II man-on-the-side attack
Age: 14 years
Date introduced: 2007
Date fixed: April 2021
If two computers on the same network can’t agree on the time, the results can range from annoying to disastrous. This longstanding problem was to be solved by Domain Time II, a closed-source application in use on Windows, Linux, and Solaris.
But Domain Time II harbored for most of its existence a very serious vulnerability. At intervals or on conditions the user can set, the program sends UDP queries to an update server run by Greyware Automation Products, the software’s vendor. If the server replies with a URL, Domain Time II will run a program with admin privileges to download and install an update from that URL.
The problem? If a malicious actor manages to reply to the query before Greyware’s server does, that attacker can send its own reply, prompting Domain Time II to download whatever malware the attacker wants installed. In a true man-in-the-middle attack, the attacker would be intercepting communications in both directions; in contrast, this man-on-the-side attack can’t stop replies to its target machine getting through and so has to send its own reply more quickly.
In practice, this means the attacker would need to control a computer on the target’s local network to pull this off, but this attack represents a way an attacker could escalate their intrusion onto more valuable and secure machines within a local network. This vulnerability was spotted by the security firm Grimm, which noted that the flaw was present in versions of the software going back at least to 2007.
Critical vulnerability in Redis in-memory store
Age: 13 years
Date introduced: 2012
Date fixed: October 2025
A vulnerability in Redis in-memory store posed a critical risk for servers hosting the database.
The vulnerability, identified as CVE-2025-49844 or RediShell, stemmed from a use-after-free memory corruption bug that has existed in the Redis code base for around 13 years and posed a remote code execution risk.
While the flaw required authentication to exploit, an estimated 60,000 internet exposed Redis instances were exposed to the internet without authentication enabled, leaving these systems open to attack. Wiz researchers discovered the flaw and used it in the Pwn2Own Berlin contest in May 2025, weeks before its public disclosure in October 2025.
LionWiki local file inclusion
Age: 11 years, 11 months
Date introduced: November 2008
Date fixed: October 2020
LionWiki is a minimalist wiki engine, programmed in PHP. Unlike many popular wiki engines, LionWiki doesn’t use a database, and instead is entirely file-based. Because its goal is simplicity, this is a strength, but it also makes a significant vulnerability possible.
In essence, the various files underlying a particular LionWiki instance are accessed by file and pathnames in the URL of the corresponding pages. This means that, with a correctly crafted URL, you could traverse the filesystem of the server hosting the LionWiki instance. There are URL-filtering provisions in place to block attempts to do this, but as Infosec Institute Cyber Range Engineer June Werner discovered, they could be defeated fairly easily.
One thing Werner noted is that the vulnerability persisted despite attempts to correct it. “Some mitigations were first put in place in July of 2009, and then more extensive mitigations were put in place in January of 2012,” she noted. “Despite these mitigations, the code was still vulnerable to the same type of attack. This vulnerability stayed in the code for another eight years until it was rediscovered, along with a way to bypass the mitigations, in October 2020.” After the bug was formally reported, it was patched by the developer.
sudo host
Age: 11 years, 10 months
Date introduced: September 2013
Date fixed: July 2024
The sudo command is an important tool in any Unix admin’s toolkit, granting superpowered user privileges to those who have the permission to invoke it. To access these privileges, a user must be listed in a configuration file called sudoers. Because many organizations centrally administer many Unix hosts, sudoers can include a list of specific hosts where each user has sudo rights, so that these config files can be written once and then be pushed out to all the organization’s hosts.
The problem is that, to get access to the sudoers file and see the hosts on which you or another user might have sudo powers, you need those sudo powers yourself. But a command-line flag intended to let users view host-specific privileges could be abused to trick sudo into treating the command as if it were running on a different host — potentially one where the user has elevated privileges. That could allow the user to run commands, including those that edit sudoers, even if they shouldn’t have that access on the local machine. This security flaw isn’t rated as too serious, but it did lurk undetected for nearly 12 years. (Another more serious flaw with the chroot option, revealed at the same time, is a mere baby at two years old.)
HashiCorp Vault and CyberArk Conjur logic flaws
Age: 10 years
Date introduced: 2015[1] 
Date fixed: August 2025
Multiple flaws in components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, left the door open to a variety of attacks, including authentication bypass and the theft or erasure of supposedly protected secrets.
Both HashiCorp Vault and CyberArk Conjur are used for storing and controlling access to secrets such as API keys, database passwords, certificates, and encryption keys. Each technology is commonly used in DevSecOps pipelines.
Researchers from Cyata discovered an array of issues, many of which had remained hidden in the codebase of widely used open-source secrets vaults for years. The vulnerabilities were discovered after manual code reviews that focused on logic flaws in components responsible for authentication and policy enforcement rather than memory corruption issues typically detected by automated tools.
Findings from the research — which led to the discovery of a combined total of 14 vulnerabilities in the two secrets vaults — were revealed at Black Hat USA in August 2025.
The most severe vulnerability in HashiCorp Vault (CVE-2025-6000) created a mechanism for attackers to delete a critical file containing the keys needed to decrypt stored secrets, leaving data unreachable.
All the vulnerabilities were addressed before the research was publicly disclosed.
Linux GRUB2 Secure Boot hole
Age: 10 years
Date introduced: 2010
Date fixed: July 2020
When UEFI was introduced to replace BIOS, it was deemed the cutting edge of security, with features to fight attacks that operated on the level of the bootloading software that starts up an OS. Key to this is an interlocked chain of signed cryptographic certificates that verifies each bootloader program as legit, a mechanism known as Secure Boot. The root certificate for UEFI is signed by Microsoft, and Linux distributions put their own bootloaders, each with its own validated certificate, further down the chain.
But GRUB2, a widely popular Linux bootloader with a UEFI-ready certificate, contains a buffer overflow vulnerability that can be exploited by malicious code inserted into in its configuration file. (While GRUB2 itself is signed, its configuration file, meant to be editable by local admins, is not.) This hole was spotted by Eclypsium, and while an attacker would need to have a degree of local control of the target machine to implement this attack, if they pulled it off successfully, they could ensure that they remain in control of that computer going forward each time it boots up, making it difficult to evict them from the system.
Telnet
Age: 10 years, 8 months
Date introduced: May 2017
Date fixed: Jan 2026
Telnet is an early internet protocol and associated tools used for remotely logging into another machine via a text-based terminal session. Although superseded by the more secure and encrypted SSH technology since the mid-1990s, Telnet is still widely used by embedded systems, network hardware, and other legacy systems.
An easily-exploited Telnet authentication bypass vulnerability (CVE-2026-24061), introduced in code changes release in May 2017, left devices running pre-patched versions of the software wide open to remote compromise, provided that its Telnet server was exposed to the internet.

 [1]HashiCorp Vault was first released in 2015, with CyberArk Conjur becoming available in 2016. I’m assuming that at least some of these vulnerabilities date back to the first release of each technology.
View the full article
CSOonline

Die besten Cyber-Recovery-Lösungen

Arjuna Kodisinghe | shutterstock.com
Im Rahmen traditioneller Incident-Response– und Recovery-Prozesse wird eine Kompromittierung identifiziert und ein “Desaster” deklariert – woraufhin die betroffenen Systeme aus dem Backup wiederhergestellt werden. Diese Abläufe erfolgen größtenteils manuell und erfordern an jedem Entscheidungspunkt menschliche Interaktion. Und sie werden durch immer raffiniertere Ransomware-Angriffe unterlaufen, bei denen auch Backups verschlüsselt werden. Die Herausforderungen:
Die Backup-Systeme sind speziell für finanziell motivierte Angreifer ein maßgebliches Ziel. Die wiederhergestellten Daten gründlich zu überprüfen, ist deshalb essenziell – ansonsten könnte der Recovery-Prozess ins Leere laufen (während er trotzdem kostet).
Ausfallzeiten verursachen für die Unternehmen enorme Kosten. Eine möglichst zeitnahe, vollständige Wiederherstellung der Betriebskapazität hat entsprechend hohe Priorität.
Mit “Cyber Recovery” hat sich inzwischen ein neuer Ansatz etabliert, um Incident Response und Recovery auf die Höhe der Zeit zu bringen. Dabei handelt es sich laut den Marktforschern von IDC weniger um Standalone-Produkte, sondern vielmehr um Angebote, die Teil einer übergreifenden Plattform oder eines anderen Produkts sind und verschiedene Funktionen kombinieren.
Die Lösungen dieser Kategorie zeichnen sich demnach in erster Linie dadurch aus, den anfänglichen Schaden eines Angriffs zu minimieren und eine möglichst effiziente Wiederherstellung zu ermöglichen. Idealerweise kommen dabei Features wie Systemüberwachung in Echtzeit, automatisierte Mitigation sowie IT-Forensik zum Einsatz. Der Recovery-Prozess selbst wird dabei in einer Sandbox initiiert. Das ermöglicht zusätzliche Analysen abseits der betroffenen Systeme und gründliche Malware-Scans.
Die wichtigsten Cyber-Recovery-Anbieter
Nachfolgend haben wir einige empfehlenswerte Cyber-Recovery-Anbieter und ihre Offerings für Sie zusammengetragen.
Acronis
Einer der wenigen Backup- und Recovery-Spezialisten, der auch im Bereich Cyber Recovery tätig ist, ist Acronis. Das Unternehmen bietet dazu zwei umfassende Plattformen an:
Cyber Protect und
Cyber Protect Cloud.
Bei beiden Plattformen liefern KI-gestützte Antimalware, Endpoint Detection und Response sowie E-Mail-Security die Grundlage, um Angriffe möglichst frühzeitig zu erkennen.
Ein weiteres, bemerkenswertes Feature der Acronis-Plattformen: Sie bieten forensische Backups, bei denen nicht nur die Festplatte, sondern auch ein Memory Dump und Schlüsselinformationen über laufende Prozesse erfasst werden. Zudem haben Sie die Möglichkeit, Dateien mit Zertifikaten digital zu signieren.
Cohesity
Unterschiedliche Cyber-Recovery-Anforderungen adressiert der Sicherheitsanbieter Cohesity mit seinen Offerings. Im Dezember 2024 hat der Anbieter das Data-Protection-Geschäft von Veritas übernommen.
Data Protect verspricht Schutz für eine Vielzahl von Workloads – im Wesentlichen durch unveränderliche Snapshots mit strikter Konsistenz in Verbindung mit einem optimierten Wiederherstellungsprozess, um Systemressourcen schnell und effizient wiederherzustellen.
Bestandteil des Cohesity-Portfolios ist auch das SaaS-Angebot FortKnox. Das Cyber-Vaulting-Tool bringt Features wie flexible Recovery-Ziele und granulare Datenerfassung mit – und identifiziert zuverlässig Punkte zur Systemwiederherstellung.
Commvault
Auch Commvault verfügt über einen umfassenden Katalog von Produkten. Einige davon decken dabei auch den Bereich Cyber Recovery ab. Zum Beispiel:
die Cyber-Deception-Plattform Threatwise und
die Risiko-Monitoring-Plattform Security IQ.
Gemeinsame Features der Cyber-Recovery-Systeme von Commvault sind zum Beispiel Immutable und Air-Gap-Backups sowie Zero-Trust-Prinzipien. Sämtliche Komponenten werden dabei von der hauseigenen Metallic AI unterstützt. Sie soll unter anderem die Anomalieerkennung erleichtern.
Dell
In erster Linie ist Dell ein Hardware-Unternehmen. Dennoch haben die Amerikaner auch eine Reihe von Software-Tools im Angebot, die einer vollständigen Cyber-Recovery-Lösung zuträglich sein können – etwa PowerProtect Cyber Recovery. Die Software isoliert kritische Daten, um sie vor potenziellen Angriffen zu schützen und nutzt parallel Machine Learning, um verdächtige Aktivitäten und sichere Wiederherstellungspunkte zu identifizieren.
Darüber hinaus bietet Dell auch PowerProtect-Appliances und Dienstleistungen an, um Ihre Cyber-Recovery-Bemühungen abzurunden.
Druva
In Sachen Bekanntheitsgrad kann Druva vielleicht nicht unbedingt mithalten, dafür aber, wenn es um Cyber-Recovery-Funktionen geht. Das Cloud-basierte Kontroll-Panel von Druva ermöglicht einen einheitlichen Überblick über den Schutzstatus von Cloud- und On-Prem-Workloads. Der hauseigene KI-Assistent Dru unterstützt die Anwender dabei, wenn es darum geht, Backups zu managen, Fehler zu beheben und historische Prozesse zu überprüfen.
Druva kombiniert diese Orchestrierung mit kuratierten Snapshots und detaillierten Einblicken in den Verlauf der Datei(ver)änderungen – mit Fokus auf bösartige Vorgänge wie Infektionen mit Malware oder Datenverschlüsselung. Werden solche festgestellt, bietet die Plattform flexible Recovery-Optionen wie System-Rollback, Snapshots in Quarantäne oder Wiederherstellung in einer Sandbox-Umgebung.
Eine Lizenz für Druva beinhaltet außerdem Zugang zu professionellen Dienstleistungen in den Bereichen:
Weiterbildungen,
Fire Drill Testing,
Playbook-Entwicklung und
Incident Response.
Quest
Dieser langjährige Anbieter von IT-Management-Software hat diverse Cyber-Recovery-Komponenten im Angebot. Zum Beispiel:
NetVault Plus, ein Backup- und Recovery-System, das auf den Schutz vor Ransomware, Replikation für Disaster Recovery und Continuous Data Protection (CDP) ausgelegt ist.
KACE Cloud, das mit Device Patching und Endpoint Management zwei wichtige Komponenten moderner Sicherheits-Stacks abdeckt.
Darüber hinaus bietet Quest auch mehrere Lösungen an, die ihren Schwerpunkt auf den Schutz von Azure Active Directory und Microsoft Entra legen. Zwei erwähnenswerte Lösungen sind in diesem Bereich:
Recovery Manager for AD Disaster Recovery Edition, das den Wiederherstellungsprozess von Active Directory auf Forest-Ebene automatisiert.
SpecterOps BloodHound Enterprise, das Active Directory auf Schwachstellen und potenzielle Angriffspfade analysiert und entsprechende Maßnahmen zur Verfügung stellt, um das Sicherheitsniveau zu erhöhen.
Rubrik
Auch Datensicherheitsspezialist Rubrik kann dazu beitragen, die Mehrheit der Punkte auf der Cyber-Recovery-Checkliste abzuhaken:
Threat Containment identifiziert Malware und infizierte Dateien, isoliert diese und erleichtert die Wiederherstellung von sauberen Files, was das Risiko deutlich reduziert, während des Prozesses kompromittierte Dateien wiedereinzuführen. Letztere lassen sich für forensische Überprüfungen (mit limitierten Berechtigungen, um einen versehentlichen Restore zu verhindern) aufbewahren.
Rubrik Cloud Vault bietet Air-Gapped-Backups im Rahmen einer vollständig verwalteten Plattform. Das erleichtert Implementierung und Management langfristig. Die hauseigenen Datenanalyse-Tools bewerten den Dateiinhalt und die Backup-Aktivität und wenden Klassifizierungsregeln auf die Backups an. Dabei fallen auch potenziell sensible Daten, die nicht vollständig geschützt sind, nicht unter den Tisch. Ein Sahnehäubchen in Form von (kostenfreiem) Zugriff auf das Ransomware Response Team von Rubrik gibt es obendrein.
Veeam
Veeam ist noch nicht so lange im Backup- und Recovery-Business aktiv wie einige andere Anbieter in diesem Artikel – hat sich seinen Platz in der Cyber-Recovery-Top-Ten aber redlich verdient. Das Unternehmen bietet unter dem Banner seiner Data Platform mehrere Lösungen an, die Schlüsselelemente der Cyber-Recovery-Anforderungen abdecken:
Veeam Backup & Replication bietet Schutz vor Ransomware, unveränderliche Backups und CDP mit Point-in-Time-Recovery.
Veeam ONE ermöglicht es, Bedrohungen “proaktiv” abzuwehren, indem verdächtige Aktivitäten frühzeitig erkannt werden. Dazu kommt ein umfassender Überblick über den Datensicherungsstatus.
Veeam Recovery Orchestrator automatisiert Wiederherstellungstests und -orchestrierung mit wiederholbaren Workflows.
Zerto
Der Sicherheitsanbieter Zerto wurde im Jahr 2021 von HPE aufgekauft und legt seinen Fokus auf Cloud- und virtuelle Umgebungen. Dabei integriert die Lösung eng mit Hypervisoren, um Workloads vollumfänglich abzusichern.
Die Plattform bietet einige erwähnenswerte Funktionen. Beispielsweise erkennt sie Verschlüsselungsvorgänge in laufenden virtuellen Maschinen. Das Journaling-System von Zerto erfasst Schreibvorgänge dabei mithilfe von CDP und ermöglicht bei Bedarf eine granulare Wiederherstellung. Verdächtige Aktivitäten werden aufgezeichnet und mithilfe einer Entropieberechnung ausgewertet, um Fehlalarme zu verhindern. (fm)
View the full article
CSOonline

Microsoft leads takedown of Tycoon2FA phishing service infrastructure

The infrastructure hosting the Tycoon2FA service, which Europol said was among the largest phishing operations worldwide, has been taken down by a coalition of IT companies and law enforcement agencies.
At least temporarily, this removes access to one more tool for evading multifactor authentication defenses from threat actors.
Europol, which coordinated the operation, said Wednesday that the technical disruption was led by Microsoft, which got a US court order to seize 330 active domains that powered Tycoon2FA’s core infrastructure, including its control panels and fraudulent login pages. At the same time, law enforcement in Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom seized the service’s infrastructure in their countries.
Other IT companies involved in the operation included Cloudflare, Coinbase, Intel471, Proofpoint, the Shadowserver Foundation, SpyCloud, and Trend Micro.
Microsoft noted that, by mid‑2025, Tycoon2FA accounted for approximately 62% of all phishing attempts that it alone had blocked; at one point it intercepted more than 30 million emails in a single month. It believes that Tycoon2FA, sold to threat actors as a phishing-as-a-service operation, is linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers.  
[Related content: US, Microsoft crush Lumma Stealer]
The company said that Tycoon2FA combined convincing phishing templates, realistic landing pages, and real‑time capture of credentials and authentication codes into an easy‑to‑use package that scaled quickly. “By lowering the technical barrier to entry, it allowed criminals with limited expertise to run sophisticated impersonation campaigns,” Microsoft said in a blog. 
It noted that Tycoon2FA’s platform enabled threat actors to impersonate trusted brands by mimicking sign-in pages for services like Microsoft 365, OneDrive, Outlook, SharePoint, and Gmail, as well as allowing threat actors using its service to establish persistence.
Criminals could also access sensitive information, even after passwords were reset, by intercepting session cookies generated during the authentication process while simultaneously capturing user credentials, unless active sessions and tokens were explicitly revoked. The intercepted multi-factor authentication (MFA) codes were subsequently relayed through Tycoon2FA’s proxy servers to the authenticating service.
Don’t be complacent: Experts
This takedown is the latest in a series of IT industry and law enforcement co-operative efforts to go after criminals’ IT infrastructure.
However, experts warned CSOs and infosec leaders not to become complacent. Cybercrime is so lucrative that either a distribution of this tool will pop up elsewhere, or another tool will take its place.
“Phishing tools designed to bypass reverse proxies continue to evolve,” noted Robert Beggs, head of Canadian incident response firm Digital Defence. “Commercial variations such as EvilProxy are commonly found in the wild, and open source toolkits like EvilGinx, Modlishka, EvilPunch are becoming the go-to option for attackers.”
Johannes Ullrich, dean of research at the SANS Institute, noted that access brokers like Tycoon2FA are typically less sensitive to domain takedowns than malware operators who use domains for their command-and-control infrastructure.
“It will likely take them a bit of time to rebuild domains to use in their operation,” he said in an email, “but I doubt they will disappear. On the other hand, there is reason to cheer: at least a temporary reprieve from Tycoon2FA phishing emails.”
He added, “CSOs should, however, focus on identity security, in particular phishing-resistant authentication technologies. Multi-factor authentication is not sufficient if it is still susceptible to phishing. A recently developed tool, Starkiller, added yet another option for attackers to exploit insufficient MFA configurations.”
[Related content: DOJ seizes 41 Russian controlled domains]

Beggs pointed out that Tycoon2FA owes its success to being a simple to use system based on a reverse proxy. This configuration allows it to bypass the two-factor authentication that most organizations rely on to provide protection against phishing attacks, he said. The reverse proxy allows the hostile program, the attacker, to virtually sit in the middle of a transaction, and intercept access credentials and cookies.
Stringent defenses needed
CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint changes and by using short-lived cookies; monitoring network traffic for signs of man-in-the-middle behaviors such as inconsistent host headers, proxy-added headers, and timing discrepancies between client and server flows; and adopting phishing-resistant MFA with tools like FIDO2/WebAuthn hardware keys, passkeys, or certificate-based authentication. 
Because authentication is bound to the origin (domain) and the cryptographic challenges cannot be replayed through a reverse proxy, these methods cannot be proxied, he added.
How the service worked
Tycoon2FA phishing services were advertised and sold to cybercriminals on applications like Telegram and Signal, Microsoft said in a separate blog. Prices ranged, but phishing kits started at $120 for 10 days of access to an administrative panel, which served as a single dashboard for configuring, tracking, and refining campaigns.
For defenders who don’t know how comprehensive these criminal SaaS operations can be, here’s an outline of Tycoon2FA’s service: Campaign operators could configure a broad set of campaign parameters that control how phishing content is delivered and presented to targets. Key settings include lure template selection and branding customization, redirection routing, MFA interception behavior, CAPTCHA appearance and logic, attachment generation, and exfiltration configuration. 
Tycoon2FA generated large numbers of subdomains for individual phishing campaigns, used them briefly, then dropped them and spun up new ones. 
They could also configure how the malicious content is delivered. Options include generating EML files, PDFs, and QR codes, offering multiple ways to package and distribute phishing lures.
Operators could track valid and invalid sign-in attempts, MFA usage, and session cookie capture, with victim data organized by attributes such as targeted service, browser, location, and authentication status. Captured credentials and session cookies could be viewed or downloaded directly within the panel and/or forwarded to Telegram for near‑real‑time monitoring.
“Tycoon2FA illustrated the evolution of phishing kits in response to rising enterprise defenses, adapting its lures, infrastructure, and evasion techniques to stay ahead of detection,” said Microsoft.
“As organizations increasingly adopt MFA, attackers are shifting to tools that target the authentication process itself, instead of attempting to circumvent it. Coupled with affordability, scalability, and ease of use, Tycoon2FA posed a persistent and significant threat to both consumer and enterprise accounts, especially those that rely on MFA as a primary safeguard.”
View the full article
CSOonline

macOS Will Alert You to MacBook Neo's USB-C Port Limitation

The new MacBook Neo is equipped with two USB-C ports, but they are not the same. The left USB-C port supports USB 3 speeds of up to 10 Gb/s, while the right USB-C port closer to the trackpad is limited to USB 2 speeds of just 480 Mb/s. As a result, Apple says external display connectivity is supported on the left port only.


Given the ports are not labeled, this limitation could be an inconvenience. Fortunately, though, Daring Fireball's John Gruber said if you plug an external display into the incorrect port, macOS will alert you to use the other port.

Apple says the MacBook Neo supports one external display with up to 4K resolution at 60Hz.

If you want to learn more about which features and specs you have to live without if you buy a MacBook Neo, read our in-depth list of compromises.

MacBook Neo is available to pre-order now, with U.S. pricing starting at $599 ($499 for college students). The laptop launches Wednesday, March 11.Related Roundup: MacBook Neo
This article, "macOS Will Alert You to MacBook Neo's USB-C Port Limitation" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Does Not Include a Charger With All New MacBooks in UK and EU

None of the new MacBook Neo, MacBook Air, or MacBook Pro models unveiled this week come with a charger in the UK and EU countries, such as Germany, France, Italy, and Spain. This change began with the base 14-inch MacBook Pro last year.


If you need a power adapter, you must purchase one separately during checkout or later.

In all other countries, Apple includes a charger in the box with these Macs, at no additional cost. In the U.S., for example, the MacBook Neo ships with Apple's 20W USB-C Power Adapter (sold separately for $19), while the 16-inch MacBook Pro comes with Apple's 140W USB-C Power Adapter (sold separately for $99).

Apple includes a USB-C or MagSafe 3 charging cable with all of the new MacBooks sold worldwide.Related Roundups: MacBook Air, MacBook Neo, MacBook ProBuyer's Guide: 15" MacBook Air (Buy Now), MacBook Pro (Buy Now), 13" MacBook Air (Buy Now)Related Forums: MacBook Air, MacBook Pro
This article, "Apple Does Not Include a Charger With All New MacBooks in UK and EU" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's Biggest Week of 2026: Details on Every New Product Announced

Across Monday, Tuesday, and Wednesday, Apple unveiled seven new products, including low-cost iPhone and MacBook options, new displays, and refreshes for the MacBook Air, MacBook Pro, and iPad Air.


We've rounded up all of our coverage from this week in case you missed any of the product announcements or details.
MacBook Neo


Apple Announces $599 'MacBook Neo' With A18 Pro Chip
Hello, MacBook Neo: Apple Showcases All-New $599 MacBook in Videos
Want Touch ID on the MacBook Neo? It'll Cost You $100 Extra
MacBook Neo Features Two Different USB-C Ports
MacBook Neo Starts at Just $499 for Students
MacBook Neo Has Just 8GB RAM With No Upgrade Option
MacBook Neo Can Only Drive One External Display at 4K 60Hz
MacBook Neo vs. MacBook Air Buyer's Guide: 40 Differences Compared
Hands-On With the New MacBook Neo
20+ MacBook Neo Compromises: What You Give Up for Apple’s Cheapest Mac

iPhone 17e


Apple Announces iPhone 17e With A19 Chip, MagSafe, and More
iPhone 17e Comes in These Three Colors
iPhone 17e Now Features 256GB Base Storage
iPhone 17e Solves iPhone 16e's Biggest Limitation
iPhone 17e: Smaller Details You Might Have Missed
Get an iPhone 17e at No Cost With First Pre-Order Deals From T-Mobile and Verizon

iPad Air


Apple Unveils iPad Air With M4 Chip, Increased RAM, Wi-Fi 7, and More
First M4 iPad Air Benchmarks Surface

Studio Display


Apple Introduces All-New Studio Display XDR: 120Hz, Mini-LED, and More
Apple Updates Studio Display With Thunderbolt 5 and More
Apple Discontinues Pro Display XDR and $999 Stand
These Macs Can't Run the Studio Display XDR at 120Hz
New Apple Studio Display and Studio Display XDR Don't Support Intel Macs
Apple's New Studio Display Boxes Designed to Fit in Your Recycle Bin
New Studio Display and Studio Display XDR Will Have Day One Firmware Update
Apple’s Two New Studio Display Models Feature Different Chips

MacBook Pro


Apple Unveils MacBook Pro Featuring M5 Pro and M5 Max Chips With New Fusion Architecture
Apple Debuts M5 Pro and M5 Max Chips
Apple Removes 512GB Storage Option From M5 MacBook Pro, Drops SSD Upgrade Prices

MacBook Air


Apple Announces MacBook Air With M5 Chip and 512GB Base Storage
New M5 MacBook Air and MacBook Pro Get First Pre-Order Offers From Best Buy

Accessories


Apple Releases iPhone Cases, Apple Watch Bands, and Crossbody Strap in New Colors

Other News


Apple Changes Trade-In Values for iPhones, Macs, and More
Apple Opens Pre-Orders for MacBook Neo, iPhone 17e, M5 Pro/Max MacBook Pro, New Studio Displays and More

More Coverage

Apple CEO Tim Cook shared a wrap-up post on social media, and with pre-orders now live for all of the new products, we're not expecting any additional announcements this week.

Everything Apple announced this week will be launching on Wednesday, March 11, and we'll have more in-depth coverage and reviews of what's new.
This article, "Apple's Biggest Week of 2026: Details on Every New Product Announced" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

20+ MacBook Neo Compromises: What You Give Up for Apple's Cheapest Mac

The new MacBook Neo is Apple's most affordable Mac notebook, and at $599, it's priced the same as the iPhone 17e. For teachers and college students, it's even more affordable at $499.


To offer a Mac at such a low price, Apple had to make some compromises, and there are some features that the MacBook Neo is lacking compared to the next most expensive Mac notebook, the MacBook Air.

Processor


A18 Pro Chip - Apple is using an A-series chip instead of an M-series chip in the Neo. It has the A18 Pro chip that Apple debuted in the iPhone 16 Pro, but it is a binned version. It has a 6-core CPU and a 5-core GPU, while the ‌iPhone 16‌ Pro chip had a 6-core CPU and a 6-core GPU.
RAM - The MacBook Neo has 8GB RAM with no option to pay for more. All other Macs start with 16GB. It still supports Apple Intelligence, because 8GB is the minimum for it.
Memory bandwidth - Apple's chips use unified memory that's available to the CPU and GPU. Memory bandwidth in the Neo is 60GB/s, less than half that of the ‌MacBook Air‌.
Storage - The MacBook Neo starts with 256GB of storage, and there's only a single 512GB upgrade. Other Macs support much higher capacity SSDs.
Wi-Fi - The MacBook Neo has Wi-Fi 6E, but not Wi-Fi 7 because Apple did not include its new N1 networking chip.

Battery and Charging


Battery capacity - The MacBook Neo is almost the same size as the ‌MacBook Air‌, but it has a shorter battery life. It lasts for up to 16 hours when streaming video, while the ‌MacBook Air‌ lasts for up to 18 hours. The battery has a 36.5-watt-hour capacity, while the ‌MacBook Air‌ has a 53.8-watt-hour battery.
Battery size - Since the MacBook Neo is thicker than the ‌MacBook Air‌, it has even more room for a battery, but Apple didn't max out on battery life, which is likely a cost cutting measure. Apple is using older battery technology or a smaller battery. Battery life should theoretically be even longer because the A18 Pro chip doesn't draw as much power as the M5.
No MagSafe - The MacBook Neo is limited to USB-C charging, and it does not include a MagSafe port.
No fast charging - Apple ships the MacBook Neo with a 20W power adapter, and there is no mention of fast charging support.

Ports


USB-C - There are two USB-C ports, one that's USB 3 and one that's USB 2. The USB3 port supports DisplayPort 1.4 and up to 10Gb/s transfer speeds, but the USB 2 port is limited to 480Mb/s.
Display support - The MacBook Neo only supports a single external display at 4K 60Hz, though it may be possible to connect another with a third-party DisplayPort adapter.
No Thunderbolt - There are no Thunderbolt ports on the MacBook Neo because Thunderbolt is not supported.
No Studio Display - Since the Neo does not have Thunderbolt and is limited to 4K displays, it is not compatible with the Studio Display.

Design


Display size - The MacBook Neo has a 13-inch display size, so it is Apple's smallest Mac notebook. The ‌MacBook Air‌ has a 13.6-inch display.
Bezels - There is no notch on the Neo, but it does have thick iPad-style bezels at the top, bottom, and sides of the display. The bezel hides the FaceTime camera.
Thickness - The Neo is just a little smaller than the ‌MacBook Air‌ when it comes to length and width, but it is thicker at 0.50 inches (vs 0.44 inches for the ‌MacBook Air‌).

Display


No True Tone - The MacBook Neo does not support True Tone, which is the white balance feature that adjusts the temperature of the display to match the ambient lighting in the room, making it easier on the eyes.
No P3 Wide color - sRGB is supported, but P3 Wide color is not, so the MacBook Neo won't have colors that are as true to life as other Mac notebooks.
No ProMotion - Unsurprisingly, the MacBook Neo is limited to a 60Hz refresh rate and it does not support ProMotion.

Trackpad and Keyboard


Backlighting - There is no backlight for the keyboard.
Touch ID - Touch ID is not included with the base 256GB model, but you can get it by paying an extra $100 for the 512GB model.
Trackpad - There isn't a Force Touch trackpad, with Apple instead adopting a less complicated physical Multi-Touch trackpad. The button on the trackpad is an actual button, rather than a virtual button with haptic feedback. There is no pressure-sensing feature, Force clicks, or pressure-sensitive drawing option.

Speakers and Camera


FaceTime Camera - The MacBook Neo has a 1080p ‌FaceTime‌ HD camera like older Macs rather than the newer 12-megapixel Center Stage camera Apple has been adding to its newer models. There is no Center Stage or Desk View.
Camera light - There's no little light to alert you when the MacBook Neo camera is on, with Apple instead displaying a warning on the menu bar.
Speakers - The MacBook Neo has a dual-speaker sound system with speakers that are on the outer sides of the device. The ‌MacBook Air‌ has a four-speaker sound system with richer sound, but both the Neo and the Air support spatial audio.
Microphones - There are only two microphones, but Voice Isolation and Wide Spectrum are still supported for better clarity for calls.
Headphone jack - There's a 3.5mm headphone jack, but it does not have support for high-impedance headphones.

MacBook Neo Pros

Even though the MacBook Neo has a simplified feature set compared to other Mac models, the price can't be beat. $599 for a Mac is an incredible deal, and the A18 Pro chip is more than adequate for daily use and the type of work that students do.

It's not the best choice for 3D rendering, running local AI models, video editing, or similar creative tasks, but it will do those things at a basic level. It's an ideal MacBook for anyone who doesn't need more than a machine for web browsing and other light work, and it will do everything an iPhone can do. These days, that's quite a bit.

For more on the differences between the MacBook Neo and the ‌MacBook Air‌, we have a dedicated comparison guide.

The MacBook Neo is available for pre-order now, and it is set to launch on Wednesday, March 11.
This article, "20+ MacBook Neo Compromises: What You Give Up for Apple's Cheapest Mac" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's Two New Studio Display Models Feature Different Chips

Apple's press release and marketing materials for the new Studio Display and Studio Display XDR models do not mention which chips are inside the monitors, but MacRumors has confirmed this information in the latest Studio Display firmware.


The firmware reveals that the second-generation Studio Display is equipped with an A19 chip, while the Studio Display XDR has an A19 Pro chip, according to code reviewed by MacRumors contributor Aaron Perris. Rumors had mentioned either the A19 chip or the A19 Pro chip, and it turns out that the two chips are split across the two models.

The original Studio Display from 2022 is equipped with an A13 Bionic chip, which is something that Apple advertised. Apple said the chip enables features such as Center Stage camera framing, Spatial Audio, and "Siri" and "Hey Siri" voice activation for Siri. Apple introduced the A13 Bionic chip in the iPhone 11 series in 2019.

Introduced across the iPhone 17 and iPhone Air models last year, the A19 and A19 Pro chips are much newer. These chips likely help to drive the improved speakers in both new Studio Display models, and they likely enable the camera's Desk View feature, which can show your face and an overhead view of your desk at the same time.

In both new Studio Displays, Apple says the six-speaker sound system delivers 30% deeper bass compared to the previous generation.

We will learn more about the new Studio Displays and the hardware inside of them through upcoming reviews and teardowns.

Both new models can be pre-ordered now and launch on Wednesday, March 11.Related Roundup: Apple Studio DisplayRelated Forum: Mac Accessories
This article, "Apple's Two New Studio Display Models Feature Different Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases iOS 18.7.6 to Address Australia Emergency Call Issue

Apple today released iOS 18.7.6 for older devices, addressing an issue that caused some older iPhones in Australia to be unable to connect to emergency services.


According to Apple's release notes, the update fixes an issue that was preventing the iPhone XS and ‌iPhone‌ XR from properly connecting to emergency networks in Australia.

This update addresses a mobile network issue for ‌iPhone‌ XS models and ‌iPhone‌ XR when establishing a connection to emergency services in Australia.

Australian mobile network operators have been improving support for emergency calling on their networks, which has led to a host of problems with older iPhones connecting to emergency situations in some situations. Apple has released several updates to address the problem, including iOS 16.7.4 and iOS 26.2.1.

Some of Apple's updates exacerbated the issue, and Apple ended up temporarily pulling iOS 18.7.4, iOS 16.7.13, iOS 15.8.6, and iOS 12.5.8 back in December. Since then, additional updates have been released to further fix the emergency calling bugs, including the new iOS 18.7.6. update.
This article, "Apple Releases iOS 18.7.6 to Address Australia Emergency Call Issue" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Why AI, Zero Trust, and modern security require deep visibility

AI. Automation. Zero Trust.
They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them work without deep, trustworthy visibility.
You can’t continuously verify identities without knowing how they behave. You can’t train AI on incomplete data and expect accurate detection. You can’t automate response if every decision is built on inference instead of evidence.
And we believe this is exactly what an October 2025 commissioned study conducted by Forrester Consulting on behalf of NETSCOUT confirms.
Visibility is no longer a tool category, it’s a strategic requirement
According to the study:
72% of organizations say NAV is essential for proactive threat hunting and reactive incident response 69% say a NAV solution is vital to their threat detection and incident response process This isn’t about adding more gadgets to the SOC. It’s about strengthening the foundation that the SOC stands on.
When visibility is weak, every advanced capability becomes unstable:
AI guesses Zero Trust misclassifies Automated response becomes dangerous Threat hunting becomes inefficient TDIR slows down Modern security needs reliable, high-fidelity input. Without it, innovation collapses on contact.
The cost of building the future on a weak foundation
Executives often assume advanced technologies will “fix” visibility. In reality, they depend on it.
AI can’t correlate what it can’t see. Zero Trust can’t validate what it can’t interpret. Orchestration can’t automate decisions it doesn’t fully understand.
This is why thought-leading organizations are shifting their strategy: not diving deeper into tools but investing in the visibility that enables them.
Where Omnis Cyber Intelligence fits
This future-ready foundation is exactly where Omnis Cyber Intelligence provides leverage, not because it replaces AI or Zero Trust, but because it supports them.
Omnis Cyber Intelligence delivers the kind of high-integrity data those systems depend on:
Trusted packet-level visibility for AI models that require strong ground truth Behavioral analytics that strengthen Zero Trust validation Unified hybrid visibility that consolidates evidence across environments Context-rich metadata that accelerates automated workflows Retrospective investigation capabilities for threat hunting teams Omnis Cyber Intelligence becomes the “clarity layer” beneath modern security, not the star of the strategy, but the reason the strategy works.
The leaders who win will be the ones who see clearly
The future of cybersecurity is already arriving, and it’s arriving fast. But speed without clarity creates fragility.
Organizations that build AI, Zero Trust, and SOC modernization on top of strong visibility will accelerate safely. Those who build on top of guesswork will move fast, until something breaks.
Forrester’s research underscores the shift. Omnis Cyber Intelligence aligns naturally with the direction the industry is heading.
The question for leaders isn’t whether they need modern visibility. It’s whether they have enough of it to support the future they’re building.
Read the commissioned Forrester Consulting Opportunity Snapshot
Learn more about Omnis Cyber Intelligence
View the full article
CSOonline

Why AI, Zero Trust, and modern security require deep visibility

AI. Automation. Zero Trust.
They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them work without deep, trustworthy visibility.
You can’t continuously verify identities without knowing how they behave. You can’t train AI on incomplete data and expect accurate detection. You can’t automate response if every decision is built on inference instead of evidence.
And we believe this is exactly what an October 2025 commissioned study conducted by Forrester Consulting on behalf of NETSCOUT confirms.
Visibility is no longer a tool category, it’s a strategic requirement
According to the study:
72% of organizations say NAV is essential for proactive threat hunting and reactive incident response 69% say a NAV solution is vital to their threat detection and incident response process This isn’t about adding more gadgets to the SOC. It’s about strengthening the foundation that the SOC stands on.
When visibility is weak, every advanced capability becomes unstable:
AI guesses Zero Trust misclassifies Automated response becomes dangerous Threat hunting becomes inefficient TDIR slows down Modern security needs reliable, high-fidelity input. Without it, innovation collapses on contact.
The cost of building the future on a weak foundation
Executives often assume advanced technologies will “fix” visibility. In reality, they depend on it.
AI can’t correlate what it can’t see. Zero Trust can’t validate what it can’t interpret. Orchestration can’t automate decisions it doesn’t fully understand.
This is why thought-leading organizations are shifting their strategy: not diving deeper into tools but investing in the visibility that enables them.
Where Omnis Cyber Intelligence fits
This future-ready foundation is exactly where Omnis Cyber Intelligence provides leverage, not because it replaces AI or Zero Trust, but because it supports them.
Omnis Cyber Intelligence delivers the kind of high-integrity data those systems depend on:
Trusted packet-level visibility for AI models that require strong ground truth Behavioral analytics that strengthen Zero Trust validation Unified hybrid visibility that consolidates evidence across environments Context-rich metadata that accelerates automated workflows Retrospective investigation capabilities for threat hunting teams Omnis Cyber Intelligence becomes the “clarity layer” beneath modern security, not the star of the strategy, but the reason the strategy works.
The leaders who win will be the ones who see clearly

The future of cybersecurity is already arriving, and it’s arriving fast. But speed without clarity creates fragility.
Organizations that build AI, Zero Trust, and SOC modernization on top of strong visibility will accelerate safely. Those who build on top of guesswork will move fast, until something breaks.
Forrester’s research underscores the shift. Omnis Cyber Intelligence aligns naturally with the direction the industry is heading.
The question for leaders isn’t whether they need modern visibility. It’s whether they have enough of it to support the future they’re building.
Read the commissioned Forrester Consulting Opportunity Snapshot
Learn more about Omnis Cyber Intelligence
View the full article
CSOonline

The 10-hour problem: How visibility gaps are burning out the SOC

Security teams aren’t drowning because the threats improved. They’re drowning because the visibility got worse.
The October 2025 commissioned Forrester Consulting study conducted on behalf of NETSCOUT surfaces a problem that every analyst already knows: 61% of survey respondents say their analysts spend more than ten hours a week in the “analyze” phase alone.
This isn’t a time-management issue. It’s a clarity issue.
Why analysts are overwhelmed
Most investigations start the same way:
An alert fires The context is partial The data is dispersed The logs are incomplete The analyst starts correlating manually This is the invisible cost of poor visibility.
Every alert becomes a puzzle, and analysts become professional puzzle-solvers. But puzzles don’t scale. Not when attacks move faster than your reconstruction speed.
The hidden cost of insufficient NAV
The Forrester study shows that teams lacking strong Network Analysis and Visibility capabilities struggle to:
Achieve holistic visibility Understand lateral movement Reduce time spent in the analyze phase Integrate NAV into their broader security ecosystem These weaknesses compound into more alerts, more manual work, and more analyst fatigue.
And fatigue isn’t just a human problem. It’s a security problem.
Tired teams miss things. Burned-out analysts quit.
Turnover destroys institutional knowledge. Response becomes slower, not faster.
The fastest way to reduce SOC burnout isn’t more people, it’s more clarity
When analysts have reliable evidence from the start:
Alerts become easier to validate Investigations shrink from hours to minutes TDIR becomes streamlined Confidence increases Stress decreases Better visibility creates better humans. Because the job becomes about judgment, not assembly.
Where Omnis Cyber Intelligence fits
This is where platforms like Omnis Cyber Intelligence quietly change the day-to-day reality for analysts: not by adding new workflows, but by eliminating unnecessary ones.
Omnis Cyber Intelligence delivers what analysts need most:
Packet-level truth they can trust Correlated metadata that explains behavior, not just records it Three-click investigations that turn hunting from a chore, into a capability Hybrid visibility so analysts don’t have to stitch together cloud and on-prem traffic by hand When investigations begin with clarity instead of chaos, burnout fades. Not because the work became easier, but because it became understandable.
The SOC of the future will be built on visibility
If leaders want to retain talent, reduce noise, and accelerate response, the fix isn’t superficial. It’s structural.
Better visibility → better investigations → better morale → better resilience.
The Forrester study makes the scale of the problem clear. We believe solutions like Omnis Cyber Intelligence make the path forward practical.
Read the commissioned Forrester Consulting Opportunity Snapshot
Learn more about Omnis Cyber Intelligence
View the full article
CSOonline

The 10-hour problem: How visibility gaps are burning out the SOC

Security teams aren’t drowning because the threats improved. They’re drowning because the visibility got worse.
The October 2025 commissioned Forrester Consulting study conducted on behalf of NETSCOUT surfaces a problem that every analyst already knows: 61% of survey respondents say their analysts spend more than ten hours a week in the “analyze” phase alone.
This isn’t a time-management issue. It’s a clarity issue.
Why analysts are overwhelmed
Most investigations start the same way:
An alert fires The context is partial The data is dispersed The logs are incomplete The analyst starts correlating manually This is the invisible cost of poor visibility.
Every alert becomes a puzzle, and analysts become professional puzzle-solvers. But puzzles don’t scale. Not when attacks move faster than your reconstruction speed.
The hidden cost of insufficient NAV
The Forrester study shows that teams lacking strong Network Analysis and Visibility capabilities struggle to:
Achieve holistic visibility Understand lateral movement Reduce time spent in the analyze phase Integrate NAV into their broader security ecosystem These weaknesses compound into more alerts, more manual work, and more analyst fatigue.
And fatigue isn’t just a human problem. It’s a security problem.
Tired teams miss things. Burned-out analysts quit.
Turnover destroys institutional knowledge. Response becomes slower, not faster.
The fastest way to reduce SOC burnout isn’t more people, it’s more clarity
When analysts have reliable evidence from the start:
Alerts become easier to validate Investigations shrink from hours to minutes TDIR becomes streamlined Confidence increases Stress decreases Better visibility creates better humans. Because the job becomes about judgment, not assembly.
Where Omnis Cyber Intelligence fits
This is where platforms like Omnis Cyber Intelligence quietly change the day-to-day reality for analysts: not by adding new workflows, but by eliminating unnecessary ones.
Omnis Cyber Intelligence delivers what analysts need most:
Packet-level truth they can trust Correlated metadata that explains behavior, not just records it Three-click investigations that turn hunting from a chore, into a capability Hybrid visibility so analysts don’t have to stitch together cloud and on-prem traffic by hand When investigations begin with clarity instead of chaos, burnout fades. Not because the work became easier, but because it became understandable.
The SOC of the future will be built on visibility
If leaders want to retain talent, reduce noise, and accelerate response, the fix isn’t superficial. It’s structural.
Better visibility → better investigations → better morale → better resilience.
The Forrester study makes the scale of the problem clear. We believe solutions like Omnis Cyber Intelligence make the path forward practical.
Read the commissioned Forrester Consulting Opportunity Snapshot
Learn more about Omnis Cyber Intelligence
View the full article
CSOonline

MacBook Neo Pre-Orders at Best Buy Include Free $25 Gift Card

Earlier today we began tracking the first pre-order offers on the new MacBook Air and MacBook Pro, and now the MacBook Neo has joined in at Best Buy. If you pre-order the new low-cost MacBook Neo at Best Buy, you'll get a free $25 Best Buy gift card after purchase.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In order to get the deal, you need to pre-order any MacBook Neo model at Best Buy with a valid e-mail address. The e-gift card will be sent out after you receive the MacBook Neo, or after you pick it up in a Best Buy store.

$25 GIFT CARDMacBook Neo at Best Buy

Apple announced the MacBook Neo today, and it's now the cheapest MacBook in the lineup starting at $599 and powered by the A18 Pro chip. Apple says it is up to 50% faster for everyday tasks than the bestselling PC with the latest shipping Intel Core Ultra 5, up to 3x faster for on-device AI workloads, and up to 2x faster for tasks like photo editing.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "MacBook Neo Pre-Orders at Best Buy Include Free $25 Gift Card" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases Third macOS Tahoe 26.4 Public Beta

Apple today provided public beta testers with the third release of an upcoming macOS Tahoe 26.4 update for testing purposes. The public beta comes a week after Apple seeded the second beta.


After signing up for beta testing on Apple's beta site, public beta testers can download the updates using the Software Update section in the settings app for each update.

‌macOS Tahoe‌ 26.4 includes several new features. The Compact tab layout has been reimplemented in Safari for those who missed having the option in earlier versions of ‌macOS Tahoe‌, and there is a new Charge Limit feature that lets Mac users select a maximum charge level that ranges from 80 percent to 100 percent.

Apple silicon Mac users will see now see warnings about apps that are still using Rosetta 2, because Apple is phasing out Rosetta after macOS 27. ‌macOS Tahoe‌ is also the final version of macOS that will run on Intel-based Macs, and Apple is working to remove all lingering Intel features.

We could see additional features in upcoming versions of ‌macOS Tahoe‌ 26.4, such as new emoji characters. Apple is expected to test the update for the next several weeks, with a launch planned for the spring.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Apple Releases Third macOS Tahoe 26.4 Public Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases macOS Tahoe 26.3.1 With Support for Studio Display and Studio Display XDR

Apple today released macOS Tahoe 26.3.1, a minor update to the ‌macOS Tahoe‌ operating system that came out last September. ‌macOS Tahoe‌ 26.3.1 comes three weeks after Apple launched macOS Tahoe 26.3.


Mac users can download the new software by opening up the System Settings app and navigating to the Software Update section.

According to Apple's release notes for the update, it adds support for the new Studio Display and Studio Display XDR. Apple has also released a firmware update for the new displays.

The new monitors are available for pre-order and will launch on Wednesday, March 11.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Apple Releases macOS Tahoe 26.3.1 With Support for Studio Display and Studio Display XDR" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New Studio Display and Studio Display XDR Will Have Day One Firmware Update

Apple today released a new firmware update for the Studio Display and Studio Display XDR, two products that aren't set to launch until March 11.


The Studio Display Firmware 26.3 update is only for the new Studio Display options, and it is not available on the older model.

Studio Display firmware can be updated by connecting the display to a Mac and going to System Settings > Software Update.

Pre-orders are available for the Studio Display and Studio Display XDR as of today. Prices start at $1,599.Related Roundup: Apple Studio DisplayRelated Forum: Mac Accessories
This article, "New Studio Display and Studio Display XDR Will Have Day One Firmware Update" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases iOS 26.3.1 and iPadOS 26.3.1 With Bug Fixes and Studio Display Support

Apple today released iOS 26.3.1 and iPadOS 26.3.1, minor updates to the iOS 26 and iPadOS 26 operating systems. The software comes three weeks after Apple released iOS 26.3 and iPadOS 26.3.


The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.

According to Apple's release notes, the update adds support for the new Studio Display and Studio Display XDR, and it includes unspecified bug fixes.

Apple is also beta testing iOS 26.4 and iPadOS 26.4, major updates that are set to come out this spring.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Releases iOS 26.3.1 and iPadOS 26.3.1 With Bug Fixes and Studio Display Support" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Hands-On With the New MacBook Neo

Apple introduced an all-new affordable Mac today, the MacBook Neo. Members of the media were invited to try the new device and other Apple products at events in New York, Shanghai, and London, and MacRumors' videographer Dan Barbera was in attendance. Dan was able to see the MacBook Neo in person, as well as other devices like the new Studio Display XDR.

Subscribe to the MacRumors YouTube channel for more videos.
The MacBook Neo looks and feels a lot like the MacBook Air, because it's almost the same size and has an aluminum chassis. It's thicker than the ‌MacBook Air‌, but it has a 13-inch display, and it also weighs 2.7 pounds.

Apple designed the MacBook Neo from the ground up, and it comes in some fun colors like Silver, Indigo, Blush, and Citrus. Each of the notebooks has a color matched keyboard and trackpad, but the keyboard has no backlighting and the trackpad isn't the higher-end Force Touch trackpad Apple uses in its other Macs. It's a physical trackpad with an actual click rather than haptic feedback for presses, and it doesn't support multitouch gestures.

There is no notch, with Apple instead adopting an iPad-style design with thicker bezels that house the front-facing camera. Speakers are located on the exterior sides of the device, which is new, and Spatial Audio is supported. The MacBook Neo has a bit of a cheaper feel compared to the ‌MacBook Air‌ or MacBook Pro because of the thicker bezels and the changes to the trackpad, but it is still an excellent machine for the price.

Apple used the A18 Pro chip in the MacBook Neo, which is technically an iPhone chip. It was first introduced in the iPhone 16 Pro, and while it's a powerful chip, it doesn't match the performance of Apple's newer M-series chips. There's only 8GB RAM included, and 60GB/s memory bandwidth, half that of the ‌MacBook Air‌.

Apple says the MacBook Neo is up to 50 percent faster for everyday tasks than the bestselling PC with an Intel Core Ultra 5 chip, which is an apt comparison because this is aimed at people who might instead buy a lower-cost Windows laptop or Chromebook. The MacBook Neo is up to two times faster at photo editing, and three times faster when it comes to on-device AI workloads, according to Apple.

You get a Retina quality display, but only 500 nits brightness and no add-on features like True Tone or P3 Wide color. There are two USB-C ports, but only one is USB3 with DisplayPort 1.4 support. You can connect a single 4K 60Hz display to the MacBook Neo.

Battery life is a little low for a device the size of a ‌MacBook Air‌ with an A-series chip, and it lasts for up to 16 hours. Bluetooth 6 and Wi-Fi 6E are supported, so it is compatible with 6GHz networks.

We'll have more in-depth hands-on coverage of the MacBook Neo and Apple's other new products next week.
This article, "Hands-On With the New MacBook Neo" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2," Radware said in a TuesdayView the full article
Hacker News

MacBook Neo vs. MacBook Air Buyer's Guide: 40 Differences Compared

The MacBook Neo is now Apple's entry-level MacBook, undercutting the MacBook Air by $500. To deliver such a dramatically lower price, the MacBook Neo has a significant number of tradeoffs. Here's everything that's different between the two devices.


Apple's introduction of the MacBook Neo expands the company's laptop lineup with a far more affordable entry point, sitting well below the ‌MacBook Air‌ in both price and capability. While the two machines share a similar size and lightweight design, they are aimed at very different types of users. The MacBook Neo focuses on delivering the essentials of the Mac experience at the lowest possible cost, while the ‌MacBook Air‌ offers significantly more performance, features, and flexibility.

Design

The MacBook Neo and the 13-inch ‌MacBook Air‌ have similar dimensions. The ‌MacBook Air‌ remains thinner, but the MacBook Neo has a slightly smaller overall footprint owing to its smaller display. Both machines weigh 2.7 pounds (1.23 kg).




MacBook Neo
‌MacBook Air‌


Height
0.50 inch (1.27 cm)
0.44 inch (1.13 cm)


Width
11.71 inches (29.75 cm)
11.97 inches (30.41 cm)


Depth
8.12 inches (20.64 cm)
8.46 inches (21.5 cm)




There are still some notable design differences. The MacBook Neo does not have a backlit keyboard or a haptic trackpad, and only has Touch ID when configured with 512GB of storage for an extra $100. They are also available in different selections of color options, with the MacBook Neo's color extending to the Magic Keyboard in a lighter shade.







MacBook Neo
‌MacBook Air‌


Available in Silver, Blush, Indigo, and Citrus
Available in Silver, Sky Blue, Midnight, and Starlight


‌Touch ID‌ on 512GB models only
‌Touch ID‌


Magic Keyboard or Magic Keyboard with ‌Touch ID‌
Backlit Magic Keyboard with ‌Touch ID‌


Color-matched Magic Keyboard
Black Magic Keyboard


Mechanical Multi-Touch trackpad
Haptic Force Touch trackpad with pressure-sensing capabilities



Display "notch"




Display

The ‌MacBook Air‌'s display is slightly larger and supports True Tone and P3 wide color. Both are Liquid Retina displays with 500 nits of brightness.







MacBook Neo
‌MacBook Air‌


13-inch Liquid Retina display
13.6-inch Liquid Retina display
(15-inch model also available)


2408 by 1506 pixel resolution
2560 by 1664 pixel resolution


sRGB
Wide color (P3)



True Tone technology


Thicker display borders
Slimmer display borders




Performance

The MacBook Neo is Apple's first Mac to contain an iPhone chip. The A18 Pro is still a capable chip, but the M5 is around 20% faster for single-core tasks and 80% faster for multi-core tasks. The M5 chip also has more than double the GPU throughput of the A18 Pro and features Neural Accelerators.







MacBook Neo
‌MacBook Air‌


Apple A18 Pro chip
Apple M5 chip


Made with TSMC's second-generation 3nm process (N3E)
Made with TSMC's third-generation ‌3nm‌ process (N3P)


6-core CPU
10-core CPU


5-core GPU
8-core GPU



Neural Accelerators


8GB unified memory
16GB, 24GB, or 32GB unified memory


60GB/s memory bandwidth
153GB/s memory bandwidth




Battery and Charging

The ‌MacBook Air‌ has up to two hours of extra battery life over the MacBook Neo, along with support for charging via MagSafe 3 and fast charging.







MacBook Neo
‌MacBook Air‌


Integrated 36.5-watt-hour lithium-ion battery
Integrated 53.8-watt-hour lithium-polymer battery


16-hour battery life
18-hour battery life



‌MagSafe‌ 3 charging



Fast-charge capable with 70W USB-C Power Adapter or higher


Comes with 20W USB-C Power Adapter
Comes with 40W Dynamic Power Adapter with 60W Max




Cameras, Speakers, and Microphones

The ‌MacBook Air‌ has a superior array of camera and audio hardware, resulting in a slightly better experience with video calls, listening to music, and recording audio.







MacBook Neo
‌MacBook Air‌


1080p FaceTime HD camera
12MP Center Stage camera



LED webcam indicator light



Desk View support


Dual-speaker sound system
Four-speaker sound system



Spatial Audio with dynamic head tracking when using supported AirPods


Dual-mic array with directional beamforming
Three-mic array with directional beamforming




Connectivity

The MacBook Neo's connectivity is more limited than that of the ‌MacBook Air‌. While both have two USB-C ports, the ‌MacBook Air‌'s are considerably more capable in terms of data transfer and external display support.







MacBook Neo
‌MacBook Air‌


Wi-Fi 6E connectivity
Wi-Fi 7 connectivity


One USB 3 (10 Gb/s) port and one USB 2 port (480 Mb/s)
Two Thunderbolt 4 ports (40 Gb/s)


Support for one 4K external display at 60Hz
Support for two 6K external displays up 60Hz or 4K at 144Hz


3.5mm headphone jack
3.5mm headphone jack with support for high-impedance headphones



Magnetic ‌MagSafe‌ 3 charging port




Other Differences

The most significant difference between the MacBook Neo and the ‌MacBook Air‌ is price: The ‌MacBook Air‌ costs $500 more. It is also much more configurable, with higher amounts of memory and storage available.







MacBook Neo
‌MacBook Air‌



Ambient light sensor


256GB or 512GB storage
512GB, 1TB, 2TB, or 4TB storage


Starts at $599
Starts at $1,099




Which to Choose?

Choosing between the MacBook Neo and the ‌MacBook Air‌ primarily comes down to how demanding your needs are and how much you want to spend. The MacBook Neo is clearly positioned as Apple's most accessible notebook, delivering the core Mac experience at the lowest possible price. For users who primarily need a reliable computer for basic everyday tasks, the Neo provides enough performance. Its lower cost also makes it an appealing option for households purchasing multiple computers, such as for kids or family use.

For first-time Mac owners, the MacBook Neo is also likely to be the most sensible starting point. It offers the same software experience as Apple's more expensive laptops, allowing new users to explore the platform without a large financial commitment. In many cases, buyers moving from inexpensive Windows laptops or Chromebooks will find the Neo significantly faster and better built than devices in the same price range.

The ‌MacBook Air‌, by contrast, is aimed at users who expect higher performance, greater longevity, and a more feature-rich, premium experience. Its more powerful M5 chip, memory options, larger display, and significantly more capable connectivity make it far better suited to multitasking, professional workloads, and creative applications. Users who regularly work with large files, run demanding software, connect multiple external displays, or want a machine that will remain comfortable to use for many years will benefit from choosing the Air.

In practical terms, the MacBook Neo is best viewed as a budget entry point into the Mac lineup, while the ‌MacBook Air‌ remains Apple's mainstream ultraportable for most people. Buyers who simply want a dependable Mac for everyday computing can save money with the Neo, but those who want stronger performance, better hardware features, and a laptop that will scale to more demanding tasks over time should consider spending the extra money on the ‌MacBook Air‌.Related Roundup: MacBook AirTag: MacBook (A18 Pro)Buyer's Guide: 15" MacBook Air (Buy Now), 13" MacBook Air (Buy Now)Related Forum: MacBook Air
This article, "MacBook Neo vs. MacBook Air Buyer's Guide: 40 Differences Compared" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

MacBook Neo Can Only Drive One External Display at 4K 60Hz

Apple's new low-cost MacBook Neo is equipped with the A18 Pro chip that Apple first used in the iPhone 16 Pro, and it's the first Mac that has an A-series chip.


Using an iPhone chip in a Mac comes with some downsides, like external display support. The MacBook Neo supports a single external display with a 4K resolution and 60Hz refresh rate.

The MacBook Neo will not work with the new Studio Display and Studio Display XDR that Apple announced yesterday because both of those are 5K displays, but it will work with affordable USB-C 4K display options from companies like LG, Dell, and Samsung.

There are two USB-C ports in the MacBook Neo, but only one supports DisplayPort 1.4 for an external display. An external monitor will need to be plugged into the appropriate port, which is the USB 3 port closest to the rear of the device. There is no Thunderbolt support, which is what other Macs use for multiple displays, and how the Studio Display options connect.

Adding a second display might be possible using a third-party DisplayLink adapter, as has been the case with other Macs with display limitations, but this has not been tested yet.

While there's official support for just one external display, the MacBook Neo can at least drive the extra display and its own built-in display at full native resolution. The MacBook Neo has a 13-inch Retina display with a resolution of 2408 x 1506 at 219 pixels per inch.

The MacBook Neo is priced starting at $599, and it is available for pre-order today from Apple's website. The new Mac will launch on March 11.
This article, "MacBook Neo Can Only Drive One External Display at 4K 60Hz" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Skip The New Models and Get Up to $300 Off M4 MacBook Air on Amazon

Apple today launched pre-orders for the new M5 MacBook Air, but if you're looking for a good discount you'll do better to shop previous generation models on Amazon. Right now you'll find up to $300 off select M4 MacBook Air devices, with the best deals on 15-inch models.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Specifically, you can get the 256GB 15-inch M4 MacBook Air for $999.00 ($200 off), the 16GB/512GB model for $1,099.00 ($300 off), and the 24GB/512GB model for $1,299.00 ($300 off). In regards to the latter two models, these are matches for the all-time low prices on the M4 MacBook Air.

$200 OFF15-inch M4 MacBook Air (256GB) for $999.00
$300 OFF15-inch M4 MacBook Air (16GB/512GB) for $1,099.00
$300 OFF15-inch M4 MacBook Air (24GB/512GB) for $1,299.00

Deals on the 13-inch M4 MacBook Air aren't quite as steep, but you can still find up to $200 off these models on Amazon. The best price is on the 16GB/512GB 13-inch M4 MacBook Air, available for $999.00 ($200 off).

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Skip The New Models and Get Up to $300 Off M4 MacBook Air on Amazon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Unveiled These Seven New Products This Week

Apple this week unveiled seven products, including an iPhone 17e, an iPad Air with the M4 chip, updated MacBook Air and MacBook Pro models, a new Studio Display, a higher-end Studio Display XDR, and an all-new MacBook Neo that starts at just $599.


iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the iPhone 16e did.

The new iPad Air's key upgrades include Apple's M4 chip, an increased 12GB of RAM, Apple's N1 chip with Wi-Fi 7 support, and the C1X modem in cellular models.

The MacBook Air received a faster M5 chip, and a doubled 512GB of base storage, but the starting price increased from $999 to $1,099 as a result of a 256GB configuration being dropped. With the N1 chip, the MacBook Air now has Wi-Fi 7 and Bluetooth 6, and it now comes with Apple's 40W Dynamic Power Adapter with 60W Max.

The higher-end 14-inch and 16-inch MacBook Pro models finally received M5 Pro and M5 Max chips, plus up to twice as fast SSD speeds and a doubled 1TB of base storage. Battery life has increased slightly across all of the models, and the N1 chip extends to the MacBook Pro line now for Wi-Fi 7 and Bluetooth 6 support.

The regular Studio Display gained Thunderbolt 5 support and improved speakers, and the camera now supports Desk View. There is also an all-new, higher-end Studio Display XDR that gained all of those benefits, plus bigger improvements such as a 120Hz refresh rate, mini-LED backlighting, increased brightness, and more.

The colorful new MacBook Neo starts at just $599 in the United States, and at an even lower $499 for college students. Available in Blush, Citrus, Indigo, and Silver, the MacBook Neo is powered by the A18 Pro chip from the iPhone, and it is equipped with a 13-inch display, up to 512GB of storage, and a non-configurable 8GB of RAM.

To learn about these new products, read our coverage of Apple's announcements:Apple Announces iPhone 17e With A19 Chip, MagSafe, and More
Apple Unveils iPad Air With M4 Chip, Increased RAM, Wi-Fi 7, and More
Apple Announces MacBook Air With M5 Chip and 512GB Base Storage
Apple Unveils MacBook Pro Featuring M5 Pro and M5 Max Chips
Apple Updates Studio Display With Thunderbolt 5 and More
Apple Introduces All-New Studio Display XDR: 120Hz, Mini-LED, and More
Apple Announces $599 'MacBook Neo' With A18 Pro ChipApple also released new color options for a variety of accessories, including iPhone cases, Apple Watch bands, and the Crossbody Strap.
This article, "Apple Unveiled These Seven New Products This Week" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New M5 MacBook Air and MacBook Pro Get First Pre-Order Offers From Best Buy

Apple just kicked off pre-orders for the new M5 MacBook Air and M5 Pro/M5 Max MacBook Pro, and Best Buy already has a few offers on these notebooks. You can get a $50 Best Buy gift card when pre-ordering the MacBook Air and a $100 gift card when pre-ordering the MacBook Pro.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In order to get these deals, you need to pre-order one of the newest MacBooks at Best Buy with a valid e-mail address. The e-gift card will be sent out after you receive the eligible MacBook Air or MacBook Pro, or after you pick it up in a Best Buy store.

$50 GIFT CARDM5 MacBook Air at Best Buy
$100 GIFT CARDM5 Pro/M5 Max MacBook Pro at Best Buy

In regards to the upgrades, the MacBook Air features performance improvements thanks to the newest M5 chip, as well as Apple's custom N1 wireless chip for Wi-Fi 7 and Bluetooth 6 connectivity.

The new MacBook Pro includes M5 Pro and M5 Max chips, which are up to 30 percent faster when compared to the M4 generation, and up to 2.5x faster than M1 Pro and M1 Max. In terms of design, both the MacBook Air and MacBook Pro keep the same overall designs as previous generations.

M5 MacBook Air

13-inch M5 MacBook Air (512GB) - $1,099.00 + $50 gift card
13-inch M5 MacBook Air (16GB/1TB) - $1,299.00 + $50 gift card
15-inch M5 MacBook Air (512GB) - $1,299.00 + $50 gift card
15-inch M5 MacBook Air (24GB/1TB) - $1,699.00 + $50 gift card

M5 Pro/M5 Max MacBook Pro

14-inch MacBook Pro (M5 Pro/1TB) - $2,199.00 + $100 gift card
14-inch MacBook Pro (M5 Pro/2TB) - $2,799.00 + $100 gift card
16-inch MacBook Pro (M5 Pro/1TB) - $2,699.00 + $100 gift card
16-inch MacBook Pro (M5 Max/2TB) - $3,899.00 + $100 gift card

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "New M5 MacBook Air and MacBook Pro Get First Pre-Order Offers From Best Buy" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

MacBook Neo Starts at Just $499 for Students

Following months of rumors about a lower-cost MacBook, Apple has delivered in a big way with the MacBook Neo, which starts at $599 in the United States.


Even better, the MacBook Neo starts at just $499 through Apple's education store on its website, for eligible college students and educational staff.

There is only one upgrade option available for the MacBook Neo. If you want a configuration with a Touch ID button and an expanded 512GB of storage, that costs $100 extra. This raises the price to $699 for the general public, and to $599 for college students. But, that is the most expensive the MacBook Neo gets on its own.

With the MacBook Air's starting price rising from $999 to $1,099 with the introduction of new models with the M5 chip this week — albeit with a doubled 512GB of storage — the MacBook Neo is as much as $500 cheaper than the MacBook Air. And it could go on sale through resellers like Amazon for even less eventually.

Here is an overview of the U.S. starting prices for MacBooks:
13-inch MacBook Neo: $599
13-inch MacBook Air: $1,099
15-inch MacBook Air: $1,299
14-inch MacBook Pro: $1,699
16-inch MacBook Pro: $2,699
MacBook Neo is available to pre-order now and launches on Wednesday, March 11.
This article, "MacBook Neo Starts at Just $499 for Students" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

MacBook Neo Has Just 8GB RAM With No Upgrade Option

Apple made some compromises to sell a Mac notebook at $599, including cutting back on RAM. While all other Macs start at 16GB RAM, the MacBook Neo is equipped with 8GB RAM and no option to upgrade to more memory.


With the A18 Pro chip from the iPhone 16 Pro models and 8GB RAM, the MacBook Neo is able to run all Apple Intelligence features, but as AI gets more advanced and Apple adds new capabilities, there's a chance it could fall behind.

8GB RAM ensures the MacBook Neo is affordable, especially with the current memory shortages that are causing prices to soar. It's also the RAM in the ‌iPhone 16‌ Pro.

Apple's MacBook Air used to have an 8GB option, but in October 2024, Apple updated it to add 16GB RAM to the entry level machine. Since then, no Mac has shipped with less than 16GB.

Though it only has 8GB RAM, the MacBook Neo is a powerful machine for everyday tasks like writing, web browsing, and schoolwork, and it's more than capable of light photo and video editing.

Pricing on the MacBook Neo starts at $599, and it is available for pre-order.
This article, "MacBook Neo Has Just 8GB RAM With No Upgrade Option" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

MacBook Neo Features Two Different USB-C Ports

The MacBook Neo's two USB-C ports have two different specifications, with one being limited to USB 2 speeds.


One port is a USB-C 3 port with support for data transfer speeds up to 10 Gb/s, while the other is a USB-C 2 port with support for data transfer speeds up to 480 Mb/s. Both support charging, but only the USB-C 3 port features DisplayPort, so users will need to make sure they are hooked up to the correct port when using an external display.

There is no way to tell them apart externally. The limitation is likely related to the USB controller of the A18 Pro chip. There is also a headphone jack on the device, but there is no MagSafe charging capability or any other ports.

MacBook Neo is available to pre-order starting today, with availability starting on Wednesday, March 11.Tags: MacBook (A18 Pro), USB-C
This article, "MacBook Neo Features Two Different USB-C Ports" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Get an iPhone 17e at No Cost With First Pre-Order Discounts From Cellular Carriers

Apple's latest iPhone, the iPhone 17e, went up for pre-order this morning, and as always you can find numerous offers on the newest Apple smartphone from cellular carriers. This includes savings from AT&T, Verizon, and T-Mobile.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Shoppers should remember that all of the offers below are pre-order deals on the iPhone 17e, which is set to launch on March 11.

AT&T

At AT&T, you can get the iPhone 17e (256GB) for $5.99/month when you activate a new line or upgrade an existing line on one of AT&T's unlimited voice and data plan.

$5.99/MONTHiPhone 17e at AT&T

Specifically, you'll get up to $384.36 in bill credits on the 256GB iPhone 17e, or up to $404.36 in bill credits on the 512GB iPhone 17e. No trade-in is required for this deal.

Verizon

Verizon's deal has the iPhone 17e at no cost when you purchase the device on an Unlimited Welcome, Unlimited Plus, or Unlimited Ultimate plan. You'll also need to add a new line on one of these plans, and this is for the 256GB iPhone 17e.

$0/MONTHiPhone 17e at Verizon

Once you qualify, you'll see the promo credit applied to your account over 36 months.

T-Mobile

At T-Mobile, you can also get the iPhone 17e at no cost, but you'll need to trade in an eligible device on the Experience More plan. Otherwise, you can get the same offer when trading in an eligible device and add a line on most other plans.

$0/MONTHiPhone 17e at T-Mobile

If you're purchasing for a family, you can get four iPhone 17e models at no cost and four new voice lines for $25/line per month. You'll need to trade in four eligible devices on the Essentials plan in order to get this deal.

If you're switching to T-Mobile, you'll get the iPhone 17e at no cost and you won't need to trade in any device for this one.

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get an iPhone 17e at No Cost With First Pre-Order Discounts From Cellular Carriers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Hello, MacBook Neo: Apple Showcases All-New $599 MacBook in Video

Apple today unveiled the colorful new MacBook Neo, which has a "breakthrough" starting price of just $599 in the United States. MacBook Neo features a 13-inch display, an A18 Pro chip with Apple Intelligence support, 256GB and 512GB storage options, dual speakers on the left and right sides of the laptop, and more.

Apple has shared a "Hello, MacBook Neo" video showing off the laptop:


To learn more about the MacBook Neo, read our coverage of Apple's announcement, and stay tuned for our own hands-on photos and much more.

MacBook Neo can be pre-ordered now on Apple.com, and it launches Wednesday, March 11.
This article, "Hello, MacBook Neo: Apple Showcases All-New $599 MacBook in Video" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Want Touch ID on the MacBook Neo? It'll Cost You $100 Extra

Apple today debuted the MacBook Neo, a $599 notebook with an A18 Pro chip, 16-hour battery life, and selection of bright colors. The MacBook Neo has the same magic keyboard as other MacBooks, but getting Touch ID is an extra charge.


The base $599 MacBook Neo model has a standard keyboard without ‌Touch ID‌ and 256GB of storage, but if you pay $100 more, you can get 512GB of storage and a ‌Touch ID‌ button on the keyboard.

There is no option to get ‌Touch ID‌ with the 256GB storage tier. There are just two pricing tiers for storage, with no other upgrade options available for the MacBook Neo. There is a $100 EDU discount, so teachers and students can get the standard Neo for $499, and the upgraded version with ‌Touch ID‌ for $599.

The MacBook Neo comes in four colors, including Silver, Citrus, Blush, and Indigo. It is available for pre-order today, with a launch to follow on March 11.
This article, "Want Touch ID on the MacBook Neo? It'll Cost You $100 Extra" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Opens Pre-Orders for MacBook Neo, iPhone 17e, M5 Pro/Max MacBook Pro, New Studio Displays and More

Apple is now accepting pre-orders for all of the new products that it announced this week. Everything can be ordered from the online Apple Store following the debut of the new low-cost MacBook earlier this morning, with deliveries starting on Wednesday, March 11.


Here's a list of what you can order now, with pricing details included.

MacBook Neo - The 13-inch MacBook Neo has an A18 Pro chip and it's priced starting at $599. It comes in Silver, Indigo, Blush, and Citrus.
iPhone 17e - Pricing starts at $599 for 256GB of storage. Features A19 chip, MagSafe, and C1X modem.
Studio Display - $1,599 for standard glass, or $1,899 for nano-texture glass. Includes Thunderbolt 5 and 5K Retina display with 60Hz refresh rate.
Studio Display XDR - Starts at $3,299 for standard glass, or $3,599 for nano-texture glass. Comes with mini-LED display technology, a 120Hz refresh rate, and Thunderbolt 5.
M5 Pro/M5 Max MacBook Pro - Pricing starts at $2,199 for the 14-inch model, or $2,699 for the 16-inch model. M5 Pro and M5 Max chips, plus faster SSDs.
M5 MacBook Air - Priced starting at $1,099. Includes faster M5 chip and 512GB base storage.
iPad Air - Priced starting at $599. Features M4 chip, 12GB RAM, and Wi-Fi 7.

All of the new devices will launch on Wednesday, March 11, which is also when they'll be available in Apple retail stores.
This article, "Apple Opens Pre-Orders for MacBook Neo, iPhone 17e, M5 Pro/Max MacBook Pro, New Studio Displays and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Announces $599 'MacBook Neo' With A18 Pro Chip

Apple today announced the "MacBook Neo," a new kind of low-cost Mac featuring the A18 Pro chip for $599.


The MacBook Neo is the first Mac to feature an iPhone chip; the A18 Pro debuted in 2024's iPhone 16 Pro models.

The MacBook Neo features a 13-inch Liquid Retina display with a 2408-by-1506 resolution and 500 nits of brightness. The display does not have a notch, instead featuring uniform, iPad-style bezels. It is available in Silver, Indigo, Blush, and Citrus. The color extends to the Magic Keyboard in lighter shades and comes with matching wallpapers. It weighs 2.7 pounds.

The MacBook Neo also offers a 16-hour battery life, a 1080p front-facing camera, and dual side-firing speakers with Spatial Audio.

Starting at $599, the MacBook Neo is now the entry-level MacBook and Apple's most affordable laptop ever. Education customers can purchase it for $499.

It is available with 256GB of storage and the Magic Keyboard for $599 or 512GB of storage with the Magic Keyboard with Touch ID.

MacBook Neo is available to pre-order starting today, with availability beginning Wednesday, March 11.

More to follow...


This article, "Apple Announces $599 'MacBook Neo' With A18 Pro Chip" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Store Down Ahead of Rumored 'MacBook Neo' Announcement

Apple's online store has gone down, just minutes before the company is expected to announce a lower-cost MacBook, which may be named MacBook Neo.


Apple already unveiled six products this week, including an iPhone 17e, a new iPad Air, new MacBook Air and MacBook Pro models, an updated Studio Display, and an all-new Studio Display XDR that replaces the Pro Display XDR.

To learn about these new products, read our coverage of Apple's announcements:Apple Announces iPhone 17e With A19 Chip, MagSafe, and More
Apple Unveils iPad Air With M4 Chip, Increased RAM, Wi-Fi 7, and More
Apple Announces MacBook Air With M5 Chip and 512GB Base Storage
Apple Unveils MacBook Pro Featuring M5 Pro and M5 Max Chips
Apple Updates Studio Display With Thunderbolt 5 and More
Apple Introduces All-New Studio Display XDR: 120Hz, Mini-LED, and MoreMacRumors is attending an "Apple Experience" in New York today at 9 a.m. Eastern Time, so stay tuned for hands-on coverage. At this gathering, Apple is preparing to show attendees a video, which is likely to reveal the new MacBook.Tag: Apple Store
This article, "Apple Store Down Ahead of Rumored 'MacBook Neo' Announcement" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "TheView the full article
Hacker News

Iranian cyberattacks fail to materialize but threat remains acute

Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn.
At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre for Cyber Security (CCCS) issued general warnings of the threat posed by Iranian cyber campaigns. The US Cybersecurity and Infrastructure Security Agency (CISA), meanwhile, has yet to update its last warning, from October.
“There is almost certainly a heightened risk of indirect cyber threat for those organizations and entities who have a presence, or supply chains, in the Middle East,” said the NCSC, stating the obvious.
Canada’s CCCS was at least willing to set out some of the possibilities: “Iran will very likely use its cyber program to respond to the joint US and Israel combat operations against Iran,” it said. The agency urged organizations to look beyond the background noise of opportunistic DDoS attacks and other low-level cyber-activity for more sinister threats such as ransomware and destructive wiper attacks.
The general nature of the warnings underlines the problem of alert fatigue: If attacks are an ever-present threat, what should organizations pay attention to? Does the arrival of kinetic war change this, or simply alter its timescale?
APTs and wiper malware
Security companies are rarely shy about advertising Iranian threats. Despite this, the consensus is that Iranian cyber-retaliation has so far been surprisingly mild. This might simply be a period of adjustment caused by disruption to Iran’s energy and Internet infrastructure, they caution.
To date, active groups divide into three overlapping categories; those primarily targeting Middle-Eastern infrastructure, those oriented towards targets in the West — which includes specialized advanced persistent threat (APT) groups — and smaller proxies based outside of Iran whose targeting is unpredictable.
On March 2, Palo Alto’s Unit 42 said, “State-aligned cyber units may be acting in operational isolation, which could result in deviations from previously established patterns. Additionally, Iranian command and control degradation may also lead to tactical autonomy for cells outside of Iran.”
DDoS represents the biggest immediate threat. So far, this has not come to pass on any scale, with Cloudflare CEO Mathew Prince tweeting on X on Sunday that Iranian-linked DDoS attacks were actually down. This was despite CrowdStrike reports that the Hydro Kitten group had issued DDoS threats against the US banking sector, which led to short-term disruption.
Security company Radware detected 149 DDoS attacks that appeared to be connected to Iran between February 28 and March 2, the majority targeting government entities in the Middle East. All but a tiny percentage were driven by just three hacktivist groups, Keymous+, DieNet, and Conquerors Electronic Army, the company said.
Destructive ‘wiper’ attacks are a more pressing worry. The precedent for this is the Infamous Iranian Shamoon malware of 2012 that wiped 30,000 workstations at oil company Saudi Aramco. While attempted follow-up attacks have also targeted the energy sector the danger is that in a time of war any target will do, in the US or elsewhere.
Security vendor Anomali warned, “Iran’s wiper arsenal includes 15+ families (ZeroCleare, Meteor, Dustman, DEADWOOD, Apostle, BFG Agonizer, MultiLayer, PartialWasher).”
The biggest concerns are high-profile APT groups associated with the Islamic Revolutionary Guard Corps (IRGC) and Ministry of Intelligence and Security (MOIS) which have a proven track record of attacks. This includes APT35/APT42 (Charming Kitten, Phosphorous), and APT 33 (Elfin Team). Curiously, one of the most active Iranian APTs, APT34 (OilRig), appear to have gone silent, having not been detected for a week. “This likely indicates covert pre-positioning, not inactivity,” said Anomali.
Security company Tenable has published a useful summary of the most important Iranian threat groups which discusses the tools, techniques and procedures of each.
Targeting and response
According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.
“Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security, particularly in operational technology environments. Financial services face high targeting priorities but generally have stronger defenses,” said Cheek.
Iranian groups will first look for known weaknesses in operational technology and industrial control systems. “Every US multinational with Gulf region operations should brief regional personnel on heightened physical and cyber threats. Implement phishing-resistant MFA (FIDO2/WebAuthn) where possible. Remove unmanaged Remote Monitoring and Management (RMM) tools,” he said.
Organizations should also urgently monitor for wiper malware whilst ensuring endpoint systems are primed to detect Shamoon variants while patching the VPN and other edge devices, another favored Iranian target, Cheek said.
A big unknown is the effect AI might have on this type of conflict, suggested Dean Valentine, CEO of application security company ZeroPath. “The advent of frontier models with strong cybersecurity capabilities lowers the floor for participation in destructive cyberattacks. Before this year there were only a few countries that were heavily active in cyberspace. Now any country or criminal organization can get a team of 5 to 10 not-particularly-skilled engineers together and do major damage,” he said.
While Iran’s offensive cyber-capability had been greatly reduced by US and Israeli attacks, AI was quietly putting potent disruption into the hands of more geographically distributed groups, he warned.
“All of this means that in the near future poor countries like Iran are probably going to be much more capable of lashing out, by taking down large fractions of our internet infrastructure.”
View the full article
CSOonline

New RFP Template for AI Usage Control and AI Governance 

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AIView the full article
Hacker News

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads)View the full article
Hacker News

Anthropic AI ultimatums and IP theft: The unspoken risk

Two recent high-profile events concerning Anthropic’s Claude AI underscore a little-discussed risk at the heart of the enterprise’s rush to capitalize on leading AI capabilities.
The first incident involved a China-based extraction campaign against Anthropic’s intellectual property. The second was the Trump administration’s banning of Claude for federal use after the company resisted US demands to alter its guardrails.
To be sure, Claude isn’t the problem, and Anthropic isn’t the villain. The company and product themselves aren’t the issue. The problem is that frontier AI models now attract two very different kinds of pressure simultaneously: illegal extraction by foreign actors who want to study and replicate their behavior, and lawful demands from domestic customers who want to reshape that behavior for their own missions.
Both forces operate within their own incentives. Both are real. And both create conditions that CISOs must factor into any decision to deploy these systems inside their enterprise.
Neutrality of frontier AI no longer exists
Frontier AI models no longer operate in a neutral space. They sit inside an environment where foreign actors are collecting information about and against them at scale, and where major domestic customers are attempting to steer their behavior for mission needs.
Neither dynamic makes Anthropic a villain, and neither makes Claude a compromised asset. What it does mean is that the geopolitical insulation these systems once enjoyed is gone. The environment around them has become part of the risk surface, and CISOs now have to account for pressures acting on the model long before it ever reaches their enterprise.
China’s extraction campaign: A targeting operation, not a curiosity
Anthropic’s disclosure that three China‑based AI companies (DeepSeek, Moonshot AI, and MiniMax) ran more than 16 million interactions through roughly 24,000 fraudulent accounts is not a story about model misuse. It is a story about targeting. These campaigns went straight at Claude’s most sensitive capabilities: agentic reasoning, tool use, and coding. That is not random sampling; that is structured collection.
I’ve spent enough time in the world of targeting to recognize this pattern immediately, and you don’t need my level of experience to see it. When an adversary can observe a system at scale, they can map its strengths, seams, and predictable behaviors. China now has that behavioral telemetry for Claude, and they will use it to tune their own systems and to shape offensive operations against environments where Claude‑like models are deployed.
And Claude is not the only system in China’s targeting sights. The same actors have used similar high‑volume extraction methods against other frontier models, including Google’s Gemini and OpenAI’s ChatGPT. They generate enough interaction data to understand how these systems think and where they can be pressured.
Anthropic’s callout does the entire community a service by raising the caution flag where it is both high and visible. The implication is straightforward: Frontier models are now intelligence surfaces.
US government pressure: Direct, immediate, and operationally significant
The pressure on the other side of Claude came from the US government, and it was direct.
Senior defense officials made clear they wanted the ability to direct Claude toward mission uses that would require altering or removing the guardrails Anthropic had put in place around autonomous weapons and broad‑scale surveillance. Anthropic CEO Dario Amodei responded with two concerns that matter for anyone responsible for risk: AI systems do not have the human fail-safe of refusing an improper order, and using AI to process the full stream of public conversation raises constitutional and civil‑liberties questions that the company was not willing to ignore. Those points explain why Anthropic declined.
The government’s reaction was swift. It announced that Claude would be removed from all government systems with a six‑month phase‑out and labeled Anthropic a supply‑chain risk.
The company’s own statement highlighted the tension: Claude was simultaneously described as a potential security liability and as a system important enough to warrant extraordinary measures to reshape its behavior.
For CISOs, the takeaway is not about who is right. It is that a frontier model already embedded in classified networks, intelligence workflows, and operational planning can be subjected to external pressure that would materially alter its behavior for every downstream customer.
Two pressures, one structural exposure
China’s extraction campaign and the US government’s direct pressure on Anthropic came from opposite directions and for entirely different reasons, but the operational effect is the same: both forces act on the model from outside the enterprise. Neither pressure says anything about the quality of the model or the integrity of the vendor. What it shows is that frontier AI has entered a phase where external actors are working hard to influence how these systems operate.
For CISOs, this is the point that matters. A model can be profiled, studied, or pressured long before it reaches your environment, and those upstream forces can shape how it performs once it is inside your ecosystem.
The risk is that any frontier model operating at this level of capability will draw the same attention and the same attempts to steer its behavior. The environment around these systems is now contested space, and that exposure travels with the model wherever it is deployed.
AI vendors’ response
Once the government announced its plan to remove Claude from federal systems, other vendors moved quickly to occupy the space. OpenAI was first out of the gate, publicizing a new arrangement to bring its model onto classified networks. Sam Altman later added a measured comment in a CNBC interview, noting his discomfort with heavy‑handed pressure on AI companies while still positioning OpenAI as a ready alternative. It was a clear signal: The opportunity was open, and OpenAI intended to take it.
xAI followed with its own approval for classified deployment, with Grok slated for initial rollout in early 2026. Elon Musk framed Anthropic in adversarial terms, but the rhetoric is secondary to the operational reality: The government wanted additional options, and the vendor ecosystem delivered them without hesitation.
For CISOs, the lesson is straightforward: When one supplier declines to adjust a model to meet a major customer’s expectations, another supplier will step forward immediately. The pressure doesn’t dissipate. The pressure shifts to the next model in line. That dynamic is now part of the operating environment for any enterprise relying on frontier AI.
The new operating reality
Frontier AI now sits inside an environment shaped by forces the enterprise does not control. Vendors are making decisions under those external pressures, and the effects travel downstream. None of these means the models are broken or untrustworthy. It means they are operating inside a landscape where external actors have leverage, intent, and visibility.
For CISOs, the adjustment is to treat these systems as high‑value dependencies exposed to upstream influence. The model you deploy is not just the artifact you receive; it is the product of the pressures acting on the vendor and the attention the model attracts once it demonstrates capability.
The task is to build enough visibility and monitoring to understand when those forces begin to show up in your own environment.
View the full article
CSOonline

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point saidView the full article
Hacker News

How to know you’re a real-deal CSO — and whether that job opening truly seeks one

Recruiters of senior-level IT professionals often say that a truly skilled and experienced CSO is among the hardest of all IT roles to fill. The reason is due to the increased responsibility placed on these key employees, who are often part of the C-suite and may even report directly to the CEO.
Unfortunately, this can place significant pressure on an organization to hire quickly, perhaps short-changing the vetting process. Likewise, security pros might be tempted to oversell their skills and knowledge, and mislead an employer on what value they can truly bring to the role.
With both scenarios in mind, CSO asked senior technical recruiters and current CSOs how individuals and organizations alike can avoid CSO title inflation and know whether an IT security leader is the “real deal.” Shared insights reveal that a successful CSO is someone equally proficient in technology solutions, business processes, and communication strategies.
“A strong leader moves past security for security’s sake and masters risk choreography, which requires the combination of technical fluency and executive judgment,” explains Kanani Breckenridge, CEO and headhuntress at San Diego-based Kismet Search.
“Strong IT security leaders understand the threat landscape deeply enough to make informed decisions and don’t hide behind jargon,” she adds. “Their real value shows up in risk prioritization, clear communication with nontechnical stakeholders, and the ability to translate security into business outcomes. They know when to escalate, when to say no, and when ‘good enough’ is actually the right call.”
Additionally, top-level CSOs understand that their value isn’t in saying “no,” but in engineering the “yes,” Breckenridge explains. They understand their job is not to eliminate risk but to ensure the organization takes the right risks to stay competitive.
Dangers of giving the wrong IT security pro too much clout
The biggest risk, Breckenridge explains, is false confidence, where the organization believes it is safer than it actually is. Beyond the waste of budget, it creates fragility. An inflated leader often builds a “culture of compliance” rather than a “culture of security.” Ultimately, it leaves the company vulnerable to a what Breckenridge calls a “double failure”: You have a massive breach despite having spent lots of money — and having been granted the CSO title.
One example of how an organization may hire or promote the wrong CSO is when they become enamored with security and product technology evangelists who can define and deploy best-in-class security frameworks and architectures. But these individuals may lack a cohesive strategy in integrated communications, collaborative spirit, hiring, comprehensive training, or general business practices, explains Doug Wald, vice president of recruiting at staffing firm Executive Alliance.
Wald says such a mistake is likely to occur when hiring teams focus too much on the security solutions and architectural needs at hand. They may fail to consider the imperatives of a top-line security leader to define, deploy, and optimize mission-critical program development — such as consistent employee and team trainings, legal engagements for privacy, vendor vetting, business continuity, and change processes — as major pillars of a comprehensive security strategy.
“Unfortunately, it is more common than most people would imagine, which is why I get hired to find a replacement,” Breckenridge explains. “It often manifests as ‘crisis-driven authority.’ After a major industry breach, boards often panic and grant a CSO emergency powers. If that leader lacks the maturity to wield that influence, they create a ‘security-industrial complex’ within the company, which can often be expensive, bloated, and disconnected from the product roadmap and IT landscape.”
Striking the right balance of experience and responsibility
Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.
In some firms, a newly appointed CSO might be positioned as a gatekeeper without the necessary governance, run books, or partner alignment to justify that veto power, McCreary explains. This imbalance becomes evident when policies exist, but the firm hasn’t practiced who does what under pressure — whether it’s legal and crisis response, technical actions, communications, or client outreach. Mature organizations proactively assign and rehearse these roles.
Breckenridge agrees, saying, “Many so-called CSOs have never really owned a budget or led through a major data or security incident.”
Considering the high stakes, why would any organization run the risk of hiring an under-experienced CSO? Usually it’s a mix of timing, optics, or a defensive hire that can be more externally driven than what makes sense internally, Breckenridge explains.
For example, an organization may use a CSO title as “audit bait” to satisfy regulators or insurance carriers. In other cases, it’s a retention play; a talented technical architect is given a C-level title to keep them from being poached, despite them having no experience in P&L management, board governance, or organizational design.
Call it a case of title before mandate, McCreary says. A new title might be created to satisfy client questionnaires or for marketing purposes, but the actual authority, budget, and scope of responsibility haven’t caught up.
Experience and skills a CSO should rightly have
Cutting through the hype, what should a top-notch CSO bring to the role?
“A strong leader balances risk and revenue. A true CSO can translate complex cyber, privacy, and AI risks into specific client and matter risks, explaining them in business terms that a partnership easily understands,” McCreary says.
In the case of legal firm Fox Rothschild, this means connecting threats directly to issues like conflicts, privilege, Outside Counsel Guidelines, and ultimately, client trust.
“Effective governance needs to be operational from day one,” McCreary says. “Policy shouldn’t just sit on a shelf; it must be directly linked to practical playbooks, clearly defined roles, and escalation paths that the business regularly practices. Think incident response policies, cyber event frameworks, and data-breach playbooks all working together.
How a CSO can recognize they may have an inflated title
A CSO “imposter gap,” as Breckenridge calls it, usually appears in the boardroom, and when the individual spends more time delivering authority and decisions than delivering outcomes. “If you find yourself speaking only in technical vulnerabilities rather than business liabilities, you’re likely a director with a CSO title.”
As many firms have different job architectures, title standing may also be dependent on the organization, their size and market segment, and overall functions and responsibilities of an IT security professional, Wald explains. Generally speaking, titles should be based on more commonly held competitive benchmarks in the market.

“Usually, when entering into a role, IT security professionals are aware of the title that they are pursuing. It would be contingent on the hiring company to maintain the consistency of the role’s functions rather than evolve into a function that isn’t reflective of the initially stated title and tasks,” Wald says.

To ensure that an employer and a CSO candidate are on the same page, Wald says the security pro “should be encouraged to speak to other immediate team members and partner stakeholders in product strategy, operations, business, finance, and legal teams — to gain insight and perspective on the prospects, needs, roadmap, and related touchpoints to help come to a consensus on the viability of that opportunity.”
How CSOs can be sure they’re the ‘real deal’
IT security leaders can know you’re the real deal when the business seeks your counsel on non-security issues and you are comfortable being challenged regarding other business decisions, Breckenridge explains.
“When a business unit leader asks for your input on a new market entry or an M&A deal because they value your risk-adjusted perspective, you’ve arrived,” Breckenridge says. “You also know you’re ready when you can comfortably accept ‘informed risk’ and feel like you’re fine signing off on a known vulnerability because the business value of a launch outweighs the technical debt.”
Other sure signs that you deserve the title: You can confidently execute the plan. You’re able to initiate an incident call, follow the firm’s IR policy, and execute the breach playbook without creating privilege problems or ethical‑wall violations, McCreary explains.
“You’ve established a cadence that truly moves the needle. You lead security standups and actively participate in AI task forces or subcommittees where decisions result in tangible outcomes, like new policies, controls, or training,” McCreary says. “You effectively educate your stakeholders. You deliver training and practical AI and infosec guidance that the organization genuinely uses.”
Assuring oneself, and the organization, that all is well in the role
To demonstrate both to themselves and the organization that they are right for the role, CSOs should ensure that security strategy, processes, and protective measures are being met, while showing very tight integrations with program leaders in legal, privacy, compliance, and integration and vendor relationships, Wald says.
In the era of the SEC’s new disclosure rules, title inflation is no longer cosmetic, Breckenridge says. It’s a material risk. Holding a CSO title without real authority, budget, or program ownership exposes individuals to accountability for failures they don’t control.
“The strongest security leaders I see are wary of titles without mandate. They care about scope, outcomes, and access, not optics,” Breckenridge says.
To prove their worth, CSOs should move the needle from “incident-free days” to “resiliency metrics,” Breckenridge explains.
“Prove that when things break — which inevitably they will — the recovery time is decreasing and the blast radius is shrinking,” Breckenridge says. “When you can show that security is a frictionless part of the CI/CD pipeline rather than a gate at the end, the organization will trust that the function is healthy. And, peers will seek their input early rather than late, which is often the strongest signal of credibility.”
From a recruiting and career path standpoint, Breckenridge says inflated titles also distort long-term career trajectory. When abilities don’t match the title, it shows up quickly in future interviews, especially at the executive level where outcomes, governance, and credibility matter more than labels.
“The key point being that the market is an objective judge,” Breckenridge says. “When leaders interview for their next role, they’re assessed on what they’ve actually owned, influenced, and delivered. Inflated titles tend to deflate fast when examined against real outcomes and operating experience.”
View the full article
CSOonline

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow anView the full article
Hacker News

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further.
The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet FortiGate firewalls. That developer is believed to have “some ties” to the Chinese government, according to research from cybersecurity company Team Cymru.
According to its GitHub repository, CyberStrikeAI ships with 100-plus curated tools covering “the whole kill chain.” It comprises an “intelligent” orchestration engine, role-based testing with predefined security roles, a system featuring what it calls specialized testing skills, and “comprehensive” lifecycle management capabilities, the researchers said.
This type of easy-to-use tool is increasingly giving threat actors of all kinds, including novices, the ability to launch attacks with just a few quick keystrokes.
“The adoption of CyberStrikeAI is poised to accelerate, representing a concerning evolution in the proliferation of AI-augmented offensive security tools,” Will Thomas, a senior threat intelligence advisor at Team Cymru, warned in a blog post.
Providing end-to-end automation
On its GitHub page, CyberStrikeAI claims it is an “auditable, traceable, and collaborative testing environment for security teams.” It features native Model Context Protocol (MCP), so it can easily connect with external data, tools, and systems without requiring separate integrations. It says it supports end-to-end automation, “from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization.”
The GitHub page outlines the product highlights:
100-plus prebuilt tool recipes and a human-readable YAML-based extension system; Attack-chain graph, risk scoring, and “step-by-step replay”; Password-protected web user interfaces (UIs) and audit logs; A knowledge base with vector search, hybrid retrieval, and searchable archives; Vulnerability management with create, read, update, delete (CRUD) operations, severity tracking, status workflow, and statistics; Batch task management that can organize task queues and add and execute multiple tasks sequentially. In addition, integrated chatbots, dubbed DingTalk and Lark, allow users to talk to CyberStrikeAI from their mobile devices.
CyberStrikeAI’s tooling supports a full attack chain, and includes network and vulnerability scanning; web and app testing; password cracking; exploitation and post-exploitation frameworks; container, cloud, and API security; subdomain enumeration (used to uncover vulnerabilities); capture the flag (CTF) utilities; and forensic and binary analysis.
A dashboard helps users quickly understand core features and current state. Basic users can perform quick start one-command deployment, while more advanced users can dive into more complex tasks. These include predefined role-based testing (pen testing, CTF, web app scanning), custom prompts and tool restrictions, skills systems (with 20-plus skills, including SQL injection and API security) that can be called on demand by AI agents, tool orchestrations and extensions, and attack chain intelligence.
“Making this kind of tooling available as public open source, given its sophistication and the ability to cause real harm, is irresponsible,” said David Shipley of Beauceron Security. “This is a whole new ballgame from past tools that can be used by ethical hackers and security researchers responsibly.”
Prediction: a proliferation of AI-augmented offensive security tools
CyberStrikeAI’s GitHub activities suggest its developer, known as Ed1s0nZ, interacts with Chinese private sector firms with known ties to the Chinese Ministry of State Security (MSS).
Between January 20 and 26, the Team Cymru researchers observed 21 unique IP addresses running CyberStrikeAI, with servers primarily hosted in China, Singapore, and Hong Kong. This indicates a “sharp increase in operational usage” since the GitHub repository was created in November 2025, Team Cymru’s Thomas noted.
“As adversaries increasingly embrace AI-native orchestration engines, we expect to see a rise in automated, AI-driven targeting of vulnerable edge devices,” including firewalls and VPN appliances, he warned.
In the near future, defenders must prepare for an environment where tools like this, and other “AI-assisted privilege escalation projects,” lower the barrier to entry for complex network exploitation, he cautioned.
Beauceron’s Shipley added: “We truly have opened Pandora’s Box and a lot of organizations are going to be harmed. There’s no way they can keep up with this.”
It’s analogous to going “from muskets to AK-47s,” he noted, and the knee-jerk reactions from lawmakers will harm even good faith research efforts. “We’re in a lot of trouble in 2026, and this is only one of the tools hitting the streets.”
View the full article
CSOonline

First M4 iPad Air Benchmarks Surface

Ahead of the launch of new iPad Air models equipped with the M4 chip, preliminary Geekbench benchmark results have surfaced for the device, giving us an idea of how its performance compares to the prior-generation M3 ‌iPad Air‌.


A pair of benchmarks from the 13-inch M4 ‌iPad Air‌ with Wi-Fi + Cellular (iPad16,11) suggest the M4 ‌iPad Air‌ CPU is 17.3 percent faster in single-core performance and 7.9 percent faster in multi-core performance.

The benchmarks show single-core scores of 3438 and 3714 and multi-core scores of 12885 and 12296, translating to an average single-core score of 3576 and an average multi-core score of 12591. The prior-generation 13-inch M3 ‌iPad Air‌ has an average single-core score of 3048 and an average multi-core score of 11667 on Geekbench.

The M4 ‌iPad Air‌ is equipped with an 8-core CPU featuring three performance cores and five efficiency cores, along with a 9-core GPU. Apple previously used the M4 in the iPad Pro, but the version in the ‌iPad Pro‌ had up to a 10-core CPU and up to a 10-core GPU, so the M4 ‌iPad Air‌ does not match the M4 ‌iPad Pro‌ in CPU performance.

The 13-inch M4 iPad Pro has a single-core score of 3704 and a multi-core score of 13805, so it offers 3.6 percent faster single-core CPU performance and 9.6 percent faster multi-core CPU performance.

The new M4 ‌iPad Air‌ will be available to pre-order at 6:15 a.m. Pacific Time tomorrow, with a launch to follow on March 11.Related Roundup: iPad Air Buyer's Guide: iPad Air (Don't Buy)Related Forum: iPad
This article, "First M4 iPad Air Benchmarks Surface" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's Studio Display XDR Supports DICOM Medical Imaging for Diagnostic Radiology

The new Studio Display XDR is designed for all kinds of professional work, and it is uniquely suited for use in the medical field.


The Studio Display XDR supports DICOM medical imaging presets and a Medical Imaging Calibrator so it can be used for diagnostic radiology. Radiologists will be able to view images right on the Studio Display XDR without the need to use a single-purpose medical imaging display.

There is a display mode switching option for transitioning from a standard viewing mode to a radiology viewing mode. Pricing on the Studio Display XDR starts at $3,299, and it is more affordable than many specialized medical imaging monitors.

Apple says the Medical Imaging Calibrator that it created for the Studio Display XDR is pending FDA clearance and it should soon be available in the United States.

According to Apple, its aim with the new functionality is to continue to improve technology available to the healthcare community to boost patient care.

The Studio Display XDR also features a mini-LED backlight with 2,304 local dimming zones, 2000 nits of peak HDR brightness, a 1,000,000:1 contrast ratio, a 120Hz refresh rate, and advanced color accuracy.

Pre-orders for the Studio Display XDR will begin on Wednesday, March 4 at 9:15 a.m. Eastern Time, with a launch to follow on March 11.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "Apple's Studio Display XDR Supports DICOM Medical Imaging for Diagnostic Radiology" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Here's When You Can Pre-Order the iPhone 17e, New Studio Displays and More in Every Time Zone

Apple is going to be accepting pre-orders for a slew of new devices starting tomorrow, with orders set to begin at 6:15 a.m. Pacific Time. To give users around the world an idea of when pre-orders will be accepted in their time zone, we've compiled a list of time zone conversions for several countries.


Our list isn't exhaustive, so if you're planning to order one of Apple's new devices, make sure to verify the exact time for your location.

Pre-orders will be available for the iPhone 17e, M4 iPad Air, M5 Max MacBook Pro, M5 Pro ‌MacBook Pro‌, M5 MacBook Air, Studio Display 2, and Studio Display XDR. Apple hasn't announced the low-cost MacBook yet, but presumably pre-orders for that device will also start tomorrow.



Australia West - 10:15 p.m. AWST
Australia East - 1:15 a.m. AEDT (Thursday)
Austria - 3:15 p.m. CET
Baltic countries - 4:15 p.m. EET
Belgium - 3:15 p.m. CET
Brazil East - 11:15 a.m. BRT
Canada West - 6:15 a.m. PST
Canada East - 9:15 a.m. EST
China - 10:15 p.m. CST
Denmark - 3:15 p.m. CET
Finland - 4:15 p.m. EET
France - 3:15 p.m. CET
Germany - 3:15 p.m. CET
Hong Kong - 10:15 p.m. HKT
India - 7:45 p.m. IST
Indonesia West - 9:15 p.m. WIB
Ireland - 2:15 p.m. GMT
Italy - 3:15 p.m. CET
Japan - 11:15 p.m. JST
Luxembourg - 3:15 p.m. CET




Netherlands - 3:15 p.m. CET
New Zealand - 3:15 a.m. NZDT (Thursday)
Norway - 3:15 p.m. CET
Poland - 3:15 p.m. CET
Portugal - 2:15 p.m. WET
Puerto Rico - 10:15 a.m. AST
Saudi Arabia - 5:15 p.m. AST
Singapore - 10:15 p.m. SGT
South Africa - 4:15 p.m. SAST
South Korea - 11:15 p.m. KST
Spain - 3:15 p.m. CET
Sweden - 3:15 p.m. CET
Switzerland - 3:15 p.m. CET
Taiwan - 10:15 p.m. CST
UAE - 6:15 p.m. GST
United Kingdom - 2:15 p.m. GMT
United States West - 6:15 a.m. PST
United States Mountain - 7:15 a.m. MST
United States Central - 8:15 a.m. CST
United States East - 9:15 a.m. EST



After the pre-order period, the new devices will launch on Wednesday, March 11.
This article, "Here's When You Can Pre-Order the iPhone 17e, New Studio Displays and More in Every Time Zone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

ChatGPT Gets GPT-5.3 Instant Update With Less 'Cringe,' Fewer Hallucinations

OpenAI today updated its most popular ChatGPT model, debuting GPT-5.3 Instant. GPT-5.3 Instant is supposed to provide more accurate answers and better contextualized results when searching the web. The update also cuts down on unnecessary dead ends, caveats, and overly declarative phrasing, plus it has fewer hallucinations.


According to OpenAI, it tweaked the Instant model to address complaints about tone, relevance, and conversational flow, which are issues that don't show up in benchmarks. GPT-5.2 Instant had a "cringe" tone that could be overbearing or make unsubstantiated assumptions about user intent or emotions. The new model will have a more natural conversational style and will cut back on dramatic phrases like "Stop. Take a breath."

Users found that GPT-5.2 Instant would refuse questions it should have been able to answer, or respond in ways that felt overly cautious around sensitive topics. GPT-5.3 Instant cuts down on refusals and tones down overly defensive or moralizing preambles when answering a question. The model will no longer "over-caveat" after assuming bad intent from the user.

GPT-5.3 Instant also provides higher-quality answers based on information from the web. OpenAI says that it is able to better balance what it finds online with its own knowledge, so it is less likely to overindex on web results.

GPT-5.3 Instant is available to all ChatGPT users now. Updates to Thinking and Pro will come in the future.Tags: ChatGPT, OpenAI
This article, "ChatGPT Gets GPT-5.3 Instant Update With Less 'Cringe,' Fewer Hallucinations" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Announcing Docker Hardened System Packages

Your Package Manager, Now with a Security Upgrade
Last December, we made Docker Hardened Images (DHI) free because we believe secure, minimal, production-ready images should be the default. Every developer deserves strong security at no cost. It should not be complicated or locked behind a paywall.
From the start, flexibility mattered just as much as security. Unlike opaque, proprietary hardened alternatives, DHI is built on trusted open source foundations like Alpine and Debian. That gives teams true multi-distro flexibility without forcing change. If you run Alpine, stay on Alpine. If Debian is your standard, keep it. DHI strengthens what you already use. It does not require you to replace it.
Today, we are extending that philosophy beyond images.
With Docker Hardened System Packages, we’re driving security deeper into the stack. Every package is built on the same secure supply chain foundation: source-built and patched by Docker, cryptographically attested, and backed by an SLA.
The best part? Multi-distro support by design.
The result is consistent, end-to-end hardening across environments with the production-grade reliability teams expect.
Since introducing DHI Community (our OSS tier), interest has surged. The DHI catalog has expanded from more than 1,000 to over 2,000 hardened container images. Its openness and ability to meet teams where they are have accelerated adoption across the ecosystem. Companies of all sizes, along with a growing number of open source projects, are making DHI their standard for secure containers.
Just consider this short selection of examples:
n8n.io has moved its production infrastructure to DHI, they share why and how in this recent webinar Medplum, an open-source electronic health records platform (managing data of 20+ million patients) has now standardized to DHI Adobe uses DHI because of great alignment with its security posture and developer tooling compatibility Attentive co-authored this e-book with Docker on helping others move from POC to production with DHI Docker Hardened System Packages: Going deeper into the container
From day one, Docker has built and secured the most critical operating system packages to deliver on our CVE remediation commitments. That’s how we continuously maintain near-zero CVEs in DHI images. At the same time, we recognize that many teams extend our minimal base images with additional upstream packages to meet their specific requirements. To support that reality, we are expanding our catalog with more than 8,000 hardened Alpine packages, with Debian coverage coming soon.
This expansion gives teams greater flexibility without weakening their security posture. You can start with a DHI base image and tailor it to your needs while maintaining the same hardened supply chain guarantees. There is no need to switch distros to get continuous patching, verified builds through a SLSA Build Level 3 pipeline, and enterprise-grade assurances. Your teams can continue working with the Alpine and Debian environments they know, now backed by Docker’s secure build system from base image to system package.
Why this matters for your security posture:
Complete provenance chain. Every package is built from source by Docker, attested, and cryptographically signed. From base image to final container, your provenance stays intact.
Faster vulnerability remediation. When a vulnerability is identified, we patch it at the package level and publish it to the catalog. Not image by image. That means fixes move faster and remediation scales across your entire container fleet.
Extending the near-zero CVE guarantee. DHI images maintain near-zero. Hardened System Packages extend that guarantee more broadly across the software ecosystem, covering packages you add during customization.
Use hardened packages with your containers. DHI Enterprise customers get access to the secure packages repository, making it possible to use Hardened System Packages beyond DHI images. Integrate them into your own pipelines and across Alpine and Debian workloads throughout your environment.
The work we’re doing on our users’ behalf: Maintaining thousands of packages is continuous work. We monitor upstream projects, backport patches, test compatibility, rebuild when dependencies change, and generate attestations for every release. Alpine alone accounts for more than 8,000 packages today, soon approaching 10,000, with Debian next.
Making enterprise-grade security even more accessible
We’re also simplifying how teams access DHI. The full catalog of thousands of open-source images under Apache 2.0 now has a new name: DHI Community. There are no licensing changes, this is just a name change, so all of that free goodness has an easy name to refer to.
For teams that need SLA-backed CVE remediation and customization capabilities at a more accessible price point, we’re announcing a new pricing tier today, DHI Select. This new tier brings enterprise-grade security at a price of $5,000 per repo.
For organizations with more demanding requirements, including unlimited customizations, access to the Hardened System Packages repo, and extended lifecycle coverage for up to five years after upstream EOL, DHI Enterprise and the DHI Extended Lifecycle Support add-on remain available.
More options means more teams can adopt the right level of security for where they are today.
Build with the standard that’s redefining container security
Docker’s momentum in securing the software supply chain is accelerating. We’re bringing security to more layers of the stack, making it easier for teams to build securely by default, for open source-based containers as well as your company’s internally-developed software. We’re also pushing toward a one-day (or shorter) timeline for critical CVE fixes. Each step builds on the last, moving us closer to end-to-end supply chain security for all of your critical applications.
Get started:
Join the n8n webinar to see how they’re running production workloads on DHI Start your free trial and get access to the full DHI catalog, now with Docker Hardened System Packages
View the full article
reporter

New Apple Studio Display and Studio Display XDR Don't Work With Intel Macs

If you still have a Mac with an Intel chip inside, you're not going to want to pick up one of the new Studio Display or Studio Display XDR models.


According to Apple's list of compatible Macs, neither model will work with an Intel-based Mac. Apple says that the Studio Display is compatible with a long list of Macs dating back to 2020, but they all have M-series chips inside.

16-inch MacBook Pro (2021 and later)
14-inch ‌MacBook Pro‌ (2021 and later)
13-inch ‌MacBook Pro‌ (M1, 2020 and later)
15-inch MacBook Air (2023 and later)
13-inch ‌MacBook Air‌ (‌M1‌, 2020 and later)
Mac Studio (2022 and later)
Mac mini (2020 and later)
Mac Pro (2023 and later)
24-inch iMac (2021 and later)

Apple started phasing out Intel Macs in 2020 when it released the first devices with Apple silicon. Intel chips were phased out in the ‌MacBook Air‌ in 2020 and ‌MacBook Pro‌ line in 2021, and other Macs followed. The last Intel Mac was the ‌Mac Pro‌, and the Intel version was discontinued in 2023. Apple hasn't sold an Intel Mac for close to three years.

With Intel Macs long discontinued, Apple is phasing out support as well. macOS Tahoe will be the final software update for Intel-based Macs, and Intel Macs will not get macOS 27. While Intel Macs will not be updated past ‌macOS Tahoe‌, Apple plans to provide security updates for three additional years.

The new Studio Display and Studio Display XDR will be available for pre-order on March 4 at 9:15 a.m. Eastern Time.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "New Apple Studio Display and Studio Display XDR Don't Work With Intel Macs" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

These Macs Can't Run the Studio Display XDR at 120Hz

The new Studio Display XDR features a mini-LED display with up to a 120Hz refresh rate, but you'll need a newer Mac to get support for the full 120Hz.


According to Apple, Macs that have an M1, M1 Pro, M1 Max, M1 Ultra, M2, or M3 will only support the Studio Display XDR at 60Hz. All other features remain available.

For the full 120Hz refresh rate, you'll need to have a Mac with one of the following chips:

‌M2‌ Pro, ‌M2‌ Max, ‌M2‌ Ultra
M3 Pro, M3 Max, M3 Ultra
M4 Pro, M4 Max
M5, M5 Pro, M5 Max

All Macs that have an Apple silicon chip can be used with the Studio Display XDR with the upcoming macOS Tahoe 26.3.1 update.

As for the iPad, The M5 iPad Pro supports the Studio Display at 120Hz, but all other compatible ‌iPad‌ models are limited to 60Hz. Compatible iPads include the M4 ‌iPad Pro‌, the 3rd-6th generation 12.9-inch ‌iPad Pro‌, 1st-4th generation 11-inch ‌iPad Pro‌, the ‌M2‌, M3, and M4 iPad Air models, and the 5th-generation ‌iPad Air‌.

For older Macs and iPads that don't support 120Hz, there is little reason to select the more expensive Studio Display XDR over the standard Studio Display. The Studio Display starts at $1,599, while the XDR model starts at $3,299.

The Studio Display XDR will be available for pre-order tomorrow at 9:15 a.m. Eastern Time, with a launch to follow on March 11.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "These Macs Can't Run the Studio Display XDR at 120Hz" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's New Studio Display Boxes Designed to Fit in Your Recycling Bin

As part of its environmental efforts, Apple says its new Studio Display and Studio Display XDR boxes feature a collapsible design.


Apple says the boxes can be broken down into smaller pieces that fit in most recycling bins:Apple also says both of the new Studio Display models contain 80% recycled glass, which is described as an "Apple first." This feat applies to models with standard glass, not the upgraded anti-reflective, nano-texture glass.

To learn more about the new Studio Displays, read our coverage of each model:Apple Updates Studio Display With These New Features
Apple Introduces All-New Studio Display XDRThe new Studio Displays are available to pre-order starting Wednesday at 6:15 a.m. Pacific Time.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "Apple's New Studio Display Boxes Designed to Fit in Your Recycling Bin" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Third macOS Tahoe 26.4 Beta Now Available for Developers

Apple today provided the third beta of an upcoming macOS Tahoe 26.4 update to developers for testing purposes, with the update coming a week after Apple seeded the second beta.


Developers can download the ‌macOS Tahoe‌ 26.4 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.

‌macOS Tahoe‌ 26.4 adds a new Charge Limit feature so Mac users can select a maximum charge level that ranges from 80 to 100 percent. Apple also brought back the Compact tab layout in Safari for those who missed the option in earlier versions of ‌macOS Tahoe‌.

Apple silicon Macs who are running apps that still rely on Rosetta will see warnings about the upcoming end of support for Rosetta. After ‌macOS Tahoe‌ 27, Apple will phase out Rosetta support, and all apps will need to be updated before that time.

‌macOS Tahoe‌ 26.4 will be released to the public in the spring after several weeks of beta testing.
This article, "Third macOS Tahoe 26.4 Beta Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

You Can Now Subscribe to Apple TV Through the Roku Channel

Roku has teamed up with Apple to offer the Apple TV subscription service on the Roku Channel, giving Roku users easy access to Apple's streaming service. The Roku Channel is available across all Roku devices, and it provides access to free content as well as premium subscriptions.


With the partnership, Apple could see subscriber growth, while Roku will be able to offer subscribers access to popular content like Formula 1, Major League Soccer, and Major League Baseball. ‌Apple TV‌ via the Roku Channel is still priced at $12.99 per month or $99 per year, with a 7-day free trial.


Roku has partnered with a long list of premium services, including Starz, Paramount+, HBO Max, AMC+, Britbox, Crunchyroll, Shudder, and more, with a full list available on the Roku website. With Roku Channel, premium services are managed through a user's Roku account. There has been an ‌Apple TV‌ app available on Roku since 2019, but the Roku Channel recommends ‌Apple TV‌ content alongside other content, and makes it easier for customers to subscribe.

‌Apple TV‌ on the Roku Channel can be watched on a long list of devices, including smart TVs, streaming players from Amazon, Google, and Roku, the web, and on iOS and Android devices.

Apple has a similar feature for third-party services, Apple Channels. With Apple Channels, users can subscribe to premium content through the ‌Apple TV‌ app and manage that content through their Apple Accounts.Tag: Roku
This article, "You Can Now Subscribe to Apple TV Through the Roku Channel" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call fromView the full article
Hacker News

iPhone 16e vs. iPhone 17e Buyer's Guide: All Upgrades Compared

Apple's new low-cost iPhone comes a year after its predecessor, offering over a dozen small changes. Here's how the latest model compares.


When Apple introduced the ‌iPhone‌ 16e last year, it replaced the aging ‌iPhone‌ SE and became the new low-cost ‌iPhone‌. The 16e adopted a contemporary full-screen design, Face ID, a 48-megapixel rear camera, USB-C, and the A18 chip, positioning it far closer to Apple's flagship models than previous budget models.

Apple yesterday announced the iPhone 17e, featuring the A19 chip, MagSafe connectivity, faster charging, and more. Here's everything that differs between the ‌iPhone‌ 16e and ‌iPhone 17e‌:



‌iPhone‌ 16e (2025)
‌iPhone 17e‌ (2026)


A18 chip (N3E)
A19 chip (N3P)


4.04 GHz CPU clock speed
4.26 GHz CPU clock speed


60 GB/s memory bandwidth
68.2 GB/s memory bandwidth


4-core GPU
4-core GPU with Neural Accelerators


C1 modem
C1X modem


eSIM only in United States (no SIM card slot)
eSIM only in additional countries, including Canada, Japan, and Mexico


Portrait mode with Depth Control
Next-generation portraits with Focus and Depth Control


Ceramic Shield front glass
Ceramic Shield 2 front glass


Qi wireless charging up to 7.5W
‌MagSafe‌ wireless charging up to 15W with 20W adapter or higher



Compatible with ‌MagSafe‌ cases, wallets, wireless chargers, and more


5.88 ounces (167 grams)
5.96 ounces (169 grams)


128GB, 256GB, and 512GB storage options
256GB and 512GB storage options


Available in White and Black
Available in White, Black, and Soft Pink




How Big Are the Upgrades?

The ‌iPhone 17e‌'s most consequential upgrade is ‌MagSafe‌. The ‌iPhone‌ 16e was limited to standard Qi wireless charging at up to 7.5W. The ‌iPhone 17e‌ doubles that to 15W and brings compatibility with magnetic accessories such as snap-on chargers, car mounts, wallets, and cases.

The ‌iPhone 17e‌ starts with 256GB, while the ‌iPhone‌ 16e began with 128GB. That is a 100% increase in base capacity at the same $599 starting price.

Durability also improves modestly. The ‌iPhone 17e‌ introduces Ceramic Shield 2, which Apple says offers three times better scratch resistance than the previous generation, along with reduced glare.

Performance improvements are measurable but more incremental. The benefits are more likely to surface in computational photography, gaming headroom, and future AI-driven iOS features. This is essentially a future-proofing upgrade over time rather than a dramatic speed bump.

Other changes are marginal. The modem moves from the C1 to the C1X, promising improved efficiency and cellular performance, but battery life remains rated at 26 hours.

Who Should Buy an iPhone 17e?

The ‌iPhone 17e‌ is a strong choice for anyone upgrading from an ‌iPhone‌ 14 or older. For those users, the combined jumps in performance, charging speed, storage, and camera capabilities are substantial. It is also the better option for first-time ‌iPhone‌ buyers, because it represents a more future-proof baseline with ‌MagSafe‌, more base storage, and newer silicon that will age better over a three- to five-year ownership cycle.

The more nuanced decision arises when a discounted ‌iPhone‌ 16e is available from a third-party retailer. In that case, the price difference becomes decisive. If the 16e can be purchased at a significant discount, it remains a capable and modern device, and will likely support virtually all of the same Apple Intelligence features going forward. For buyers who do not care about ‌MagSafe‌ and are comfortable with lower storage tiers, the 16e can still represent strong value.

However, if the price gap is only modest, the ‌iPhone 17e‌ is generally the better purchase. The doubling of wireless charging speed, the presence of ‌MagSafe‌ and Ceramic Shield 2, and the doubling of base storage are collectively worth it. Over time, those advantages are more likely to affect day-to-day satisfaction.

The ‌iPhone‌ 16e is the value option only when heavily discounted. The ‌iPhone 17e‌ is likely the better long-term buy, especially for anyone coming from an older device or entering the ‌iPhone‌ ecosystem for the first time.

‌iPhone 17e‌ pre-orders start on Wednesday, March 4, with availability starting a week later on Wednesday, March 11. Related Roundup: iPhone 17eBuyer's Guide: iPhone 16e (Don't Buy)Related Forum: iPhone
This article, "iPhone 16e vs. iPhone 17e Buyer's Guide: All Upgrades Compared" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Leaked Apple Documents Detail MacBook Neo Features Ahead of Launch

Accidentally leaked Apple documents that reveal the "Neo" name of the upcoming low-cost MacBook also reference some of the features that will be included.


The MacBook Neo will feature two USB-C ports, and it will also include a MagSafe port for charging purposes. Apple's latest Macs use a magnetic ‌MagSafe‌ cable, and in the case of the Neo, it will likely be color matched to the chassis. Rumors suggest the Neo will come in fun colors like pink, blue, and yellow.

Along with two USB-C ports and ‌MagSafe‌, the MacBook Neo will include Wi-Fi 7, which is the latest Wi-Fi specification. It does not appear to have Apple's N1 networking chip, instead adopting a MediaTek chip for Wi-Fi and Bluetooth.

Other information like display size and chip couldn't be determined from the document, but rumors suggest the Neo will have a 12.9-inch display and an A-series chip like the A18 Pro or the A19 Pro.

We're expecting Apple to unveil the new low-cost MacBook on March 4 at 9:00 a.m. Eastern Time.
This article, "Leaked Apple Documents Detail MacBook Neo Features Ahead of Launch" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Removes 512GB Storage Option From M5 MacBook Pro, Drops SSD Upgrade Prices

With the debut of the M5 Pro and M5 Max MacBook Pro models, Apple tweaked the available configurations for the standard M5 ‌MacBook Pro‌.


The 14-inch M5 ‌MacBook Pro‌ used to start with 512GB of storage, but Apple has removed that option. All ‌MacBook Pro‌ models, including the entry-level M5 version, start with a 1TB SSD that can be upgraded to 4TB.

The starting price of the M5 ‌MacBook Pro‌ was $1,599, but now it starts at $1,699 because of the updated storage. While the starting price has gone up, the price for SSD upgrades has technically shifted down.

Upgrading to 1TB previously would have resulted in a machine that costs $1,799, but that same base configuration is now $1,699 and $100 more affordable.

Upgrading to 2TB from the base starting storage used to be $600, but now the 2TB upgrade is $400. The 4TB upgrade is $1,000, $200 less than the $1,200 that it used to cost.

In short, Apple has removed the 512GB storage option and dropped the price of SSD storage at the same time. The base machine is more expensive, but you're getting a higher capacity SSD for less.

Apple has de-emphasized stock configurations and options are no longer listed on the purchase page for Macs. There are still stock models that will be sold in stores, however, and those pre-configured machines have been updated.

Apple has removed the base model that had 512GB of storage and 16GB RAM, replacing it with the version that has 16GB RAM and a 1TB SSD. There's also a $1,899 stock model with 1TB SSD and 24GB memory, and a new higher-end model with the 1TB SSD and 32GB RAM for $2,099.

Standard M5 ‌MacBook Pro‌ models with the new storage tiers are available for purchase as of today, and will deliver to customers as soon as tomorrow. The M5 Pro and M5 Max models can be pre-ordered starting at 6:15 a.m. Pacific Time on March 4, with a launch to follow on March 11.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "Apple Removes 512GB Storage Option From M5 MacBook Pro, Drops SSD Upgrade Prices" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Discontinues Pro Display XDR and $999 Stand

Apple today discontinued its Pro Display XDR, following the introduction of a new 27-inch Studio Display XDR monitor.


Introduced in December 2019 alongside a redesigned Mac Pro, the 32-inch Pro Display XDR was Apple's return to the premium external monitor market. The launch came three years after the company exited the category with the discontinuation of the Thunderbolt Display in 2016.

The Pro Display XDR drew particular scrutiny for its $999 Pro Stand, which was sold separately from the $4,999 display. Apple defended the price by emphasizing its precise engineering, height, tilt, and rotation adjustments, and support for both landscape and portrait orientations, but it was a focal point of criticism at launch.

In its place, Apple now offers an all-new Studio Display XDR, featuring a 5K resolution with mini-LED backlighting and up to 2,000 nits peak HDR brightness, adaptive refresh up to 120Hz, and Thunderbolt 5 connectivity with up to 140W charging and multiple high-speed ports.

Compared with the Pro Display XDR, which was a larger 32-inch 6K monitor aimed at high-end HDR workflows, the new Studio Display XDR is smaller and cheaper, but it also features modern panel technology, higher refresh rates, and more connectivity.

Pre-orders for the new display begin March 4 and availability starts March 11, with pricing starting at $3,299 for standard glass and $3,599 with nano-texture glass. Tag: Pro Display XDR
This article, "Apple Discontinues Pro Display XDR and $999 Stand" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Amazon Takes Up to $150 Off Apple's 14-Inch M5 MacBook Pro

Amazon today has dropped the price of the 2025 14-inch M5 MacBook Pro to $1,449.00, down from $1,599.00. With the announcement of new MacBook Pro models this week, Apple no longer sells this 512GB model of the 14-inch M5 MacBook Pro.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple instead has shifted the line to focus entirely on configurations with 1TB of storage, with varying RAM sizes. The 16GB RAM/1TB M5 MacBook Pro is available for $1,649.00 ($50 off) and the 24GB RAM/1TB M5 MacBook Pro has hit $1,846.00 on Amazon ($53 off).

$150 OFF14-inch M5 MacBook Pro (16GB RAM/512GB) for $1,449.00
$50 OFF14-inch M5 MacBook Pro (16GB RAM/1TB) for $1,649.00
$53 OFF14-inch M5 MacBook Pro (24GB RAM/1TB) for $1,846.00

Shoppers should note that we are calculating discounts based on the new prices of each notebook. With the launch of the new models, Apple has cut the prices of the M5 MacBook Pro by $100, which Amazon hasn't yet accounted for.

This version of the MacBook Pro launched in October and it comes with the newest M5 chip, which offers up to 15% faster CPU performance and up to 45% faster graphics when compared to the M4 chip. Apple just announced the upgraded M5 Pro and M5 Max versions of the MacBook Pro, but it could be a while before we see steep discounts on these models.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Takes Up to $150 Off Apple's 14-Inch M5 MacBook Pro" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

iOS 26.3.1 and macOS 26.3.1 Are Coming Soon

Apple today confirmed that iPadOS 26.3.1 and macOS 26.3.1 are on the way. The updates will likely be released at some point this week or next week.


iPadOS 26.3.1 and macOS 26.3.1 are both mentioned on the tech specs page for the new Studio Display and Studio Display XDR, which launch on Wednesday, March 11.

The full text from Apple's website:MacRumors also continues to see evidence of Apple preparing iOS 26.3.1, so there should be at least three minor software updates coming soon.

iOS 26.3.1, iPadOS 26.3.1, and macOS 26.3.1 may also include bug fixes and/or security patches.

visionOS 26.3.1 was released last week with an Apple TV app bug fix.Related Roundups: iOS 26, iPadOS 26, macOS TahoeRelated Forums: iOS 26, macOS Tahoe
This article, "iOS 26.3.1 and macOS 26.3.1 Are Coming Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Updates Studio Display With These New Features

Alongside the all-new, higher-end Studio Display XDR, Apple has updated the regular version of the Studio Display with some new features.


Here is what is new for the lower-end Studio Display, according to Apple:Two Thunderbolt 5 ports (up to 120Gb/s), with one upstream port (provides 96W pass-through charging) and one downstream port for connecting accessories or daisy-chaining additional displays
The built-in 12-megapixel Center Stage camera now supports Desk View
The six-speaker sound system's woofers deliver "30 percent deeper bass" compared to the previous Studio DisplayOnly the higher-end Studio Display XDR received a 120Hz refresh rate, mini-LED backlighting, increased brightness, and faster 140W pass-through charging.

This means the regular Studio Display still has a 60Hz refresh rate and up to 600 nits of brightness.

Both models have 27-inch displays with a 5K resolution.

The new Studio Displays can be pre-ordered starting Wednesday, March 4, ahead of a Wednesday, March 11 launch. In the U.S., the regular Studio Display continues to start at $1,599, while the Studio Display XDR starts at $3,299.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "Apple Updates Studio Display With These New Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Accidentally Leaks 'MacBook Neo'

Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday.


A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet.


Update: Just a few minutes after we published, Apple removed the "MacBook Neo" document link.Tag: MacBook (A18 Pro)
This article, "Apple Accidentally Leaks 'MacBook Neo'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate:View the full article
Hacker News

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspectedView the full article
Hacker News
OHC_logo_transparent_01.jpeg flags-medium.png OHC_logo_blue_square_small.jpeg

 

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.