Tech

Apple Releases iOS 16.7.14 to Address iPhone X and iPhone 8 Emergency Call Issue in Australia

Apple Releases iOS 16.7.14 to Address iPhone X and iPhone 8 Emergency Call Issue in Australia

Apple today released iOS 16.7.14 to address an iOS 16.7.13 issue that caused some older iPhones in Australia to be unable to connect to emergency services.


The update is available for the iPhone 8, ‌iPhone‌ 8 Plus, and ‌iPhone‌ X models, and it will allow these devices to place calls to emergency services in Australia. Apple's release notes say that iOS 16.7.14 fixes a mobile network problem that prevented emergency calls.

After Apple released iOS 16.7.13 last week, it became clear that the software interfered with the emergency call situation in Australia, which has been a problem since December. Apple pulled the update, but not until some people had already downloaded it.

Last Thursday, Apple released a carrier settings update for Telstra customers in Australia that temporarily fixed the issue by adjusting network-related settings.

Australian mobile network operators have been improving support for emergency calling on their networks, which has led to some older iPhones being unable to connect to emergency services in some situations. Apple has been pushing new software to address the issue, including the recent iOS 26.2.1 update.

iOS 16.7.4 can be downloaded by opening up the Settings app on the ‌iPhone‌ and going to Settings > General > Software Update. There is also an iPadOS 16.7.14 update available for older iPads.Tag: Australia
This article, "Apple Releases iOS 16.7.14 to Address iPhone X and iPhone 8 Emergency Call Issue in Australia" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

February 2Feb 2

Apple Releases macOS 11, watchOS 10, and watchOS 9 Updates to Keep iMessage and FaceTime Working on Older Devices

Apple Releases macOS 11, watchOS 10, and watchOS 9 Updates to Keep iMessage and FaceTime Working on Older Devices

Apple today released macOS 11.7.11, watchOS 10.6.2, and watchOS 9.6.4 for older Macs and Apple Watches that are not able to run the current watchOS and macOS 26.


According to Apple's release notes, the updates extend the certificate that features like device activation, iMessage, and FaceTime use. The certificate update ensures that these functions will continue to work after January 2027.

On the Mac, the update can be installed through the Settings app, while on the Apple Watch, the updates can be installed through the Apple Watch app on iPhone.

watchOS 9.6.4 and the update that preceded it are the final versions of watchOS that support devices like the ‌iPhone‌ 8, ‌iPhone‌ 8 Plus, and ‌iPhone‌ X, which are limited to iOS 16 and cannot be updated to iOS 17. watchOS 10.6.2 is available for the Apple Watch Series 4, Apple Watch Series 5, and the original Apple Watch SE.


This article, "Apple Releases macOS 11, watchOS 10, and watchOS 9 Updates to Keep iMessage and FaceTime Working on Older Devices" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

February 2Feb 2

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistantView the full article

• 0 comments
• 55 views

Hacker News

February 2Feb 2

Will Apple Raise iPhone Prices Due to Skyrocketing Memory Chip Prices?

Will Apple Raise iPhone Prices Due to Skyrocketing Memory Chip Prices?

There has been a lot of discussion lately about skyrocketing memory chip prices, and how that might impact the iPhone and other Apple devices.


For those who are not caught up to speed, prices for both DRAM and NAND storage chips have been surging lately due to increased demand from companies building out AI servers. Nvidia has reportedly surpassed Apple as chipmaker TSMC's biggest customer as a result of this boom, despite record-breaking iPhone sales last quarter.

The demand for memory chips for AI servers is so high right now that reports have indicated that chipmakers such as TSMC, Samsung, and SK Hynix cannot keep up with supply despite operating at or near full capacity. This supply-demand imbalance is allowing for chipmakers to raise prices for memory chips, with Taiwanese research firm TrendForce today estimating that conventional DRAM and NAND contract prices could rise up to 90–95% and up to 55-60% this quarter, respectively, compared to last quarter.

Apple surely still has plenty of leverage as one of the world's largest consumer electronics makers, but it is not entirely immune to the pricing situation.

On an earnings call last week, Apple CEO Tim Cook acknowledged that the rising chip prices will have a "bit more of an impact" on the company's gross margin in the current quarter. Nevertheless, Apple forecasted that its revenue will rise 13% to 16% in the quarter on a year-over-year basis, so the company still expects growth.

Cook said Apple "will look at a range of options to deal with" the rising prices, if necessary, but he did not mention any specific plans.

While the situation is rapidly evolving, it seems unlikely for now that one of those measures would be raising iPhone prices, for a few reasons.

First, Apple forecasted that its overall gross margin will remain strong at 48% to 49% in the current quarter, so the company is managing for now.

Second, Taiwanese supply chain publication DigiTimes today reported that some suppliers expect Apple to intensify its cost-cutting demands going forward. It is unclear if this refers to DRAM and NAND chip suppliers, or if Apple will try to negotiate more favorable deals with suppliers of other components to offset the impact.

Apple has historically been extremely sensitive about passing on price increases to customers, and it is known to have excellent supply chain management.

In line with that, supply chain analyst Ming-Chi Kuo recently said that Apple's current plan for the iPhone 18 Pro models later this year is to "avoid raising prices as much as possible." He predicted that Apple will "at least keep the starting price flat," suggesting that iPhone 18 Pro models will not cost more than iPhone 17 Pro models.

Related Reading: Apple May Break a 10-Year Chip StrategyTags: DigiTimes, TrendForce
This article, "Will Apple Raise iPhone Prices Due to Skyrocketing Memory Chip Prices?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 26 views

reporter

February 2Feb 2

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads toView the full article

• 0 comments
• 37 views

Hacker News

February 2Feb 2

Please Don’t Feed the Scattered Lapsus ShinyHunters

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much to contain the stolen data as to stop the escalating personal attacks. But a top SLSH expert warns that engaging at all beyond a “We’re not paying” response only encourages further harassment, noting that the group’s fractious and unreliable history means the only winning move is not to pay.
Image: Shutterstock.com, @Mungujakisa
Unlike traditional, highly regimented Russia-based ransomware affiliate groups, SLSH is an unruly and somewhat fluid English-language extortion gang that appears uninterested in building a reputation of consistent behavior whereby victims might have some measure of confidence that the criminals will keep their word if paid.
That’s according to Allison Nixon, director of research at the New York City based security consultancy Unit 221B. Nixon has been closely tracking the criminal group and individual members as they bounce between various Telegram channels used to extort and harass victims, and she said SLSH differs from traditional data ransom groups in other important ways that argue against trusting them to do anything they say they’ll do — such as destroying stolen data.
Like SLSH, many traditional Russian ransomware groups have employed high-pressure tactics to force payment in exchange for a decryption key and/or a promise to delete stolen data, such as publishing a dark web shaming blog with samples of stolen data next to a countdown clock, or notifying journalists and board members of the victim company. But Nixon said the extortion from SLSH quickly escalates way beyond that — to threats of physical violence against executives and their families, DDoS attacks on the victim’s website, and repeated email-flooding campaigns.
SLSH is known for breaking into companies by phishing employees over the phone, and using the purloined access to steal sensitive internal data. In a January 30 blog post, Google’s security forensics firm Mandiant said SLSH’s most recent extortion attacks stem from incidents spanning early to mid-January 2026, when SLSH members pretended to be IT staff and called employees at targeted victim organizations claiming that the company was updating MFA settings.
“The threat actor directed the employees to victim-branded credential harvesting sites to capture their SSO credentials and MFA codes, and then registered their own device for MFA,” the blog post explained.
Victims often first learn of the breach when their brand name is uttered on whatever ephemeral new public Telegram group chat SLSH is using to threaten, extort and harass their prey. According to Nixon, the coordinated harassment on the SLSH Telegram channels is part of a well-orchestrated strategy to overwhelm the victim organization by manufacturing humiliation that pushes them over the threshold to pay.
Nixon said multiple executives at targeted organizations have been subject to “swatting” attacks, wherein SLSH communicated a phony bomb threat or hostage situation at the target’s address in the hopes of eliciting a heavily armed police response at their home or place of work.
“A big part of what they’re doing to victims is the psychological aspect of it, like harassing executives’ kids and threatening the board of the company,” Nixon told KrebsOnSecurity. “And while these victims are getting extortion demands, they’re simultaneously getting outreach from media outlets saying, ‘Hey, do you have any comments on the bad things we’re going to write about you.”
In a blog post today, Unit 221B argues that no one should negotiate with SLSH because the group has demonstrated a willingness to extort victims based on promises that it has no intention to keep. Nixon points out that all of SLSH’s known members hail from The Com, shorthand for a constellation of cybercrime-focused Discord and Telegram communities which serve as a kind of distributed social network that facilitates instant collaboration.
Nixon said Com-based extortion groups tend to instigate feuds and drama between group members, leading to lying, betrayals, credibility destroying behavior, backstabbing, and sabotaging each other.
“With this type of ongoing dysfunction, often compounding by substance abuse, these threat actors often aren’t able to act with the core goal in mind of completing a successful, strategic ransom operation,” Nixon wrote. “They continually lose control with outbursts that put their strategy and operational security at risk, which severely limits their ability to build a professional, scalable, and sophisticated criminal organization network for continued successful ransoms – unlike other, more tenured and professional criminal organizations focused on ransomware alone.”
Intrusions from established ransomware groups typically center around encryption/decryption malware that mostly stays on the affected machine. In contrast, Nixon said, ransom from a Com group is often structured the same as violent sextortion schemes against minors, wherein members of The Com will steal damaging information, threaten to release it, and “promise” to delete it if the victim complies without any guarantee or technical proof point that they will keep their word. She writes:
A key component of SLSH’s efforts to convince victims to pay, Nixon said, involves manipulating the media into hyping the threat posed by this group. This approach also borrows a page from the playbook of sextortion attacks, she said, which encourages predators to keep targets continuously engaged and worrying about the consequences of non-compliance.
“On days where SLSH had no substantial criminal ‘win’ to announce, they focused on announcing death threats and harassment to keep law enforcement, journalists, and cybercrime industry professionals focused on this group,” she said.
An excerpt from a sextortion tutorial from a Com-based Telegram channel. Image: Unit 221B.
Nixon knows a thing or two about being threatened by SLSH: For the past several months, the group’s Telegram channels have been replete with threats of physical violence against her, against Yours Truly, and against other security researchers. These threats, she said, are just another way the group seeks to generate media attention and achieve a veneer of credibility, but they are useful as indicators of compromise because SLSH members tend to name drop and malign security researchers even in their communications with victims.
“Watch for the following behaviors in their communications to you or their public statements,” Unit 221B’s advisory reads. “Repeated abusive mentions of Allison Nixon (or “A.N”), Unit 221B, or cybersecurity journalists—especially Brian Krebs—or any other cybersecurity employee, or cybersecurity company. Any threats to kill, or commit terrorism, or violence against internal employees, cybersecurity employees, investigators, and journalists.”
Unit 221B says that while the pressure campaign during an extortion attempt may be traumatizing to employees, executives, and their family members, entering into drawn-out negotiations with SLSH incentivizes the group to increase the level of harm and risk, which could include the physical safety of employees and their families.
“The breached data will never go back to the way it was, but we can assure you that the harassment will end,” Nixon said. “So, your decision to pay should be a separate issue from the harassment. We believe that when you separate these issues, you will objectively see that the best course of action to protect your interests, in both the short and long term, is to refuse payment.”
View the full article

• 0 comments
• 36 views

Krebs

February 2Feb 2

Sonos Super Bowl Sale Offering Up to 20% Off Select Audio Devices

Sonos Super Bowl Sale Offering Up to 20% Off Select Audio Devices

Sonos this week kicked off a new home theater equipment sale, with big discounts aimed at anyone preparing for a Super Bowl party. This sale includes deals on Sonos smart speakers, sound bars, subwoofers, and more.

Note: MacRumors is an affiliate partner with Sonos. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

One highlight of the event is the Sonos Arc Ultra Soundbar at $899, down from $1,099, which matches the all-time low price we saw over last holiday season. For a cheaper soundbar, you can get the second generation Beam for $369, down from $499.

UP TO 20% OFFSonos Super Bowl Sale

Additionally, the new Sonos sale has a few bundle deals, which combine a few different home audio devices at one discounted price. This includes the 2 Room Set with Era 100 for $358 ($80 off), Premium Entertainment Set with Arc Ultra for $1,599 ($399 off), and more.

Arc Ultra Soundbar - $899, down from $1,099
Beam (Gen 2) Soundbar - $369, down from $499
Era 100 Speaker - $179, down from $219
Era 300 Speaker - $379, down from $479
Sub Mini - $399, down from $499
Sub 4 - $759, down from $899

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Sonos Super Bowl Sale Offering Up to 20% Off Select Audio Devices" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

February 2Feb 2

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow badView the full article

• 0 comments
• 57 views

Hacker News

February 2Feb 2

First Foldable iPhone Design Details Revealed

First Foldable iPhone Design Details Revealed

Apple's first foldable iPhone will feature relocated volume buttons, an all-black camera plateau, a smaller Dynamic Island, and more, according to design leaks from a known Weibo leaker.


The user known as "Instant Digital" today claimed to share several key details about the design of the foldable ‌iPhone‌:


The volume buttons will be located on the top edge of the device, aligned to the right, similar to the iPad mini.
The Touch ID power button and Camera Control continue to be located on the right edge of the device, just like other recent iPhones.
The left side of the device is smooth and does not have any buttons.
The front-facing cameras feature a single punch-hole design, resulting in a smaller ‌Dynamic Island‌.
The back left of the device features an ‌iPhone‌ Air-style camera plateau, containing two horizontally arranged cameras, the microphone, and the flash. Unlike the iPhone Air, the camera plateau appears to be completely black and not match the color of the device's body.
The only "confirmed" color option is said to be white, but a single additional color is expected to be available upon launch, giving customers just two choices.

The motherboard is apparently located on the right side of the device. As to not run cables across the screen to the left side for the volume buttons (where they are located on all other ‌iPhone‌ models), Apple is said to have decided to run them directly upwards, which maximizes internal space.

The internal structure purportedly features an innovative stacked design, with the space being almost entirely dedicated to the display and battery. It is also said to feature the biggest battery ever used in an ‌iPhone‌.

Instant Digital has a good track record for Apple rumors and has provided some strikingly accurate information, such as the imminent launch of 2023's Yellow iPhone 14, the frosted back glass of the ‌iPhone‌ 15 and ‌iPhone‌ 15 Plus, the Apple Watch Series 9 as a minor refresh, spatial video capture on the ‌iPhone‌ 15 Pro, the iPad Air and iPad Pro's move to a landscape front-facing camera, the M4 ‌iPad Pro‌'s nano-texture display option, the iPhone 16 Pro's battery capacities, and continued Apple Watch band compatibility through the Apple Watch Series 10.

For the iPhone 17 Pro alone, the leaker reported the device's 256GB base storage configuration and its improved telephoto camera, as well as its improved battery life, thermal design, and display brightness. As a result, their reports are worth taking seriously.

Other rumors suggest that Apple's first foldable ‌iPhone‌ will feature a 7.8-inch crease-free inner display, a 5.5-inch cover display, ‌Touch ID‌, two rear cameras, the A20 chip, and the "C2" modem. It is expected to launch alongside the iPhone 18 Pro and ‌iPhone 18‌ Pro Max later this year.Tags: Foldable iPhone, Instant Digital
This article, "First Foldable iPhone Design Details Revealed" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

February 2Feb 2

Human Risk Management: Das Paradoxon der Sicherheitsschulungen

Human Risk Management: Das Paradoxon der Sicherheitsschulungen

FAMILY STOCK – shutterstock.com
Unternehmen investieren Millionen von Dollar in Firewalls, Endpunktsicherheit oder Verschlüsselung. Doch eine einzige Person kann eine Katastrophe auslösen. Es reicht, wenn sie eine infizierte Datei herunterlädt oder auf einen betrügerischen Link klickt.
Analysen zeigen: Zwischen 70 und 90 Prozent aller Sicherheitslücken entstehen, weil Menschen Fehler machen. Sie fallen auf Social Engineering herein oder nutzen riskante Dienste ohne Erlaubnis der IT. Zudem verschärft sich die Lage, da Angreifer zunehmend künstliche Intelligenz und Deepfakes einsetzen.
Das Problem ist bekannt. Deshalb gaben Organisationen im Jahr 2025 etwa sechs Milliarden Dollar für Security Awareness Trainings (SAT) aus. Manche Firmen tun dies freiwillig. Die meisten beugen sich jedoch Vorschriften wie der Datenschutz-Grundverordnung oder dem Health Insurance Portability and Accountability Act. Letzterer verpflichtet etwa alle Beschäftigten im Gesundheitswesen rechtlich zu solchen Programmen. Experten erwarten, dass die Ausgaben für diese Maßnahmen jährlich um 15 Prozent steigen.
Warum das klassische Training scheitert
Obwohl diese Schulungen zum Standard gehören, bleibt ihr Nutzen fragwürdig. Viele Firmen haken das Thema nur ab, um Regeln einzuhalten. Den eigentlichen Mehrwert ignorieren sie dabei. Die Angestellten wiederum spielen das Spiel mit. Sie klicken sich so schnell wie möglich durch die Tutorials, damit sie weiterarbeiten können. Selbst wer aufpasst, vergisst das Gelernte oft schnell wieder, wenn er es im Alltag nicht aktiv anwendet.
Manchmal schaden die Kurse sogar. Studien belegen: Wer in den Tests besonders gut abschneidet, wird oft leichtsinnig. Diese Personen wiegen sich in falscher Sicherheit.
Meiner Meinung nach stecken wir in einem Paradoxon. Trotz hoher Investitionen und strenger Regeln bleibt der Nutzen minimal. Das System ist defekt. Wir brauchen deshalb einen radikalen Kurswechsel: weg von sporadischen Kursen, hin zum Human Risk Management.
Was bedeutet Human Risk Management?
Dieser Ansatz verfolgt eine klare Strategie: Er identifiziert menschliches Verhalten als Risiko und versucht, dieses gezielt zu senken. Während herkömmliche Schulungen nur theoretisches Wissen vermitteln, konzentriert sich das Human Risk Management darauf, wie Menschen tatsächlich handeln.
Das System verbindet sich direkt mit E-Mail-Programmen oder Identitäts-Management-Systemen. So erkennt es menschliche Schwachstellen sofort. Es nutzt Daten, um riskante Nutzer aufzuspüren. Danach greift es gezielt ein – etwa durch kurze Lerneinheiten oder automatisierte Kontrollen. Am Ende überwacht das System, ob sich das Verhalten wirklich verbessert.
Manche glauben, man müsse für beides separat bezahlen. Das stimmt nicht. Tatsächlich sind führende HRM-Lösungen von Anbietern wie Fable Security, KnowBe4 und Mimecast vollgepackt mit Standard-SAT-Material. Sie bieten sogar spezifische Schulungsunterstützung für regulatorische Compliance-Anforderungen.
Lesetipp: Menschenzentrierte Cybersicherheit gewinnt an Bedeutung
Demokratisierung durch künstliche Intelligenz
Klingt das nach neuem Marketing-Hype? Vielleicht. Aber diese Methode nutzt künstliche Intelligenz als Partner. Anders als bei vielen Trends sind sich Experten hier einig: KI wird die Bildung grundlegend verändern.
KI agiert wie ein persönlicher Tutor. Sie gibt kleine Stöße in die richtige Richtung. Klickt jemand auf einen gefährlichen Link, erhält er sofort eine passende Lerneinheit. So verfestigt sich das richtige Verhalten im Moment des Fehlers.
Zudem lernt das System, wie einzelne Personen am besten begreifen. Die eine Person liest lieber Texte, die andere schaut lieber Videos. Die Werkzeuge können sogar Rollenspiele durchführen und den Wettbewerb unter Kollegen anspornen. Das demokratisiert Expertenwissen auf eine völlig neue Weise.
Für Unternehmen lohnt sich das finanziell. Verantwortliche berichten nicht mehr nur, wie viele Leute ein Video geschaut haben. Sie belegen stattdessen, wie sich die digitale Hygiene im Betrieb verbessert. Wer ständig Fehler macht, bekommt individuelle Hilfe. So lässt sich direkt nachweisen, dass das Training die Zahl der echten Sicherheitsvorfälle senkt.
Aristoteles sagte einmal: „Wir sind das, was wir wiederholt tun. Vorzüglichkeit ist also keine Handlung, sondern eine Gewohnheit.“ Genau hier setzt das Human Risk Management an. Es verändert Gewohnheiten. Wäre Aristoteles heute Sicherheitschef, würde er diesen logischen Schritt sicher befürworten. (jm)
View the full article

• 0 comments
• 29 views

CSOonline

February 2Feb 2

Human Risk Management: Das Paradoxon der Sicherheitsschulungen

Human Risk Management: Das Paradoxon der Sicherheitsschulungen

FAMILY STOCK – shutterstock.com
Unternehmen investieren Millionen von Dollar in Firewalls, Endpunktsicherheit oder Verschlüsselung. Doch eine einzige Person kann eine Katastrophe auslösen. Es reicht, wenn sie eine infizierte Datei herunterlädt oder auf einen betrügerischen Link klickt.
Analysen zeigen: Zwischen 70 und 90 Prozent aller Sicherheitslücken entstehen, weil Menschen Fehler machen. Sie fallen auf Social Engineering herein oder nutzen riskante Dienste ohne Erlaubnis der IT. Zudem verschärft sich die Lage, da Angreifer zunehmend künstliche Intelligenz und Deepfakes einsetzen.
Das Problem ist bekannt. Deshalb gaben Organisationen im Jahr 2025 etwa sechs Milliarden Dollar für Security Awareness Trainings (SAT) aus. Manche Firmen tun dies freiwillig. Die meisten beugen sich jedoch Vorschriften wie der Datenschutz-Grundverordnung oder dem Health Insurance Portability and Accountability Act. Letzterer verpflichtet etwa alle Beschäftigten im Gesundheitswesen rechtlich zu solchen Programmen. Experten erwarten, dass die Ausgaben für diese Maßnahmen jährlich um 15 Prozent steigen.
Warum das klassische Training scheitert
Obwohl diese Schulungen zum Standard gehören, bleibt ihr Nutzen fragwürdig. Viele Firmen haken das Thema nur ab, um Regeln einzuhalten. Den eigentlichen Mehrwert ignorieren sie dabei. Die Angestellten wiederum spielen das Spiel mit. Sie klicken sich so schnell wie möglich durch die Tutorials, damit sie weiterarbeiten können. Selbst wer aufpasst, vergisst das Gelernte oft schnell wieder, wenn er es im Alltag nicht aktiv anwendet.
Manchmal schaden die Kurse sogar. Studien belegen: Wer in den Tests besonders gut abschneidet, wird oft leichtsinnig. Diese Personen wiegen sich in falscher Sicherheit.
Meiner Meinung nach stecken wir in einem Paradoxon. Trotz hoher Investitionen und strenger Regeln bleibt der Nutzen minimal. Das System ist defekt. Wir brauchen deshalb einen radikalen Kurswechsel: weg von sporadischen Kursen, hin zum Human Risk Management.
Was bedeutet Human Risk Management?
Dieser Ansatz verfolgt eine klare Strategie: Er identifiziert menschliches Verhalten als Risiko und versucht, dieses gezielt zu senken. Während herkömmliche Schulungen nur theoretisches Wissen vermitteln, konzentriert sich das Human Risk Management darauf, wie Menschen tatsächlich handeln.
Das System verbindet sich direkt mit E-Mail-Programmen oder Identitäts-Management-Systemen. So erkennt es menschliche Schwachstellen sofort. Es nutzt Daten, um riskante Nutzer aufzuspüren. Danach greift es gezielt ein – etwa durch kurze Lerneinheiten oder automatisierte Kontrollen. Am Ende überwacht das System, ob sich das Verhalten wirklich verbessert.
Manche glauben, man müsse für beides separat bezahlen. Das stimmt nicht. Tatsächlich sind führende HRM-Lösungen von Anbietern wie Fable Security, KnowBe4 und Mimecast vollgepackt mit Standard-SAT-Material. Sie bieten sogar spezifische Schulungsunterstützung für regulatorische Compliance-Anforderungen.
Lesetipp: Menschenzentrierte Cybersicherheit gewinnt an Bedeutung
Demokratisierung durch künstliche Intelligenz
Klingt das nach neuem Marketing-Hype? Vielleicht. Aber diese Methode nutzt künstliche Intelligenz als Partner. Anders als bei vielen Trends sind sich Experten hier einig: KI wird die Bildung grundlegend verändern.
KI agiert wie ein persönlicher Tutor. Sie gibt kleine Stöße in die richtige Richtung. Klickt jemand auf einen gefährlichen Link, erhält er sofort eine passende Lerneinheit. So verfestigt sich das richtige Verhalten im Moment des Fehlers.
Zudem lernt das System, wie einzelne Personen am besten begreifen. Die eine Person liest lieber Texte, die andere schaut lieber Videos. Die Werkzeuge können sogar Rollenspiele durchführen und den Wettbewerb unter Kollegen anspornen. Das demokratisiert Expertenwissen auf eine völlig neue Weise.
Für Unternehmen lohnt sich das finanziell. Verantwortliche berichten nicht mehr nur, wie viele Leute ein Video geschaut haben. Sie belegen stattdessen, wie sich die digitale Hygiene im Betrieb verbessert. Wer ständig Fehler macht, bekommt individuelle Hilfe. So lässt sich direkt nachweisen, dass das Training die Zahl der echten Sicherheitsvorfälle senkt.
Aristoteles sagte einmal: „Wir sind das, was wir wiederholt tun. Vorzüglichkeit ist also keine Handlung, sondern eine Gewohnheit.“ Genau hier setzt das Human Risk Management an. Es verändert Gewohnheiten. Wäre Aristoteles heute Sicherheitschef, würde er diesen logischen Schritt sicher befürworten. (jm)
View the full article

• 0 comments
• 32 views

CSOonline

February 2Feb 2

Get $99 Off iPad Mini 7 on Amazon, Starting at $399.99

Get $99 Off iPad Mini 7 on Amazon, Starting at $399.99

Amazon today has brought back a few $99 discounts on the iPad mini 7, starting at $399.99 for the 128GB Wi-Fi tablet, down from $499.00. This is only the second time in 2026 that we've seen prices this low on the iPad mini 7 on Amazon.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Additionally, you can get the 256GB Wi-Fi iPad mini 7 for $499.99 and the 512GB Wi-Fi iPad mini 7 for $699.99, both $100 discounts and available in multiple colors. These sales are all solid second-best prices on the iPad mini 7.

$99 OFF128GB Wi-Fi iPad mini 7 for $399.99
$99 OFF256GB Wi-Fi iPad mini 7 for $499.99
$99 OFF512GB Wi-Fi iPad mini 7 for $699.99

Additionally, you can pair a new iPad mini with the Apple Pencil Pro for $94.99 on sale right now on Amazon, down from $129.00. If you're shopping for a cellular model of the iPad mini, only Best Buy has $100 discounts on these models at this time.

$34 OFFApple Pencil Pro for $94.99

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get $99 Off iPad Mini 7 on Amazon, Starting at $399.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

February 2Feb 2

How risk culture turns cyber teams predictive

How risk culture turns cyber teams predictive

The first time you’ll hear, “We’re always in incident mode,” it won’t be said with drama. It will be said the way you mention the weather. Grey again. Pager again.
And that’s the problem. When a constant alarm becomes normal, your team stops asking the only question that matters. Why do we keep ending up here?
You can buy more tools. You can hire more analysts. You can hang more dashboards. You’ll still end up sprinting after the last breach, the last misconfiguration, the last vendor surprise, the last “minor” change that ate your weekend.
The best cyber teams we’ve worked with didn’t win because they ran faster. They won because they were adaptive and changed the risk landscape. They built a culture where weak signals had a microphone, and action didn’t require heroics.
Forecasting in cybersecurity is not fortune-telling. It’s disciplined habits, clear choices and a team that treats risk as daily practice, not an annual slide.
The trap: When ‘busy’ replaces ‘aware’
Reactive teams don’t choose chaos. Chaos chooses them, one small compromise at a time.
A rushed change goes in late Friday. A privileged account sticks around “temporarily” for months. A patch slips because the product has a deadline, and security feels like the polite guest at the table. A supplier gets fast-tracked, and nobody circles back.
Each event seems manageable. Together, they create a pattern. The pattern is what burns you.
Most teams drown in noise because they treat every alert as equal and security’s job. You never develop direction. You develop reflexes.
Reflexes feel useful. They look good on incident bridges. They can also keep you blind.
Forecasting begins when you stop rewarding the “save” and start rewarding the “see and act.”
Risk culture: What it is when you strip the slogans
People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.
Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at 4 a.m.
In cybersecurity, risk culture answers four questions.
Do people notice risk early?
Do they name it clearly?
Do they know who can decide?
Do they act without fear?
If anyone fails, you get silence. Silence is the most dangerous gap in the building.
We’ve seen teams with expensive tooling and miserable outcomes because engineers learned one lesson. “If I raise a risk, I’ll get punished, slowed down or ignored.” So they keep quiet, and you get surprised.
We’ve also seen teams with average tooling but strong habits. They didn’t pretend risk was comfortable. They made it speakable.
Speakable risk is the start of foresight. Foresight enables the right action or inaction to achieve the best result!
Signal discipline: Give weak signals a place to land
Forecasting is not about seeing everything. It’s about seeing the right things early enough to act.
Top teams collect near misses like pilots collect flight data. Not for blame. For pattern.
A near miss is the attacker who almost got in. The bad change that almost made it into production. The vendor who nearly exposed a secret. The credential that nearly shipped in code.
Most organizations throw these away. “No harm done.” Ticket closed. Then harm arrives later, wearing the same outfit.
So you need a place for near misses to land. A lightweight log. A channel people trust. A small weekly ritual where you ask, “What almost happened?” Not “Who messed up.”
You also need shared language. Not ten pages of taxonomy. Just words that mean the same thing across teams. When someone says “critical,” do they mean “drop everything,” or “put it in the next release?”
Ambiguity breeds delay. Delay breeds surprise.
Decision rights: Speed dies in committees
We’ve seen incident calls where 20 people had opinions, and nobody had authority. It’s like watching a committee try to steer a ship mid-storm.
Forecasting requires speed, and speed requires decision rights and Risk Intelligence.
Many programmes invest in detection and forget the human bottleneck. Even perfect visibility is useless if every decision needs a meeting, and every meeting needs a senior leader who is “in back-to-backs.”
Top teams make risk-intelligent decisions before the heat.
Who can block a release?
Who can isolate a system?
Who can force key rotation?
Who can accept risk, and under what conditions?
When an issue jumps a level, and what triggers that jump.
If you want forecasting, fix your approval grid. Make it short. Make it usable at 2 a.m.
Then protect it. One override for convenience, and people learn the real rules. The real rules always win.
Behavioral standards: What ‘good’ looks like on Tuesday
You can’t ask people to “care about risk” and expect it to stick. People run on what gets rewarded and what gets them in trouble.
So strong teams set behavioral standards. Not as a lecture. As an operating agreement.
Security’s job is to reduce harm while keeping work moving, not to act as a gatekeeper. That means rules people can follow, and guardrails that make the right path easier than the wrong one.
Engineering’s job is to own what they ship, not to “help security.” If you build it, you own the blast radius.
Product’s job is to make exposure part of design, not to treat security as a late-stage checklist. If you can’t explain why a feature is worth the risk, you don’t understand the feature.
Vendor owners have a job too. They can’t outsource supplier risk to a questionnaire. They own the follow-up when a supplier says, “We’ll fix it next quarter.”
A small practice I love. Ask each team for three “no surprises” rules.
No privileged access without expiry.
No production change without rollback.
No new vendor without an owner and an exit plan.
Short list. Clear verbs. Real enforcement. That’s culture.
Operating rhythm: The week is where risk becomes real
If you only talk about risk during audits and incidents, you don’t have a culture of risk. You have a seasonal sport.
Forecasting lives in cadence. In the meetings you actually attend.
Weekly, run a short review with three questions.
What changed that affects exposure?
What almost went wrong?
What needs a decision?
Keep it tight. If it turns into status theatre, kill it and start again.
Monthly, practice one scenario. Plain, no fancy decks. If ransomware hits this service, what happens in the first hour? Who decides. What do you shut down, and what must stay alive?
Quarterly, test what you claim. Backups. Access controls. Vendor escalation. If you can’t test it, you don’t know it.
This rhythm teaches people that risk isn’t a surprise visitor. Risk is a resident. You don’t panic when you see it. You deal with it.
Imagine you once joined a team’s weekly review as a guest. Ten minutes in, an ops lead said, “We changed the identity provider settings yesterday. It felt odd.” No panic. No blame. Just a raised hand. Security asked two questions, engineering checked logs and they rolled back a risky toggle before lunch. Nothing made the news. Nobody got a medal. Everyone went home on time. That’s what a good rhythm buys you. Most weeks, quietly.
Measures that point forward: Count what moves before damage
Many dashboards tell you what already happened. Incidents. Downtime. Loss.
Useful, but late.
If you want forecasting, track measures that move before the mess. Let’s shift to being a little more proactive and presilience-focused, instead of testing our reactions and resilience as the go-to responses.
How long do critical patches sit on systems that matter?
How often do privileged access exceptions expire on time?
How many urgent changes bypass checks, and where?
How many near misses get reported, and how fast you learn?
Watch a team celebrate fewer incidents while near-miss reporting fell to zero. They thought they improved. In reality, people stopped speaking. Six weeks later, they got hit. The silence was the signal.
You don’t want perfect numbers. You want honest trends that trigger choices, not slides.
Leadership: The culture you reward is the culture you get
Leaders say they want transparency. Then they punish the first person who brings bad news. That one moment teaches the organization more than any policy ever could.
If you want forecasting and Presilience, protect the messenger. Praise early escalation. Treat risk as a trade, not as a personal failure.
Also, stop romanticising heroics. The midnight save feels good. It makes a great story. It also hides the root issue: poor planning, weak controls, unclear ownership and a habit of postponing boring work.
Boring work buys calm, discipline buys reliability but risk intelligence enables the right balance of compliance, resilience and presilience to manifest.
Think of board conversations where someone asked, “Why spend on resilience when nothing happened this quarter?” And you answered with a question. “Would you rather pay for brakes or for ambulances?” It landed because it was true.
A simple 90-day shift: Small moves, real change
If your team feels stuck, don’t start with a massive program. Start with a few moves that change behavior fast.
First 30 days. Map your top repeat failures. Pick five signals to watch weekly. Name owners. Days 31 to 60. Fix one decision bottleneck. Write the rule. Use it. Days 61 to 90. Run one scenario practice a month. Learn one thing. Change one playbook. Close one gap. You’re not chasing perfection. You’re building a habit. Habits compound.
If you do this well, something shifts. You stop being surprised by the same problems. People raise issues earlier. Engineers stop hiding bad news. Security stops shouting into the void. The organization feels calmer. Not complacent. Calm.
That calm is not luck. It’s culture. The right balance between prevention, reaction and proactivity ensures sustainable high performance.
And here’s the quiet mic-drop. When risk becomes a daily conversation, you don’t need to guess the future. You stop being shocked by the present.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article

• 0 comments
• 33 views

CSOonline

February 2Feb 2

Apple Vision Pro Launched Two Years Ago Today

Apple Vision Pro Launched Two Years Ago Today

Apple's original Vision Pro spatial computing headset launched two years ago today.


Apple's work on a head-mounted device was the subject of rumors for many years before the Vision Pro's announcement. By the early 2020s, those reports had converged around the idea that Apple was preparing a high-end mixed-reality headset positioned as a new form of general-purpose computer.

Apple finally revealed the Apple Vision Pro in June 2023 during its annual Worldwide Developers Conference (WWDC), marking the company's first major new hardware platform announcement since the Apple Watch. In its initial announcement, Apple described Vision Pro as its first "spatial computer," introducing visionOS, a new operating system designed around three-dimensional app windows controlled by eye tracking, hand gestures, and voice input. The device combined dual micro-OLED displays with a total of roughly 23 million pixels, advanced sensor arrays, and custom silicon, including the M2 chip and a dedicated R1 chip for real-time sensor processing. Apple also announced a starting price of $3,499 in the United States and said the product would launch in early 2024.

The Vision Pro launched in the United States on February 2, 2024. Initial reviews broadly praised the visual quality, eye- and hand-tracking accuracy, and technical ambition of the product, while also noting its high price, physical weight, limited battery life, and a comparatively small library of software designed specifically for spatial computing. Following the launch, Apple gradually expanded Vision Pro availability to additional countries and continued to update visionOS with new features in 2024 and 2025.

The headset was never expected to be mass-market from day one, according to Apple. Even so, enthusiasm reportedly cooled far faster than anticipated. The latest report on the matter was published earlier this month by the Financial Times, claiming that the Vision Pro is still failing to catch on.

Roughly a year and a half after the initial release, Apple introduced an updated Vision Pro model featuring the M5 chip, representing the first hardware revision of the device. The M5 chip enabled 10% more rendered pixels, a refresh rate of up to 120Hz, better responsiveness, and up to an extra hour of battery life. Apple also introduced a counterweighted Dual Knit Band designed to improve comfort.

Reports suggest that there are now no Apple Vision headsets in active development, with the company's focus pivoting decisively to smart glasses. Soon after launch, Apple was believed to have shifted focus to a lower-cost "Vision Air," designed to bring spatial computing to a wider audience through a lighter and cheaper headset, while also planning a redesigned Vision Pro 2 for later in the decade.

By mid-2024, that plan appeared to change and the company's once-ambitious multi-year roadmap for the Vision Pro is said to have unraveled. A report from The Information said Apple had suspended development of the redesigned Vision Pro, redirecting resources toward the cheaper model, which itself later slipped amid cost and design challenges.

Supply-chain reports suggested Apple was winding down production of the first-generation Vision Pro due to weak demand and excess inventory, with the company pivoting to a chip refresh to use up stockpiled components. A year later, Bloomberg reported that Apple also paused work on the lower-cost headset, shifting its focus toward smart glasses, potentially leaving no next-generation headset hardware in active development.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Buy Now)Related Forum: Apple Vision Pro
This article, "Apple Vision Pro Launched Two Years Ago Today" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 26 views

reporter

February 2Feb 2

This stealthy Windows RAT holds live conversations with its operators

This stealthy Windows RAT holds live conversations with its operators

Security researchers at Point Wild have disclosed a new Windows malware campaign that uses a multi-stage infection chain to establish persistent, memory-resident access on compromised systems and steal sensitive data.
The analysis found the malware relying on standard Windows components for execution and persistence, limiting the number of artifacts written to disk. The activity, analyzed by the company’s Lat61 team, involves a .NET-based, modular remote access trojan (Pulsar RAT) that supports live, interactive operator control.
The malware’s reliance on in-memory execution and living-off-the-land techniques limits the effectiveness of file-based detection tools, the researchers noted in a blog post.
“The malware exhibits advanced anti-analysis techniques, including anti-VM, anti-debugging, and process injection detection, alongside extensive credential harvesting, surveillance capabilities, and remote system control,” they said. “Stolen data is exfiltrated as ZIP archives over Discord webhooks and Telegram bots.”
Initial access and memory-resident execution
The infection chain begins with a small batch script that establishes persistence through a per-user Registry Run key. Rather than deploying a full executable, the script launches a PowerShell-based loader, reducing the likelihood of immediate detection by traditional endpoint security tools.
This PowerShell loader decodes and executes shellcode generated using Donut, an open-source framework commonly used to convert. NET assemblies into position-independent shellcode. The shellcode injects the payload directly into memory, avoiding the need to write a portable executable to disk.
By operating entirely in memory after initial execution, the malware limits the effectiveness of file-based scanning and static analysis. Point Wild researchers noted that the attack blending into normal Windows activity calls for behavioral or memory-focused telemetry.
Once loaded, the malware deploys a heavily obfuscated .NET component that serves as the core execution framework for the operation.
RAT capabilities and stealer functionality
The .NET payload implements a remote access trojan that allows operators to interact directly with compromised systems. Unlike many commodity RATs that rely on periodic check-ins, this malware supports live command handling, enabling attackers to issue instructions and receive responses in near real-time.
This interactive design allows operators to perform reconnaissance, manipulate files, execute commands, and manage persistence dynamically based on what they observe on the infected host.
Alongside the RAT functionality, the malware includes an information-stealing component that collects sensitive system data. While the disclosure did not attribute the Stealer to a specific malware family, the researchers noted that it operates in parallel with the RAT, allowing data collection to continue while operators actively engage with the system.
Persistence, evasion, and mitigation
Persistence is maintained through Registry-based autorun entries and reinforced by the malware’s ability to re-establish execution if disrupted. The use of obfuscation across the .NET payload further complicates reverse engineering and slows analysis.
Point Wild emphasized that the campaign’s effectiveness stems from disciplined execution of Living-off-the-land binaries, in-memory payloads, and obfuscated managed code. Together, they make detection difficult.
The researchers noted that detecting the activity requires monitoring process and memory behavior rather than relying on file-based indicators, which include watching for suspicious PowerShell execution, shellcode injection into running processes, and suspicious persistence via Registry Run keys. Rapid host isolation and live response were emphasized to contain interactive activity and limit data theft once a compromise is suspected.
View the full article

• 0 comments
• 33 views

CSOonline

February 2Feb 2

Apple's Smart Glasses Plans Already Triggering Industry Changes

Apple's Smart Glasses Plans Already Triggering Industry Changes

Apple's rumored plan to enter the smart glasses market by late 2026 is already reshaping the global AR optics supply chain, according to DigiTimes.


According to the paywalled report, demand for smart glasses from the likes of Meta is rising steadily, but the industry now expects Apple's equivalent product to act as the primary catalyst for large-scale commercialization. Multiple suppliers across Taiwan's optical sector have apparently increased capital expenditure to expand capacity and shift research priorities toward AR technologies, citing Apple's expected requirements.

For example, Kinko Optical has positioned itself as a key supplier by opening a new AR, VR, and MR research center, backed by an investment of about $5.6 million. Kinko is currently the only Taiwanese company developing both nanoimprint optical waveguides and optical engines at the same time, technologies that are essential to modern AR glasses designs. Joint development projects with clients are expected to begin in 2026, aligning with the rumored launch timelines of major new products from brands like Apple.

Other Taiwanese suppliers are moving in the same direction. Asia Optical is accelerating development of AR, VR, and metalens products and has partnered with Singapore-based MetaOptics to co-develop metalens technology. JMO Corp. has already entered AR glasses supply chains, while Aiimax Innovation has completed metalens samples now undergoing brand certification.

Samsung has already announced plans to launch AR glasses in 2026, while Apple is expected to introduce its first smart glasses by the end of the year. Apple's entry is expected to increase volumes, stabilize supply chains, and lower component costs, prompting Taiwanese suppliers to position themselves more aggressively as the market for smart glasses expands.Tags: Apple Glasses, Apple Smart Glasses, DigiTimes
This article, "Apple's Smart Glasses Plans Already Triggering Industry Changes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 25 views

reporter

February 2Feb 2

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you theView the full article

• 0 comments
• 84 views

Hacker News

February 2Feb 2

Securing the Mid-Market Across the Complete Threat Lifecycle

Securing the Mid-Market Across the Complete Threat Lifecycle

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businessesView the full article

• 0 comments
• 57 views

Hacker News

February 2Feb 2

Why non-human identities are your biggest security blind spot in 2026

Why non-human identities are your biggest security blind spot in 2026

Last month, while running a routine access audit on our Azure environment, I came across a service account called svc-dataloader-poc. It had not been touched in 793 days — two years of sitting dormant. When I checked its permissions, my stomach dropped: Owner-level access to three production subscriptions, including our customer database. The account had been spun up for a proof-of-concept migration that never went live. The contractor who created it left 18 months ago. Nobody knew it existed.
This was not a one-off. I found 47 similar accounts in that same audit. Forty-seven doors left wide open.
Here is the uncomfortable reality facing every security leader in 2026: while we spent the last decade perfecting MFA rollouts and zero-trust architectures for our human users, something else was quietly multiplying across our environments. Service accounts. API keys. Automation credentials. AI agents. These non-human identities now outnumber actual employees in most enterprises by ratios that would have seemed absurd five years ago. ManageEngine’s 2026 Identity Security Outlook found that organisations reported machine-to-human ratios of 100:1; some hit 500:1. And the vast majority of these identities sit completely outside our governance programmes.
We locked the front door. The back door has been open this whole time.
Why the NHI explosion is different this time
Machine identities are not new. What changed is the velocity. Five years ago, a typical enterprise application was a monolith talking to a database. Today, that same application is 50 microservices, each needing credentials to talk to the others. Every Kubernetes pod that spins up during auto-scaling creates workload identities. Every GitHub Actions workflow generates tokens. Every Terraform run provisions service principals. I watched a single deployment pipeline create more machine identities in 20 minutes than our entire company had human users.
Then came agentic AI, and the problem accelerated again. These are not chatbots answering questions. They are systems authorised to execute commands, move production data, modify configurations and trigger downstream workflows autonomously. Microsoft Copilot has access to your SharePoint. GitHub Copilot can commit to your repos. The AI assistant your marketing team just deployed can pull customer records from Salesforce. One Identity is predicting 2026 will see the first major breach traced back to an over-privileged AI agent. The terrifying part? It will not look like an attack. It will look exactly like the system doing what it was designed to do.
Our IAM systems were never built for this. They assume identities belong to people with managers who respond to access review emails and eventually resign or retire. Machine identities have no manager. They never respond to certification campaigns. They do not quit. The OWASP Non-Human Identities Top 10 ranks improper offboarding as the number one risk. When a project gets cancelled, when a vendor integration gets deprecated, when a developer leaves — does anyone remember to delete the service accounts? In my experience running IAM programmes across multiple organisations, the answer is almost never.
The three blind spots I keep finding
After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess.
Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian detected 13 million secrets exposed in public GitHub repositories. Google API keys, MongoDB credentials, AWS access keys — sitting in plaintext for anyone to harvest. But the public repos are not even the biggest problem. In my own assessments, I have found production database passwords in Jira tickets, Slack messages, Confluence runbooks and shared Google Docs. A colleague once discovered an admin token for a payment gateway pasted into a Teams chat from 2023, still valid, still granting full access. Once secrets escape into collaboration tools, you have lost control. They get copied, forwarded, indexed, archived. They never truly disappear. Service accounts with absurd privilege levels. This one makes me angry because it is so preventable. A developer needs a service account for a new Lambda function. They are under deadline pressure. Figuring out the exact minimum permissions takes time, so they attach AdministratorAccess and move on. The function works. Nobody revisits it. That account now has god-mode access to your entire AWS environment for a task that needed read access to one S3 bucket. Multiply this across every team, every sprint, every year. The 2025 State of Non-Human Identities report from Entro Security found 97% of NHIs have excessive privileges. Ninety-seven percent. Even more alarming: just 0.01% of machine identities control 80% of cloud resources. Compromise one of those accounts and the attacker owns your environment. No lifecycle ownership whatsoever. When an employee leaves, HR triggers offboarding. Access gets revoked. There is a process. When a service account is no longer needed, what happens? Nothing. It sits there. I routinely find accounts untouched for six months, twelve months, sometimes three years — all still holding production access. Veza’s research found dormant accounts nearly doubled year over year. Orphaned identities grew 40%. Former employees — 78,000 of them in one dataset — still had active credentials because HR systems flagged them as inactive but nobody revoked their service accounts. These are not theoretical vulnerabilities. These are live credentials waiting for someone to find them. A practical path forward for security leaders
Acknowledging the problem is step one. Fixing it requires treating machine identities with the same governance discipline we finally learned to apply to human users. Based on what I have seen actually work, here is where I would focus.
Build a real inventory. You cannot protect what you cannot see. Before anything else, discover every non-human identity in your environment. Every service account across your cloud platforms. Every API key in your applications. Every secret in your vaults, config files, CI/CD pipelines. Every third-party integration with access to your systems. Most organisations I work with drastically underestimate their footprint. The actual number is typically three to five times what teams expect. This cannot be a manual exercise or an annual audit. Identities are created faster than humans can count them. Automate discovery and make it continuous. Enforce least privilege without exceptions. Every NHI needs to be scoped to the minimum access required for its function. Yes, this takes work. Yes, developers will push back. Do it anyway. Start with new deployments and make least privilege the default from day one. For existing accounts, compare assigned permissions against actual usage patterns. You will find plenty of accounts with broad access that only ever touch one or two resources. Those are quick wins. Require security approval before any NHI gets elevated privileges. Make it a gate, not a suggestion. Eliminate static credentials wherever possible. Long-lived secrets are the root cause behind most NHI breaches. The goal should be eliminating them entirely. Replace permanent API keys with short-lived tokens that expire automatically. Implement just-in-time access that grants permissions for a specific task and revokes them immediately after. Automate credential rotation on a defined schedule — weekly, daily, even hourly for sensitive systems. Research shows 71% of non-human identities are not rotated within recommended timeframes. Every day a credential sits unchanged is another day an attacker could be using it without detection. The security industry is converging on a clear consensus for 2026: machine identities will become the primary breach vector in cloud environments. Tenable predicts it. Delinea predicts it. One Identity predicts it. Attackers already know that compromising a service account is often easier and quieter than targeting humans. They are not breaking down doors anymore. They are walking through the ones we forgot to lock.
The organisations that get ahead of this threat will be the ones treating their non-human identities with the same seriousness they apply to their executive accounts. Full visibility. Strict governance. No exceptions. The ones who keep treating NHIs as an afterthought will be the ones explaining to their boards how a forgotten service account from a cancelled project brought down the house.
We locked the front door years ago. It has been a long time since we secured the back.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?

View the full article

• 0 comments
• 35 views

CSOonline

February 2Feb 2

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hostingView the full article

• 0 comments
• 32 views

Hacker News

February 2Feb 2

Deutschland und Israel trainieren Abwehr von Cyberangriff

Deutschland und Israel trainieren Abwehr von Cyberangriff

BMI/ Laurin Schmid
Deutschland und Israel haben nach Angaben des Bundesinnenministeriums erstmals gemeinsam die Abwehr eines schweren Cyberangriffs trainiert. Die Übung mit dem Namen “Blue Horizon” war demnach der erste konkrete Schritt aus dem Cyber- und Sicherheitspakt, den Bundesinnenminister Alexander Dobrindt (CSU) und Israels Ministerpräsident Benjamin Netanjahu kürzlich vereinbart hatten.
“Cyberdome” soll vor Angriffen schützen
Der Pakt sieht unter anderem eine enge Vernetzung der Sicherheitsbehörden beider Länder sowie eine noch engere Kooperation in den Bereichen Cyberkriminalität, Künstliche Intelligenz (KI) und Drohnenabwehr vor.
Bei der Übung sollten sich Experten beider Seiten laut Innenministerium besser kennenlernen. Kern der Zusammenarbeit ist demnach der Aufbau eines deutschen “Cyberdomes”, angelehnt an das israelische Modell. 
Israel hat Erfahrung mit Cyberangriffen
Der “Cyberdome” ist israelischen Angaben zufolge ein Verteidigungssystem, das unterschiedliche Daten zusammenführt und mit Hilfe von Künstlicher Intelligenz Schwachstellen oder auch Bedrohungen im Netz erkennt. Organisationen können auf diese Weise frühzeitig vor möglichen Hackerangriffen gewarnt werden.
Israel gilt als Vorreiter im Bereich Cybersicherheit. Die oftmals iranischen Cyberattacken zielen Experten zufolge darauf, Israels Infrastruktur zu sabotieren, Daten zu sammeln sowie Falschnachrichten zu verbreiten. Israel arbeitet mit mehreren Verbündeten zusammen, um solche Angriffe abzuwehren. (dpa/jm)

View the full article

• 0 comments
• 32 views

CSOonline

February 2Feb 2

Deutschland und Israel trainieren Abwehr von Cyberangriff

Deutschland und Israel trainieren Abwehr von Cyberangriff

BMI/ Laurin Schmid
Deutschland und Israel haben nach Angaben des Bundesinnenministeriums erstmals gemeinsam die Abwehr eines schweren Cyberangriffs trainiert. Die Übung mit dem Namen “Blue Horizon” war demnach der erste konkrete Schritt aus dem Cyber- und Sicherheitspakt, den Bundesinnenminister Alexander Dobrindt (CSU) und Israels Ministerpräsident Benjamin Netanjahu kürzlich vereinbart hatten.
“Cyberdome” soll vor Angriffen schützen
Der Pakt sieht unter anderem eine enge Vernetzung der Sicherheitsbehörden beider Länder sowie eine noch engere Kooperation in den Bereichen Cyberkriminalität, Künstliche Intelligenz (KI) und Drohnenabwehr vor.
Bei der Übung sollten sich Experten beider Seiten laut Innenministerium besser kennenlernen. Kern der Zusammenarbeit ist demnach der Aufbau eines deutschen “Cyberdomes”, angelehnt an das israelische Modell. 
Israel hat Erfahrung mit Cyberangriffen
Der “Cyberdome” ist israelischen Angaben zufolge ein Verteidigungssystem, das unterschiedliche Daten zusammenführt und mit Hilfe von Künstlicher Intelligenz Schwachstellen oder auch Bedrohungen im Netz erkennt. Organisationen können auf diese Weise frühzeitig vor möglichen Hackerangriffen gewarnt werden.
Israel gilt als Vorreiter im Bereich Cybersicherheit. Die oftmals iranischen Cyberattacken zielen Experten zufolge darauf, Israels Infrastruktur zu sabotieren, Daten zu sammeln sowie Falschnachrichten zu verbreiten. Israel arbeitet mit mehreren Verbündeten zusammen, um solche Angriffe abzuwehren. (dpa/jm)

View the full article

• 0 comments
• 29 views

CSOonline

February 2Feb 2

CSO Barry Hensley on staying a step ahead of the cyber threat landscape

CSO Barry Hensley on staying a step ahead of the cyber threat landscape

IT security was a critical element of retired US Col. Barry Hensley’s 24-year military career as an Army Signal Officer, as he was often responsible for the engineering and installation of “military networks, whether in garrison or in support of combat troops deployed.”
“The pinnacle of my military career was working with an elite group of cyber forces with the ultimate mission to operate and defend the military’s global communications network,” Hensley tells CSO. “It was during this period that I realized the severity of cybersecurity issues facing this [US] nation, and I wanted to commit my professional career to be part of the solution while continuing to fight the good fight.”
Today, Hensley is the CSO of Brown & Brown, a global insurance brokerage, with the goal to help clients safeguard what matters most to them.
CSO spoke to Barry Hensley about cybersecurity in the insurance industry, how to keep cyber professionals inspired, and more.
How do organizations today perceive cybersecurity?
Hensley: The awareness of cybersecurity risks is more consistent across industry today; but the degree of required call to action often varies greatly. Cybersecurity is foundational to any organization, especially where customer confidence and trust are essential. And part of that trust includes the security of the networks, the data, and the services we provide.
It was not that long ago that organizations did not believe the risks were real or relevant to them. Times have changed as more organizations have either experienced a significant incident firsthand or have seen enough third- and fourth-party breach notifications to take up arms. All these events drive awareness and give credibility to the threats and associated risks. However, there is still a challenge in establishing an appropriate risk tolerance that drives the right investments in effective security controls, especially for budget constrained organizations.
We also cannot forget the rise of government intervention and fines and other regulatory actions related to cybersecurity events that will influence those perceptions.
What specific security risks are you facing in the insurance industry today?
Threat actors today have a common theme, and that’s how they capitalize on their access. So, personally, I do not over-index on the vertical specific threats; it’s really about the data or access those organizations possess and its perceived value. Specific to the insurance industry, there may be information collected to inform a claim or policy that a threat actor might determine valuable even if it only refines their targeting efforts of others.
However, we also cannot wish away the “idealist” or “ideologically motivated” threat actors that target the insurance industry because of historical misconceptions or animosity toward the industry.
Specific to ransomware, threat actors are likely to target organizations that have a high likelihood of paying or be exploited. So, it’s as much about the data those organizations possess, not necessarily the industry verticals themselves, and the maturity of their security program. Threat actors want to expend the least number of resources for the highest return on investment, so they often target low-hanging fruit, which are, in many cases, the least mature security programs.
Do you see your cybersecurity strategy changing in the next few years?
Our strategy remains the same: focused security investments aligned to our risk tolerance, staying a step ahead of an increasingly active threat landscape. An example is the adoption of artificial intelligence hacking tools, clearly an illustration of the need to adapt. The question is, How do our security teams combat this advancement with our own AI strategy? How do we leverage AI to carry out those commodity tasks while unleashing our human teammates to focus on business context as it relates to the overall risk reduction and prioritization of training those AI models?
So, imagine an AI security workforce that is led by human security subject-matter experts ensuring we have appropriate defenses at the right time and right place. An example would be conducting continuous penetration testing to find the gaps in our defenses that might otherwise go unnoticed.
We do see the evolution of third- and fourth-party risk management, especially in how we validate our security partner’s maturity and resilience. The evolution of risk is partly based on third and fourth parties swapping their underlying technologies to reduce cost or increase efficiencies that a customer has little to no understanding of the risks that might expose. So, for the security functions we’re going to provide internally, we’ll focus on the basics and do them well. With the controls/functions we outsource, we must reimagine not only how we verify our partner environments but how do we actively participate to improve their security programs as well as ours.
We cannot forget that much of cybersecurity is about doing the basics brilliantly. And in this case, those basics of building and securing an infrastructure that will still be leveraged for years to come.
What do you do to retain cybersecurity professionals?
Leadership is about how you inspire people to achieve or accomplish a shared vision beyond what they ever expected they could do. Leaders must first understand teammates’ passions and relevant skills to align them to achieve business goals. Getting their buy-in is key while clearly articulating where they fit in the overall vision.
At Brown & Brown, we help others protect what is most valuable to them. To retain our top talent, we make sure our teammates understand where they fit into that mission. Our success story is based upon earning people’s business every day, and ensuring that our environment, networks, and data are secure is critical to building and retaining that trust. We need to demonstrate to our teammates just how integral they are to maintaining that trust in our customer relationships. We want them to wake up every day knowing that they play an important role not only in our security program, but also the broader Brown & Brown ecosystem.
At Brown & Brown, we put the teammate first, as their expertise will always be a key differentiator.
What are you most proud of?
I am most proud of the inspiring team of security professionals that I work with each day. They always put the team before themselves, strive to be the very best at what they do, and always go the extra mile to ensure the security and protection of their teammates and the organization. I am truly blessed to be part of an amazing team whose work ethic and commitment to excellence are unparalleled in my experience.
Are there any questions CISOs should be asking themselves?
Are we assessing the most relevant risks, rather than the risks of yesterday? And, because we can get so wrapped up in the playbook that we ran in our last organization, how do we ensure the current playbook is relevant to the organization at hand? An example would be how much time we focus on phishing training, which burdens our teammates to be the first line of defense, where we could instead leverage anomaly-based detection to automate the detection and response actions.
What are the biggest security challenges cybersecurity leaders are facing right now?
Hensley: In this business, there is no single biggest challenge, but multiple, ever-evolving challenges that compete for our attention.
A shared challenge across the entire cybersecurity community is having to be right 100% of the time in a world where threat actors are so agile, innovative, well-resourced, and advantaged with the element of surprise. Cybersecurity professionals also struggle with prioritizing their efforts while providing innovative solutions for their enterprises. Every cybersecurity leader must wrestle with the risks posed by new technologies; AI being just one of many.
While there is no absolute “right” answer to the risk question, the age-old formula of mitigating threats against your most critical assets holds firm. Security teams have an ongoing mission to identify weaknesses, assess the likelihood of exploitation, and determine the resulting impact on the business. It’s a difficult but necessary step in the risk versus reward trade-off.
What keeps you up at night?
Hensley: The unknown. As I shared above, cybersecurity professionals must be right 100% of the time, while threat actors only need to exploit one unknown or unmitigated vulnerability, or take advantage of a single user with privileged access. Our risk modeling should invest in effective security controls to minimize the unknown threats as much as possible against our most critical assets.
View the full article

• 0 comments
• 33 views

CSOonline

February 2Feb 2

When responsible disclosure becomes unpaid labor

When responsible disclosure becomes unpaid labor

Responsible disclosure is built on an assumption that “doing the right thing” will be met with timely action, fair treatment, and professional respect, if not a bounty award. Increasingly, that assumption is failing. And when it does, organizations alienate researchers and create regulatory, legal, and reputational risk.
Over the past few years, security researchers have found themselves waiting months, sometimes more than a year, for companies to acknowledge responsibly disclosed vulnerabilities, even as the same flaws quietly put customers at risk. In several cases, frustration over silence, disputed severity assessments, or shifting scope boundaries pushed researchers toward public disclosure, legal escalation, or questionable behavior companies later characterized as extortion.
As vulnerability reporting becomes slower, more bureaucratic, and less rewarding, the line between cooperative research and adversarial pressure is blurring. For CISOs, this is no longer an ethics debate. It is a governance and risk-management problem.
A recent flashpoint
Most recently, the React2Shell vulnerability (CVE-2025-55182) illustrated how responsible disclosure can work when the right structures are in place. The flaw was privately reported to the React maintainers on 29 November 2025. The disclosure triggered a coordinated response involving the React team, Next.js maintainers at Vercel, and major cloud providers including Amazon Web Services (AWS) and Cloudflare, allowing patches to be developed and tested ahead of public disclosure.
Despite the prompt acknowledgment and remediation efforts, the vulnerability was quickly exploited in the wild. Responsibility for mitigation was effectively distributed across maintainers, framework integrators, and downstream users. Because React sits at the core of the modern web stack, the flaw rippled across development and security teams globally, highlighting how even well-handled disclosures can still produce widespread operational risk.
React benefits from strong institutional support through the React Foundation and backing from multiple large technology companies. That support enables coordinated fixes, communication, and sustained maintenance.
The more difficult question is what happens when a researcher uncovers a similarly critical flaw in a widely used open-source project that has no corporate backing, no formal security team, and no bounty program?
In those cases, exploitation is clearly unethical, but reporting the issue often means unpaid labor with uncertain outcomes. The dilemma raised in practitioner circles after React2Shell was not about this specific incident, but about the broader incentive gap. If responsible disclosure offers neither compensation nor assurance of timely action, what realistically motivates researchers to continue doing the right thing?
The question resonated not because it’s new, but rather that it reflects a growing disconnect between how vulnerability disclosure is supposed to function and how it increasingly does in practice.
Enter the gray zone of ethical disclosure
The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.
Silent treatment and severity warfare: Researchers submit detailed reports and receive no response for months, or face disputes over CVE scope and CVSS scoring that turn technical discussions into negotiations. Researchers feel compelled to defend impact claims aggressively and to be taken seriously, while vendors push back against what they view as inflated risk. In some cases, bounty hunters preemptively elevate severity, anticipating resistance and delays.
Process as denial of service: Automated scanners, AI-assisted fuzzing, and largely theoretical bugs increasingly flood maintainers and security teams with low-signal reports — a dynamic repeatedly highlighted by Daniel Stenberg, the founder of the cURL project. As a defensive response, maintainers demand ever more concrete proof of exploitability, raising the threshold for engagement even for legitimate findings. In some cases, projects begin questioning whether bug bounties meaningfully improve security, or simply externalize triage cost under the guise of incentives.
Coercive escalation: Finally, when established disclosure channels appear unresponsive or dismissive, some researchers resort to public pressure, legal threats, or ethically ambiguous demonstrations to force action.
Each of these failure modes seems rational in isolation. Together, they erode trust and steadily push responsible disclosure toward a more adversarial posture.
Case studies from the fault line
In 2025, a responsibly reported email spoofing flaw affecting a major delivery platform was deemed out of scope, triggering a dispute over severity and impact. The underlying issue was not whether the bug existed, but whether it crossed the organization’s internal threshold defining risk. The disclosure process stalled, and frustration escalated on both sides, with the vulnerability reporter barred from the bug bounty program over advances the company saw as extortion.
A similar pattern appeared at a ride hailing company, where multiple researchers independently reported a flaw that allowed emails to be sent appearing to originate from the company’s domain. Despite clear reproduction steps and repeated follow-ups, the reports went unanswered for more than a year. Ethical disclosure was met not with remediation, but with silence.
Elsewhere, disputes have emerged over overlapping CVE claims, with multiple parties arguing over attribution for the same underlying issue. What is meant to be a coordination mechanism instead became a contest for recognition, further distorting narratives.
More troubling are cases where researchers crossed ethical boundaries entirely. For example, hijacking open-source libraries to harvest cloud credentials, or taking control of legitimate packages to embed job application messages, compromising downstream users in the process. Such actions are indefensible but are best understood as symptoms of a disclosure ecosystem that increasingly rewards escalation, visibility, or leverage over patience and cooperation.
Why is this happening now?
It would be easy to frame these disputes as a breakdown in professional norms, but what is happening beneath the surface is the convergence of several structural forces.
Vulnerability report volume has surged. Automated scanners and AI-driven fuzzing tools now generate vast numbers of technically valid but operationally irrelevant findings. Maintainers and security teams are forced to triage at scale, often under significant time and resource constraints.
At the same time, compliance pressures have hardened organizational responses. Once a CVE is reported, it is often treated as a problem by default, before context or exploitability is assessed. High severity scores can trigger build failures, audits, or executive escalation regardless of practical impact — a common frustration for developers using SCA tools that block builds over edge cases that ultimately need to be ignored or waived.
CVSS scoring itself is mechanically calculated and intentionally environment-agnostic, meaning low-impact edge cases can score similarly to actively exploited flaws, contributing to alert fatigue and skepticism.
Finally, open source infrastructure remains structurally underfunded. Many critical components are maintained by a small number of individuals with no obligation, or capacity, to absorb the operational cost imposed by global dependency chains.
In this environment, demanding proof of real-world impact is a form of noise control, rather than hostility. That seemingly reasonable demand, however, has downstream consequences.
When proof becomes unpaid consulting
In many disputes, disclosure breaks down not because a vulnerability does not exist, but because proving its real-world impact requires environment-specific analysis that neither side budgeted for.
Researchers are asked to build realistic PoCs, demonstrate exploit chains, or validate assumptions across configurations they do not control. Maintainers are asked to reason about downstream usage patterns far beyond their original design scope. Both are performing system-level analysis without compensation.
Maintainers are justified in pushing back against low-signal reports. Researchers are justified in feeling that the bar for engagement keeps rising. The system offers no obvious place to send the cost.
Why should CISOs care and what can they do?
For cybersecurity leaders, the implications are concrete.
When disclosure channels are perceived as slow, dismissive, or adversarial, researchers disengage. Some go quiet. Others escalate publicly. A few take ethically questionable paths. None of these outcomes improve security posture.
In practice, most of the levers that determine these outcomes sit with software vendors, platform providers, and open-source stewards. In those environments, CISOs oversee product security incident response teams (PSIRTs), vulnerability intake, disclosure timelines, and researcher engagement. This is where incentives are set, researcher experience is shaped, and triage decisions determine whether cooperation compounds or collapses.
For CISOs operating in vendor, platform, and open-source environments, there is no single fix. Outcomes improve materially when disclosure is treated as an operational function rather than a moral expectation.
Practical steps that CISOs in this space can take include:
Establish and honor service-level expectations for acknowledgement and triage, even when fixes take time. Assign clear ownership for the researcher experience, not just vulnerability intake. Publish severity triage criteria and document rationale when disagreeing with reports. Avoid treating CVSS scores as deployment gates without environmental context. Use third-party disclosure programs or coordinators to absorb overflow and reduce friction. Offer meaningful non-cash recognition where bounties are not feasible. Commit to upstreaming fixes when patching dependencies internally. Provide legal safe harbor language for good faith testing to reduce adversarial escalation. Fund the open-source dependencies your organization relies on, whether through sponsorship, contracts, or consortiums. Be explicit about what level of proof is expected and what isn’t. None of these steps require endorsing exploit sales or paying ransoms for vulnerabilities. They require acknowledging that ethical behavior does not scale on goodwill alone.
For CISOs in healthcare, finance, education, and other consuming organizations, the risk manifests differently but no less acutely. When disclosure breaks down upstream, it surfaces downstream as delayed patches, brittle compensating controls, and security decisions driven by incomplete or distorted signals.
Left unaddressed, those gaps can become governance failures. Organizations may be unable to explain why known vulnerabilities remained unpatched, why risk signals were discounted, or why vendor assurances were accepted without scrutiny.
Enterprise CISOs influence this system through procurement requirements, vendor accountability, and how rigorously vulnerability data is contextualized before triggering disruption. Treating disclosure quality as a third-party risk factor is no longer optional.

View the full article

• 0 comments
• 35 views

CSOonline

February 2Feb 2

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterpriseView the full article

• 0 comments
• 27 views

Hacker News

February 2Feb 2

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWormView the full article

• 0 comments
• 38 views

Hacker News

February 2Feb 2

Apple May Break a 12-Year Chip Strategy

Apple May Break a 12-Year Chip Strategy

TSMC has been the exclusive supplier of Apple's systems-on-a-chip since 2014, but that 12-year streak could be nearing its end.


According to The Wall Street Journal, Apple is exploring whether some of its lower-end processors could be manufactured by a company other than TSMC.

"Now that TSMC is doing more business with Nvidia and other AI companies, people with knowledge of the chip supply chain said Apple was exploring whether some lower-end processors could be made by someone other than TSMC," the report said.

The report did not mention any candidates, but previous rumors have indicated that Intel could begin supplying some lower-end Apple processors in 2027 or 2028.

A few months ago, GF Securities analyst Jeff Pu said that he expected Intel to reach a chip supply deal with Apple for at least some non-pro iPhone models starting in 2028. Based on that timeframe, Intel could supply Apple with at least a portion of A21 or A22 chips for future iPhone models, if the companies agree to a partnership.

Apple's return to Intel might also involve some Mac and iPad chips. Last year, Tianfeng Securities analyst Ming-Chi Kuo said he expected Intel to begin shipping Apple's lowest-end M-series chip for select Mac and iPad models as early as mid-2027. For this, Kuo said Apple planned to utilize Intel's 18A process. He did not mention the iPhone.

There is no indication that Intel would play a role in designing the iPhone chips, with its involvement expected to be strictly limited to fabrication. That would differ from the era of Intel Macs, which used Intel-designed processors with x86 architecture. Apple began transitioning away from Intel processors in Macs in 2020.

Intel would help Apple diversify its supply chain, which could come at a pivotal time, as Nvidia has reportedly surpassed Apple as TSMC's largest customer amid rising competition for NAND memory and RAM chip supply for AI servers.

TSMC is not the only chip supplier seeing increased demand amid the AI server boom, as Samsung and SK Hynix have both gained enough leverage to demand Apple pay more for RAM chips, according to The Wall Street Journal's supply chain sources.

On an earnings call last week, Apple CEO Tim Cook said that rising memory chip prices had a "minimal impact" on Apple's gross margin last quarter, but he does expect a "bit more of an impact" on the company's gross margin in the current quarter. He said Apple "will look at a range of options to deal with that" as necessary.

Apple reported record-breaking revenue of $143.8 billion last quarter, up 16% year-over-year, and it is predicting similar 13% to 16% year-over-year growth and gross margin of 48% to 49% in the current quarter, so the company is still reporting impressive earnings results despite concerns surrounding memory chip prices.

Apple analyst Ming-Chi Kuo does not expect price increases for the iPhone 18 lineup.Tags: The Wall Street Journal, TSMC
This article, "Apple May Break a 12-Year Chip Strategy" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

February 2Feb 2

Das nächste große Security-Schlachtfeld

Das nächste große Security-Schlachtfeld

Gorodenkoff | shutterstock.com
In den letzten Jahren hat künstliche Intelligenz (KI) ihre Tentakel über die globale Technologielandschaft ausgebreitet. Das verdeutlicht unter anderem auch der zunehmende Einsatz von Automatisierung und autonomen Technologien in diversen Branchen und Sektoren. Und während die Welt noch mit dem Impact der KI ringt, steht mit Quantencomputing bereits das “next big thing” in den Startlöchern. Das Aufeinandertreffen dieser beiden Technologien verspricht, der nächste große technologische Schauplatz zu werden. Dieser könnte nicht nur Computing und Cybersicherheit, sondern sogar geopolitische Machtstrukturen entscheidend prägen.
Denn während KI-Algorithmen dafür bekannt sind, Muster zu erkennen und aus den ihnen zugeführten Daten zu lernen, versprechen Quantencomputer, mehrere Wege gleichzeitig zu erkunden. Das legt nahe, dass mit der Technologie eine Revolution in Sachen Datenverarbeitung bevorsteht. Anstelle von Bits (0en und 1en), wie sie von KI-Systemen verwendet werden, nutzen Quantencomputer Qubits, die dank der Prinzipien der Superposition und Verschränkung gleichzeitig in mehreren Zuständen existieren können. So verspricht ein gut konzipiertes Quantensystem, Probleme in Mikrosekunden zu lösen, für die konventionelle Computer Jahre benötigen würden. Das könnte beispielsweise dazu beitragen, künftig manipulationssichere Kommunikationsinfrastrukturen zu etablieren – Stichwort Quantum Key Distribution (QKD).
KI trifft Quantum Computing – ein zweischneidiges Schwert
Je mehr Daten in einen KI-Algorithmus einfließen, desto besser sind im Regelfall die Ergebnisse. Besonders großangelegte KI-Systeme wie ChatGPT oder DeepMind AlphaFold haben jedoch regelmäßig mit den Grenzen zu kämpfen, die ihre zugrundeliegende Hardware aufwirft. Mit Quantencomputern würden sich diese Limitationen in Luft auflösen: Sie nutzen Quantum Machine Learning (QML), um etwa Muster zu erkennen oder Simulationen zu optimieren. Darüber hinaus macht das Konzept des QML-Trainings es sehr wahrscheinlich auch überflüssig, Echtzeit-Trainingsdaten über riesige Rechenzentren bereitzustellen. In der Praxis wird die Kapazität von Quantencomputern Ergebnisse in Mikrosekunden liefern. Das macht etwa globale Echtzeit-Klimasysteme und Real-Time-Finanzmarktsimulationen möglich.
Doch die schöne neue Quanten-Zukunft hat auch eine dunkle Seite: Schließlich kann die Technologie auch von Cyberkriminellen als Waffe instrumentalisiert werden. Mit den resultierenden, quantengestützten Cyberbedrohungen könnten aktuelle Verschlüsselungsverfahren wie ECC, RSA oder AES ausgehebelt werden – wobei die beiden erstgenannten etwa von Finanzinstituten genutzt werden, um Online-Transaktionen abzusichern. 
Würden diese Encryption-Methoden kompromittiert, wäre die Vertraulichkeit verschlüsselter Daten passé. Der Tag, an dem es dazu kommt, bezeichnet man auch als „Q-Day“. Und es lauern noch weitere, quantengestützte Gefahren. So könnten Cyberkriminelle die Technologie etwa auch einsetzen, um:
Passwörter zu knacken, digitale Zertifikate zu fälschen, oder Deepfakes von KI-Systemen zu erstellen. Der Weg in die Quanten-Zukunft
Sowohl Unternehmen als auch Regierungsinstitutionen, bereiten sich bereits auf den Q-Day vor. Das britische National Cyber Security Centre (NCSC) verfolgt etwa einen stufenweisen Ansatz, um bis zum Jahr 2035 sämtliche seiner Systeme entsprechend zu härten. In den USA soll die Umstellung der nationalen Sicherheitssysteme ähnlich laufen – hier ist 2030 das Ziel. Diese Bemühungen sind ein proaktiver Verteidigungsansatz, der darauf fokussiert, quantenresistente Verschlüsselungsmodelle und adaptive Cybersicherheitsrichtlinien zu entwickeln, die die Sicherheit kryptografischer Schlüssel im nahenden Quantenzeitalter gewährleisten können.
Weil auch Quanten-Systeme auf Wahrscheinlichkeiten basieren und nicht auf Gewissheiten, besteht die Herausforderung für diejenigen, die diese Innovationen entwickeln, nicht nur darin, die schnellsten und effizientesten Kombinationsmöglichkeiten von KI- und Quantensystemen aufzutun. Es geht dabei auch und insbesondere um das Thema Trust. Dieses Vertrauen müsste in Form von Cybersecurity Frameworks und -Regulierungen aufgebaut werden, die die Sicherheit, Transparenz und Governance optimieren. Das kann auch dazu beitragen, die Themenfelder Post-Quanten-Kryptografie, KI-Audits, Observability und Ethik anzugehen, die die Grundlage für widerstandsfähige digitale Ökosysteme bilden werden.
Auch wenn KI und Quantencomputing die menschliche Intelligenz nicht ersetzen werden, werden ihre Spuren in nicht allzu ferner Zukunft überall zu sehen sein. Die eigentliche Frage ist dabei jedoch, ob sich unsere Gesellschaft an das Tempo dieser technologischen Entwicklungen anpassen kann – bevor sie von ihr beherrscht wird. Trotz aller positiven Aussichten ist die Gefahr groß, dass die Kombination aus Quantum Computing und KI die Grundlagen des digitalen Vertrauens und der Privatsphäre, auf denen moderne Gesellschaften beruhen, untergraben. Und angesichts des immer näher rückenden Q-Day steigt auch die Dringlichkeit, sich auf die Post-Quanten-Welt vorzubereiten.
Für Unternehmen, Regierungen und Cybersicherheitsexperten heißt das in erster Linie, über die Innovation und den technologischen Fortschritt, den die Technologien mit sich bringen, hinauszublicken und die Resilienz in den Fokus zu nehmen. Das wird massive Investitionen erfordern, um ethische KI-Governance, Regulierungsrahmen und Vorschriften sowie Post-Quanten-Kryptografie-Standards in bestehenden Systemen zu fördern. (fm)
Dieser Beitrag wurde im Rahmen des englischsprachigen Experten-Netzwerks von Foundry veröffentlicht.
View the full article

• 0 comments
• 84 views

CSOonline

February 2Feb 2

Enterprise Spotlight: Manufacturing Reimagined

Enterprise Spotlight: Manufacturing Reimagined

View the full article

• 0 comments
• 37 views

CSOonline

February 1Feb 1

Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year

Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year

Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly nine months later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon.


In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. At the time, it said CarPlay Ultra would begin expanding to more vehicles around the world "in the next 12 months."

In his Power On newsletter today, Bloomberg's Mark Gurman said he was told that CarPlay Ultra will come to at least one major new Hyundai or Kia vehicle model "in the second half of this year." It is unclear if he is referring to Hyundai's upcoming IONIQ 3, as previously reported, or if it will be a different model.

CarPlay Ultra features deeper integration with a vehicle's instrument cluster and systems, built-in apps for radio and climate controls, rear-view camera feed support, and more. The connected iPhone provides app-related data, while the vehicle provides information like the current speed, fuel level, tire pressure, engine temperature, and more.

The interface is tailored to each vehicle model and automaker's identity, and drivers can choose from various preset design options.

BMW, Ford, and Rivian are among the brands that have publicly downplayed CarPlay Ultra, while General Motors controversially ditched the regular version of CarPlay in its new electric vehicles, so it is likely to pass on CarPlay Ultra too. That means vehicles from brands like Chevrolet, Cadillac, and GMC are likely out of the running.

It is improbable that Tesla would offer CarPlay Ultra either, but it is reportedly working on offering the regular version of CarPlay in a major pivot.

Related Roundup: CarPlayTags: CarPlay Ultra, Mark GurmanRelated Forum: HomePod, HomeKit, CarPlay, Home & Auto Technology
This article, "Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

February 1Feb 1

Apple's Foldable iPhone Rumored to Feature Unrivaled Battery Life

Apple's Foldable iPhone Rumored to Feature Unrivaled Battery Life

Apple's first foldable could feature the biggest ever iPhone battery and eclipse rival devices, according to a known leaker.


In a new post, the Weibo user known as "Fixed Focus Digital" says that the foldable's battery could be over 5,500 mAh in size, which would make it the largest capacity of any current or previous ‌iPhone‌. The iPhone 17 Pro Max has the biggest ‌iPhone‌ battery to date at 5,088 mAh.

Competing foldables already on the market feature a noticeably smaller battery than the rumored size. The Google Pixel 10 Pro Fold has a battery capacity of 5,015 mAh, while the Samsung Galaxy Z Fold 7 has a 4,400 mAh battery. As a result, any foldable smartphone from Apple with a battery over 5,500 mAh in size would be class-leading.

Last year, the leaker known as "yeux1122" said that Apple was testing a battery for the device in the 5,400–5,800 mAh range, citing supply chain sources. A March report from the same Korean account claimed that Apple has placed a heavy focus on improving power efficiency while slimming down key components of its foldable ‌iPhone‌, with battery life said to be a key priority for the company. Separately, Apple analyst Ming-Chi Kuo said the device will use high-density cells to deliver superior battery life.

Apple's first foldable ‌iPhone‌ is rumored to feature a 7.8-inch crease-free inner display, a 5.5-inch cover display, Touch ID, two rear cameras, the A20 chip, and the "C2" modem. It is expected to launch alongside the iPhone 18 Pro and ‌iPhone 18‌ Pro Max later this year. Tags: Battery Life, Fixed Focus Digital, Foldable iPhone
This article, "Apple's Foldable iPhone Rumored to Feature Unrivaled Battery Life" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

February 1Feb 1

Apple is Exploring an 'iPhone Flip' as Follow-Up to Foldable iPhone

Apple is Exploring an 'iPhone Flip' as Follow-Up to Foldable iPhone

Apple is "exploring" the idea of a foldable iPhone with a "square, clamshell-style" design, according to Bloomberg's Mark Gurman.


A so-called "iPhone Flip" — unlikely to be the real name — would compete with devices such as Samsung's Galaxy Z Flip 7 and the modern-day Motorola Razr.

The clamshell iPhone would be released at some point after Apple's first foldable iPhone, which is expected to launch in September this year. The first foldable iPhone is expected to open up like a book, similar to Samsung's Galaxy Z Fold 7.


"Apple is betting that its first foldable iPhone will be successful enough to generate real demand for the category and that customers will want additional shapes and sizes, much as they have with traditional slab-style iPhones," said Gurman. Nevertheless, he said a clamshell iPhone is "far from guaranteed to reach the market."

The book-like foldable iPhone will reportedly be equipped with a 7.7-inch inner display, and a 5.3-inch outer display. The device is also rumored to feature two rear cameras, one front camera, and a Touch ID button instead of Face ID.

Tag: Mark Gurman
This article, "Apple is Exploring an 'iPhone Flip' as Follow-Up to Foldable iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

February 1Feb 1

Apple Watch Series 11 Hits $299 Low Price on Amazon, Get $100 Off Nearly Every Aluminum Model

Apple Watch Series 11 Hits $299 Low Price on Amazon, Get $100 Off Nearly Every Aluminum Model

Amazon this weekend has all-time low prices on the Apple Watch Series 11, with $100 discounts across numerous models of the smartwatch. This is only the second time so far in 2026 that we've tracked $100 markdowns on the Series 11, and nearly every aluminum model is on sale right now.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

You can get the 42mm GPS Apple Watch Series 11 for $299.00, down from $399.00, and the 46mm GPS model for $329.00, down from $429.00. On Amazon, you'll find four of the 42mm GPS models on sale at this all-time low price, and four of the 46mm GPS models on sale as well.

$100 OFFApple Watch Series 11 (42mm GPS) for $299.00
$100 OFFApple Watch Series 11 (46mm GPS) for $329.00

If you're shopping for cellular models, you can find record low prices on multiple models this week on Amazon. The 42mm cellular Apple Watch Series 11 has hit $399.00, down from $499.00, and the 46mm cellular model has hit $429.00, down from $529.00.

$100 OFFApple Watch Series 11 (42mm Cell) for $399.00
$100 OFFApple Watch Series 11 (46mm Cell) for $429.00

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Apple Watch Series 11 Hits $299 Low Price on Amazon, Get $100 Off Nearly Every Aluminum Model" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

February 1Feb 1

New MacBook Pros Reportedly Launching Alongside macOS 26.3

New MacBook Pros Reportedly Launching Alongside macOS 26.3

Apple is planning to launch new MacBook Pro models with M5 Pro and M5 Max chips alongside macOS 26.3, according to Bloomberg's Mark Gurman.


"A new MacBook Pro is planned for the macOS 26.3 release cycle," wrote Gurman, in the intro to his Power On newsletter today. We are still waiting for the full newsletter, so this post will be updated when more details are available.

macOS 26.3 remains in beta testing, but the update is coming soon, with a release to the general public expected in February. That means the MacBook Pro models with M5 Pro and M5 Max chips should launch this month, if Gurman is accurate.

In October, AppleInsider's Marko Zivkovic was first to report that the MacBook Pro models with M5 Pro and M5 Max chips were "expected to ship with macOS 26.3," so this rumor has now been shared by multiple sources.

More details to follow…

Related Roundups: MacBook Pro, macOS TahoeTag: Mark GurmanBuyer's Guide: MacBook Pro (Caution)Related Forums: MacBook Pro, macOS Tahoe
This article, "New MacBook Pros Reportedly Launching Alongside macOS 26.3" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

February 1Feb 1

Im Fokus: Emerging Technologies

Im Fokus: Emerging Technologies

View the full article

• 0 comments
• 40 views

CSOonline

February 1Feb 1

Apple Changes How You Order a Mac

Apple Changes How You Order a Mac

Apple recently updated its online store with a new ordering process for Macs, including the MacBook Air, MacBook Pro, iMac, Mac mini, Mac Studio, and Mac Pro.


There used to be a handful of standard configurations available for each Mac, but now you must configure a Mac entirely from scratch on a feature-by-feature basis. In other words, ordering a new Mac now works much like ordering an iPad.

This change was first spotted by such as Macworld and the French blog Consomac.


On the MacBook Pro ordering page, for example, you start by choosing a 14-inch or 16-inch display and a color. Next, you have the option to upgrade to a nano-texture display. Then, you choose from the list of M-series chips that are available for the MacBook Pro size that you selected. Finally, you can customize the amount of RAM and SSD storage, choose a power adapter, and choose a keyboard language.

Unfortunately, the MacBook Pro still cannot be configured with an M5 Pro or M5 Max chip, as the wait continues for new models. Hopefully that changes soon!Tag: Apple Store
This article, "Apple Changes How You Order a Mac" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 38 views

reporter

January 31Jan 31

Get Up to $149 Off M5 iPad Pro on Amazon This Weekend

Get Up to $149 Off M5 iPad Pro on Amazon This Weekend

Amazon is offering discounts across the M5 iPad Pro lineup this weekend, including both 11-inch and 13-inch models. The highlight this time around is a return of a low price on the 256GB Wi-Fi 11-inch M5 iPad Pro, which is on sale for $899.00, down from $999.00.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Many of the deals in this sale match — or beat — the record low prices we tracked during the holiday season. Amazon provides an estimated delivery date around February 5 for free delivery, but Prime members should see earlier delivery dates in many cases.

$100 OFF11-inch M5 iPad Pro (256GB Wi-Fi) for $899.00
$149 OFF13-inch M5 iPad Pro (256GB Wi-Fi) for $1,149.99

There are fewer 13-inch M5 iPad Pro models on sale this time around, but the ones that are on sale have reached record low prices. You'll find $149 off three Wi-Fi models, with prices starting at $1,149.99 for the 256GB Wi-Fi 13-inch M5 iPad Pro, down from $1,299.00.

11-Inch M5 iPad Pro

256GB Wi-Fi - $899.00 ($100 off)
512GB Wi-Fi - $1,099.00 ($100 off)
1TB Wi-Fi - $1,499.99 ($99 off)
1TB Nano-Texture Glass Wi-Fi - $1,576.00 ($123 off)
2TB Wi-Fi - $1,851.00 ($148 off)
2TB Nano-Texture Glass Wi-Fi - $1,999.00 ($100 off)
13-Inch M5 iPad Pro

256GB Wi-Fi - $1,149.99 ($149 off)
512GB Wi-Fi - $1,349.99 ($149 off)
1TB Wi-Fi - $1,749.99 ($149 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get Up to $149 Off M5 iPad Pro on Amazon This Weekend" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 31Jan 31

Apple Check Signed by Steve Jobs Sells for 4,800× Its Original Value

Apple Check Signed by Steve Jobs Sells for 4,800× Its Original Value

RR Auction has announced that an Apple check signed by the company's co-founders Steve Jobs and Steve Wozniak fetched a whopping $2.4 million at auction this week. The check was for $500, meaning that it sold for 4,800× its original value.


According to RR Auction, the $500 check was issued to printed circuit board designer Howard Cantin, shortly after Jobs and Wozniak opened Apple's first bank account. Cantin was responsible for translating Wozniak's Apple-1 schematic into a manufacturable printed circuit board, leading to Apple's first commercial product.

Dated March 16, 1976, the Wells Fargo check is marked "No. 1." It was issued a few weeks before Apple Computer was officially founded on April 1, 1976.

“This is the most important financial document in Apple history," said Bobby Livingston, executive vice president at RR Auction. "It captures Steve Jobs and Steve Wozniak's first true business transaction, and the final result shows that collectors recognized its significance above any other Apple material ever brought to market."Tag: Steve Jobs
This article, "Apple Check Signed by Steve Jobs Sells for 4,800× Its Original Value" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 242 views

reporter

January 31Jan 31

Top Stories: Apple Creator Studio, AirTag 2, and More

Top Stories: Apple Creator Studio, AirTag 2, and More

It was a busy week with Apple's first real launches of 2026, led by the release of the Creator Studio app bundle and the second-generation AirTag.


We also got some rumors about Apple's plans for Mac updates in 2026, timing on the more personalized Siri finally arriving, and a significant acquisition by Apple, so read on below for all the details!

Top Stories

Apple's 'Creator Studio' App Bundle Now Available for $12.99 Per Month

Apple this week launched the new Creator Studio bundle that was initially unveiled earlier this month, providing content creators with access to six Apple apps for $12.99 per month or $129 per year.


Creator Studio includes Final Cut Pro, Logic Pro, and Pixelmator Pro on Mac and iPad, along with Motion, Compressor, and MainStage on the Mac. Final Cut Pro is Apple's video editing software, Logic Pro is for audio editing and creation, and Pixelmator Pro is an image editing app that Apple purchased in 2024.

The Creator Studio bundle unlocks AI features that are not otherwise accessible in these apps, plus it adds new features to free apps like Keynote, Pages, and Numbers, with Freeform coming later.

Be sure to check out our initial hands-on overview if you're thinking about subscribing to the bundle.

Apple Unveils New AirTag With Longer Range, Louder Speaker, and More

Apple this week introduced the second-generation AirTag, with key features including longer range for tracking items and a louder speaker.


The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model, according to Apple. The new AirTag also has an upgraded Bluetooth chip for improved overall range outside of Precision Finding mode.

Apple also introduced this year's Black Unity band for Apple Watch, a Unity Connection Braided Solo Loop featuring the red, green, and black colors of the Pan-African flag.

iPhone 5s Gets New Software Update 13 Years After Launch

Apple released iOS 26.2.1 this week to support the new second-generation AirTag, but the company also released a slew of other iOS updates for older devices that can't run iOS 26. That includes an iOS 12.5.8 update for the iPhone 5s and 6, which is remarkable considering the iPhone 5s will turn 13 years old later this year.


The iOS updates released this week for older devices extend a certificate required for device activation, iMessage, and FaceTime, allowing these aging devices to remain functional for those who are still using them.

Apple Reportedly Aiming to Upgrade the MacBook Pro Twice This Year

Apple plans to release new MacBook Pro, MacBook Air, Mac Studio, and Studio Display models in the first half of this year, according to Bloomberg's Mark Gurman.


In his Power On newsletter this week, Gurman added that redesigned MacBook Pro models with an OLED touch screen "should be hitting toward the end of 2026," meaning that the MacBook Pro line would be upgraded twice this year.

It would be a rare but not unprecedented move for Apple to update the MacBook Pro twice in a year, but while previous rumors had indicated the M6 generation could arrive in either late 2026 or early 2027, Gurman now seems to be leaning more heavily toward the update arriving before the end of this year.

Meanwhile, the wait for the M5 Pro and M5 Max models continues.

Here's When Apple Plans to Unveil a New Siri Powered by Google Gemini

A more personalized version of Siri powered by Google Gemini is expected to be introduced next month, according to Bloomberg's Mark Gurman.


"The company has been planning an announcement of the new Siri in the second half of February, when it will give demonstrations of the functionality," he wrote, in the latest edition of his weekly Power On newsletter.

The interim improvements to Siri will come ahead of a much bigger upgrade to include chatbot functionality and significantly more capabilities in iOS 27, which will be introduced at WWDC in June.

Apple Just Made Its Second-Biggest Acquisition Ever After Beats

Apple has been criticized by some observers for slow-rolling its entry into AI technology, with some suggesting the company needs to make a major acquisition to try to catch up to rivals already establishing themselves in the space.


Apple made a bit of a splash this week with its acquisition of Q.ai, which uses AI to analyze facial expressions to understand "silent speech." It's not nearly a deal on the scale of acquiring one of the major chatbot players, but at a valuation of nearly $2 billion, according to reports, it appears to stand as Apple's second-biggest acquisition ever behind Beats in 2014.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: Apple Creator Studio, AirTag 2, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 31Jan 31

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,View the full article

• 0 comments
• 72 views

Hacker News

January 31Jan 31

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victimView the full article

• 0 comments
• 53 views

Hacker News

January 31Jan 31

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29, 2025. The agency has attributed the attacks toView the full article

• 0 comments
• 55 views

Hacker News

January 31Jan 31

Mastering DevOps Management: Boost Software Delivery Efficiency

Mastering DevOps Management: Boost Software Delivery Efficiency

Introduction
In today’s fast-paced tech environment, managing DevOps processes effectively is crucial to an organization’s success. DevOps managers play a vital role in ensuring smooth collaboration between development and operations teams, driving automation, and improving software delivery pipelines. However, with the rise of cloud computing, agile practices, and continuous integration, there is a growing demand for professionals who can lead this transformation and drive organizational efficiency.
The Certified DevOps Manager (CDM) certification equips professionals with the knowledge and skills required to navigate this complex landscape. This certification ensures that DevOps managers can implement change management, performance tracking, and continuous improvement processes in their teams.
Why this matters: Organizations are increasingly recognizing the need for DevOps managers to bridge the gap between development and operations, improving productivity and efficiency in software delivery.
What Is a DevOps Manager?
A DevOps Manager is a professional who leads the implementation of DevOps practices in an organization. They focus on optimizing the software development lifecycle, driving automation, and fostering collaboration between developers and IT operations. In practical terms, DevOps managers oversee the integration of development and operations teams to improve the flow of software from development to production.
DevOps Managers are responsible for managing cross-functional teams, ensuring alignment with organizational goals, and implementing strategies that enhance productivity, quality, and efficiency. Their role is essential in driving the transformation towards a more agile and collaborative environment in organizations adopting DevOps practices.
Why this matters: As the demand for continuous delivery increases, having a qualified DevOps Manager is crucial for driving efficiency and ensuring smooth operations across the software lifecycle.
Why DevOps Manager Is Important in Modern DevOps & Software Delivery
DevOps is now a core part of modern software delivery processes. It aligns development and operations teams, helping them collaborate and automate tasks that traditionally slowed down the workflow. The role of a DevOps Manager is crucial to this shift, as they not only implement tools and practices but also foster the culture of collaboration required for successful DevOps practices.
DevOps Managers help overcome challenges such as long software delivery times, operational inefficiencies, and poor quality control. They ensure that DevOps tools are effectively implemented, and agile methodologies are adopted, which enhances productivity and software delivery speed.
Why this matters: The role of DevOps Managers is vital in today’s tech industry, where agility and speed are critical to staying competitive.
Core Concepts & Key Components
Continuous Integration and Continuous Delivery (CI/CD)
Purpose: CI/CD ensures that code changes are automatically integrated into a shared repository and then automatically deployed, improving the speed and reliability of software delivery.
How it works: Developers push code changes, which are then automatically tested, integrated, and deployed using CI/CD tools like Jenkins or GitLab.
Where it is used: Commonly used in software development to automate testing and deployment pipelines.
Automation
Purpose: Automation in DevOps aims to reduce manual intervention in software testing, integration, and deployment processes.
How it works: Automation tools such as Ansible, Puppet, and Chef are used to configure and manage infrastructure, ensuring consistency across environments.
Where it is used: Automation is widely adopted in cloud environments and large-scale deployments.
Collaboration and Communication
Purpose: DevOps emphasizes a culture of collaboration between development, operations, and other teams.
How it works: Tools like Slack, Jira, and Microsoft Teams facilitate communication between cross-functional teams.
Where it is used: DevOps culture thrives in agile and cloud-based environments where speed and flexibility are essential.
Continuous Monitoring and Feedback
Purpose: Continuous monitoring ensures that systems are performing well and issues are addressed before they impact users.
How it works: Tools such as Nagios, Prometheus, and New Relic monitor application performance and infrastructure health.
Where it is used: Monitoring is used in all stages of the DevOps lifecycle, particularly during production.
Why this matters: The key components of DevOps, such as CI/CD and automation, ensure faster, more reliable software delivery, making the role of a DevOps Manager essential for implementing these practices.
How DevOps Manager Works (Step-by-Step Workflow)
Assessment of Current Processes: The DevOps Manager begins by assessing the current workflows, identifying bottlenecks, and determining areas for improvement. Tool Selection and Integration: After identifying gaps, the DevOps Manager selects and integrates the right DevOps tools for CI/CD, version control, and testing. Team Collaboration: They facilitate collaboration between developers, operations teams, and other stakeholders, ensuring alignment with project goals. Implementation of Automation: DevOps Managers drive automation efforts across testing, deployment, and monitoring to ensure consistency and reliability. Continuous Improvement: After initial implementation, the DevOps Manager focuses on monitoring and refining processes to improve performance continually. Why this matters: The step-by-step workflow of a DevOps Manager ensures that the entire DevOps lifecycle is optimized, which directly contributes to faster and more efficient software delivery.
Real-World Use Cases & Scenarios
DevOps Managers play a key role in various industries, especially in tech companies, where their influence can be seen in smoother product releases and enhanced team collaboration. For example, in a large software company, the DevOps Manager oversees the integration of development and operations teams, leading to a 30% reduction in deployment times.
In cloud-native organizations, DevOps Managers are responsible for the full deployment lifecycle, ensuring high availability, scalability, and security. These professionals work closely with teams across different functions to ensure that all aspects of the software delivery process are automated and optimized.
Why this matters: Real-world use cases demonstrate how DevOps Managers contribute to improving operational efficiency and delivering high-quality software at a faster pace.
Benefits of Using a DevOps Manager
Increased Productivity: Streamlined workflows, faster release cycles, and automation increase the overall productivity of teams. Improved Reliability: Continuous monitoring and automated testing reduce downtime and improve system stability. Scalability: DevOps Managers ensure that infrastructure and applications can scale efficiently, accommodating growth. Enhanced Collaboration: With a focus on communication, DevOps Managers foster better collaboration between development, operations, and other teams. Why this matters: The benefits of having a skilled DevOps Manager extend beyond technical improvements—they help boost productivity, reliability, and collaboration.
Challenges, Risks & Common Mistakes
One common mistake in DevOps management is failing to establish a clear DevOps culture, which leads to friction between teams. Another risk is relying too heavily on automation without considering the human element, such as the collaboration needed between teams. Additionally, some organizations may overlook the need for continuous training and skill development, which can hinder long-term success.
Mitigation strategies include fostering strong communication, setting clear expectations, and ensuring that teams are equipped with the necessary tools and training to succeed.
Why this matters: Addressing these challenges ensures a smoother transition to DevOps practices and better long-term outcomes for organizations.
Comparison Table
FeatureTraditional DevelopmentDevOps DevelopmentSpeed of DeliverySlowFastCollaborationSiloedCross-functionalAutomationLowHighCI/CD IntegrationManualAutomatedTestingManualContinuous IntegrationRisk ManagementReactiveProactiveInfrastructure ManagementManualAutomatedMonitoringLimitedContinuousChange ManagementComplexSimplifiedScalabilityLimitedSeamless Why this matters: This table clearly compares the differences between traditional software development and modern DevOps practices, highlighting the value of having a DevOps Manager in place.
Best Practices & Expert Recommendations
Focus on Automation: Automate as much as possible, including testing, deployments, and infrastructure management. Foster a Collaborative Culture: Encourage cross-functional team collaboration to improve problem-solving and innovation. Continuous Monitoring and Feedback: Implement continuous monitoring to identify issues early and refine processes. Invest in Training: Ensure that teams are continuously learning and improving their DevOps skills. Why this matters: Following best practices ensures that DevOps Managers can maximize the benefits of DevOps practices and drive long-term success.
Who Should Learn or Use a DevOps Manager?
This certification is ideal for professionals in roles such as DevOps Engineers, IT Operations Managers, and Cloud Architects. Experience in software development, infrastructure management, or project management is beneficial but not mandatory. Whether you are looking to lead a DevOps team or integrate DevOps practices into your organization, this certification provides the skills and knowledge required to succeed.
Why this matters: As organizations continue to adopt DevOps, professionals in relevant roles need the skills to manage and lead these transformations.
FAQs – People Also Ask
What is a DevOps Manager?
A DevOps Manager leads the implementation of DevOps practices, optimizing the development and operations processes.
Why this matters: Their leadership ensures faster, more reliable software delivery. Why is DevOps Manager used?
They help bridge the gap between development and operations, driving automation and continuous improvement.
Why this matters: DevOps Managers enhance productivity and collaboration within teams. Is DevOps Manager suitable for beginners?
This role is better suited for those with experience in DevOps, software development, or IT operations.
Why this matters: DevOps Managers need a solid understanding of both development and operations processes. How does DevOps Manager compare with alternatives?
Unlike traditional IT managers, DevOps Managers focus on automation, collaboration, and continuous delivery.
Why this matters: This ensures faster, more efficient software development and delivery. Is DevOps Manager relevant for DevOps roles?
Yes, DevOps Managers play a critical role in implementing and managing DevOps practices.
Why this matters: Their expertise is essential for leading DevOps teams and ensuring successful transformation. Branding & Authority
DevOpsSchool is a globally recognized platform, offering industry-leading certification programs in DevOps, SRE, and related fields. With over 20 years of experience, DevOpsSchool has helped thousands of professionals enhance their skills and advance their careers.
Rajesh Kumar, a co-founder of DevOpsSchool, is a renowned expert in DevOps, SRE, and Cloud technologies. With over two decades of hands-on experience, Rajesh brings unparalleled insights into the practical applications of DevOps and its transformative impact on modern organizations.
Why this matters: Trust in DevOpsSchool and Rajesh Kumar to provide expert training and certification programs that ensure career growth and industry success.
Call to Action & Contact Information
For more information or to enroll in the Certified DevOps Manager certification program, contact us:
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Certified DevOps Manager Course Link
View the full article

• 0 comments
• 35 views

reporter

January 31Jan 31

Ivanti patches two actively exploited critical vulnerabilities in EPMM

Ivanti patches two actively exploited critical vulnerabilities in EPMM

IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild.
“We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said in a security advisory that identifies the new flaws as CVE-2026-1281 and CVE-2026-1340.
Both issues are described by Ivanti as code injection issues that can be exploited without authentication and are rated 9.8 out of 10 on the CVSS severity scale. The flaws involve EPMM’s In-House Application Distribution and Android File Transfer Configuration features.
Stand-alone patches and exploit details available
Ivanti has not released new fully patched versions of EPMM, but rather version-specific stand-alone patches that need to be applied manually. The patches are packaged as rpm files and can be installed with the install rpm url [patch_url] command.
The RPM_12.x.0.x patch is applicable to EPMM software versions 12.5.0.x, 12.6.0.x, and 12.7.0.x. It is also compatible with the older 12.3.0.x and 12.4.0.x versions. Meanwhile the RPM_12.x.1.x patch is applicable to versions 12.5.1.0 and 12.6.1.0.
“The RPM script does not survive a version upgrade,” the company warns. “If after applying the RPM script to your appliance, you upgrade to a new version you will need to reinstall the RPM. The permanent fix for this vulnerability will be included in the next product release: 12.8.0.0.”
While the Ivanti Sentry gateway product that secures traffic between mobile devices and back-end enterprise systems is not directly affected by these vulnerabilities, EPMM appliances do have command execution permission on Sentry gateways. As such, if an EPMM deployment has been compromised, the attackers might have compromised Ivanti Sentry as well.
Researchers from penetration testing firm WatchTowr reverse engineered the patches and were able to figure out where the vulnerabilities are located and how to exploit them. A detailed write-up is available on the company’s blog.
Exploit detection and remediation
Ivanti published a separate document with guidance on how to scan EPMM appliances for potential compromise through these vulnerabilities. First off, the Apache Access Log found at /var/log/httpd/https-access_log could have evidence of attempted or successful execution of these vulnerabilities.
The company advises triaging logs with the ^(?!127\.0\.0\.1:\d+ .*$).*?\/mifs\/c\/(aft|app)store\/fob\/.*?404 regular expression and looking for HTTP 404 error response codes as well as GET requests with parameters that have bash commands.
“The most common is the introduction of, or modification of, malicious files to introduce web shell capabilities,” the company said. “Ivanti has commonly seen these changes target HTTP error pages, such as 401.jsp. Any requests to these pages with POST methods or with parameters should be considered highly suspicious. Analysts who are performing forensic inspection of the disk should also review for unexpected WAR or JAR files being introduced to the system.”
One thing to note is that attackers regularly delete logs to hide their tracks and that on systems with high utilization the logs might be rotated multiple times a day. That’s why customers are strongly advised to use the Data Export features to forward logs from the EPMM appliance to their SIEM system or other log aggregators.
For any appliance that you suspect may be impacted, Ivanti recommends reviewing:
EPMM administrators for new or recently changed administrators Authentication configuration, including SSO and LDAP settings New pushed applications for mobile devices Configuration changes to applications you push to devices, including in-house applications New or recently modified policies Network configuration changes, including any network configuration or VPN configuration you push to mobile devices After restoring a compromised EPMM appliance from clean backups, customers should reset the password of any local EPMM accounts, reset the password of any LDAP and/or KDC service accounts used to perform lookups, revoke and replace the public certificate used on the EPMM deployment and reset the password for any other internal or external service accounts configured on the EPMM solution.
Because EPMM has command execution on Sentry and Sentry is a product that routes traffic from mobile devices to internal network systems, the systems that Sentry can access should also be reviewed for signs of compromise.
View the full article

• 0 comments
• 37 views

CSOonline

January 30Jan 30

Startup Amutable plotting Linux security overhaul to counter hacking threats

Startup Amutable plotting Linux security overhaul to counter hacking threats

If there’s one thing guaranteed to grab attention in the computer security world, it’s announcing yourself without fully explaining what it is you plan to do.
This week, the Linux world got a taste of this enigmatic marketing ploy with the launch out of stealth of Berlin-based Linux security outfit Amutable.
While its purpose is only vaguely defined in the launch announcement, nobody could accuse it of lacking ambition: it plans to bring “determinism and verifiable integrity to Linux systems” to address the operating system’s security weaknesses.
Most tiny companies nobody has heard of would struggle to make the tactic work, but Amutable’s roster of founders is made up of several well-known Linux figures, headed by former Red Hat and Microsoft engineer Lennart Poettering as chief engineer.
Best known as the developer of the contentious but widely used Linux UEFI boot manager systemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.
A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack.
Verifiable integrity
Computing is full of security problems, and Linux is no exception to this rule, given convincing the protective free and open source software community of the wisdom of a radical new idea often turns out to be as big a challenge as the engineering itself.
While Linux distros on desktop computers remain a niche, the technology’s invisible domination of online platforms and cloud container orchestration tools makes it the most important operating system in the world.
That, not surprisingly, has made it a target for attacks, with cybercriminals taking advantage of vulnerabilities allowing privilege escalation, container escapes, and other exploits, as well as embedding backdoors in open source images across Linux’s complex supply chain.
Judging from Amutable’s self-declared vision to bring “determinism and verifiable integrity to Linux system,” the founders see plenty of room for improvement.
“Today’s infrastructure approaches security reactively. Software agents watch for vulnerabilities and intrusions; attackers refine their evasion. These defensive approaches are costly, brittle, and ineffective,” the company said.
“Amutable’s mission is to deliver verifiable integrity to Linux workloads everywhere. We look forward to working towards this goal with the broader Linux community.”
A cocktail of problems
The issue presents a rich cocktail of problems, the underlying causes of which are the difficulty of verifying that an image is as its developers intended and hasn’t been tampered with, while also maintaining a verifiable system state. Even existing security tools are struggling to keep up, with a 2025 proof-of-concept showing that it was possible to bypass leading Linux runtime security tools.
This is perhaps what Amutable’s founders mean when they describe the need to “replace heuristics with rigor” to achieve “verifiable integrity.” An image should be cryptographically verifiable in advance, including, ideally, a hash record of every stage of the boot process as well as running continuous checks against a signed file manifest.
In other words, instead of looking for a rogue file or suspicious behavior after the fact, the system would be able to verify itself deterministically.
The Introduction of this model of verifiability into Linux might have mitigated a range of incidents, including a 2023 attack where attackers exploited CVE-2022-42475 in Fortinet’s FortiOS SSL-VPN function to implant malware. Or a more recent vulnerability (CVE-2025-31133) in the runc Kubernetes container runtime that allowed attackers to break out of containers.
Perhaps the issue’s biggest impact was from the infamous backdoor supply chain hack affecting the XZ Utils data compression library that was uncovered by chance in 2024.  
A common goal
“Security of the IT infrastructure is one of the top concerns for decades, and immutability, verification and full coverage of software supply chain throughout the lifecycle of an operating system or complete infrastructure are important contributions to achieve this,” noted Matthias G. Eckermann, director of product management, Linux at SUSE. He pointed out that SUSE is already delivering on this in multiple ways, including its certified Software Supply Chain and its Immutable OS with Transactional Updates.
“We are looking forward to hearing more from Amutable and collaborating with them on the common goal of improving resiliency and security of open-source infrastructure software,” he said.
Technology not the only problem
Right now, where this goes and how Amutable will make money is up in the air, but it will attract attention.
“Security teams are trained to trust signed packages and verified sources. When the supply chain itself is compromised (like the XZ Utils backdoor in 2024), traditional security training doesn’t prepare defenders for that scenario,” commented Chris Porter, CEO of certification company Training Camp. “If they [Amutable] can simplify verification, it reduces the expertise burden on security teams who currently lack deep Linux platform knowledge.”
However, technology isn’t the only problem. “As Linux dominates cloud infrastructure, enterprises need security professionals who understand boot integrity, code signing, and verification, skills that aren’t covered in most certification programs,” said Porter.
View the full article

• 0 comments
• 46 views

CSOonline

January 30Jan 30

Apple Still Preparing Two New Versions of Siri as Some Employees Leave

Apple Still Preparing Two New Versions of Siri as Some Employees Leave

In a new report about Apple losing at least four more AI researchers in recent weeks, in addition to a high-ranking Siri executive, Bloomberg's Mark Gurman reiterated that the company is preparing to release two new versions of Siri.


First, Apple announced that it plans to release a more personalized version of Siri powered by Google Gemini this year. It is expected to be part of iOS 26.4, which should enter beta testing in February and be released to the general public in March or April.

Back in June 2024, Apple said the revamped Siri will have understanding of personal context, on-screen awareness, deeper in-app controls, and more.

Second, Siri will reportedly get even better on iOS 27, as Apple is said to be planning to turn the assistant into a full-out chatbot, allowing users to have sustained, back-and-forth conversations with the assistant. This will essentially turn Siri into ChatGPT or Gemini, except it will be built right into the iPhone, iPad, and Mac, with no app required.

Gurman said the Siri chatbot will be "competitive with Gemini 3," and "significantly more capable" than the more personalized Siri coming with iOS 26.4.

The high-ranking Siri executive who left Apple was Stuart Bowers, according to the report, which described him as "one of the company's most senior executives working on Siri." He joined Google's artificial intelligence research laboratory DeepMind.

The four researchers who left are Yinfei Yang, Haoxuan You, Bailin Wang, and Zirui Wang. Tags: Apple Intelligence, Mark Gurman, Siri
This article, "Apple Still Preparing Two New Versions of Siri as Some Employees Leave" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

January 30Jan 30

New Siri: Apple Almost Chose a Different Partner Before Google Gemini

New Siri: Apple Almost Chose a Different Partner Before Google Gemini

In a recent interview with the tech podcast TBPN, Bloomberg's Mark Gurman revealed that Apple was initially "going to rebuild Siri around Claude," the large language model and chatbot developed by the company Anthropic. In the end, though, Apple announced that it had decided to use Google's Gemini platform instead.


According to Gurman, Apple went with Google due at least in part to money.

"Anthropic was holding them over a barrel," said Gurman, in a podcast clip shared by TBPN. "They wanted a ton of money from them, several billion dollars a year, and at a price that doubled on an annual basis for the next three years."

Nevertheless, Gurman said Apple currently "runs on Anthropic" internally.

"Anthropic is powering a lot of the stuff Apple's doing internally in terms of product development and a lot of their internal tools," he explained. "They have custom versions of Claude running on their own servers internally, too."

Apple was "not going to use Google" for the revamped Siri until "a few months ago," he said.

Apple announced that it plans to release a more personalized version of Siri powered by Google Gemini this year. It is expected to be part of iOS 26.4, which should enter beta testing in February and be released to the general public in March or April. The new-and-improved Siri likely requires an iPhone 15 Pro or newer.

Back in June 2024, Apple said the revamped Siri will have understanding of personal context, on-screen awareness, deeper in-app controls, and more. At the time, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info retrieved from the Mail and Messages apps.

Tags: Anthropic, Mark Gurman, Siri
This article, "New Siri: Apple Almost Chose a Different Partner Before Google Gemini" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 30Jan 30

What to Expect From Apple in February, Including Revamped Siri in Beta

What to Expect From Apple in February, Including Revamped Siri in Beta

Following a January that saw Apple release a new AirTag and the Creator Studio bundle of creative apps, it is now time to shift our attention to February.


Below, we have outlined some key items to expect from Apple in February. Of course, these are only the things that are known, so stay tuned for even more.

iOS 26.3


iOS 26.3 remains in beta testing, but the update should be released soon. We expect the iOS 26.3 Release Candidate to be seeded as early as next week, and the update should be released to the general public in the first half of February.

iOS 26.3 is a relatively minor update, with only a handful of notable new features, including a new iOS-to-Android transfer tool, notification forwarding and AirPods-like proximity pairing for third-party accessories like smartwatches, and a carrier-related limit precise location setting. Apple also appears to be laying the groundwork for carriers to begin supporting end-to-end encryption for RCS messaging, which it has promised to implement.

Personalized Siri (Beta)


Apple plans to announce a more personalized version of Siri powered by Google Gemini in the second half of February, according to Bloomberg's Mark Gurman.

The more personalized Siri will be part of iOS 26.4, which will be available in beta in February and released to the general public in March or early April, according to Gurman. Based on that timeframe, the new-and-improved Siri should be available to all customers with an iPhone 15 Pro or newer in just a few more months.

As previewed by Apple, the assistant "should be able to tap into personal data and on-screen content to fulfill tasks," according to Gurman.

Apple first announced the more personalized version of Siri all the way back at WWDC 2024, but it was eventually delayed. At the time, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info retrieved from the Mail and Messages apps, as one example of a new capability.

The revamped Siri reportedly experienced issues inside Apple, leading the company to turn to Google Gemini. As part of the partnership, the revamped Siri will still run on a new Apple Intelligence model that has Gemini's technology baked in.

Other Known Dates
Thursday, February 5: Another four games are coming to Apple Arcade, including Retrocade, an app that lets you play classic arcade games like Asteroids, PAC-MAN, Breakout, Galaga, and Space Invaders. One of the other additions will be an arcade version of the popular PC game Sid Meier's Civilization VII.
Friday, February 6: Apple will accept submissions for the 2026 Swift Student Challenge from Friday, February 6 through Saturday, February 28. Some of the winners will be invited to spend three days at Apple Park during WWDC 2026 in June.
Sunday, February 8: Apple Music is the official sponsor of the Super Bowl LX Halftime Show, set to be held on Sunday, February 8. This year's performer is Puerto Rican rapper and singer Bad Bunny.
Tuesday, February 10: A few years ago, Apple's Home app was rearchitected, and the company will be ending support for the original architecture on this day. If you do not update, Apple warns you might experience issues.
Tuesday, February 24: Apple will be holding its annual shareholders meeting at 8 a.m. Pacific Time, and it will once again be held virtually. Apple shareholders of record as of January 2, 2026 can vote to re-elect the company's board of directors, ask questions, and more. Apple rarely answers any questions about future plans, so the meetings are often unremarkable from a news perspective.
Related Roundups: iOS 26, iPadOS 26Tag: SiriRelated Forum: iOS 26
This article, "What to Expect From Apple in February, Including Revamped Siri in Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 30Jan 30

Retail Accessories Apple Won't Sell You Now Available via New Site

Retail Accessories Apple Won't Sell You Now Available via New Site

A newly surfaced resale operation is seemingly offering Apple Store–exclusive display accessories to the public for the first time, potentially giving consumers access to Apple-designed hardware that the company has historically kept confined to its retail environments.


Apple designs a range of premium MagSafe charging stands, display trays, and hardware systems exclusively for displays in its global retail stores. They have never been made available through Apple's online store or physical retail locations.

"AppleUnsold" surfaced this week as an Australia-based seller that has begun offering ‌Apple Store‌ display hardware for sale through both an independent website and an eBay storefront. From company's website:



Items currently offered or previously listed for sale include iPhone ‌MagSafe‌ demo chargers, Apple Watch charging docks, AirPods Max display stands, Apple Pencil trays, iPad ring stands, and display trays designed for Apple Vision Pro. The catalog also extends beyond presentation hardware to include diagnostic cables and service-related accessories, such as Apple Watch restore docks and HomePod debugging cables, which are typically reserved for ‌Apple Store‌ back-of-house use or authorized service environments.

AppleUnsold says on its website that all items are genuine Apple products and that inventory consists of both new and used hardware. The company also notes that supply is limited and dependent on availability, with many items frequently selling out.

The seller originally operated exclusively through eBay and continues to maintain a presence there alongside its standalone storefront. The AppleUnsold eBay account shows a 100% positive feedback rating based on a limited number of completed transactions. Customer feedback on specific listings includes confirmations that purchased items appear to be authentic Apple hardware.

Apple's retail fixtures and internal tools are not authorized for consumer resale, and the company treats such hardware as proprietary retail property. Historically, Apple has taken action to restrict unauthorized sales of internal-use products, and it is not clear where AppleUnsold is sourcing stock from or how its business model works. Tag: Retail
This article, "Retail Accessories Apple Won't Sell You Now Available via New Site" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 30Jan 30

The MacRumors Show: Apple Launches AirTag 2 and Creator Studio

The MacRumors Show: Apple Launches AirTag 2 and Creator Studio

On this week's episode of The MacRumors Show, we discuss Apple's newly launched AirTag 2 and Apple Creator Studio.

Subscribe to The MacRumors Show YouTube channel for more videos
Earlier this week, Apple announced the second-generation ‌AirTag‌, marking the first major update to its item tracker since the product's introduction in 2021, with improvements focused on tracking range, audio output, and device support rather than changes to its physical design.

The new ‌AirTag‌ uses a second-generation Ultra Wideband chip that extends Precision Finding range by up to 50%, adds support for Precision Finding on compatible Apple Watch models for the first time, and includes an upgraded Bluetooth specification designed to improve general tracking range. Apple also says the built-in speaker is up to 50% louder, making it easier to locate items in noisy environments.

AirTag 1 vs. AirTag 2 Buyer's Guide: All 15+ Differences Compared

Externally, the ‌AirTag‌ remains visually similar to the original and continues to use a replaceable CR2032 coin battery with more than a year of battery life, while Apple has made a significant number of internal changes. The second-generation ‌AirTag‌ is priced the same as before at $29 for a single unit or $99 for a four-pack, is compatible with existing ‌AirTag‌ accessories, and requires devices running iOS 26.2.1 or later.

Apple also launched Creator Studio, a new all-in-one subscription aimed at content creators. For $12.99 per month, or $129 per year, Creator Studio provides access to Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage, consolidating tools for video editing, music production, image editing, and live performance. The bundle replaces Apple's long-standing one-time purchase model for these apps with a subscription approach, while keeping standalone versions available for users who do not want access to the full package.

Beyond bundling existing apps, Creator Studio introduces a set of AI-powered features that are exclusive to subscribers. These include transcript and visual search in Final Cut Pro, enhanced beat detection and new dynamic titles, AI-assisted session players and harmonic analysis in Logic Pro, and new design and warp tools in Pixelmator Pro, which is now available on iPad for the first time. The subscription also unlocks premium AI features in Apple's free productivity apps, including Keynote, Pages, and Numbers, with Freeform support coming later.

Creator Studio is available now via the App Store, with a one-month free trial for all users and a three-month trial for customers who purchase a qualifying new Mac or ‌iPad‌. The subscription supports Family Sharing for up to six people, and features discounted pricing for students and educators.

The MacRumors Show has its own YouTube channel, so make sure you're subscribed to keep up with new episodes and clips.

Subscribe to The MacRumors Show YouTube channel!

You can also listen to ‌The MacRumors Show‌ on Apple Podcasts, Spotify, Overcast, or your preferred podcasts app. You can also copy our RSS feed directly into your podcast player.



If you haven't already listened to the previous episode of The MacRumors Show, catch up to hear our discussion about Apple's plan to turn Siri into a chatbot with iOS 27, alongside plans for new hardware such as an AI pin.

Subscribe to ‌The MacRumors Show‌ for new episodes every week, where we discuss some of the topical news breaking here on MacRumors, often joined by interesting guests such as Kayci Lacob, Kevin Nether, John Gruber, Mark Gurman, Jon Prosser, Luke Miani, Matthew Cassinelli, Brian Tong, Quinn Nelson, Jared Nelson, Eli Hodapp, Mike Bell, Sara Dietschy, iJustine, Jon Rettinger, Andru Edwards, Arnold Kim, Ben Sullins, Marcus Kane, Christopher Lawley, Frank McShan, David Lewis, Tyler Stalman, Sam Kohl, Federico Viticci, Thomas Frank, Jonathan Morrison, Ross Young, Ian Zelbo, and Rene Ritchie.

‌The MacRumors Show‌ is on X @MacRumorsShow, so be sure to give us a follow to keep up with the podcast. You can also head over to The MacRumors Show forum thread to engage with us directly. Remember to rate and review the podcast, and let us know what subjects and guests you would like to see in the future.Tag: The MacRumors Show
This article, "The MacRumors Show: Apple Launches AirTag 2 and Creator Studio" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 30Jan 30

Apple Shares 2026 Chinese New Year Short Film Shot on iPhone 17 Pro

Apple Shares 2026 Chinese New Year Short Film Shot on iPhone 17 Pro

Apple today shared a short film to usher in the Chinese New Year, aka Lunar New Year, which begins February 17 and will be celebrated through March 3.


"A girl, a talking dog, and a meticulously thought out scheme make up this heartwarming tale about finding family," says Apple. "Apple joins forces with director Bai Xue for an imaginative blend of cinematography and stop-motion to usher in Chinese New Year."

The video was shot on the iPhone 17 Pro, and there is also behind-the-scenes footage.Related Roundup: iPhone 17 ProTag: Apple AdsBuyer's Guide: iPhone 17 Pro (Neutral)Related Forum: iPhone
This article, "Apple Shares 2026 Chinese New Year Short Film Shot on iPhone 17 Pro" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 30Jan 30

You Can Now Follow Apple Creator Studio on Instagram

You Can Now Follow Apple Creator Studio on Instagram

Apple Creator Studio now has an official Instagram account, as spotted by Scott Buscemi.


Apple Creator Studio is a new subscription bundle that provides access to Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage on the Mac and/or iPad, with U.S. pricing set at $12.99 per month or $129 per year.

A subscription also unlocks "intelligent features" and "premium content" in apps like Numbers, Pages, and Keynote, plus the Freeform app later this year.

If you are interested in Apple's creative apps, you may wish to follow the account, which will presumably share tips and tricks and more.Tags: Apple Creator Studio, Instagram
This article, "You Can Now Follow Apple Creator Studio on Instagram" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 30Jan 30

Will the iPhone Air 2 Launch This Year? The Latest Report Says No

Will the iPhone Air 2 Launch This Year? The Latest Report Says No

A second-generation iPhone Air is "not expected this year," according to a Nikkei Asia report today that cites people familiar with Apple's supply chain.


The report said Apple plans to release an iPhone 18 Pro, iPhone 18 Pro Max, and foldable iPhone later this year, followed by the base model iPhone 18 in the first half of next year. The report said Apple does have a revamped iPhone Air in the pipeline, but the publication does not expect it to launch until at least 2027.

While one leaker on the Chinese social media platform Weibo has insisted that the iPhone Air will receive a spec bump this year, most reports from sources such as Bloomberg and The Information have pointed to an early 2027 launch.

Last year, The Information reported that Apple was aiming to add a second rear camera to the next iPhone Air. That report added that the next iPhone Air could weigh less, have a larger battery capacity, and gain a vapor chamber cooling system like the iPhone 17 Pro models have. And Bloomberg expects the device to have a 2nm chip.

While several reports indicated that the iPhone Air has been in low demand, the extreme popularity of the iPhone 17 base model and the iPhone 17 Pro models led iPhone revenue to a new all-time high last quarter, according to Apple.Related Roundup: iPhone AirTag: NikkeiBuyer's Guide: iPhone Air (Buy Now)
This article, "Will the iPhone Air 2 Launch This Year? The Latest Report Says No" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

January 30Jan 30

Best Apple Deals of the Week: AirPods Pro 3 Return to $199 Record Low Price, Plus AirTag 4-Pack at $69.99

Best Apple Deals of the Week: AirPods Pro 3 Return to $199 Record Low Price, Plus AirTag 4-Pack at $69.99

Apple's AirPods Pro 3 returned to their all-time low price of $199.00 this week on Amazon, accompanied by other solid discounts like $60 off AirPods 4 with Active Noise Cancellation, $29 off AirTag 4-Pack, and a few deals across Anker and Nomad charging accessories.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

AirPods


What's the deal? Take up to $60 off AirPods 4 and AirPods Pro 3
Where can I get it? Amazon
Where can I find the original deal? Right here
$50 OFFAirPods Pro 3 for $199.00
$60 OFFAirPods 4 (ANC) for $119.00

Amazon brought back a few low prices on multiple AirPods models this week, including the AirPods Pro 3 for $199.00 and the AirPods Pro with Active Noise Cancellation for $119.00. In regards to the AirPods Pro 3, this is a match of the all-time low price on this model.

AirTag


What's the deal? Take $29 off AirTag 4-Pack
Where can I get it? Amazon
Where can I find the original deal? Right here
$29 OFFAirTag 4-Pack for $69.99

Apple unveiled the second generation AirTag this week, but if you want the best discount on the product you'll do best looking at the first generation model on Amazon. The retailer has the AirTag 4-Pack for $69.99 right now, down from $99.00.

Anker


What's the deal? Save on Anker accessories
Where can I get it? Amazon
Where can I find the original deal? Right here
$50 OFFAnker Charging Cube for $99.98
$79 OFFAnker Power Station + Lantern for $169.99

Amazon introduced a few notable discounts on multiple Anker accessories this week, with popular products like the MagSafe-compatible Charging Cube ($50 off) and Power Station with Retractable Lantern ($79 off) on sale at low prices. You can find even more accessories on sale in our original post.

Nomad


What's the deal? Take up to 49% off Nomad accessories
Where can I get it? Nomad
Where can I find the original deal? Right here
UP TO 49% OFFNomad Overstock Sale

On the heels of the launch of its newest Stratos Band for Apple Watch with an icy blue glow color, Nomad this week introduced an overstock sale, with major discounts across a few different product categories. This includes iPhone 17 cases, MagSafe-compatible charging stations, iPad folios, and much more.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Apple Deals of the Week: AirPods Pro 3 Return to $199 Record Low Price, Plus AirTag 4-Pack at $69.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 27 views

reporter

January 30Jan 30

Apple Explains How Gemini-Powered Siri Will Work

Apple Explains How Gemini-Powered Siri Will Work

Apple CEO Tim Cook yesterday reiterated the structure of its partnership with Google to use Gemini AI models for the next generation version of Siri.


During the company's Q1 2026 earnings call yesterday, Apple CEO ‌Tim Cook‌ and CFO Kevan Parekh were asked several questions about Apple Intelligence and the company's recently announced deal with Google to power the personalized version of ‌Siri‌ using Gemini.



That description closely matches language from Apple and Google's earlier joint announcement, which said that ‌Apple Intelligence‌ would continue to operate on Apple hardware and Private Cloud Compute.

Cook also addressed Apple's own artificial intelligence development efforts, noting that the company continues to build its own technology alongside the Gemini partnership, but clarified that those efforts do not replace Google's role in the personalized ‌Siri‌ system.



When asked about monetization and return on investment, Cook framed ‌Apple Intelligence‌ as a feature integrated across Apple's platforms rather than a discrete revenue driver.



Neither Cook nor Parekh disclosed how many users currently have access to ‌Apple Intelligence‌ features or whether those capabilities are driving hardware upgrades. Apple previously acknowledged that ‌Apple Intelligence‌ is limited to devices with sufficient memory and processing capacity, which constrains availability somewhat.Tags: Apple Intelligence, Gemini, Siri, Tim Cook
This article, "Apple Explains How Gemini-Powered Siri Will Work" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 32 views

reporter

January 30Jan 30

NIS2: Lieferketten als Risikofaktor

NIS2: Lieferketten als Risikofaktor

Summit Art Creations – shutterstock.com
Die Illusion der eigenen Sicherheitszone
Viele Unternehmen investieren heute erhebliche Mittel, um ihre interne IT abzusichern. Firewalls, Monitoring, Incident-Response-Pläne und Awareness-Programme sind etabliert. Gleichzeitig wächst eine gefährliche Illusion: Die Annahme, dass sich Risiken innerhalb der eigenen Systemgrenzen kontrollieren lassen. Die Realität sieht anders aus. Moderne Geschäftsmodelle sind ohne externe IT-Dienstleister, Cloud-Services, Softwarelieferanten und spezialisierte Subunternehmen kaum noch denkbar.
Genau hier entstehen die größten Unsicherheiten. NIS2 greift diese Entwicklung auf und stellt klar, dass Cybersicherheit nicht an der eigenen Firewall endet. Die Richtlinie zwingt Unternehmen, ihre Lieferketten nicht nur technisch, sondern strategisch neu zu bewerten. Sie macht externe Abhängigkeiten zu einem integralen Bestandteil der Sicherheitsarchitektur und damit zu einer Führungsaufgabe.
NIS2 verschiebt den Fokus von Systemen auf Abhängigkeiten
Im Kern verfolgt NIS2 einen klaren Ansatz. Risiken sollen dort adressiert werden, wo sie tatsächlich entstehen. Statistiken und Incident-Analysen zeigen seit Jahren, dass Angriffe zunehmend über Drittparteien erfolgen. Software-Updates, Wartungszugänge oder ausgelagerte Services dienen als Einfallstore.


NIS2 reagiert darauf, indem sie Lieferketten explizit in den Geltungsbereich aufnimmt. Unternehmen sind verpflichtet, Risiken in Bezug auf ihre direkten Dienstleister und auch auf nachgelagerte Subunternehmen zu bewerten. Entscheidend ist nicht mehr, ob ein Vorfall intern oder extern ausgelöst wird, sondern welche Auswirkungen er auf kritische Dienste hat.


Damit verabschiedet sich die Regulierung von einem rein technischen Sicherheitsverständnis. Sie fordert ein strukturiertes Management von Abhängigkeiten, das Risiken sichtbar macht und steuerbar hält.
Lesetipp: NIS2 umsetzen – ohne im Papierkrieg zu enden
Warum Lieferketten besonders anfällig sind
Die Supply Chain ist aus mehreren Gründen ein attraktives Ziel für Angreifer. Externe Partner verfügen häufig über privilegierte Zugänge, arbeiten mit sensiblen Daten oder sind tief in operative Prozesse eingebunden. Gleichzeitig unterliegen sie oft nicht denselben Sicherheitsstandards wie große Organisationen.


Hinzu kommt eine strukturelle Intransparenz. Unternehmen wissen oft nicht, welche weiteren Dienstleister ihre Partner einsetzen oder wie Zugriffe technisch umgesetzt sind. Diese fehlende Sichtbarkeit führt zu einer fragmentierten Sicherheitslage, in der Risiken zwar bekannt sind, aber nicht quantifizierbar bleiben.


NIS2 setzt genau hier an und verlangt nachvollziehbare Prozesse zur Identifikation, Bewertung und Überwachung dieser Risiken.
Der Bruch mit traditioneller Compliance
Viele Organisationen sind es gewohnt, regulatorische Anforderungen formal zu erfüllen. Fragebögen werden verschickt, Zertifikate abgelegt, Checklisten abgehakt. Dieses Vorgehen erzeugt Dokumentation, aber keine Sicherheit.


NIS2 macht deutlich, dass formale Compliance nicht ausreicht. Die Richtlinie verlangt eine wirksame Umsetzung von Sicherheitsmaßnahmen und eine nachweisbare Kontrolle ihrer Wirksamkeit. Das betrifft auch und insbesondere externe Partner.


Ein Sicherheitskonzept, das sich ausschließlich auf Selbstauskünfte stützt, wird den Anforderungen nicht mehr gerecht. Gefordert ist ein realistisches Bild der tatsächlichen Sicherheitsreife entlang der Lieferkette.
Was NIS2 konkret von Unternehmen erwartet
NIS2 formuliert keine technischen Detailvorgaben, sondern definiert klare Zielsetzungen. Unternehmen müssen Risiken identifizieren, priorisieren und angemessen behandeln. Für Lieferketten bedeutet das mehrere zentrale Aufgaben:
Erstens müssen Abhängigkeiten systematisch erfasst werden. Welche Dienstleister sind für den Betrieb essenziell? Welche Daten verarbeiten sie? Welche Zugriffsrechte bestehen? Zweitens sind angemessene Sicherheitsanforderungen zu definieren. Diese müssen zum Risiko passen und vertraglich verankert sein. Drittens verlangt NIS2 eine kontinuierliche Überwachung. Risiken verändern sich. Geschäftsmodelle, Bedrohungslagen und technische Architekturen entwickeln sich weiter. Sicherheitsbewertungen dürfen daher kein einmaliges Projekt bleiben. Die Rolle des CISO unter NIS2
Für CISOs bedeutet NIS2 eine deutliche Erweiterung ihres Verantwortungsbereichs. Technische Exzellenz allein reicht nicht mehr aus. Gefragt sind Kommunikationsfähigkeit, Risikobewertung und die Fähigkeit, Sicherheitsanforderungen organisationsübergreifend durchzusetzen.


Der CISO wird zum Vermittler zwischen Technik, Management, Einkauf und Recht. Er muss erklären, warum bestimmte Anforderungen notwendig sind, welche Risiken bestehen und welche Konsequenzen Untätigkeit haben kann. NIS2 stärkt diese Rolle, indem sie klare Verantwortlichkeiten definiert und die Bedeutung von Cybersicherheit auf Vorstandsebene verankert.
Warum viele Lieferkettenbewertungen schief gehen
In der Praxis scheitern Lieferkettenbewertungen häufig an folgenden drei Punkten:
Fehlende Priorisierung: Unternehmen versuchen, alle Partner gleich zu behandeln und verlieren dabei den Fokus auf die wirklich kritischen Abhängigkeiten. Mangelnde Durchsetzbarkeit: Sicherheitsanforderungen werden formuliert, aber nicht überprüft oder bei Abweichungen konsequent eingefordert. Organisatorische Silos: Einkauf, IT und Recht agieren getrennt voneinander. Sicherheitsrisiken werden dadurch fragmentiert betrachtet und nicht ganzheitlich gesteuert. NIS2 macht deutlich, dass diese Ansätze nicht mehr ausreichen. Gefordert ist ein integriertes Risikomanagement.
 
Kontrollmechanismen mit Substanz
Wirksame Kontrolle bedeutet nicht maximale Bürokratie. Entscheidend ist die Qualität der Maßnahmen. Für kritische Partner können das regelmäßige technische Assessments, strukturierte Audits oder klar definierte Eskalationsprozesse sein.


Wichtig ist, dass Unternehmen die Fähigkeit behalten, Risiken eigenständig zu bewerten und nicht vollständig an Dritte auszulagern. NIS2 verlangt Verantwortungsübernahme, keine Delegation.


Kontrollmechanismen müssen zudem skalierbar sein. Nicht jeder Partner erfordert denselben Aufwand. Entscheidend ist die potenzielle Auswirkung eines Sicherheitsvorfalls.
Lieferketten als strategischer Resilienzfaktor
Unternehmen, die NIS2 als reine Compliance-Aufgabe betrachten, verschenken Potenzial. Eine realistische Bewertung von Lieferketten stärkt nicht nur die regulatorische Position, sondern erhöht die operative Stabilität. Transparente Abhängigkeiten, klare Sicherheitsanforderungen und funktionierende Kontrollprozesse reduzieren Ausfallrisiken und verbessern die Reaktionsfähigkeit im Ernstfall. Lieferketten werden damit vom Schwachpunkt zur strategischen Ressource.
Fazit: NIS2 zwingt zur Ehrlichkeit
NIS2 konfrontiert Unternehmen mit einer unbequemen Wahrheit. Cybersicherheit endet nicht an der eigenen Systemgrenze. Wer kritische Prozesse auslagert, bleibt dennoch verantwortlich.


Die Richtlinie fordert einen ehrlichen Blick auf Abhängigkeiten, Risiken und eigene Steuerungsfähigkeit. Für CISOs ist das eine Herausforderung, aber auch eine Chance. Lieferketten sind unter NIS2 keine Randnotiz mehr. Sie sind der Prüfstein für wirksame Cybersicherheit und nachhaltige Resilienz. (jm)
View the full article

• 0 comments
• 35 views

CSOonline

January 30Jan 30

NIS2: Lieferketten als Risikofaktor

NIS2: Lieferketten als Risikofaktor

Summit Art Creations – shutterstock.com
Die Illusion der eigenen Sicherheitszone
Viele Unternehmen investieren heute erhebliche Mittel, um ihre interne IT abzusichern. Firewalls, Monitoring, Incident-Response-Pläne und Awareness-Programme sind etabliert. Gleichzeitig wächst eine gefährliche Illusion: Die Annahme, dass sich Risiken innerhalb der eigenen Systemgrenzen kontrollieren lassen. Die Realität sieht anders aus. Moderne Geschäftsmodelle sind ohne externe IT-Dienstleister, Cloud-Services, Softwarelieferanten und spezialisierte Subunternehmen kaum noch denkbar.
Genau hier entstehen die größten Unsicherheiten. NIS2 greift diese Entwicklung auf und stellt klar, dass Cybersicherheit nicht an der eigenen Firewall endet. Die Richtlinie zwingt Unternehmen, ihre Lieferketten nicht nur technisch, sondern strategisch neu zu bewerten. Sie macht externe Abhängigkeiten zu einem integralen Bestandteil der Sicherheitsarchitektur und damit zu einer Führungsaufgabe.
NIS2 verschiebt den Fokus von Systemen auf Abhängigkeiten
Im Kern verfolgt NIS2 einen klaren Ansatz. Risiken sollen dort adressiert werden, wo sie tatsächlich entstehen. Statistiken und Incident-Analysen zeigen seit Jahren, dass Angriffe zunehmend über Drittparteien erfolgen. Software-Updates, Wartungszugänge oder ausgelagerte Services dienen als Einfallstore.


NIS2 reagiert darauf, indem sie Lieferketten explizit in den Geltungsbereich aufnimmt. Unternehmen sind verpflichtet, Risiken in Bezug auf ihre direkten Dienstleister und auch auf nachgelagerte Subunternehmen zu bewerten. Entscheidend ist nicht mehr, ob ein Vorfall intern oder extern ausgelöst wird, sondern welche Auswirkungen er auf kritische Dienste hat.


Damit verabschiedet sich die Regulierung von einem rein technischen Sicherheitsverständnis. Sie fordert ein strukturiertes Management von Abhängigkeiten, das Risiken sichtbar macht und steuerbar hält.
Lesetipp: NIS2 umsetzen – ohne im Papierkrieg zu enden
Warum Lieferketten besonders anfällig sind
Die Supply Chain ist aus mehreren Gründen ein attraktives Ziel für Angreifer. Externe Partner verfügen häufig über privilegierte Zugänge, arbeiten mit sensiblen Daten oder sind tief in operative Prozesse eingebunden. Gleichzeitig unterliegen sie oft nicht denselben Sicherheitsstandards wie große Organisationen.


Hinzu kommt eine strukturelle Intransparenz. Unternehmen wissen oft nicht, welche weiteren Dienstleister ihre Partner einsetzen oder wie Zugriffe technisch umgesetzt sind. Diese fehlende Sichtbarkeit führt zu einer fragmentierten Sicherheitslage, in der Risiken zwar bekannt sind, aber nicht quantifizierbar bleiben.


NIS2 setzt genau hier an und verlangt nachvollziehbare Prozesse zur Identifikation, Bewertung und Überwachung dieser Risiken.
Der Bruch mit traditioneller Compliance
Viele Organisationen sind es gewohnt, regulatorische Anforderungen formal zu erfüllen. Fragebögen werden verschickt, Zertifikate abgelegt, Checklisten abgehakt. Dieses Vorgehen erzeugt Dokumentation, aber keine Sicherheit.


NIS2 macht deutlich, dass formale Compliance nicht ausreicht. Die Richtlinie verlangt eine wirksame Umsetzung von Sicherheitsmaßnahmen und eine nachweisbare Kontrolle ihrer Wirksamkeit. Das betrifft auch und insbesondere externe Partner.


Ein Sicherheitskonzept, das sich ausschließlich auf Selbstauskünfte stützt, wird den Anforderungen nicht mehr gerecht. Gefordert ist ein realistisches Bild der tatsächlichen Sicherheitsreife entlang der Lieferkette.
Was NIS2 konkret von Unternehmen erwartet
NIS2 formuliert keine technischen Detailvorgaben, sondern definiert klare Zielsetzungen. Unternehmen müssen Risiken identifizieren, priorisieren und angemessen behandeln. Für Lieferketten bedeutet das mehrere zentrale Aufgaben:
Erstens müssen Abhängigkeiten systematisch erfasst werden. Welche Dienstleister sind für den Betrieb essenziell? Welche Daten verarbeiten sie? Welche Zugriffsrechte bestehen? Zweitens sind angemessene Sicherheitsanforderungen zu definieren. Diese müssen zum Risiko passen und vertraglich verankert sein. Drittens verlangt NIS2 eine kontinuierliche Überwachung. Risiken verändern sich. Geschäftsmodelle, Bedrohungslagen und technische Architekturen entwickeln sich weiter. Sicherheitsbewertungen dürfen daher kein einmaliges Projekt bleiben. Die Rolle des CISO unter NIS2
Für CISOs bedeutet NIS2 eine deutliche Erweiterung ihres Verantwortungsbereichs. Technische Exzellenz allein reicht nicht mehr aus. Gefragt sind Kommunikationsfähigkeit, Risikobewertung und die Fähigkeit, Sicherheitsanforderungen organisationsübergreifend durchzusetzen.


Der CISO wird zum Vermittler zwischen Technik, Management, Einkauf und Recht. Er muss erklären, warum bestimmte Anforderungen notwendig sind, welche Risiken bestehen und welche Konsequenzen Untätigkeit haben kann. NIS2 stärkt diese Rolle, indem sie klare Verantwortlichkeiten definiert und die Bedeutung von Cybersicherheit auf Vorstandsebene verankert.
Warum viele Lieferkettenbewertungen schief gehen
In der Praxis scheitern Lieferkettenbewertungen häufig an folgenden drei Punkten:
Fehlende Priorisierung: Unternehmen versuchen, alle Partner gleich zu behandeln und verlieren dabei den Fokus auf die wirklich kritischen Abhängigkeiten. Mangelnde Durchsetzbarkeit: Sicherheitsanforderungen werden formuliert, aber nicht überprüft oder bei Abweichungen konsequent eingefordert. Organisatorische Silos: Einkauf, IT und Recht agieren getrennt voneinander. Sicherheitsrisiken werden dadurch fragmentiert betrachtet und nicht ganzheitlich gesteuert. NIS2 macht deutlich, dass diese Ansätze nicht mehr ausreichen. Gefordert ist ein integriertes Risikomanagement.
 
Kontrollmechanismen mit Substanz
Wirksame Kontrolle bedeutet nicht maximale Bürokratie. Entscheidend ist die Qualität der Maßnahmen. Für kritische Partner können das regelmäßige technische Assessments, strukturierte Audits oder klar definierte Eskalationsprozesse sein.


Wichtig ist, dass Unternehmen die Fähigkeit behalten, Risiken eigenständig zu bewerten und nicht vollständig an Dritte auszulagern. NIS2 verlangt Verantwortungsübernahme, keine Delegation.


Kontrollmechanismen müssen zudem skalierbar sein. Nicht jeder Partner erfordert denselben Aufwand. Entscheidend ist die potenzielle Auswirkung eines Sicherheitsvorfalls.
Lieferketten als strategischer Resilienzfaktor
Unternehmen, die NIS2 als reine Compliance-Aufgabe betrachten, verschenken Potenzial. Eine realistische Bewertung von Lieferketten stärkt nicht nur die regulatorische Position, sondern erhöht die operative Stabilität. Transparente Abhängigkeiten, klare Sicherheitsanforderungen und funktionierende Kontrollprozesse reduzieren Ausfallrisiken und verbessern die Reaktionsfähigkeit im Ernstfall. Lieferketten werden damit vom Schwachpunkt zur strategischen Ressource.
Fazit: NIS2 zwingt zur Ehrlichkeit
NIS2 konfrontiert Unternehmen mit einer unbequemen Wahrheit. Cybersicherheit endet nicht an der eigenen Systemgrenze. Wer kritische Prozesse auslagert, bleibt dennoch verantwortlich.


Die Richtlinie fordert einen ehrlichen Blick auf Abhängigkeiten, Risiken und eigene Steuerungsfähigkeit. Für CISOs ist das eine Herausforderung, aber auch eine Chance. Lieferketten sind unter NIS2 keine Randnotiz mehr. Sie sind der Prüfstein für wirksame Cybersicherheit und nachhaltige Resilienz. (jm)
View the full article

• 0 comments
• 39 views

CSOonline

January 30Jan 30

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the ChromeView the full article

• 0 comments
• 45 views

Hacker News

January 30Jan 30

Apple Teases 'Innovations That Have Never Been Seen Before' This Year

Apple Teases 'Innovations That Have Never Been Seen Before' This Year

Apple CEO Tim Cook believes that his company will have opportunities to deliver "innovations that have never been seen before" this year.


"As I said at the beginning of my remarks, this was, in so many ways, a remarkable quarter for Apple, and we're excited for all the opportunities we'll have in the year ahead to deliver innovations that have never been seen before and enrich the lives of users every step of the way," said Cook, on an earnings call on Thursday.

Cook hypes up Apple's future on every earnings call, but "innovations that have never been seen before" is particularly bold wording compared to his usual comment about how the company's product pipeline is stronger than ever.

Only time will tell if Apple actually delivers.

Will the foldable iPhone have any breakthrough features, such as a rumored crease-free screen?

Will the more personalized version of Siri go above and beyond the likes of ChatGPT in any ways?

Will the long-rumored Apple smart glasses do anything unique compared to the Meta Ray-Bans?

Will the rumored Apple smart home hub, security camera, and Face ID video doorbell give companies like Google and Ring a run for their money?

These are some of 2026's burning questions, and we look forward to seeing what Apple has in store throughout what should be quite a busy year.Tag: Tim Cook
This article, "Apple Teases 'Innovations That Have Never Been Seen Before' This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 30Jan 30

Google Maps Now Lets You Chat With Gemini AI While Walking or Biking

Google Maps Now Lets You Chat With Gemini AI While Walking or Biking

Google Maps now lets you talk to Gemini while following walking or cycling directions. The latest update is an extension to the AI chatbot's existing conversational navigation feature in driving mode that rolled out in November.


You can now ask Gemini hands-free questions without leaving the navigation screen. While walking, for example, you can ask things like "Tell me more about this neighborhood" or "Are there cafes with a bathroom along my route?" Cyclists can also check their ETA without taking their hands off the handlebars.

The embedded video below gives you an idea of how Gemini already works during driving navigation.

Google says the feature addresses the practical problem of typing while moving, which is awkward at best and dangerous at worst. The Gemini integration also supports follow-up questions, so you could, for example, ask for a budget-friendly restaurant with vegan options, then follow up with questions about parking.

Beyond discovery queries, users can also issue navigation commands like "Add stop," "Show alternative routes," or "Mute guidance." You can also ask practical questions such as "What's my next turn?" or "What's the weather like at my destination?"


To activate Gemini during navigation, tap the Gemini icon in the top-right corner or use the "Hey Google" invocation.

The feature is available now worldwide on iOS wherever Gemini is supported, with Android availability rolling out gradually.Tag: Google Maps
This article, "Google Maps Now Lets You Chat With Gemini AI While Walking or Biking" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 30Jan 30

Apple Ends iPhone Upgrade Program in the UK

Apple Ends iPhone Upgrade Program in the UK

Apple has discontinued the iPhone Upgrade Program in the United Kingdom, moving to a more traditional financing system.


The change appears to be related to Apple ending its partnership with Barclays bank, which supported the ‌iPhone‌ Upgrade Program in the UK. The iPhone Upgrade Program webpage in the country now says:



The ‌iPhone‌ Upgrade Program allows customers to get a new ‌iPhone‌ annually with AppleCare+ included for a monthly fee. It essentially provides a 0% APR, 20 or 24-month loan, usually with an upfront payment. After 11-12 payments, users can upgrade to the latest model, provided they trade in their current device in good condition.

To replace the program in the UK, Apple has debuted a new "Flexible Finance Account" in partnership with Creation.



When a new ‌iPhone‌ is released, users can trade in their old device, and use the credit to pay off their associated plan.

Creation and PayPal Credit now fully replace Barclays for general Apple device financing in the UK. The ‌iPhone‌ Upgrade Program continues to be available in other countries.
Tags: Barclays Bank, iPhone Upgrade Program, United Kingdom
This article, "Apple Ends iPhone Upgrade Program in the UK" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 33 views

reporter

January 30Jan 30

Certified DevOps Architect Skills for Modern Delivery

Certified DevOps Architect Skills for Modern Delivery

Modern engineering teams ship fast, but they often struggle with broken pipelines, fragile environments, and slow incident recovery. Engineers juggle microservices, multiple clouds, security checks, and compliance while business leaders demand faster releases and higher reliability. In this reality, a Certified DevOps Architect steps in and designs the end-to-end architecture that keeps delivery fast, safe, and predictable. You learn how to connect CI/CD, cloud, containers, security, and monitoring into one cohesive system that works at scale. You also understand how to align tools, culture, and processes so teams move in the same direction instead of fighting fires every day. Why this matters: It helps you move from ad-hoc DevOps practices to a predictable, scalable delivery model that supports real business growth.
What Is Certified DevOps Architect?
A Certified DevOps Architect is an experienced professional who designs, reviews, and optimizes DevOps architectures for modern software delivery. This role covers everything from CI/CD pipelines and Infrastructure as Code to container platforms, cloud-native designs, and observability stacks. You learn how different tools and practices work together across builds, tests, deployments, and operations. In a developer or DevOps context, this means you define the reference architecture, standardize toolchains, and guide teams on how to design scalable and secure delivery workflows. You also act as a bridge between technology and business, so architecture decisions support product roadmaps, compliance, and cost efficiency. Why this matters: It turns DevOps from a set of disconnected tools into an intentional architecture that supports long-term speed, stability, and innovation.
Why Certified DevOps Architect Is Important in Modern DevOps & Software Delivery
Organizations now run distributed systems, multi-cloud platforms, and complex release pipelines, and this complexity grows every quarter. A Certified DevOps Architect provides the blueprint for how code moves from idea to production through automated, repeatable steps. You connect CI/CD, GitOps, cloud infrastructure, Kubernetes, security controls, and monitoring into a single, well-governed system. You also help teams adopt Agile and DevOps practices in a way that actually fits their domain instead of copying generic templates. As companies adopt microservices, containers, and DevSecOps, this role becomes central to reducing release risk, improving reliability, and keeping compliance under control. Why this matters: It ensures your DevOps strategy does not stay on slides and actually runs in production with measurable impact on delivery speed and stability.
Core Concepts & Key Components
DevOps Architecture & Operating Model
A Certified DevOps Architect starts with the overall DevOps architecture and operating model. You define how teams structure repositories, environments, branches, and release workflows across the organization. You also decide when to use trunk-based development, feature flags, or GitFlow, and how teams move changes through dev, test, staging, and production. This concept appears in any company that wants consistent, auditable, and repeatable delivery across many products and squads. Why this matters: It gives every team a clear map for how to build, test, and ship software without reinventing the basics each time.
CI/CD Pipeline Design
CI/CD is at the heart of a Certified DevOps Architect’s work. You design pipelines that automate builds, tests, security scans, and deployments using tools such as Jenkins, GitLab CI, GitHub Actions, or Azure DevOps. You decide how to structure stages, how to handle approvals, and how to support blue-green, rolling, or canary releases across environments. You also ensure that pipelines support multiple languages, microservices, and shared libraries without becoming unmanageable. This concept appears in every organization that wants shorter lead time, fewer failures, and faster rollback. Why this matters: It turns deployments from risky, manual events into routine, automated steps integrated into your daily development flow.
Infrastructure as Code & Cloud Architecture
Certified DevOps Architects rely heavily on Infrastructure as Code (IaC) to design and manage cloud and hybrid environments. You use tools such as Terraform, CloudFormation, or ARM/Bicep to define VPCs, subnets, Kubernetes clusters, databases, and security policies as versioned code. You also design reference architectures for AWS, Azure, or GCP that cover networking, identity, storage, and resilience. Teams then reuse these templates to create consistent, secure, and compliant environments. This concept appears wherever companies scale across regions, accounts, or business units. Why this matters: It reduces configuration drift, speeds up environment provisioning, and improves security and compliance through repeatable patterns.
Containerization, Orchestration & Microservices
A Certified DevOps Architect defines how teams build, package, and run microservices using Docker and Kubernetes or similar platforms. You design base images, cluster topologies, namespaces, and deployment patterns along with service discovery, ingress, and autoscaling. You also help teams adopt patterns such as sidecars, service meshes, and API gateways where they add real value. This concept appears in organizations moving from monoliths to microservices and wanting predictable, observable, and cost-efficient platforms. Why this matters: It enables teams to deploy and scale services independently while keeping operations manageable and secure.
Observability, Reliability & DevSecOps
Certified DevOps Architects bake observability and security into the architecture instead of adding them later. You define logging, metrics, tracing, alerting, and SLO/SLA models using tools like Prometheus, Grafana, ELK, or cloud-native stacks. You also integrate static analysis, SCA, secrets scanning, and runtime security into the CI/CD pipelines. This concept appears in regulated or uptime-critical environments where outages and security incidents carry high business risk. Why this matters: It helps teams detect issues early, act faster during incidents, and maintain compliance without blocking delivery.
Why this matters: These core concepts help you design end-to-end DevOps architectures that scale across teams, technologies, and business lines while keeping risk under control.
How Certified DevOps Architect Works (Step-by-Step Workflow)
A Certified DevOps Architect typically follows a clear workflow when engaging with a product or platform team. First, you assess the current state: review pipelines, environments, incident history, tool sprawl, and team workflows. Then you discover constraints such as compliance rules, budget, skills, and existing contracts. Next, you design a target architecture that defines CI/CD patterns, IaC standards, cloud reference architectures, security checkpoints, and observability strategy. You validate this design with key stakeholders from development, operations, security, and business. After that, you create implementation roadmaps and prioritize quick wins such as standardizing pipelines for a few critical services, introducing IaC templates, or consolidating monitoring. You also guide teams during rollout, run design reviews, and adapt patterns based on feedback from real incidents and releases. Finally, you document standards, reusable templates, and playbooks so other teams can self-serve. Why this matters: This workflow turns DevOps architecture into an iterative, collaborative practice that delivers value step by step instead of a one-time design exercise.
Real-World Use Cases & Scenarios
Enterprises adopt Certified DevOps Architect practices in many scenarios. For example, a retail company may consolidate dozens of pipelines and environments into a single Kubernetes-based platform with standardized IaC templates and GitOps workflows. In that scenario, DevOps Engineers, SREs, and Developers work together under the guidance of the architect to reduce deployment times from weeks to hours while improving rollback safety. In another case, a financial services organization may need strong DevSecOps and audit trails. Here, the DevOps Architect works with Security, QA, and Cloud teams to integrate security scans, policy-as-code, and approvals into CI/CD while preserving speed. In a SaaS product company, the architect partners with Product, SRE, and Platform teams to design multi-tenant, multi-region architectures with automated failover and strong observability. Across these examples, business leaders see faster time-to-market, reduced incidents, and more predictable capacity planning. Why this matters: It shows how Certified DevOps Architect skills translate directly into measurable business outcomes across industries and team structures.
Benefits of Using Certified DevOps Architect
When you invest in a Certified DevOps Architect skill set, you unlock both technical and organizational benefits. You reduce friction between development, operations, and security because everyone works against a shared architecture and standards. You also improve auditability and compliance because environments, pipelines, and policies live as code. Key benefits include:
Productivity: Teams spend less time fixing pipelines or environments and more time delivering features. Reliability: Standardized architectures, observability, and SRE practices reduce outages and mean time to recovery. Scalability: IaC, containers, and cloud-native designs make it easier to scale services and onboard new teams or products. Collaboration: Clear reference architectures, guidelines, and playbooks help diverse teams speak a common language around DevOps. Why this matters: It enables organizations to grow their products and platforms without losing control over quality, security, or cost.
Challenges, Risks & Common Mistakes
Even experienced teams face challenges when they adopt or grow a Certified DevOps Architect function. One common mistake appears when organizations treat DevOps as “just tools” and ignore culture, ownership, and cross-team collaboration. Another risk comes from over-engineering: complex pipelines, too many tools, or premature microservices that add friction instead of speed. Teams also misjudge security and compliance requirements, so they either slow down releases with manual gates or ship quickly without guardrails. In addition, some companies rely on undocumented “heroes” instead of documented architectures and shared standards, which creates bottlenecks and burnout. You can mitigate these risks by running small pilots, gathering feedback from real users, and adjusting patterns as you learn. You also document clear responsibilities between DevOps, SRE, QA, Security, and Platform teams. Why this matters: It keeps your DevOps architecture practical, sustainable, and aligned with real-world constraints instead of idealized diagrams.
Comparison Table
AreaTraditional ApproachCertified DevOps Architect–Driven ApproachEnvironment provisioningManual tickets and ad-hoc scriptsIaC templates and automated workflowsRelease processBig-bang, infrequent, riskyFrequent, automated, and incrementalToolchain selectionTeam-by-team, uncoordinatedStandardized, governed, and documentedSecurity integrationLate-stage manual checksDevSecOps integrated into CI/CDObservabilityBasic logs and manual checksUnified metrics, logs, traces, and SLOsScalabilityVertical scaling and manual changesElastic, cloud-native and autoscalingIncident responseReactive, ad-hoc war roomsSRE practices, playbooks, and clear on-call modelsCompliance & auditSpreadsheet-driven, manual evidencePolicy-as-code and automated evidence collectionCross-team collaborationSilos between Dev, Ops, and SecurityShared ownership with common standards and practicesInnovation speedSlow due to risk and coordination overheadFaster because of safe, standardized experimentation Why this matters: It shows how a Certified DevOps Architect transforms software delivery from fragile and manual to reliable, automated, and scalable across the entire organization.
Best Practices & Expert Recommendations
Industry experience shows that Certified DevOps Architects succeed when they balance strong standards with local team autonomy. You define clear guardrails—such as approved deployment patterns, IaC modules, and observability baselines—while allowing teams to choose tools and languages within those boundaries. You also start small: pilot the architecture with a few services, learn from incidents, and refine patterns before scaling. Another best practice encourages you to build platform-thinking: treat CI/CD, infrastructure, and observability as products with users, roadmaps, and feedback loops. You continuously review metrics such as deployment frequency, lead time, change failure rate, and MTTR to measure impact. Finally, you invest in documentation, internal communities of practice, and regular design reviews so knowledge spreads beyond a few experts. Why this matters: These practices keep your DevOps architecture resilient, adaptable, and valuable over time instead of becoming outdated or ignored.
Who Should Learn or Use Certified DevOps Architect?
Certified DevOps Architect skills help many roles grow their impact. Senior Developers and Tech Leads use this knowledge to design services and pipelines that scale smoothly across environments. DevOps Engineers and SREs apply these practices to build, operate, and evolve shared platforms. Cloud Engineers and Architects design secure, cost-efficient multi-cloud or hybrid environments. QA and Test Automation Engineers integrate quality checks directly into CI/CD so testing keeps up with deployment speed. Even Engineering Managers and Product Leaders benefit because they better understand how architecture decisions shape delivery outcomes and team productivity. Why this matters: It turns DevOps architecture into a shared capability across roles and seniority levels instead of a niche skill.
FAQs – People Also Ask
What is a Certified DevOps Architect?
A Certified DevOps Architect is a professional who designs and governs DevOps architectures, including CI/CD, IaC, cloud, security, and observability, for modern software delivery. You focus on standardization, scalability, and reliability across teams and platforms. Why this matters: It defines a clear role that owns end-to-end DevOps architecture instead of leaving it fragmented.
Why do organizations need a Certified DevOps Architect?
Organizations need this role because their systems, pipelines, and clouds grow complex and fragmented over time. A Certified DevOps Architect creates a cohesive blueprint that reduces risk, improves speed, and supports compliance. Why this matters: It ensures DevOps investments actually deliver business value and not just tool adoption.
Is Certified DevOps Architect suitable for beginners?
This path suits professionals with some experience in development, operations, or cloud rather than complete beginners. However, motivated engineers can progress from DevOps foundations to architecture with structured learning and guided practice. Why this matters: It sets realistic expectations while still offering a clear growth path.
How does Certified DevOps Architect compare with generic DevOps certifications?
Generic DevOps certifications focus on concepts and tools, while Certified DevOps Architect emphasizes designing end-to-end architectures and governance models for enterprises. You learn how to connect practices across teams, technologies, and regulations instead of working at only a pipeline level. Why this matters: It prepares you for higher-impact leadership roles in DevOps and platform engineering.
Is Certified DevOps Architect relevant for DevOps Engineers and SREs?
Yes, DevOps Engineers and SREs gain a broader view when they learn architecture-level design. They understand how their pipelines, runbooks, and SLOs fit into the bigger delivery system. Why this matters: It helps them make better design decisions and influence platform strategy.
Which tools does a Certified DevOps Architect typically work with?
You work with CI/CD tools like Jenkins or GitLab CI, container platforms like Kubernetes, IaC tools like Terraform, and observability stacks like Prometheus and Grafana. You also integrate security scanners, artifact repositories, and cloud services from AWS, Azure, or GCP. Why this matters: It gives you a practical, tool-aware perspective instead of staying at theory level.
Does Certified DevOps Architect help with multi-cloud and hybrid environments?
Certified DevOps Architects often design repeatable patterns for multi-cloud and hybrid platforms. You standardize networking, identity, observability, and deployment models across providers. Why this matters: It prevents cloud sprawl and reduces operational complexity when organizations scale beyond a single platform.
How does Certified DevOps Architect support DevSecOps and compliance?
You embed security and compliance into pipelines, environments, and monitoring instead of relying on late manual checks. You use policy-as-code, automated evidence collection, and security gates aligned with risk levels. Why this matters: It keeps releases fast while still meeting regulatory and governance requirements.
What career growth can Certified DevOps Architect enable?
Certified DevOps Architect skills open paths into roles such as Principal Engineer, Platform Architect, Head of DevOps, or Cloud Architect. You also become a key partner for CTOs and business leaders during transformation initiatives. Why this matters: It lets you grow from hands-on engineering into strategic, high-impact leadership roles.
How can I start my journey toward Certified DevOps Architect?
You can start by strengthening your foundations in CI/CD, cloud, containers, and automation, and then join a structured Certified DevOps Architect program that offers hands-on labs and mentoring. Real-world projects and architectural design exercises accelerate your learning. Why this matters: It turns your experience into a coherent architecture skill set recognized by employers.
Branding & Authority
DevOpsSchool has emerged as a trusted global platform for DevOps, DevSecOps, SRE, and Cloud-native education, especially for professionals who want to grow into a Certified DevOps Architect role. The platform works with learners and enterprises across India, the USA, Europe, and other regions, and it focuses on real-world, project-based learning. Its Certified DevOps Architect programs cover CI/CD, IaC, Kubernetes, container orchestration, DevSecOps, observability, and platform engineering so you build a complete architecture mindset. Organizations rely on DevOpsSchool for corporate training, capability building, and large-scale DevOps transformations across domains such as finance, telecom, retail, and product companies. Why this matters: It gives you confidence that your Certified DevOps Architect learning journey stays aligned with enterprise expectations and current industry practices.
Rajesh Kumar serves as a lead mentor and architect behind many Certified DevOps Architect programs, and he brings more than 20 years of hands-on experience. His expertise spans DevOps, DevSecOps, Site Reliability Engineering (SRE), DataOps, AIOps, MLOps, Kubernetes, major cloud platforms, CI/CD, and automation at scale. He has guided thousands of professionals and dozens of enterprises through complex transformations, including container adoption, cloud migration, observability modernization, and security integration. His work as a DevOps Architect, trainer, and consultant includes engagements with global brands and high-growth startups that depend on reliable, secure, and scalable software delivery. Why this matters: You learn Certified DevOps Architect skills from someone who not only understands the theory but has implemented these architectures in demanding real-world environments.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article

• 0 comments
• 34 views

reporter

January 30Jan 30

Apple's New Split iPhone Launch Strategy Corroborated in Latest Report

Apple's New Split iPhone Launch Strategy Corroborated in Latest Report

Apple's rumored plan to split its iPhone launch cycle beginning this year has gained additional credibility, with a new report from Nikkei Asia corroborating earlier claims from The Information, Bloomberg, and Apple analyst Ming-Chi Kuo.


According to Nikkei's sources, Apple will prioritize its first foldable iPhone along with iPhone 18 Pro and iPhone 18 Pro Max models for the second half of 2026, while the standard iPhone 18 will ship in the first half of 2027.

An updated iPhone 18e is also expected to appear in the first half of 2027. Nikkei's report does not mention this. It does note however that a second-generation iPhone Air is in Apple's pipeline, though it is not expected this year.

The staggered approach aims to both optimize resources and maximize Apple's revenue from premium models amid rising memory chip costs and supply chain pressures, according to the report.

One supplier executive told Nikkei that a smoothly functioning supply chain is "one of the key challenges" this year, adding that a marketing strategy change also factored into Apple's decision to prioritize its premium devices.

The report also notes that Apple is facing additional pressure as some of its suppliers have shifted resources toward AI companies like Nvidia, Google, and Amazon. Notably, Apple explicitly mentioned iPhone supply constraints during its recent earnings call on Thursday.

The pressure comes at a key time for Apple's ambitious new device: mass producing a foldable iPhone requires more complicated manufacturing techniques and new materials, so it's crucial for Apple to minimize production issues leading up to and during its expected launch in the fall.

For Apple's part, it has not officially confirmed any changes to its traditional annual fall iPhone release schedule.Tag: Nikkei
This article, "Apple's New Split iPhone Launch Strategy Corroborated in Latest Report" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 30Jan 30

Hugging Face infra abused to spread Android RAT in a large-scale malware campaign

Hugging Face infra abused to spread Android RAT in a large-scale malware campaign

An Android malware campaign is reportedly abusing Hugging Face’s public hosting infrastructure to distribute a remote access trojan (RAT). The operation relies on social engineering, staged payload delivery, and abuse of Android permissions to achieve persistence over infected devices.
According to Bitdefender Labs findings, the campaign begins with a seemingly legitimate Android application that acts as a dropper. Users encounter the lure through ads or pop-up prompts warning of fake infections. Once installed, the app fetches a second-stage payload hosted on Hugging Face, allowing the attackers to blend malicious traffic with legitimate developer activity and avoid immediate detection.
The researchers have flagged the campaign, not just for its use of a trusted AI development platform, but also its scale and automation that includes thousands of unique Android packages, with new variants generated frequently to evade signature-based defenses.
Scareware lure and dropper deployment
The infection begins by tricking Android users into installing the malicious security app, “TrustBastion.” The app serves as a dropper, code that appears benign until it triggers the delivery of a more dangerous payload.
“In the most likely scenario, a user encounters an advertisement or similar prompt claiming the phone is infected and urging the installation of a security platform, often presented as free and packed with ‘useful’ features,” the researchers said in a blog post. “When its website was online (trustbastion[.]com), it promised to detect scams and fraudulent SMSes, phishing, malware, and much more.”
Once launched, the app immediately displays a prompt styled to look like an Android system or Google Play update notification, the interface many users are conditioned to trust. Accepting the “update” initiates a network request to an encrypted endpoint on the attacker’s infrastructure, which in turn redirects the victim to a Hugging Face dataset hosting a malicious APK.
Abuse through smart hosting
Hugging Face is a go-to platform for developers hosting machine learning models, datasets, and tooling. According to Bitdefender, the resource is now being leveraged to mask malicious downloads amidst legitimate activity. While the platform uses ClamAV scanning on uploads, these controls currently fall short of filtering out cleverly disguised malware repositories, the researchers noted.
“Analysis of the Hugging Face repository revealed a high volume of commits over a short period of time,” the researchers said. “New payloads were generated roughly every 15 minutes. At the time of investigation, the repository was approximately 29 days old and had accumulated more than 6,000 commits.”

The repository was eventually taken offline, but the operation resurfaced elsewhere with minor cosmetic changes, while the underlying code remained unchanged.
Installation, permissions, and persistent RAT
Once the second-stage payload installs, the application poses as a system component for a “Phone Security” feature and guides the user through enabling highly sensitive Android permissions.
Among the requested permissions are Accessibility Services, screen recording, screen casting, and overlay display rights. Together, these give the malware extensive visibility into user interaction and the ability to capture on-screen content across apps.
The researchers said these capabilities can be used to monitor and record user activity in real time, display fake authentication interfaces mimicking popular financial platforms (like Alipay and WeChat) to harvest credentials, capture lock screen patterns and biometric inputs, and exfiltrate harvested data back to an actor-controlled command and control (C2) server.
Bitdefender said it contacted Hugging Face before publishing the disclosure, and the latter quickly took down the datasets containing malware. Hugging Face did not immediately respond to CSO’s request for comments.

For additional support, Bitdefender has shared a list of indicators of compromise (IoCs), including dropper hashes, IPs, domains, and package names.
View the full article

• 0 comments
• 36 views

CSOonline

January 30Jan 30

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currentlyView the full article

• 0 comments
• 31 views

Hacker News

January 30Jan 30

Top 10 Marketing Automation Platforms Tools in 2026: Features, Pros, Cons & Comparison

Top 10 Marketing Automation Platforms Tools in 2026: Features, Pros, Cons & Comparison

Introduction
In 2026, marketing automation platforms are more than just a trend—they are essential tools for businesses aiming to scale efficiently, personalize customer journeys, and improve overall marketing performance. These platforms automate repetitive marketing tasks such as email campaigns, social media posting, lead nurturing, and customer segmentation, allowing businesses to focus on higher-level strategies. With the growing complexity of digital marketing and the increasing need for real-time analytics, choosing the right marketing automation tool is crucial.
This blog post will help you explore the best marketing automation platforms for 2026, offering an in-depth look at their features, pros and cons, and the scenarios in which they work best.
Top 10 Marketing Automation Platforms Tools for 2026
1. HubSpot Marketing Hub
Short Description: HubSpot’s Marketing Hub is an all-in-one solution for inbound marketing. It helps businesses attract visitors, convert leads, and close customers with a robust set of tools. Key Features: Comprehensive CRM integration Email marketing automation Social media management Lead tracking and nurturing Customizable workflows A/B testing and analytics Marketing reporting and dashboards Pros: User-friendly interface Excellent customer support Extensive educational resources Cons: Can be expensive for small businesses Limited customization in lower-tier plans 2. Marketo Engage
Short Description: Marketo Engage, an Adobe product, provides powerful marketing automation features tailored for B2B businesses. It is well-suited for large enterprises and teams looking for robust analytics and integrations. Key Features: Lead management and nurturing Advanced segmentation and targeting Campaign management Cross-channel marketing automation Predictive analytics Integration with Salesforce Email and content personalization Pros: Scalability for enterprise needs Advanced reporting and analytics Strong customer engagement features Cons: Steeper learning curve Pricing may be prohibitive for small businesses 3. ActiveCampaign
Short Description: ActiveCampaign focuses on email marketing automation, CRM, and customer experience automation. It is known for its affordability and suitability for small to mid-sized businesses. Key Features: Email automation and segmentation Sales CRM integration Customer relationship management Dynamic content personalization Lead scoring and tracking Multi-channel marketing (email, SMS, social) Pros: Great for small businesses and startups Affordable pricing Easy-to-use interface Cons: Limited A/B testing features Basic reporting capabilities in lower plans 4. Pardot
Short Description: Pardot, Salesforce’s marketing automation platform, is designed for B2B organizations looking to align their marketing and sales teams. It’s ideal for companies already using Salesforce CRM. Key Features: Lead management and scoring Automated email campaigns CRM integration with Salesforce Detailed reporting and analytics ROI tracking Customizable landing pages and forms Pros: Seamless Salesforce integration Robust analytics and reporting High customization options Cons: Can be complex for beginners High cost for smaller businesses 5. Mailchimp
Short Description: Known for its email marketing capabilities, Mailchimp also offers a suite of marketing automation tools, making it suitable for small businesses and startups looking for a simple yet effective platform. Key Features: Email marketing automation Audience segmentation Social media ads and analytics A/B testing Landing pages and forms E-commerce integrations Pros: Affordable for startups Easy-to-use interface Free tier available Cons: Limited features in lower-tier plans Lacks more advanced automation compared to competitors 6. Sendinblue
Short Description: Sendinblue is a versatile marketing platform that offers email marketing, SMS marketing, and customer relationship management (CRM) in one package. Key Features: Email and SMS marketing automation Transactional email capabilities CRM integration Lead scoring and segmentation A/B testing Advanced reporting Pros: Great for multi-channel campaigns Excellent value for money Advanced segmentation options Cons: Interface can be a bit overwhelming Limited integrations compared to larger platforms 7. GetResponse
Short Description: GetResponse is an email marketing automation tool with added features like webinar hosting, landing page creation, and e-commerce integration. It’s perfect for both beginners and advanced marketers. Key Features: Email marketing and automation Webinars and online event hosting Landing page builder E-commerce automation A/B testing CRM and segmentation Pros: Affordable pricing Excellent for webinar marketing Easy-to-use drag-and-drop editor Cons: Limited reporting features Some features are only available in higher-tier plans 8. SharpSpring
Short Description: SharpSpring offers robust marketing automation features tailored for agencies and businesses that need custom workflows, detailed tracking, and integrated CRM solutions. Key Features: Behavioral-based email automation Advanced segmentation Dynamic content personalization Social media management CRM integration Landing page and form builder Pros: Great for agencies and SMBs Affordable pricing Flexible and customizable workflows Cons: Steep learning curve Some integrations require extra setup 9. Ontraport
Short Description: Ontraport is designed for small businesses, offering a combination of CRM, marketing automation, and e-commerce tools in one platform, focusing on lead management and customer engagement. Key Features: Lead tracking and automation Sales pipeline management E-commerce integrations Marketing automation workflows Analytics and reporting Pros: User-friendly interface Strong customer support Great for small businesses with complex needs Cons: Lacks some advanced features for larger businesses Can be expensive for smaller teams 10. Keap (formerly Infusionsoft)
Short Description: Keap offers CRM and marketing automation for small businesses. Its features include email marketing, appointment scheduling, invoicing, and more, tailored to entrepreneurs and small businesses. Key Features: CRM and sales automation Email marketing campaigns Appointment scheduling Lead scoring and segmentation E-commerce integration Pros: Great for small businesses and entrepreneurs Excellent customer support User-friendly setup Cons: Lacks some advanced automation features Can be expensive for small businesses 11. Nas.io 
Short Description: Nas.io is an AI-powered, all-in-one platform that helps solopreneurs, creators, and small businesses attract customers and sell digital products without a large marketing team. It combines lead generation, landing pages, email marketing, ads, and simple sales tools in a single dashboard.
Key Features:
AI-driven lead generation and targeting One-click landing page builder Email marketing automation Ads management and optimization Simple sales and payment modules Automated digital product delivery Pros:
Easy setup and intuitive interface for non-technical users Can acquire customers even without an existing audience Fully integrated tools in one platform, reducing complexity AI-powered automation saves time and effort Cons:
May be less suitable for large enterprises with complex marketing needs Limited advanced analytics compared to enterprise-grade platforms Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingG2/Capterra RatingHubSpotSMBs, EnterprisesWeb, iOS, AndroidAll-in-one inbound marketingStarts at $50/month4.5/5MarketoLarge EnterprisesWeb, iOS, AndroidAdvanced segmentationCustom Pricing4.3/5ActiveCampaignSMBsWeb, iOS, AndroidAffordable pricingStarts at $9/month4.7/5PardotB2B OrganizationsWeb, iOS, AndroidSalesforce integrationStarts at $1,250/month4.2/5MailchimpStartups, SMBsWeb, iOS, AndroidFree tier, email automationFree/Starts at $10/month4.5/5SendinblueSMBsWeb, iOS, AndroidMulti-channel campaignsStarts at $25/month4.6/5GetResponseSmall BusinessesWeb, iOS, AndroidWebinar hostingStarts at $15/month4.5/5SharpSpringAgencies, SMBsWeb, iOS, AndroidFlexible workflowsStarts at $550/month4.4/5OntraportSMBsWeb, iOS, AndroidCRM and e-commerce integrationStarts at $79/month4.3/5KeapSmall BusinessesWeb, iOS, AndroidCRM and automation comboStarts at $79/month4.6/5 Which Marketing Automation Platform Tool is Right for You?
When choosing a marketing automation platform, consider factors like company size, industry needs, budget, and the specific features that are most important to you. For instance:
Small businesses may find tools like ActiveCampaign, Mailchimp, or Keap ideal due to their affordability and simplicity. Enterprises with complex needs might opt for Marketo Engage or Pardot due to their robust analytics and integration features. B2B marketers might prefer Marketo or HubSpot for lead nurturing and customer relationship management. Conclusion
Marketing automation platforms are an essential part of any modern marketing strategy, providing the tools to automate repetitive tasks, streamline workflows, and optimize customer engagement. As the marketing landscape continues to evolve, these top tools for 2026 offer diverse features to suit businesses of all sizes. Whether you’re a small business or a large enterprise, there’s a solution out there to help you enhance your marketing efforts, improve ROI, and deliver personalized experiences at scale.
We encourage you to explore these tools with demos or free trials to determine which one fits best with your marketing goals.
FAQs
1. What is a marketing automation platform?
A marketing automation platform automates repetitive marketing tasks such as email campaigns, social media posting, and lead nurturing, helping businesses improve efficiency and scale their marketing efforts.
2. How do I choose the best marketing automation tool?
Consider factors such as business size, budget, necessary features, and integrations with other tools when choosing the right platform.
3. Can I integrate a marketing automation platform with my CRM?
Yes, many platforms, including HubSpot, Marketo, and Pardot, offer seamless integration with popular CRMs such as Salesforce.
4. Are there any free marketing automation tools?
Yes, tools like Mailchimp offer free tiers with basic email marketing features, suitable for small businesses or startups.
5. What is the most affordable marketing automation platform?
ActiveCampaign and Mailchimp are among the most affordable options for small businesses, with pricing starting as low as $9/month.
View the full article

• 0 comments
• 46 views

reporter

January 30Jan 30

Badges, Bytes and Blackmail

Badges, Bytes and Blackmail

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasinglyView the full article

• 0 comments
• 43 views

Hacker News

January 30Jan 30

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containingView the full article

• 0 comments
• 53 views

Hacker News

January 30Jan 30

The CSO guide to top security conferences

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2025.
From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you. We’ll keep it updated with new conferences so check back often. While we don’t expect this calendar to be comprehensive, we do aim to have it be highly relevant. If there’s something we’ve missed, let us know. You can email your additions, corrections and updates to Samira Sarraf>.
February 2026
Cybersec Asia Shield your Core, Bangkok, Thailand: 4-5 February
Intellic0n, Texas, US: 5-6 February
CruiseCon, departs from Florida, US: 7-12 February
HackCon, Oslo, Norway: 9-10 February
#CS4CA ANZ, Perth, Australia: 10-11 February
Planet Cyber Sec Conference, California, US: 11 February
Detroit Cybersecurity Conference, Michigan, US: 19 February
BSidesGalway, Galway, Ireland: 21 February
Cosac APAC, Melbourne, Australia: 24-26 February
St. Louis Futurecon Cybersecurity, Missouri, US: 26 February
Malware and Reverse Engineering Conference MRE 2025, Melbourne, Australia: 26-27 February
BSides Seattle, Washington State, US: 27-28 February
BSides Ballarat, Melbourne, Australia: 28 Feb-1 March
March 2026
Cloud & Cyber Security Expo, London, UK: 4-5 March
@Hack, Montreal, Canada: 7-8 March
Gartner Security & Risk Management Summit, Mumbai, India: 9- 10 March
Gartner Identity & Access Management Summit, London, UK: 9-10 March
Billington State and Local CyberSecurity Summit, Washington, DC, US: 9-11 March
Critical Infrastructure Protection & Resilience North America, Louisiana, US: 10-12 March
FutureCon Tampa, Florida, US: 12 March
Next IT Security, Stockholm, Sweden: 12 March
CyberBay 2026, Florida, US: 12-13 March
Gartner Security & Risk Management Summit, Sydney, Australia: 16-17 March
SANS OSINT Summit & Training, virtual and Virginia, US: 16-22 March
SecureWorld Charlotte, North Carolina, US: 18 March
FutureCon Philadelphia, Pennsylvania, US: 19 March
ASIS Europe, Antwerp, Belgium: 23-25 March
Security Leadership 2026, Utrecht, Netherlands: 24 March
InCyber Forum Europe, Lille, France: 31 Mar – 2 April
April 2026
Cyphercon, Wisconsin, US: 1-2 April
Gartner Security & Risk Summit, Dubai, UAE: 5-7 April
SecureWorld Boston, Massachusetts, US: 8-9 April
SpecterOps SO-CON 2025, Virginia, US: 13-14 April
Next IT Security, Amsterdam, Netherlands: 16 April
Aus Gov Data Summit, Canberra, Australia: 21-23 April
Black Hat Asia, Marina Bay Sands, Singapore: 21-24 April
Third Party and Supply Chain Cyber Security Summit, Munich, Germany: 22-24 April
SecureWorld Houston, Texas, US: 30 April
May 2026
CyberSecFest SP, São Paulo, Brazil: May TBC

View the full article

• 0 comments
• 65 views

CSOonline

January 30Jan 30

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub APIView the full article

• 0 comments
• 51 views

Hacker News

January 30Jan 30

Human risk management: CISOs’ solution to the security awareness training paradox

Human risk management: CISOs’ solution to the security awareness training paradox

Cybersecurity guru Bruce Scheier is often quoted as saying, “People are the weakest link in the security chain.” No more accurate words have ever been spoken about cybersecurity. You can spend millions of dollars on firewalls, endpoint security tools, access controls, and data encryption, but one employee can cause a catastrophic security breach, simply by downloading a malicious file or clicking on a rogue link.
Industry research indicates that 70% to 90% of breaches are the result of employees succumbing to social engineering, making skills-based errors, sharing sensitive data with shadow IT services, or through a compromise of a privileged user. Oh, and things seem to be getting worse as adversaries adopt sophisticated AI-based attacks like deepfakes.
Of course, this problem is well known. As a countermeasure, organizations spent around $6 billion on security awareness training (SAT) in 2025. While some firms did so as a best practice, most did so to comply with industry or government regulations such as HIPAA (requires a “security awareness and training program” for all workforce members per 45 CFR § 164.308), GDPR (article 39(1)(b) tasks data protection officers with “awareness-raising and training of staff”), PCI (requirement 12.6 mandates a formal program to make all personnel aware of cardholder data security), and many others.
Industry research indicates that SAT expenses will increase by an estimated 15% per year as organizations continue to invest in what Gartner calls “security behavior and culture programs.”
The security awareness training paradox
While security awareness training has become a CISO and HR staple, it continues to have questionable efficacy. Some organizations treat SAT as a checkbox exercise for regulatory compliance, with little regard to its value. Employees exacerbate this folly through “compliance theater,” clicking through tutorials as fast as possible to get them out of their way. Even studious employees can suffer from the “forgetting curve,” a psychological model that illustrates how information is lost over time when there is no attempt to retain it.
In some cases, SAT can even be counterproductive. In some studies, employees who receive high grades with security awareness training become overly confident and complacent with their security behavior.
In my humble opinion, there’s a disillusioning situation here I call the security awareness training paradox. Despite regulatory compliance requirements and significant investment, SAT seems to deliver marginal benefits.
Clearly, SAT is broken — even with peripheral improvements like synthetic phishing tools. So, what’s needed? Over the next few years, organizations should shift from static/sporadic security training to an emerging discipline called human risk management (HRM).
What is human risk management?
HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).
To be more specific, HRM integrates into email security tools, web gateways, and identity and access management (IAM) systems to identify human vulnerabilities. Furthermore, it measures risk using behavioral data and pinpoints an organization’s riskiest users. HRM then seeks to mitigate these risks by applying targeted interventions such as micro-learning, simulations, or automated security controls. Finally, HRM monitors behavioral changes so organizations can track progress.
There’s a misconception out there that HRM and SAT are different animals, so organizations interested in HRM must budget for both. Wrong. In fact, leading HRM solutions from vendors such as Fable Security, KnowBe4, and Mimecast offer HRM products chock full of standard SAT material. They even provide specific training support for regulatory compliance requirements.
Democratizing security training with AI
I know what you’re thinking. HRM sounds like the latest buzz term coined by the cybersecurity industry marketing glitterati. Yeah, kind of true, but generic HRM has an AI-based partner riding shotgun. And unlike general industry AI hype, there’s research and expert agreement that AI is well positioned to change education as we know it.
In his book Co-Intelligence: Living and Working with AI, University of Pennsylvania professor Ethan Mollick suggests that AI will deliver personalized learning at scale where AI acts as a “Socratic tutor” that “nudges” students toward excellence, provides simulations and role plays, and offers persona-based learning. In an HRM context, a “nudge” can be thought of as continuous micro-learning. A user clicks on a malicious link and is guided toward an appropriate security lesson aimed at reinforcing good hygiene and behavior.
Armed with AI, HRM will also understand habits and ways of learning. For example, Alice tends to learn best through written descriptions while Bob prefers watching videos. Leading HRM tools can also role play with users, gamifying cybersecurity training and playing on their competitive nature. Thus, HRM (with AI) has the potential to democratize expertise in a new and unique way.
From an ROI perspective, HRM offers a much more granular approach to cyber-risk mitigation than standard SAT. CISOs and HR managers can report on improved cyber hygiene and behavior, rather than how many employees have been trained and past generic tests. Repeat offenders are not only identified but also provided with personalized training tools and attention. Ultimately, HRM makes it possible to show a direct correlation between training and a reduction in actual security incidents.
To quote Aristotle, “We are what we repeatedly do. Excellence, then, is not an act, but a habit.” HRM is intended to personalize training to change behavior and habits. If Aristotle were a CISO, he’d surely see the logic in moving from generic SAT to HRM.
View the full article

• 0 comments
• 40 views

CSOonline

January 30Jan 30

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score:View the full article

• 0 comments
• 58 views

Hacker News

January 30Jan 30

Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits

Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits

Shadow AI, the secret, unapproved use of AI by employees, isn’t going away. In fact, workers are getting more brazen, and their employers often don’t seem to care.
In a new BlackFog survey, nearly half (49%) of workers admit to adopting AI tools without employer approval, many using free versions with which they are freely sharing sensitive enterprise data.
But perhaps more alarmingly, a wide majority — 69% of presidents and C-suite members and 66% of directors and senior VPs — seem to be OK with this, prioritizing speed over privacy as they race to adopt AI tools.
“The efficiency gains and personnel cost savings are too large to ignore, and override any security concerns,” said Darren Williams, BlackFog founder and CEO. The research is a “stark indication” of the wide use of unapproved AI tools in the enterprise, and also the “level of risk tolerance amongst employees and senior leaders.”
Shadow AI by the numbers
The survey of 2,000 workers at companies with more than 500 employees found that shadow AI is rampant, and not much is being done to rein it in. Of those surveyed, 86% said they use AI on a weekly basis at work, the most common use cases being in technical support, sales (such as email marketing), and contracts. But more than one-third of them admitted to using the free versions of company-approved tools, raising questions about where sensitive corporate data is being stored and processed.
Furthermore:
51% have connected AI tools to work systems or apps without the approval or knowledge of IT; 63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight; 60% say speed is worth the security risk; 21% think employers will simply “turn a blind eye” as long as they’re getting their work done. And the C-suite’s own use of shadow tools? That’s a little more difficult to gauge; they’re close-lipped about it, indicating a wider problem, Williams noted. “Senior executives often don’t want to admit they are using AI,” he said. Instead, they’re trying to prove how valuable they are without disclosing their own AI use.
Just like workers elsewhere in the enterprise, “senior leaders are able to get more done faster than ever” with AI, he noted. For instance, he said, “you can draft a legal contract in seconds and get a lawyer to review, rather than spend weeks drafting and redrafting using external counsel.”
Concerningly, when it comes to the tools workers are using, free versions tend to be the most popular. More than half (58%) of employees using non-approved tools rely on free versions, and 34% of those working at companies that do allow AI tools are also opting for the free version.
“Non-paid is almost certainly worse because of the licensing and business models around them,” said Williams. “There is always a cost to using free tools; in this case it’s the value of your data.”
And employees are not shy about loading sensitive data into unsanctioned AI tools: 33% admit to sharing enterprise research or datasets; 27% to revealing employee data (such as salary or performance tracking); 23% to inputting company financial information.
This becomes dangerous because virtually all free tools use ingested data to train their models, and some of the lower-tiered paid tools do, too, Williams pointed out. “And,” he said, “you cannot get this information back.” Paid enterprise plans typically allow companies to turn off training on their data, but not always. Admins must check this with their large language model (LLM) providers.
“The big problem is the loss of intellectual property,” said Williams. And threat actors can get access to this information to profile and target an organization, breach their networks, and exfiltrate confidential data for extortion.
“The more data that is disclosed to LLMs, the more information is available [to threat actors] to build a better profile,” Williams noted.
Enterprises must build policies around AI use
Many CEOs have been mandating AI adoption and are allocating capital throughout the business for this purpose, Williams noted. Executives are looking for cost savings as a strategic advantage and a way to quickly return shareholder value.
Unfortunately, security is an afterthought, he said. “Many companies have just chosen to ignore the problem, and have decided not to create a policy or see the value in paying for the technology, which is a very big mistake.”
Organizations are “flying blind,” and 99% have no way of even knowing what is happening in their environments because there are no products in place to measure it, he observed. This should raise serious red flags for security teams, and there must be greater oversight and visibility into these security blind spots.
Williams advised enterprises to audit what is going on inside their systems, measure the scope of the problem, define policies around AI use, and adopt governance frameworks to control it.
Further, employees must be made aware of the risks. Many, CISOs included, don’t actually understand the extent of the problem and its broader implications. “Education is essential and doesn’t require a lot of work,” said Williams. On the other hand, implementing a policy and framework does, and enterprises first need to decide what risks they are willing to live with.
Ultimately, he said, we are navigating an unprecedented time in history, with new technology advancing at such a rapid pace that the technologists themselves don’t even know where it is going. Enterprises must quickly understand the implications, and use AI responsibly to gain a strategic advantage.
“Just as the industrial revolution and the internet changed the way we worked, AI is doing the same,” said Williams. “In fact, we expect this to be an even bigger shift than either of those transitions.”
This article originally appeared on CIO.com.

View the full article

• 0 comments
• 45 views

CSOonline

January 30Jan 30

ShinyHunters ramp up new vishing campaign with 100s in crosshairs

ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Notorious extortion group ShinyHunters released tens of GB of files it claims to have stolen from dating apps Hinge, Match, OkCupid and Bumble. While there is no official confirmation about how the companies were breached, researchers believe the group’s activities triggered a recent Okta advisory about a rise in voice-based social engineering attacks supported by automated phishing kits.
The latest data leak that impacts dating services and apps come after the group had recently posted files stolen from SoundCloud, CrunchBase, Betterment, CarMax, Edmuns.com, and Panera Bread, suggesting the list of victims could be or grow larger.
CSO
In operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known brands and organizations over the years. The group’s known techniques involve impersonating IT staff to compromise employee accounts.
Last September, security companies reported that ShinyHunters joined forces with two other notorious hacker groups, LAPSUS$ and Scattered Spider. The data dumps over the past week are likely the result of a much larger hacking spree the new collective has been engaged in recently.
Security firm Silent Push detected new phishing infrastructure that matches the tactics, techniques, and procedures (TTPs) of SLSH (Scattered LAPSUS$ Hunters) being set up to target more than 100 high-value organizations in the past month. The infrastructure involves a “Live Phishing Panel” that allows attackers to perform a man-in-the-middle attack on login sessions in real-time with the goal of capturing credentials and multi-factor authentication (MFA) tokens for single sign-on (SSO) platforms, including Okta.
“We are aware of claims being made online related to a recently identified security incident,” a Match Group spokesperson told CSO. “Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access.”
“We continue to investigate with the assistance of external cybersecurity experts,” the company said. “There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate.”
Bumble and Panera Bread did not respond to requests for comment.
Phishing kits designed for voice attacks
Okta warned last week about an increase in attacks against Okta, Microsoft, and Google accounts that are enabled by commercial phishing kits specifically designed to make voice-based social engineering attacks more effective.
Phishing kits are collections of automated tools, scripts, and website templates that allow cybercriminals to create fake websites and launch credential-stealing attacks. However, when victims use MFA, the success of these tools can be quite low because the attackers can’t guess what type of MFA an account has enabled. Is it a code generated by a mobile app? Is it a code sent via SMS? Is it a push notification sent to their mobile device that they must tap on? Websites can offer multiple MFA options and it’s up to users and companies to configure them.
But when combined with voice calling, also known as voice phishing or vishing, these attacks become much more powerful, because the attacker can test the user’s credentials in real-time on the legitimate site, see what MFA type they get prompted for, and modify their phishing page in real-time.
“This real-time session orchestration provides a new level of control and visibility to the social engineer,” Okta researchers said. “If presented a push notification (type of MFA challenge), for example, an attacker can verbally tell the user to expect a push notification, and select an option from their C2 panel that directs their target’s browser to a new page that displays a message implying that that a push message has been sent, lending plausibility to what would ordinarily be a suspicious request for the user to accept a challenge the user didn’t initiate.”
These hybrid attacks can also defeat one of the more powerful MFA techniques designed to counter the automated phishing of MFA codes: push notifications that ask users to input into their mobile authenticator app a number generated by the legitimate website, instead of inputting on the website a number generated by the app.
This fails with automated attacks because if the user sees a phishing page instead of the legitimate website, they don’t know what number to enter inside their authenticator app. But an attacker on the phone with them can tell them — or can modify the phishing site on-the-fly to display the number they know the legitimate website expects.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, told CSO that the vishing techniques described by Okta in its advisory align with ShinyHunters’ known TTPs: impersonating IT support, real-time MFA bypass via phishing kits, credential/session token theft, SaaS data exfiltration.
Gal also noted that he checked the newly leaked data and it matches the named victim companies, which is consistent with previous ShinyHunters claims and releases.
Mitigation
The Okta report has links to previous advisories that include both indicators of compromise and TTPs for known actors targeting SSO logins. Meanwhile, Silent Push advises organizations to inform employees about the ongoing ShinyHunters attacks so they are on alert in case they do get contacted by callers.
Companies should ask employees to verify IT support calls through an official out-of-band channel and should audit their operations support system (OSS) provider logs regularly for events indicating new devices being enrolled to accounts followed by logins from new IP addresses.
View the full article

• 0 comments
• 50 views

CSOonline

January 29Jan 29

Apple Was Caught Off Guard by AirPods Pro 3 Popularity

Apple Was Caught Off Guard by AirPods Pro 3 Popularity

AirPods Pro 3 demand was so strong after they launched in September last year that Apple's CEO Tim Cook said the company was caught off guard.


"AirPods Pro 3 were supply-constrained during the quarter, and we think we would have grown year over year if we would not have been constrained," Cook told The Wall Street Journal, in a report published alongside Apple's record-breaking earnings results for the fourth quarter of the 2025 calendar year.

AirPods Pro 3 no longer have any extended delivery delays on Apple's online store, so it would appear that Apple has caught up on supply by now.

AirPods Pro 3 feature increased active noise cancellation, improved sound quality, longer battery life per charge, heart rate monitoring during workouts, improved fit for many users, increased water resistance, a new XXS ear tip size, and more.Related Roundup: AirPods Pro 3Buyer's Guide: AirPods Pro (Buy Now)Related Forum: AirPods
This article, "Apple Was Caught Off Guard by AirPods Pro 3 Popularity" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 29Jan 29

Apple Responds to Fast-Rising RAM and Storage Chip Prices

Apple Responds to Fast-Rising RAM and Storage Chip Prices

On an earnings call with equity analysts today, Apple CEO Tim Cook responded to fast-rising RAM and SSD storage prices in the supply chain.


Cook said that rising memory chip prices had a "minimal impact" on Apple's gross margin in the fourth quarter of the 2025 calendar year, but he does expect a "bit more of an impact" on the company's gross margin in the current quarter.

Cook added that Apple is aware of the rising prices and "will look at a range of options to deal with that" over the long term, if necessary.

Apple reported record-breaking revenue of $143.8 billion last quarter, up 16% year-over-year, and it is predicting similar 13% to 16% year-over-year growth and gross margin of 48% to 49% in the current quarter, so the company is still reporting impressive earnings results despite concerns surrounding memory chip prices.
This article, "Apple Responds to Fast-Rising RAM and Storage Chip Prices" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 29Jan 29

Apple Reaches Massive New Number of Active Devices

Apple Reaches Massive New Number of Active Devices

There are now more than 2.5 billion active Apple devices, the company announced today.


"We are also excited to announce that our installed base now has more than 2.5 billion active devices, which is a testament to incredible customer satisfaction for the very best products and services in the world," said Apple CEO Tim Cook, in a press release announcing the company's record-breaking earnings results.

Apple said it had more than 2.35 billion active devices in the year-ago quarter, and the number continues to rise. It shows that Apple has a massive opportunity to sell services, ranging from Apple Music subscriptions to iCloud+ storage plans.
This article, "Apple Reaches Massive New Number of Active Devices" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 29Jan 29

Apple CEO Tim Cook Says iPhone Demand Was 'Simply Staggering' Towards End of 2025

Apple CEO Tim Cook Says iPhone Demand Was 'Simply Staggering' Towards End of 2025

Apple today reported earnings results for the fourth quarter of the 2025 calendar year, including record-breaking $143.8 billion revenue that was up 16% year-over-year. These results were driven in part by exceptionally strong iPhone sales.


iPhone revenue in the quarter was $85.2 billion, a new all-time high. That is up from $69.1 billion in the year-ago quarter, a 23% increase.

"iPhone had its best-ever quarter driven by unprecedented demand, with all-time records across every geographic segment," said Apple CEO Tim Cook, in Apple's press release announcing its earnings results. Cook told CNBC's Steve Kovach that demand for the iPhone last quarter was "simply staggering" and beat Apple's expectations.

The latest iPhone lineup includes the iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max. Apple does not break down iPhone revenue on a model-by-model basis, and it did not comment on which models were most popular last quarter.

The quarter encompassed the 2025 holiday shopping season, so it is safe to say that a lot of people were gifted a shiny new iPhone last month.Related Roundups: iPhone 17, iPhone 17 Pro, iPhone AirBuyer's Guide: iPhone 17 (Neutral), iPhone 17 Pro (Neutral), iPhone Air (Buy Now)Related Forum: iPhone
This article, "Apple CEO Tim Cook Says iPhone Demand Was 'Simply Staggering' Towards End of 2025" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 34 views

reporter

January 29Jan 29

Apple Reports Record-Setting 1Q 2026 Results: $42.1B Profit on $143.8B Revenue

Apple Reports Record-Setting 1Q 2026 Results: $42.1B Profit on $143.8B Revenue

Apple today announced financial results for the first fiscal quarter of 2026, which corresponds to the fourth calendar quarter of 2025.


For the quarter, Apple posted revenue of $143.8 billion and net quarterly profit of $42.1 billion, or $2.84 per diluted share, compared to revenue of $124.3 billion and net quarterly profit of $36.3 billion, or $2.40 per diluted share, in the year-ago quarter.

Apple set all-time records during the quarter for total revenue, earnings per share, iPhone revenue, and services revenue. Total revenue was up 16 percent year-over-year, while earnings per share rose by 19 percent.

Gross margin for the quarter was 48.2 percent, compared to 46.9 percent in the year-ago quarter. Apple also declared a quarterly dividend payment of $0.26 per share, payable on February 12 to shareholders of record as of February 9.As has been the case for over five years now, Apple is once again not issuing guidance for the current quarter ending in March.


Apple will provide live streaming of its fiscal Q1 2026 financial results conference call at 2:00 pm Pacific, and MacRumors will update this story with coverage of the conference call highlights.

Conference call starts at 2:00 p.m. Pacific - No need to refresh
Loading live updates...

Tag: Earnings
This article, "Apple Reports Record-Setting 1Q 2026 Results: $42.1B Profit on $143.8B Revenue" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 29Jan 29

Apple Called Out in New 'Encrypt It Already' Campaign

Apple Called Out in New 'Encrypt It Already' Campaign

The non-profit Electronic Frontier Foundation (EFF) today launched an "Encrypt It Already" campaign that calls on tech companies such as Apple, Google, Meta, and others to implement or expand end-to-end encryption on their platforms.


iCloud already provides end-to-end encryption for more than a dozen data categories by default. For users looking for additional protection, Apple offers an optional feature called Advanced Data Protection, which extends end-to-end encryption to iCloud Backup, Notes, Photos, Voice Memos, and more. But, the EFF wants Apple to go further.

For example, the EFF said Apple and Google should deliver on a promise to implement end-to-end encryption for RCS messaging. Last year, Apple said it planned to add support for end-to-end encrypted RCS messages to the Messages app in future iOS, iPadOS, macOS, and watchOS updates, but it did not provide a specific timeframe.

Starting with the iOS 26.3 beta, Apple appears to be laying the groundwork for carriers to be able to support end-to-end encryption for RCS messaging.

iMessage has already supported end-to-end encryption by default since 2011.

The EFF also called on Apple and Google to offer users per-app AI permissions, so Apple Intelligence and Google Gemini can be turned off in certain apps.

The non-profit organization said it is also important how tech companies communicate new implementations of end-to-end encryption. It encouraged the companies to write blog posts that summarize key details, publish technical papers and user documentation that go into further detail, and follow best practices for data minimization.

The EFF encourages people to use Apple's feedback form to let the company know that additional end-to-end encryption support is important to them.Tag: EFF
This article, "Apple Called Out in New 'Encrypt It Already' Campaign" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 29 views

reporter

January 29Jan 29

MacBook Pro: What to Know as Wait Continues for M5 Pro and M5 Max

MacBook Pro: What to Know as Wait Continues for M5 Pro and M5 Max

The launch of Apple Creator Studio on Wednesday would have been a fitting opportunity for Apple to unveil new MacBook Pro models with M5 Pro and M5 Max chips, but unfortunately it looks like that was nothing more than wishful thinking.


For now, all we have is a broad timeframe from Bloomberg's Mark Gurman, who expects new MacBook Pro models "in the first half of the year."

The next window for Apple to update the MacBook Pro might be tied to the upcoming release of macOS 26.3. In October, AppleInsider's Marko Zivkovic said the MacBook Pro models with M5 Pro and M5 Max chips are "expected to ship with macOS 26.3," at least as of the time that he wrote that. macOS 26.3 remains in beta testing, but it should be coming out soon, with a public release expected in the first half of February.

Like the Apple Creator Studio launch, though, the release of macOS 26.3 could come and go without any new MacBook Pro models. But, until a more specific release date is rumored, this is all we have to go on for now.

Keep in mind that Apple's marketing chief Greg Joswiak has often put out a social media teaser for upcoming launches lately, including for the 14-inch MacBook Pro with the standard M5 chip most recently. He did not put out a teaser before the new AirTag, but that was merely an accessory. So, perhaps we will have to wait for that.

Beyond the M5 Pro and M5 Max chips, the next MacBook Pro models are not expected to have any major changes. We recommend skipping the next models, unless you really need to upgrade, as the MacBook Pro is expected to receive a major redesign with an OLED touch screen, a thinner case, and more as soon as late 2026.

While reports have said there is a chance that the redesigned MacBook Pro does not arrive until 2027, there is precedent for two MacBook Pro refreshes in one year. In 2023, Apple released MacBook Pro models with M2 Pro and M2 Max chips in January, followed by models with M3 Pro and M3 Max chips in October.

In the meantime, the wait for the models with the M5 Pro and M5 Max chips continues.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "MacBook Pro: What to Know as Wait Continues for M5 Pro and M5 Max" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 29Jan 29

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside theView the full article

• 0 comments
• 41 views

Hacker News

January 29Jan 29

Apple Just Made Its Second-Biggest Acquisition Ever After Beats

Apple Just Made Its Second-Biggest Acquisition Ever After Beats

Apple today confirmed to Reuters that it has acquired Q.ai, an Israeli startup that is working on artificial intelligence technology for audio.


Apple paid close to $2 billion for Q.ai, according to sources cited by the Financial Times. That would make this Apple's second-biggest acquisition ever, after it paid $3 billion for the popular headphone and audio brand Beats in 2014.

Q.ai has developed technology that can "analyze facial expressions" to understand "silent speech," according to the Financial Times.

"Patents filed by Q.Ai show its technology being used in headphones or glasses, using 'facial skin micro movements' to communicate without talking," the report said, adding that this could pave the way for "non-verbal discussions" with Siri.

Q.ai CEO Aviad Maizels previously founded another Israeli startup, PrimeSense, which was also acquired by Apple in 2013. Apple used PrimeSense's technology to develop Face ID, which debuted on the iPhone X in 2017.

Q.ai's founding team will join Apple, including Maizels, Yonatan Wexler, and Avi Barliya.

Apple's chipmaking chief Johny Srouji described Q.ai as "a remarkable company that is pioneering new and creative ways to use imaging and machine learning," in a statement shared with Reuters. "We're thrilled to acquire the company, with Aviad at the helm, and are even more excited for what's to come."

This acquisition comes as Apple's former design chief Jony Ive has been working with OpenAI on a new AI device, and as other companies like Meta have released AI-powered devices such as the Meta Ray-Ban glasses with an in-lens display.Tags: Apple Acquisition, Financial Times
This article, "Apple Just Made Its Second-Biggest Acquisition Ever After Beats" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 39 views

reporter

January 29Jan 29

AirTag 1 vs. AirTag 2 Buyer's Guide: All 15+ Differences Compared

AirTag 1 vs. AirTag 2 Buyer's Guide: All 15+ Differences Compared

Apple's new AirTag introduces a series of small improvements, so how does it compare to the original model from 2021?


The second-generation ‌AirTag‌ arrives five years after the original, bringing improvements to tracking range, speaker output, and internal design while retaining the same outward design and accessory compatibility. At the same time, first-generation AirTags remain available from some retailers at reduced prices, raising the question of whether the newer model is worth choosing over the original, or whether the earlier ‌AirTag‌ still makes sense as a lower-cost option.

The comparison below outlines every difference between the two generations, including Apple-announced feature upgrades and hardware changes identified through teardowns. While both models perform the same core function of tracking items through the Find My network, there are some small differences worth noting:



‌AirTag‌ (first-generation, 2021)
‌AirTag‌ (second-generation, 2026)


First-generation Ultra Wideband chip
Second-generation Ultra Wideband chip


Shorter Precision Finding range
Up to 50% farther Precision Finding range


Precision Finding on iPhone only
Precision Finding on ‌iPhone‌ and Apple Watch (Series 9 and later and Ultra 2)


Earlier Bluetooth implementation
Upgraded Bluetooth with increased range


Bluetooth identifiers rotate at standard intervals
Bluetooth identifiers rotate more frequently


Standard speaker volume
Up to 50% louder speaker


Chime note in F
Chime note in G


Works on earlier supported iOS versions
Requires iOS 26.2.1 or later


Reset without a required wait between battery removals
Reset requires battery out for at least five seconds each cycle


11g weight
11.8g weight (around 7% heavier)


Back text listing "Assembled in China" and "Designed by Apple"
Back text in all-caps listing IP67, NFC, and ‌Find My‌


Thicker main PCB
Thinner main PCB with revised battery connectors, and additional test pads and markings


Smaller speaker coil
Slightly larger speaker coil


Speaker magnet more easily removable
Speaker magnet more firmly secured and harder to remove


Wider box with flat printed text and plastic pull tabs
Redesigned narrower box with updated artwork, raised UV printed text, and paper pull tabs


Folio-style inner tray holding up to two rows of two AirTags
Redesigned inner tray with simpler design holding up to four AirTags




For buyers choosing between the two ‌AirTag‌ models, the decision depends less on basic tracking and more on how and where an ‌AirTag‌ is typically used. Both generations rely on the same ‌Find My‌ network for long-distance location updates, offer similar battery life, and work with the same accessories, so neither model is considerably better for general item tracking.

The second-generation ‌AirTag‌ is likely to benefit users who frequently rely on Precision Finding rather than approximate location. The extended Ultra Wideband range makes it easier to determine the specific location of items, while the louder speaker improves audibility in noisy spaces or when an ‌AirTag‌ is buried inside a bag or suitcase. Support for Precision Finding on compatible Apple Watch models also makes the newer ‌AirTag‌ more convenient for users who often leave their ‌iPhone‌ behind.

The first-generation ‌AirTag‌ remains a practical option for the overwhelming majority of use cases, such as tracking keys, backpacks, or household items that are usually misplaced within short distances. If available at a meaningful discount, it may offer better value for users who do not need Precision Finding at extended range, do not use an Apple Watch for item location, or simply want basic ‌Find My‌ functionality at the lowest cost.

For existing ‌AirTag‌ owners, there is certainly no pressing need to upgrade. For new buyers, the second-generation ‌AirTag‌ simply offers the most complete feature set and greater flexibility going forward, acting as a moderate specification bump over the previous model.Tag: AirTag
This article, "AirTag 1 vs. AirTag 2 Buyer's Guide: All 15+ Differences Compared" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 35 views

reporter

January 29Jan 29

Here's Everything Apple Released This Week

Here's Everything Apple Released This Week

Following a quiet start to 2026, the final week of January has been a busy one for Apple so far. There are new versions of the AirTag and the Black Unity band for the Apple Watch, and the Apple Creator Studio bundle is now available.


Apple also released iOS 26.2.1 and watchOS 26.2.1 updates, and iOS 26.3 beta testing continues.

While the launch of Apple Creator Studio would have been a fitting opportunity for Apple to unveil new MacBook Pro models with M5 Pro and M5 Max chips, unfortunately it looks like that proved to be nothing more than wishful thinking.

We have recapped our coverage of everything new below.

New AirTag

Apple Unveils New AirTag With Longer Range, Louder Speaker, and More
10+ Things to Know About the New AirTag 2
New AirTag's Improved Precision Finding Requires These iPhone Models
AirTag 2: These Airlines Offer Feature That Helps Find Your Lost Bags
Precision Finding on Apple Watch Doesn't Work With the Original AirTag
Teardown Reveals AirTag 2 is Full of Hidden Changes

New Black Unity Band

Apple Introduces New Black Unity Apple Watch Band

Apple Creator Studio

Apple's 'Creator Studio' App Bundle Now Available for $12.99 Per Month
Apple Creator Studio Hands-On: What You Get for $12.99 Per Month
Apple Updates Final Cut Pro and Logic Pro With These New Features
Apple Updates Keynote, Numbers, and Pages Apps With New Free and Paid Features
Pixelmator Pro Launches on iPad With Apple Pencil Support and More
Apple Stops Selling $200 'Pro Apps' Bundle With Final Cut Pro and More

Software Updates

Apple Releases iOS 26.2.1 With AirTag 2 Support
Apple Releases watchOS 26.2.1, Adding Precision Finding Support for AirTag 2
Apple Seeds Third Betas of iOS 26.3 and iPadOS 26.3 to Developers
Apple Seeds Third Betas of iOS 26.3 and iPadOS 26.3 to Public Beta Testers
iOS 26.3 Adds Privacy Setting to Limit Carrier Location Tracking
Warning: These Continuity Features Are Broken on Latest iOS 26.3 and iPadOS 26.3 Betas
iPhone 5s Gets New Software Update 13 Years After Launch
This article, "Here's Everything Apple Released This Week" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 29Jan 29

Amazon Discounts Anker's Most Popular MagSafe-Compatible Chargers, Power Stations, and More

Amazon Discounts Anker's Most Popular MagSafe-Compatible Chargers, Power Stations, and More

Amazon this week has a few notable sales from popular brands like Anker, Ecovacs, and Jackery. These include discounts on everything from MagSafe-compatible chargers to portable power stations and robot vacuums.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Amazon has discounts on multiple Anker charging accessories, including products like the 3-in-1 MagSafe-Compatible Charging Cube for $99.98, down from $149.95 and the SOLIX C300 Power Station with Lantern for $169.99, down from $249.00. You can find these deals and more in the lists below, and this time around none require any coupon codes.

$50 OFFAnker Charging Cube for $99.98
$79 OFFAnker Power Station + Lantern for $169.99
Anker

6-in-1 USB-C Power Strip - $79.99, down from $109.99
140W 4-Port GaN USB-C Charger - $64.99, down from $99.99
3-in-1 MagSafe-Compatible Charging Cube - $99.98, down from $149.95
SOLIX C300 Power Station with Lantern - $169.99, down from $249.00
SOLIX C1000 Gen 2 Portable Power Station - $429.00, down from $799.00
SOLIX C2000 Gen 2 Portable Power Station - $799.00, down from $1,499.00
Jackery

Explorer 300 Portable Power Station + Solar Panel - $349.00, down from $499.00
Explorer 1000 V2 Portable Power Station - $424.65, down from $799.00
Explorer 1500 Portable Power Station - $898.99, down from $1,399.00
HomePower 3000 Portable Power Station - $1,299.00, down from $2,499.00
HomePower 3000 Portable Power Station + Solar Panels - $1,598.99, down from $2,999.00
HomePower 3600 Plus Portable Power Station - $2,099.00, down from $3,699.00
Ecovacs

Deebot N20 Robot Vacuum Cleaner and Mop - $161.49, down from $199.99
Deebot T80 Omni Robot Vacuum and Mop - $499.99, down from $999.99
Deebot X9 Pro Omni Robot Vacuum and Mop - $699.00, down from $799.00
Deebot X8 Pro Omni Robot Vacuum and Mop - $749.00, down from $1,099.99
Deebot X11 OmniCyclone Robot Vacuum and Mop - $1,099.00, down from $1,499.99

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Discounts Anker's Most Popular MagSafe-Compatible Chargers, Power Stations, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 36 views

reporter

January 29Jan 29

Apple Stops Selling $200 'Pro Apps' Bundle With Final Cut Pro and More

Apple Stops Selling $200 'Pro Apps' Bundle With Final Cut Pro and More

Following the launch of Apple Creator Studio this week, Apple has quietly stopped selling its valuable "Pro Apps Bundle for Education" (archived link).


"Pro Apps Bundle for Education" included one-time-purchase versions of Apple's Final Cut Pro, Logic Pro, Motion, Compressor, and MainStage apps at a steep discount, with U.S. pricing set at $199.99. Purchasing each of the included apps separately costs $629.95, so the bundle provided more than $400 in savings.

While the bundle was sold through Apple's online education store since its launch in 2017, there was no student or teacher verification system in the U.S. and certain other countries, so most customers were able to purchase it.

Anyone who already purchased the bundle can continue to use the apps.

Apple also appears to be cracking down on sharing the apps included in the bundle. According to a MacRumors tipster, sharing the apps with others as a ZIP file no longer works, as the recipient will receive an error when opening the apps.

Apple Creator Studio is a new subscription bundle that provides access to Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage on the Mac and/or iPad, with U.S. pricing set at $12.99 per month or $129 per year. One-time-purchase versions of all six apps remain available on the Mac for now.

A subscription to Apple Creator Studio also unlocks "intelligent features" and "premium content" in apps like Pixelmator Pro, Numbers, Pages, Keynote, and later Freeform.Tags: Apple Creator Studio, Pro Apps for Education
This article, "Apple Stops Selling $200 'Pro Apps' Bundle With Final Cut Pro and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 29Jan 29

Enable Lockdown Mode on iPhone, iPad, and Mac

Enable Lockdown Mode on iPhone, iPad, and Mac

Lockdown Mode is an optional security feature designed by Apple to provide maximum protection against highly sophisticated digital threats. When enabled on your Apple device, it greatly reduces exposure to complex attacks by restricting certain features and network connections. Keep reading to learn how to use it across iPhone, iPad, and Mac.


For most users of Apple devices, the standard iOS, iPadOS, and macOS security protections should be sufficient, whereas Lockdown Mode is aimed at users who could be targets of cyberattacks, such as journalists, activists, and government employees. That said, any user can enable it on their device for what Apple calls an "extreme" level of security.

Lockdown Mode Protections

When enabled, Lockdown Mode strictly limits or disables the functionality of features, apps, and websites. Lockdown Mode protections include the following:

In the Messages app, most message attachment types other than images are blocked, and some features like link previews are unavailable.
Incoming FaceTime calls from people you have not previously called are blocked. Incoming invitations for other Apple services from people you have not previously invited are also blocked.
Some complex web technologies and browsing features, including just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. This protection applies to Safari and all other web browsers using WebKit across the ‌iPhone‌, ‌iPad‌, and Mac.
Shared albums will be removed from the Photos app, and new shared album invitations will be blocked.
When a device is locked, wired connections with other devices/accessories are blocked.
Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
Certain network protocols and services are restricted.

How to Enable Lockdown Mode on iPhone and iPad

Lockdown Mode is turned off by default on ‌iPhone‌ and ‌iPad‌, but you can enable it by following these steps.

Open the Settings app.
Scroll down and tap Privacy & Security.
Scroll to the bottom and tap Lockdown Mode.
Tap Turn On Lockdown Mode.
Review the information about what features are restricted, then tap Turn On & Restart.


After the restart, Lockdown Mode will be active. You can confirm this by returning to Settings ➝ Privacy & Security ➝ Lockdown Mode, where a toggle will show that it's on.
How to Enable Lockdown Mode on Mac


Open System Settings.
Click Privacy & Security in the sidebar.
Under the "Security" section at the bottom, click Lockdown Mode.
Click Turn On Lockdown Mode.
Review the protections and click Turn On & Restart.


Your Mac will restart and Lockdown Mode will be enabled when it boots up.
How to Turn Off Lockdown Mode

Whether you're on iPhone, iPad, or Mac, these are the steps to follow:

In Settings on iPhone/iPad (or System Settings on Mac) go to Privacy & Security ➝ Lockdown Mode.
Tap or click the Lockdown Mode toggle to turn it off.
Confirm that you want to turn it off. Your device will restart to leave Lockdown Mode.

Configuring Allowed Websites and App Exceptions

While Lockdown Mode is active, some websites and certain app features may be blocked for security. Apple allows you to add exceptions in some areas.

For example, in Safari, if a site is blocked by Lockdown Mode, you may be offered an option to allow website exceptions. This lets specific sites load normally while Lockdown Mode remains enabled.

Some third-party apps may also appear in a list in Settings ➝ Privacy & Security ➝ Lockdown Mode ➝ Configure Web Browsing, and you can turn off Lockdown Mode for those apps individually. This lets an app continue to function normally if it was being restricted by Lockdown Mode's web content limitations.
This article, "Enable Lockdown Mode on iPhone, iPad, and Mac" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 31 views

reporter

January 29Jan 29

Apple's Fifth Avenue Store is Closing Overnight Next Week, Here's Why

Apple's Fifth Avenue Store is Closing Overnight Next Week, Here's Why

Apple's iconic Fifth Avenue store in New York City is normally open 24/7, but it will be closed overnight on some days next week.


According to Apple's website, the store will be closing at 10 p.m. local time each night on Monday, February 2 through Wednesday, February 4. The store will re-open each morning at 8 a.m. local time during this period.

Apple is closing the store to complete maintenance on the signature glass cube entrance, according to a source familiar with the matter.

Apple's official explanation is "preservation work."

Opened in 2006, Apple Fifth Avenue features a street-level glass cube entrance, leading to an underground store. Apple's CEO Tim Cook and other company executives often attend the store for major new product launches.

The store's cube has been outfitted with everything from a giant Apple Vision Pro headset outline to colorful Siri glow in recent years.Tag: Apple Store
This article, "Apple's Fifth Avenue Store is Closing Overnight Next Week, Here's Why" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 27 views

reporter

January 29Jan 29

Identitäten im Fokus von Cyberkriminellen

Identitäten im Fokus von Cyberkriminellen

khunkornStudio – shutterstock.com
Der State of Incident Response Report 2026 von Eye Security zeigt: Cyberangriffe auf Unternehmen erfolgen zunehmend unbemerkt und die Schäden entstehen innerhalb von Minuten. Demnach setzen die Angreifer inzwischen weniger darauf, Systeme zu hacken, sondern bestehende Zugänge ausnutzen.
Identitätsbasierte Angriffe dominieren das Feld, wobei 97 Prozent dieser Vorfälle Passwörter betreffen. Der Missbrauch legitimer Konten ist eine Hauptursache für Cloud-Sicherheitsvorfälle und treibt das Geschäft von Initial-Access-Brokern an.
Die Ergebnisse zeigen jedoch, dass die grundlegenden Methoden der Angreifer unverändert bleiben. „Auch im Jahr 2026 beginnt die Kompromittierung weiterhin mit Phishing, der Ausnutzung falsch konfigurierter oder anfälliger internetfähiger Systeme, Social Engineering oder Angriffen über die Software-Lieferkette“, erklärt Lodi Hensen, VP of Security Operations bei Eye Security.
BEC-Angriffe besonders häufig
Business-Email-Compromise (BEC) ist laut Studie die häufigste Angriffsform: Mehr als 70 Prozent der Vorfälle entfallen auf diesen Bereich. In 40 Prozent dieser Fälle diente Phishing als initiales Einfallstor. Den Analysten zufolge bleiben BEC-Angriffe ohne kontinuierliche Überwachung wochenlang unentdeckt.
Darüber hinaus verdeutlicht die Studie, dass Ransomware weiterhin zu den größten Bedrohungen zählt. „Die Verbreitung von Ransomware-as-a-Service (RaaS), BuilderLeaks und Access-Broker-Marktplätzen hat die Eintrittsbarrieren gesenkt und ein professionelles Ökosystem geschaffen“, führen die Autoren aus.
Der Report zeigt einen gefährlichen Trend: die Kommerzialisierung von Insider-Wissen. „Gruppen wie ShinyHunters rekrutieren aktiv Mitarbeitende, um Zugangsdaten zu kaufen. Damit verschwimmt die Grenze zwischen externem Angriff und Innentäter“, so die Sicherheitsforscher. „Für Ransomware-Akteure ist dieser eingekaufte Zugang oft schneller und verlässlicher als technisches Hacking.“
Besonders betroffen sind Unternehmen aus Industrie, Bauwesen sowie Transport und Logistik. Viele Ransomware-Angreifer kommen über alltägliche Schwachstellen: ungeschützte Anwendungen, unsichere Fernzugänge oder Phishing-E-Mails, über die Mitarbeitende unbewusst Zugangsdaten preisgeben.
Für die Analyse wurden insgesamt 630 reale Sicherheitsvorfälle in Europa aus den Jahren 2023 bis 2025 ausgewertet, darunter viele aus Deutschland.
View the full article

• 0 comments
• 232 views

CSOonline

January 29Jan 29

Identitäten im Fokus von Cyberkriminellen

Identitäten im Fokus von Cyberkriminellen

khunkornStudio – shutterstock.com
Der State of Incident Response Report 2026 von Eye Security zeigt: Cyberangriffe auf Unternehmen erfolgen zunehmend unbemerkt und die Schäden entstehen innerhalb von Minuten. Demnach setzen die Angreifer inzwischen weniger darauf, Systeme zu hacken, sondern bestehende Zugänge ausnutzen.
Identitätsbasierte Angriffe dominieren das Feld, wobei 97 Prozent dieser Vorfälle Passwörter betreffen. Der Missbrauch legitimer Konten ist eine Hauptursache für Cloud-Sicherheitsvorfälle und treibt das Geschäft von Initial-Access-Brokern an.
Die Ergebnisse zeigen jedoch, dass die grundlegenden Methoden der Angreifer unverändert bleiben. „Auch im Jahr 2026 beginnt die Kompromittierung weiterhin mit Phishing, der Ausnutzung falsch konfigurierter oder anfälliger internetfähiger Systeme, Social Engineering oder Angriffen über die Software-Lieferkette“, erklärt Lodi Hensen, VP of Security Operations bei Eye Security.
BEC-Angriffe besonders häufig
Business-Email-Compromise (BEC) ist laut Studie die häufigste Angriffsform: Mehr als 70 Prozent der Vorfälle entfallen auf diesen Bereich. In 40 Prozent dieser Fälle diente Phishing als initiales Einfallstor. Den Analysten zufolge bleiben BEC-Angriffe ohne kontinuierliche Überwachung wochenlang unentdeckt.
Darüber hinaus verdeutlicht die Studie, dass Ransomware weiterhin zu den größten Bedrohungen zählt. „Die Verbreitung von Ransomware-as-a-Service (RaaS), BuilderLeaks und Access-Broker-Marktplätzen hat die Eintrittsbarrieren gesenkt und ein professionelles Ökosystem geschaffen“, führen die Autoren aus.
Der Report zeigt einen gefährlichen Trend: die Kommerzialisierung von Insider-Wissen. „Gruppen wie ShinyHunters rekrutieren aktiv Mitarbeitende, um Zugangsdaten zu kaufen. Damit verschwimmt die Grenze zwischen externem Angriff und Innentäter“, so die Sicherheitsforscher. „Für Ransomware-Akteure ist dieser eingekaufte Zugang oft schneller und verlässlicher als technisches Hacking.“
Besonders betroffen sind Unternehmen aus Industrie, Bauwesen sowie Transport und Logistik. Viele Ransomware-Angreifer kommen über alltägliche Schwachstellen: ungeschützte Anwendungen, unsichere Fernzugänge oder Phishing-E-Mails, über die Mitarbeitende unbewusst Zugangsdaten preisgeben.
Für die Analyse wurden insgesamt 630 reale Sicherheitsvorfälle in Europa aus den Jahren 2023 bis 2025 ausgewertet, darunter viele aus Deutschland.
View the full article

• 0 comments
• 69 views

CSOonline

January 29Jan 29

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine onView the full article

• 0 comments
• 52 views

Hacker News

January 29Jan 29

Critical RCE bugs expose the n8n automation platform to host‑level compromise

Critical RCE bugs expose the n8n automation platform to host‑level compromise

Two critical sandbox escape flaws in the popular n8n workflow automation platform are allowing authenticated users to achieve remote code execution on affected instances.
According to new JFrog findings, sandboxing safeguards meant to contain untrusted workflow logic can be bypassed, exposing enterprise automation environments to full host compromise. Enterprises that rely on n8n to orchestrate integrations, automate internal processes, and streamline cloud services and on-prem systems are at risk. JFrog’s researchers said n8n’s sandboxing mechanism can fail in specific configurations when users evaluate expressions or run custom scripts.
Sandbox escapes can expose sensitive credentials, APIs, and infrastructure from affected workflow engines.
Expression engine sandbox escape enables JavaScript RCE
One of the issues identified by JFrog affects n8n’s JavaScript expression engine, designed to evaluate user-supplied expressions during workflow execution safely. According to the researchers, flaws in how expressions are sanitized allow an attacker with permission to create or edit workflows to escape the sandbox and execute arbitrary JavaScript on the underlying host.
JFrog explained in a blog post that the expressions engine’s protections can be bypassed by carefully crafted payloads that exploit assumptions in the sandboxing logic. Once escaped, the attacker is no longer limited to expression evaluation and can run arbitrary commands in the context of the n8n service.
“When the expression engine encounters a {{}} block, it processes the enclosed content by bypassing it to a JavaScript Function constructor, which then executes the supplied code,” the researchers said. n8n uses an AST-based sandbox to neutralize dangerous JavaScript constructs before execution. A missed edge case in the outdated “with statement” allows attackers to bypass these checks and achieve arbitrary code execution.
The vulnerability has been assigned CVE-2026-1470 and carries a critical severity rating of CVSS 9.9 out of 10, owing to the ease with which sandbox restrictions can be broken and the level of access gained post-exploitation.
Python code node escape breaks isolation
JFrog also identified a separate sandbox escape affecting n8n’s Python Code node when the platform is configured to use its “Internal” execution mode. In this case, restrictions intended to contain Python code execution can be bypassed, again allowing authenticated users to run arbitrary code outside the sandbox.
The second issue, tracked as CVE-2026-0863, received a high severity rating of CVSS 8.5 out of 10. While the exploitation depends on specific configuration choices, JFrog noted that internal execution mode is commonly used in self-hosted enterprise deployments for performance and operational simplicity.
The researchers demonstrated how Python sandbox constraints can be evaded, granting access to system resources that should be off-limits.
Urgent need to update
Both issues have been patched, and enterprises running n8n should ensure they are on updated versions. Until patches are applied, organizations are recommended to carefully review who has permissions to create or edit workflows, particularly in environments where n8n has access to internal networks, secrets, or privileged APIs.
CVE-2026-1470 has been fixed in version 1.123.17, 2.4.5, and 2.5.1, while CVE-2026-0863 is resolved in version 1.123.14, 2.3.5, and 2.4.2. Upgrading to any of these versions mitigates the risk of exploitation, researchers noted.
View the full article

• 0 comments
• 231 views

CSOonline

January 29Jan 29

Apple Faces Lawsuit Over Continuity Camera Patent and Antitrust Claims

Apple Faces Lawsuit Over Continuity Camera Patent and Antitrust Claims

Apple this week got sued in a New Jersey Federal court by the maker of mobile video app Camo, alleging Apple stole its technology when the company integrated its Continuity Camera feature into iOS 16 in 2022.


Released by London-based Reincubate in 2020, the Camo app enables iPhone and Android smartphones to be used as webcams for desktop-based video calls.

Apple's Continuity Camera serves a similar function within its own ecosystem, allowing an iPhone to be used as a wireless webcam with a nearby Mac that is signed into the same Apple Account.

Reincubate said the tech giant copied patented features from its Camo app and incorporated them into its mobile operating system in order to "redirect user demand to Apple's own platform-tied offering."

According to the lawsuit, Apple "actively induced and encouraged" Reincubate to develop and market Camo for iOS, then later copied its functionality and built it into iOS as Continuity Camera.
Reincubate called Apple's conduct an example of "Sherlocking," which refers to Apple building an app or system feature that duplicates functionality previously offered by a third-party app.

"Rather than competing with us, Apple deployed a series of obstacles to tilt the playing field, infringed our IP, and did so in service of preventing competition from rival platforms," Reincubate CEO Aidan Fitzpatrick said in a statement given to Reuters.

"Apple competes fairly while respecting the intellectual property rights of others, and these camera features were developed internally by Apple engineers," Apple responded in a statement.

Aside from accusing Apple of infringing its patents, Reincubate's suit was filed as an antitrust claim, alleging that Apple violates U.S. law by locking users into its ecosystem and preventing them from switching to competitors. Reincubate has requested unspecified monetary damages and court orders that would block Apple's alleged misconduct. Tags: Apple Antitrust, Continuity, Apple Lawsuits
This article, "Apple Faces Lawsuit Over Continuity Camera Patent and Antitrust Claims" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 29Jan 29

Apple Pushes Carrier Settings Update to Fix Telstra Issue on iPhones Running iOS 16.7.3

Apple Pushes Carrier Settings Update to Fix Telstra Issue on iPhones Running iOS 16.7.3

Apple has released a carrier settings update for Telstra customers in Australia that resolves the issue affecting iPhones running iOS 16.7.3, which was released and then made unavailable to download by Apple earlier this week.


The fix is delivered via a carrier bundle update, which adjusts network-related settings such as connectivity and calling features, without requiring an iOS update.

Affected users who updated to iOS 16.7.3 before Apple stopped signing it can install the bundle on their iPhone by going to Settings ➝ General ➝ About, where a prompt to update carrier settings should appear. Once installed, the Service Provider field in Settings should display "Telstra 54.1," said the telecommunications company in an updated support document.

The original issue that caused Apple to unsign iOS 16.7.3 prevented some older iPhone models from connecting to the Telstra network, including via emergency calls to 000.

As things stand, iOS 16.7.3 remains unavailable to download. It's still unclear if Apple will re-sign it, with the carrier bundle available separately, or whether it will issue a new point release of iOS with the bundle packaged in.
This article, "Apple Pushes Carrier Settings Update to Fix Telstra Issue on iPhones Running iOS 16.7.3" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 28 views

reporter

January 29Jan 29

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based onView the full article

• 0 comments
• 48 views

Hacker News

January 29Jan 29

CISA chief uploaded sensitive government files to public ChatGPT

CISA chief uploaded sensitive government files to public ChatGPT

The acting director of the US Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents to a public version of ChatGPT last summer, triggering automated security alerts and raising questions about AI governance at the agency responsible for defending federal networks and critical infrastructure.
Madhu Gottumukkala, who has led CISA since May 2025, uploaded at least four documents marked “for official use only” to OpenAI’s ChatGPT platform between mid-July and early August, Politico reported. The documents contained contracting information not intended for public release.
Cybersecurity sensors detected the activity in early August, generating several alerts in the first week alone, according to the report citing four Department of Homeland Security officials.
The incident occurred despite Gottumukkala having personally requested special permission to use ChatGPT shortly after joining CISA. At the time, the AI tool was blocked for most DHS employees over concerns that sensitive information could be retained outside federal systems, the report added, citing the DHS officials.
Data entered into the public version of ChatGPT can be incorporated into the model’s training data and exposed to hundreds of millions of users. Unlike DHS-approved AI tools with controls preventing inputs from leaving federal networks, the public ChatGPT retains uploaded information on OpenAI servers.
Enterprise AI governance failures exposed
The incident highlights systemic failures in how government agencies, and by extension, enterprises, manage AI tool exceptions for senior officials, security analysts said.
“FOUO is not classified, but it is still sensitive government information,” said Arjun Chauhan, practice director at Everest Group. “Uploading it to a public AI tool creates real exposure: loss of data control, expanded exposure surface, secondary misuse risk, and policy boundary collapse.”
The pattern mirrors early enterprise incidents where employees pasted confidential material into ChatGPT, Chauhan said. The critical difference is that controls reportedly existed at CISA, and the breach occurred through an exception pathway. “That highlights a core governance failure. Exceptions and senior access are often where AI controls break down.”
Federal agencies now have AI policies and governance bodies, but the gap appears to be in execution rather than intent, according to Chauhan. Safe, approved AI tools are not always the default or most usable option, and enforcement varies by role and seniority.
Sunil Varkey, advisor at Beagle Security, said the incident reflects a broader organizational challenge. “Leadership teams may reference these tools positively for learning, productivity, and communication refinement, which unintentionally normalizes their use,” he said. “As a result, such platforms have rapidly become de facto productivity applications without being treated with the governance rigor typically applied to enterprise systems handling sensitive information.”
The tension between convenience and security often drives such incidents, Varkey added. Because “for official use only” data is not formally classified, users frequently underestimate its operational, contractual, or reputational impact.
Jaishiv Prakash, director analyst at Gartner, said the biggest risk when officials upload FOUO-marked documents to public AI platforms is losing control over the data. “You have no visibility into how long it’s retained, whether it can ever be deleted, or if it becomes exposed during legal holds or discovery.”
Organizations must provide employees with licensed, governed AI platforms featuring supplier-agreed data residency, strict no-training guarantees, and minimal retention, Prakash said. “Without that, people will continue turning to public AI tools out of convenience, putting sensitive information at risk.”
Leadership credibility questioned
The uploads triggered an internal DHS assessment involving the department’s then-acting general counsel Joseph Mazzara and chief information officer Antoine McCord, along with CISA’s chief information officer Robert Costello and chief counsel Spencer Fisher, the report said. The outcome has not been disclosed.
According to the report, CISA spokesperson Marci McCarthy confirmed that Gottumukkala received approval to use ChatGPT under DHS safeguards and described the usage as “short-term and limited.” She said he last used the tool in mid-July 2025 under an authorized temporary exception and that CISA’s default policy blocks ChatGPT access unless an exception is granted.
The fact that automated alerts triggered shows controls can detect misuse, analysts said, but the incident occurring at the leadership level raises accountability questions.
“Because this involves the head of the civilian cybersecurity agency, the impact is largely reputational,” Chauhan said. “Leaders set behavioral norms. Deviations undermine compliance culture and weaken credibility when advising other agencies and critical infrastructure operators.”
The ChatGPT incident adds to mounting controversies surrounding Gottumukkala’s brief tenure. In December, Politico reported that he failed a counterintelligence polygraph test in late July and that DHS subsequently suspended six career staffers, characterizing the polygraph as “unsanctioned.”
CISA has lost a significant number of its workforce since the Trump administration took office, with personnel dropping from over 3,300 to around 2,200 through buyouts, early retirements, and layoffs. The agency faces proposed budget cuts of nearly $500 million for fiscal year 2026.
Gottumukkala previously served as South Dakota’s chief information officer under then-Governor Kristi Noem, now DHS secretary. CISA did not immediately respond to a request for comment.
View the full article

• 0 comments
• 29 views

CSOonline

January 29Jan 29

iPhone 16 Tops List of World's Best-Selling Smartphones in 2025

iPhone 16 Tops List of World's Best-Selling Smartphones in 2025

Apple's iPhone 16 was the best-selling smartphone globally in 2025, according to Counterpoint Research's latest report. Apple and Samsung devices dominated the top 10 list for the fourth consecutive year, accounting for 19% of overall smartphone sales.


Apple claimed seven of the top 10 spots, while Samsung captured the remaining three.

Launched in September, the iPhone 17 series achieved 16% higher sales than its predecessor during its first full quarter, driven by strong demand in the U.S., China, and Western Europe. Counterpoint said the base iPhone 17 model was the standout performer, registering the highest growth among all devices and climbing the rankings compared to where the iPhone 16 debuted in 2024. Counterpoint attributed the growth to the iPhone 17's upgrades, such as a higher refresh rate (120Hz vs 60Hz), and larger base storage (256GB vs. 128GB).

The more affordable iPhone 16e, launched in spring 2025, also contributed additional sales with its more accessible $599 entry point into Apple's ecosystem.

In fifth position, Samsung's Galaxy A16 5G became the best-selling Android smartphone of 2025, while the Galaxy S25 Ultra secured a flagship spot for the second consecutive year in ninth. The S25 Ultra grew more than 3x year-over-year in Japan, according to the research firm.


Looking ahead, Counterpoint expects premium flagship devices to increase their presence in 2026 as rising memory prices disproportionately impact entry-to-mid-segment devices.

Apple still sells iPhone 16 models as part of its smartphone lineup. Priced starting at $699, the previous-generation device features an A18 chip that supports Apple Intelligence, a dual-lens camera system, a Camera Control button for quick camera access, and a customizable Action button.Related Roundup: iPhone 16Tag: CounterpointRelated Forum: iPhone
This article, "iPhone 16 Tops List of World's Best-Selling Smartphones in 2025" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 29Jan 29

Google Chrome Gets Gemini Side Panel and Agentic Browsing Features

Google Chrome Gets Gemini Side Panel and Agentic Browsing Features

AI-powered browsing features have become a battleground among browser makers in recent months. OpenAI launched its Atlas browser in October, while Microsoft Edge and Opera have also introduced AI assistants and automated browsing capabilities. And now Google is upping the ante. The company has announced a slew of new AI features fro Chrome, including a persistent sidebar for the Gemini chatbot and "auto browse" capabilities that can perform web tasks on your behalf.


The update moves Gemini from its previous floating window into an always-available side panel on the right side of the browser, which inevitably shrinks the browsing window. Google, however, says the redesign allows you to multitask more easily, since you can keep your main tab open while using the AI assistant for separate tasks, such as comparing products across multiple tabs or summarizing reviews from different websites.

Chrome is also gaining Nano Banana integration, Google's AI image generator. You can now transform images directly in the browser window using text prompts, without needing to download files or switch tabs.

The headline feature though is "auto browse," which is currently rolling out to AI Pro and Ultra subscribers in the U.S. According to Google, the agentic tool can handle multi-step tasks like researching hotel and flight prices, filling out online forms, scheduling appointments, and managing subscriptions. Google says it can even identify items in a photo, search for similar products, add them to a shopping cart, and apply discount codes. The company says it even does all this while staying within a specified budget.

Auto browse can use Chrome's built-in password manager (with user permission) for tasks requiring login credentials. The feature is designed to pause and ask you for confirmation for sensitive actions like purchases or social media posts, according to the company.


Lastly, Google plans to add "Personal Intelligence" to Chrome in the coming months. The feature lets the browser remember context from past conversations you've had with it and provide more personalized assistance.

Google hasn't specified a Chrome version that will include all of these features, but the company said the Gemini sidebar support and Nano Banana integration are rolling out now as a server-side service update.
Tag: Google Chrome
This article, "Google Chrome Gets Gemini Side Panel and Agentic Browsing Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article

• 0 comments
• 30 views

reporter

January 29Jan 29