_811205.png)
_e196d8.png)
_32b3d9.png)
_1c53fe.png)
- 0 comments
- 55 views
-
Tech
Tech Articles from a wide variety of topics and categories
According to the study, the average number of daily reports has risen above 400 for the first time since the GDPR came into force across the EU on May 25, 2018. With 443 reports of violations per day, the number in 2025 was 22% higher than the previous year.
However, the data does not allow for any definitive conclusions about the causes of this increase, according to DLA Piper. The law firm believes that geopolitical tensions, the multitude of new technologies available to cyber threat actors, and a number of new laws mandating the reporting of security incidents are likely among the key factors.
€1.2 billion in GDPR fines
According to DLA Piper, the total amount of fines, at around €1.2 billion, was roughly the same as the previous year. However, this high sum also demonstrates that European data protection authorities remain willing to impose substantial fines. Since the GDPR came into effect, a total of €7.1 billion in fines has been levied.
Broken down by country, Ireland, where US tech giants like Apple, Google, and Meta have their EU headquarters, once again leads the enforcement statistics: The total fines imposed by the Irish Data Protection Commission have reached €4.04 billion since the GDPR came into force in May 2018.
This includes the highest fine ever imposed under the GDPR, amounting to €1.2 billion against Meta Platforms Ireland Ltd. Furthermore, in April 2025, TikTok Technology Ltd. was fined €530 million for transferring personal user data to China.
However, DLA Piper points out that the risks of GDPR compliance are not limited to administrative fines. There is also the risk of subsequent claims for damages. Several landmark rulings by the CJEU and national European courts have addressed GDPR-related compensation claims — particularly regarding the requirements for claims for non-material damages.
View the full article
- 0 comments
- 43 views
-
However, some experts have expressed concerns that the potential fragmentation of security intelligence risks impeding rapid vulnerability identification and remediation.
The Global Cybersecurity Vulnerability Enumeration database (GCVE.eu) aggregates vulnerability advisories from more than 25 public sources into a single, searchable resource. Entries are normalized, structured, and cross-referenced across identifiers (e.g., CVE IDs, GCVE IDs, vendor IDs).
The platform is hosted by Computer Incident Response Center Luxembourg (CIRCL) in a Luxembourg-based data centre, with co-funding from the EU’s Federated European Team for Threat Analysis (FETTA) project.
The emergence of GCVE.eu follows a funding scare that threatened the continuation of the long-established Common Vulnerabilities and Exposures (CVE) program last year. The CVE program — which underpins the US National Vulnerability (NVD) database — is operated by the Mitre Corp., with funding from the cyber division of the US Department of Homeland Security.
Combatting flaw fragmentation: Mapping and interoperability
Jaya Baloo, co-founder, COO, and CISO at vulnerability remediation startup AISLE, says that GCVE must prioritize mapping and interoperability with CVE entries in order to be viable.
“Without enforceable interoperability commitments, ‘independent allocation’ becomes a polite way of saying defenders will need to check multiple incompatible systems to know if they’re vulnerable,” she says.
David Lindner, CISO at application security vendor Contrast Security, agreed that GCVE poses a risk of creating a new silo that mirrors but doesn’t align with the NVD.
“For a CISO the hard part is preventing identification collision where teams waste time triaging the same vulnerability under two different flags,” says Lindner. “To avoid this confusion and make the project viable the GCVE must prioritize an automated cross-mapping standard that bridges these databases in real-time.”
Simply switching from the US-run NVD to a European GCVE fails to solve the problem of dependency but only succeeds in changing the location of the silo, according to Lindner.
“Success requires a federated approach where vendors and researchers contribute to a unified intelligence layer ensuring that no matter which database claims the entry the industry sees a single actionable truth rather than a fragmented mess,” Lindner argues.
Brian Blakley, CISO at Bellini Capital, warns that if GCVE offers only duplication without differentiation then it is liable to create a headache for security practitioners.
“Most security teams are already struggling with noise,” Blakley notes. “Any new database really needs to improve data quality, timeliness, or context and not just replicate identifiers under a different flag.”
GCVE has cross-vulnerability referencing built in, with both automated and human-curated mechanisms, an approach most experts quizzed by CSO would minimise confusion.
Zbyněk Sopuch, CTO of data security vendor Safetica, was more upbeat arguing that GCVE is designed to be backwards compatible with CVE, so “existing data is preserved and independent entries are allowed.”
“The gray areas arise in scope, ID formats, and fragmented tracking, and there are steps that the GSVE can take to ensure that critical data is shared and received,” says Sopuch.
Coordinated disclosure
Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.
“Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making, and an explicit commitment to synchronization rather than fragmentation.”
The US-run NVD system is long established so any parallel system must either federate cleanly with that existing infrastructure or provide clear operational advantages that justify switching, according to Kale.
“Researchers will gravitate toward whichever system enables the fastest, most reliable coordinated disclosure,” says Kale. “Vendors, meanwhile, need confidence that vulnerability records will be handled consistently regardless of where they originate.”
Representatives of the GCVE project told CSO that CIRCL has both the relevant experience, governance structures, and backing to make the database successful.
“CIRCL has been operating multiple services and open-source projects for more than 15 years, with sustained financial and in-kind support from the public sector, private sector, and EU and international organisations,” they explain. “GCVE.eu implements a level of governance that enables efficient operation, rapid delivery, and, most importantly, distributed allocation of identifiers.”
GCVE.eu has been fully functional and operational for several months. “We already deliver Vulnerability-Lookup as a complete open-source software and provide a reference database that facilitates the work of many organisations involved in vulnerability management,” GCVE tells CSO.
Empowering security researchers
Fabian Gasser of cybersecurity consultancy Cyway says that GCVE brings benefits in removing the single point of failure inherent in reliance on the US-led CVE system while democratising vulnerability publishing.
GCVE gives “more of a voice to independent security researchers, who can now also agree or disagree with vendor-self-assessments,” according to Gasser.
Daniel dos Santos, senior director and head of research at cybersecurity vendor Forescout, says that its research found a significant number of vulnerabilities without CVE IDs and even some that are exploited by threat actors. The GCVE has the potential to more quickly flag up exploited vulnerabilities.
“The GCVE DB has the advantage of aggregating several sources of vulnerability information and having a decentralized system of numbering authorities,” according to dos Santos.
Redundancy
Dr. Ferhat Dikbiyik, chief research and intelligence officer at cyber risk intelligence firm Black Kite, says the launch of GCVE is welcome following the funding scares of 2025.
“For years, we treated the US-led CVE system as an immutable backbone,” Dr. Dikbiyik says. “When that backbone showed signs of stress due to budget politics, the world realized that relying on a single, centralized thread for vulnerability tracking was a strategic risk.”
Localized vulnerability databases are already a reality in other regions, such as China.
“The Chinese platform is generally faster at indexing vendor disclosures and provides additional information compared to the US alternative,” says Martin Jartelius, AI product director at cybersecurity vendor Outpost24.
For the GCVE to move from a regional project to a global standard, the focus must shift to integration with enterprise security tools, Dr. Dikbiyik argues.
“A database is only as valuable as the tools that use it,” says Dr. Dikbiyik. “To make this project viable, we need to see security vendors, scanner providers, and GRC platforms treat the GCVE not as an extra feature, but as a core data source.”
The GCVE is less about competition and more about ensuring continuity, so that vulnerability disclosures don’t hinge on a single point of failure, according to Crystal Morin, senior cybersecurity strategist at Sysdig.
“The success of the EU [vulnerability database] will be measured by how it complements existing efforts and supports faster triage, a smaller backlog, risk prioritization, and consistent access to quality data for the security community,” Morin says.
View the full article
- 0 comments
- 35 views
-
Der Deutsche Städtetag hält den zur Abstimmung im Bundestag anstehenden Vorschlag der Koalition zum Schutz kritischer Infrastruktur für unzureichend. Der Entwurf von Union und SPD sieht für Unternehmen der kritischen Infrastruktur wie etwa große Energieversorger oder Verkehrsunternehmen strengere Verpflichtungen zum Schutz ihrer Anlagen vor. Vorgesehen sind neben Zugangsbeschränkungen und anderen praktischen Maßnahmen auch eine Pflicht zur Meldung sicherheitsrelevanter Vorfälle sowie Bußgelder bei Regelverstößen.
Auch mittelgroße Anlagen in den Blick nehmen
Den Städtetag stört, dass demnach zur kritischen Infrastruktur nur Einrichtungen zählen, die für die Gesamtversorgung in Deutschland wichtig sind und mehr als 500.000 Menschen versorgen. Der Hauptgeschäftsführer des kommunalen Spitzenverbands, Christian Schuchardt, sagte der Deutschen Presse-Agentur kurz vor der geplanten abschließenden Beratung zum sogenannten Kritis-Dachgesetz: “Der Angriff auf die Stromversorgung in Berlin hat erneut gezeigt, wie notwendig Krisenvorsorge und Schutzmaßnahmen sind.”
Mindestmaß an Krisenvorsorge ist notwendig
Der im Gesetzentwurf festgelegte Schwellenwert von 500.000 Einwohnern zur Einordnung von Einrichtungen als kritische Infrastruktur sei aber viel zu hoch. Auch in etwas kleineren Städten sollte ein Mindestmaß an Vorgaben zu Krisenplänen, Meldeketten und IT-Sicherheit verlangt werden.
Schuchardt appellierte an den Bundestag, den Schwellenwert zu senken. In einer Stellungnahme aus dem November hatte sich der Städtetag dafür ausgesprochen, Einrichtungen, die mindestens 150.000 Einwohner versorgen, zur kritischen Infrastruktur im Sinne des Gesetzes zu zählen.
Ausschuss nahm noch Änderungen vor
Der Innenausschuss des Bundestages hatte zwar noch einige Änderungen an dem Entwurf der Bundesregierung beschlossen. Diese reichen jedoch aus Sicht des Deutschen Städtetags nicht aus. “Derzeit sieht der Gesetzentwurf lediglich eine Öffnungsklausel vor, die es den Ländern ermöglicht, zusätzliche Anlagen unterhalb dieses Schwellenwerts zu definieren”, sagte Schuchardt. Damit drohe wieder ein Flickenteppich. Notwendig sei eine bundesweite Regelung.
Auch von anderer Seite wurde Kritik an dem Gesetzentwurf laut. Die Erste Parlamentarische Geschäftsführerin der Grünen-Bundestagsfraktion, Irene Mihalic, sagte dem Nachrichtenportal Web.de News: “Dieser Entwurf ist höchstens ein Vordach, aber kein Dach.” Holger Lösch, stellvertretender Hauptgeschäftsführer des Bundesverbands der Deutschen Industrie (BDI), teilte mit: “Angesichts der deutlich verschärften Bedrohungslage fällt das Gesetz klar hinter den sicherheitspolitisch notwendigen Anspruch zurück.”
Weniger Transparenz soll es Angreifern schwerer machen
Nach dem mutmaßlich linksextremistisch motivierten Brandanschlag auf die Stromversorgung, durch die im Südwesten Berlins Anfang Januar Zehntausende tagelang ohne Strom und Heizung waren, ist diskutiert worden, ob die Veröffentlichung von Informationen über die Netze der Energieversorger diese unnötig verwundbar machen. In dem nun beschlossenen Änderungsantrag wird die Bundesregierung aufgefordert, “bereits veröffentlichte, öffentlich zugängliche Infrastrukturinformationen zu überprüfen und, wo möglich, konsequent aus den öffentlich zugänglichen Bereichen zu entfernen”.
Nach dem Koalitionsausschuss am Mittwochabend hatte auch Bundeskanzler Friedrich Merz (CDU) zu dem Thema angemerkt: “Wir müssen weg von der sehr weitgehenden Transparenz und hin zu mehr Resilienz.” (dpa/jm)
View the full article
- 0 comments
- 30 views
-
Der Deutsche Städtetag hält den zur Abstimmung im Bundestag anstehenden Vorschlag der Koalition zum Schutz kritischer Infrastruktur für unzureichend. Der Entwurf von Union und SPD sieht für Unternehmen der kritischen Infrastruktur wie etwa große Energieversorger oder Verkehrsunternehmen strengere Verpflichtungen zum Schutz ihrer Anlagen vor. Vorgesehen sind neben Zugangsbeschränkungen und anderen praktischen Maßnahmen auch eine Pflicht zur Meldung sicherheitsrelevanter Vorfälle sowie Bußgelder bei Regelverstößen.
Auch mittelgroße Anlagen in den Blick nehmen
Den Städtetag stört, dass demnach zur kritischen Infrastruktur nur Einrichtungen zählen, die für die Gesamtversorgung in Deutschland wichtig sind und mehr als 500.000 Menschen versorgen. Der Hauptgeschäftsführer des kommunalen Spitzenverbands, Christian Schuchardt, sagte der Deutschen Presse-Agentur kurz vor der geplanten abschließenden Beratung zum sogenannten Kritis-Dachgesetz: “Der Angriff auf die Stromversorgung in Berlin hat erneut gezeigt, wie notwendig Krisenvorsorge und Schutzmaßnahmen sind.”
Mindestmaß an Krisenvorsorge ist notwendig
Der im Gesetzentwurf festgelegte Schwellenwert von 500.000 Einwohnern zur Einordnung von Einrichtungen als kritische Infrastruktur sei aber viel zu hoch. Auch in etwas kleineren Städten sollte ein Mindestmaß an Vorgaben zu Krisenplänen, Meldeketten und IT-Sicherheit verlangt werden.
Schuchardt appellierte an den Bundestag, den Schwellenwert zu senken. In einer Stellungnahme aus dem November hatte sich der Städtetag dafür ausgesprochen, Einrichtungen, die mindestens 150.000 Einwohner versorgen, zur kritischen Infrastruktur im Sinne des Gesetzes zu zählen.
Ausschuss nahm noch Änderungen vor
Der Innenausschuss des Bundestages hatte zwar noch einige Änderungen an dem Entwurf der Bundesregierung beschlossen. Diese reichen jedoch aus Sicht des Deutschen Städtetags nicht aus. “Derzeit sieht der Gesetzentwurf lediglich eine Öffnungsklausel vor, die es den Ländern ermöglicht, zusätzliche Anlagen unterhalb dieses Schwellenwerts zu definieren”, sagte Schuchardt. Damit drohe wieder ein Flickenteppich. Notwendig sei eine bundesweite Regelung.
Auch von anderer Seite wurde Kritik an dem Gesetzentwurf laut. Die Erste Parlamentarische Geschäftsführerin der Grünen-Bundestagsfraktion, Irene Mihalic, sagte dem Nachrichtenportal Web.de News: “Dieser Entwurf ist höchstens ein Vordach, aber kein Dach.” Holger Lösch, stellvertretender Hauptgeschäftsführer des Bundesverbands der Deutschen Industrie (BDI), teilte mit: “Angesichts der deutlich verschärften Bedrohungslage fällt das Gesetz klar hinter den sicherheitspolitisch notwendigen Anspruch zurück.”
Weniger Transparenz soll es Angreifern schwerer machen
Nach dem mutmaßlich linksextremistisch motivierten Brandanschlag auf die Stromversorgung, durch die im Südwesten Berlins Anfang Januar Zehntausende tagelang ohne Strom und Heizung waren, ist diskutiert worden, ob die Veröffentlichung von Informationen über die Netze der Energieversorger diese unnötig verwundbar machen. In dem nun beschlossenen Änderungsantrag wird die Bundesregierung aufgefordert, “bereits veröffentlichte, öffentlich zugängliche Infrastrukturinformationen zu überprüfen und, wo möglich, konsequent aus den öffentlich zugänglichen Bereichen zu entfernen”.
Nach dem Koalitionsausschuss am Mittwochabend hatte auch Bundeskanzler Friedrich Merz (CDU) zu dem Thema angemerkt: “Wir müssen weg von der sehr weitgehenden Transparenz und hin zu mehr Resilienz.” (dpa/jm)
View the full article
- 0 comments
- 29 views
-
- 0 comments
- 52 views
-
- 0 comments
- 30 views
-
The controls that protect traditional systems, the thinking went, can largely be adapted to protect AI, too. That assumption surfaced at a recent National Institute of Standards and Technology (NIST) workshop on AI and cybersecurity.
“AI systems in many ways are just smart software, fancy software with a little bit extra,” Victoria Pillitteri, supervisory computer scientist in the Computer Security Division at NIST, told attendees as she summarized that long-standing view. “That means we can leverage the robust body of [cybersecurity] knowledge that already exists with some modifications, with some considerations, but we do not and should not start from scratch,” she added.
But as discussions during the event turned to AI agents and adversarial manipulation, that concept began to fray. Experts described ways in which AI strains the fundamental assumptions those frameworks rely on, namely that systems behave deterministically, that boundaries between components are stable, and that humans remain firmly in control.
Those concerns are now moving beyond internal discussion and into public standards development. On Jan. 8, NIST’s Center for AI Standards and Innovation (CAISI) issued a formal Request for Information (RFI) on the secure practices and methodologies of AI agent systems, one of the most challenging aspects of AI when it comes to identity management and cybersecurity.
The RFI focuses on AI systems capable of taking autonomous actions that affect real-world environments and explicitly asks for input on novel risks, security practices, assessment methods, and deployment constraints.
For CISOs, what should matter is that NIST is shifting from a broad, principle-based AI risk management framework toward more operationally grounded expectations, especially for systems that act without constant human oversight. What is emerging across NIST’s AI-related cybersecurity work is a recognition that AI is no longer a distant or abstract governance issue, but a near-term security problem that the nation’s standards-setting body is trying to tackle in a multifaceted way.
NIST’s wide-ranging cybersecurity and AI portfolio
Although the purpose of the workshop was to solicit feedback specifically on NIST’s preliminary Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile), which is an adaptation of the community profiles emerging from NIST’s Cybersecurity Framework, experts addressed many other NIST practices and methodology initiatives that deal with AI-related threats and security opportunities.
These efforts show how NIST is attacking AI security from multiple angles — development, deployment, identity, privacy, and adversarial abuse — and include:
AI Risk Management Framework. Released on Jan. 26, 2023, NIST’s AI RMF was developed to better manage risks to individuals, organizations, and society associated with AI. “What we’re trying to do with the AI Risk Management Framework is understand how we trust AI, which operates in many ways differently in some of these tasks that we know very well,” particularly regarding how high-impact applications affect cybersecurity, Martin Stanley, principal researcher for AI and cybersecurity at NIST, said at the workshop.
Center for AI Standards and Innovation (CAISI). NIST’s CAISI serves as the “industry’s primary point of contact within the US government to facilitate testing and collaborative research related to harnessing and securing the potential of commercial AI systems,” said Maia Hamin, a technical staff member of CAISI, the center that develops best practices and standards for improving AI security and collaboration. It also “leads evaluations and assessments of US and adversary AI systems, including adoption of foreign models, potential security vulnerabilities, or potential for foreign influence,” she told workshop attendees.
NIST AI 100-2 E2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. This NIST report, published in March 2025,provides a taxonomy of concepts and defines terminology in the field of adversarial machine learning (AML). “Adversarial machine learning or adversarial AI is the field that studies attacks on AI systems that exploit the statistical and data-driven nature of this technology,” NIST research team supervisor Apostol Vassilev said at the workshop. “Hijacking, prompt injection, indirect prompt injection, data poisoning, all these things are part of the field of study of adversarial AI,” he clarified.
Dioptra. Dioptra is a NIST software test platform for assessing the trustworthy characteristics of AI. “You have multiple dimensions along which you want to analyze these as you want to identify how accurate they are for a particular task,” Harold Booth, NIST supervisory computer scientist, said at the event. “You want to be able to identify how robust they are to various kinds of attacks,” Booth said. “You want to know how well they do against various kinds of data sets.”
NIST SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. The AI SSDF community profile adds “practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle.” NIST’s Booth told the workshop attendees, “This particular profile is very focused on what is new with respect to doing development for AI systems. So all the concerns that exist for normal software development still pertain. But what we were really focused on was what’s new.”
PETs Testbed. NIST’s PETs Testbed provides the capability to investigate privacy-enhancing technologies (PETs) and their respective suitability for specific use cases, helping organizations evaluate and manage privacy risks. Gary Howarth, who leads the privacy engineering program at NIST, said that within a few weeks, NIST will release a new version of its privacy framework that is complementary to AI risk management and cybersecurity threat modeling.
NIST Special Publication 800-63 Digital Identity Guidelines. NIST recently updated its 2017 guidelines on digital identity to better embrace the process and technical requirements for meeting digital identity assurance levels, given the rapid pace of digital technical change. Ryan Galluzzo, identity program lead for NIST Applied Cybersecurity Division, stressed at the workshop that “AI agents are starting to change the kind of context and conversation around traditional cybersecurity controls. Within the context of this project, our intent is really to focus on those issues of access, those issues of how to identify agents that are operating within my enterprise.
The limits of ‘AI is just software’
NIST’s instinct to frame AI as an extension of traditional software allows organizations to reuse familiar concepts — risk assessment, access control, logging, defense in depth — rather than starting from zero. Workshop participants repeatedly emphasized that many controls do transfer, at least in principle.
But some experts argue that the analogy breaks down quickly in practice. AI systems behave probabilistically, not deterministically, they say. Their outputs depend on data that may change continuously after deployment. And in the case of agents, they may take actions that were not explicitly scripted in advance.
For CISOs, the risk is not that AI is unrecognizable, but that it appears recognizable enough to lull organizations into applying controls mechanically. Treating AI as “just another application” can obscure new failure modes, particularly those involving indirect manipulation through data or prompts rather than direct exploitation of code.
“AI agent systems really face a range of security threats and risks,” CAISI’s Hamin said at the workshop. “Some of these overlap with traditional software, but others kind of arise from the unique challenge of combining AI model outputs, which are non-deterministic, with the affordances and abilities of software tools.”
CISOs should watch out for framework fatigue
In kicking off the workshop, NIST senior policy advisor Katerina Megas explained that NIST reached out to the CISO community to ask them what they need in terms of AI security guidance.
“Before we started down any path, we spoke to the CISO community, and we asked them, ‘So how are you all dealing with artificial intelligence? How is this affecting your day-to-day? Is this something that keeps you up at night?’ And overwhelmingly, the answer was yes, this is absolutely something that is top of mind for us. Our leadership is asking us, what are we doing?” she said at the event.
But the CISOs also told NIST that they were overwhelmed with AI documentation. A lot of these publications had some overlap, but were not identical, Megas said. “If you were a consumer of all of these documents, it was very difficult for you to look at them and understand how they relate to what you are doing and also understand how to identify where two documents may be talking about the same thing and where they overlap.”
“If the guidance is super long, then people may not actually use it,” one workshop attendee, Naveen Konrajankuppam Mahavishnu, co-founder and CTO at Aira Security, tells CSO, suggesting that much of the material can be reduced to more digestible components.
“We can have a very detailed version, maybe a hundred pages long, but also have some sort of checklist that kind of summarizes the entire 100-page paper or something into a few pages where people can easily consume it, and then they can start implementing it,” Mahavishnu says.
View the full article
- 0 comments
- 38 views
-
Foto: fizkes – shutterstock.com
Unternehmen können die für sie allgemein schlechte Lage am Arbeitsmarkt kaum beeinflussen. Doch sie können einige Faktoren vermeiden, die zu Kündigungen durch Mitarbeitende führen. Dazu gehört insbesondere eine schlechte Führung, die fähige Fachkräfte vergrault. Hier sind die 10 wichtigsten Anzeichen, an denen Unternehmen erkennen können, ob ihr CSO eine gute Führungskraft ist.
1. Keine langfristige Strategie
CISOs und CSOs müssen den Weg erkennen, auf dem das Team und die Systeme vom gegenwärtigen Status zum gewünschten künftigen Zustand gelangen. Schlechtes IT-Security-Management verfügt nicht über diese Fähigkeit und lässt sich an ständig veränderten Ausrichtungen und Zick-Zack-Kursen erkennen. Häufig werden Komplexität, Organisationsform und Kosten als Ausrede benutzt, nichts zu machen.
Lesetipp: So überzeugen Sie Ihre Geschäftsführer von Security-Investitionen
2. Von einer Krise zur nächsten
CSOs mit schlechtem Sicherheits-Management fehlt nicht nur das vorausschauende, strategische und methodische Vorgehen. Sie tun sich außerdem schwer, potenzielle Probleme zu erkennen oder Krisen vorherzusehen. Daher verbringen schlechte Security-Manager die meiste Zeit damit, von einer Krise zur nächsten zu hecheln – und hindern somit ihr Team daran, gezielt Fortschritte zu erreichen.
3. Nur Worte statt Taten
Es ist leicht, über Probleme zu reden. Viel schwieriger ist es, sie zu verstehen, die Ursachen zu analysieren, einen Plan zu ihrer Lösung zu entwickeln und diesen Plan erfolgreich umzusetzen. Schlechte Security-Manager reden nur über Probleme, aber suchen nicht nach neuen Lösungen und beheben sie nicht.
4. Keine Dokumentation
Besprochene Punkte sollten aufgeschrieben werden. Das bringt Gewissheit, Orientierung und Verantwortlichkeit für alle Beteiligten. Doch leider glauben viele Manager oft, dass die Aufzeichnungen irgendwann gegen sie verwendet werden. Wenn es jedoch keine schriftliche Vereinbarung gibt, die unterschiedliche Ansichten klärt, führt dies im Team häufig zu Unsicherheit und Verwirrung.
5. Schlechte Kommunikation
Sicherheitsverantwortliche müssen Vertrauen bei Teammitgliedern, Führungskräften, Kunden, Partnern und anderen Beteiligten für ihre Pläne aufbauen. Dazu benötigen sie gute Kommunikationsfähigkeiten. Wer darüber nicht verfügt, kann kaum seine Ideen durchsetzen. Dies gefährdet die Sicherheitslage des Unternehmens.
6. Fragen bleiben unbeantwortet
Schlechte Security-Manager befürchten, dass sie für Antworten auf schwierige Fragen zur Rechenschaft gezogen werden. Daher weichen sie ihnen aus, wechseln das Thema, schinden Zeit oder erfinden Ausreden. So schwindet das Vertrauen schnell.
7. Ausweichen vor schwierigen Entscheidungen
Gerade schwierige Entscheidungen zeigen die Qualität einer Führungskraft. Wer versucht, diese auf andere abzuwälzen oder sich sonst davor drückt, sollte ersetzt werden. Denn ausbleibende Entscheidungen führen dazu, dass Security-Teams und -Systeme im alten Zustand bleiben und die Sicherheitslage des Unternehmens nicht verbessert wird.
8. Selbstfixierte Führungskräfte
Gute Führungskräfte hören zu, bevor sie sprechen. Sie stellen ihr Team über sich selbst und kümmern sich um alles Notwendige, damit es erfolgreich ist. Schlechte Führungskräfte konzentrieren sich dagegen auf sich selbst. Sie berücksichtigen nicht die Bedürfnisse ihres Teams. So kommen Initiativen nicht voran, Frustration und Enttäuschung nehmen zu.
9. Unterdrückung von Talenten
Jede Führungskraft sollte Talente fördern und einen vertrauensvollen Umgangston kultivieren. Wer Angst davor hat, dass junge Menschen schlauer oder besser sein könnten, ist fehl am Platz. Wenn gezielt Talente unterdrückt werden, kann sich eine Organisation nicht erfolgreich weiterentwickeln.
Lesetipp: 10 Tipps, wie sie Top-Talente halten
10. Beansprucht Erfolge für sich
Bei jedem Mitarbeitenden ist es ein schlechtes Zeichen, wenn er alle Erfolge für sich beansprucht, aber bei Problemen sofort mit dem Finger auf andere zeigt. Erst recht gilt dies für Führungskräfte. Dieses Verhalten lässt sich kaschieren, solange sie Verbündete besitzen, die sie decken. Doch eher früher als später sollten Unternehmen Konsequenzen ziehen.
Die Führung wirkt sich auf die Sicherheit aus
Die Fluktuation von Mitarbeitenden lässt sich zwar nicht vollständig vermeiden, aber bremsen. Ein wichtiger Hebel ist dabei das Erkennen schwacher Führungskräfte. Vor allem im Security-Bereich geht es dabei nicht nur um den internen Umgang miteinander, sondern auch um die Sicherheitslage des gesamten Unternehmens.
So sollte ein unfähiges Security-Management umgehend verändert werden, um das Risiko für das gesamte Unternehmen und die Security-Abteilung zu verringern. Dann sind die Mitarbeitenden nicht mehr frustriert, demotiviert und demoralisiert, sondern können effektiv die Sicherheitslage ihres Unternehmens verbessern. (ms)
View the full article
- 0 comments
- 123 views
-
These flaws could allow attackers to bypass authentication, perform remote code execution (RCE), and access certain functionality that should be gated. Of the six, four are rated “critical” (9.8 out of 10 on the CVE severity scale), while the others are “high” (7.5 and 8.1 severity).
Because WHD has been actively exploited in the past, admins are advised to patch their vulnerable servers immediately, by upgrading to Web Help Desk 2026.1.
“We already know what happens if you compromise SolarWinds,” said David Shipley of Beauceron Security. “There’s a massive downstream risk. It’s critical that things are patched, updated, resolved as quickly as possible.”
‘RCE’: The three letters no security leader wants to hear
SolarWinds says it has more than 300,000 customers around the world, including a large portion of the Fortune 500 and major government and defense agencies. The company’s WHD product is popular among these organizations.
The vulnerabilities were discovered by independent researchers from watchTowr and Horizon3.ai. They include:
Remote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical); Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high). CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.
The other two critical vulnerabilities, CVE-2025-40552 and CVE-2025-40554, are authentication bypasses which, if exploited, could allow attackers to invoke specific actions within Web Help Desk that should have been automatically protected by authentication.
“Those are three letters you never want to hear: ‘I got RCE’d’,” said Beauceron’s Shipley, noting that data deserialization can expose enterprise secrets. “That’s the worst. You really, really, really don’t want an RCE.”
The four critical bugs are typically very reliable to exploit due to their deserialization and authentication logic flaws, noted Ryan Emmons, security researcher at Rapid7. “For attackers, that’s good news, because it means avoiding lots of bespoke exploit development work like you’d see with other less reliable bug classes.”
Instead, attackers can use a standardized malicious payload across many vulnerable targets, Emmons noted. “If exploitation is successful, the attackers gain full control of the software and all the information stored by it, along with the potential ability to move laterally into other systems.”
Meanwhile, the high-severity vulnerability CVE-2025-40536 would allow threat actors to bypass security controls and gain access to certain functionalities that should be restricted only to authenticated users. Finally, CVE-2025-40537 is a hardcoded credentials vulnerability that, “under certain situations,” could provide access to administrative functions.
How enterprises should respond
SolarWinds provides detailed instructions for upgrading vulnerable servers to Web Help Desk 2026.1. Security teams must be vigilant on this, analysts emphasize.
Emmons advised that the most important things defenders can do right now are upgrade to the latest version on an emergency basis, and investigate any anomalous activity on servers that might have been targeted.
“These are bugs that likely won’t take long to develop weaponized exploits for, so time is of the essence for the best outcome,” he emphasized.
SolarWinds’ troubles just keep going on
These vulnerabilities reflect an unfortunate pattern for SolarWinds, whose WHD has repeatedly been under attack. Most recently, in September, the software company addressed a second patch bypass (CVE-2025-26399) for a WHD RCE flaw that was flagged a year earlier by the Cybersecurity and Infrastructure Security Agency (CISA) as being actively exploited. Also in 2024, the federal agency called out a credential flaw hardcoded into WHD.
“It’s like, ‘not again,’” said Shipley. “Everyone has this visceral, emotional reaction based on what happened to them five years ago.”
Major breaches have a “brand blast radius, a brand half life,” he noted, and this may bring back “past traumas” for IT managers. SolarWinds is familiar to attackers, who realize it is a brand that could pay off.
“It’s all about the rolling impact, the ROI side,” he said. Threat actors understand that they have a narrow attack window, and they want to maximize their chances for data exfiltration or ransom. And, if they’re nation-state state actors, the goal is to create “maximum havoc.”
“It’s a perverse form of brand awareness that you never want,” said Shipley.
While this incident is bad news, the good news is it’s not the same error, he noted. Also, in terms of RCEs, SolarWinds hasn’t been as impacted as Cisco and Fortinet, the latter of which has faced criticism over ‘silent’ patching.
Vendors must get down past the symptom layer and address the root cause of vulnerabilities in programming logic, he said, pointing out, “they plug the hole, but don’t figure out why they keep having holes.”
Ultimately, he said, “this is unsustainably bad for IT managers. We’re hitting the breaking point.” In the US, cybersecurity should be a regulatory priority; while it was an area of focus for the previous administration, there’s been a “complete U-turn” under the current regime.
“The only way out of this mess is to have better code,” Shipley noted. But, “we are now doomed to the legacy code, [plus whatever vibe code adds to the mix]. The levees are going to break soon. We’re going to have our code Katrina moment,” he said.
View the full article
- 0 comments
- 46 views
-
These flaws could allow attackers to bypass authentication, perform remote code execution (RCE), and access certain functionality that should be gated. Of the six, four are rated “critical” (9.8 out of 10 on the CVE severity scale), while the others are “high” (7.5 and 8.1 severity).
Because WHD has been actively exploited in the past, admins are advised to patch their vulnerable servers immediately, by upgrading to Web Help Desk 2026.1.
“We already know what happens if you compromise SolarWinds,” said David Shipley of Beauceron Security. “There’s a massive downstream risk. It’s critical that things are patched, updated, resolved as quickly as possible.”
‘RCE’: The three letters no security leader wants to hear
SolarWinds says it has more than 300,000 customers around the world, including a large portion of the Fortune 500 and major government and defense agencies. The company’s WHD product is popular among these organizations.
The vulnerabilities were discovered by independent researchers from watchTowr and Horizon3.ai. They include:
Remote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical); Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high). CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.
The other two critical vulnerabilities, CVE-2025-40552 and CVE-2025-40554, are authentication bypasses which, if exploited, could allow attackers to invoke specific actions within Web Help Desk that should have been automatically protected by authentication.
“Those are three letters you never want to hear: ‘I got RCE’d’,” said Beauceron’s Shipley, noting that data deserialization can expose enterprise secrets. “That’s the worst. You really, really, really don’t want an RCE.”
The four critical bugs are typically very reliable to exploit due to their deserialization and authentication logic flaws, noted Ryan Emmons, staff security researcher at Rapid7. “For attackers, that’s good news, because it means avoiding lots of bespoke exploit development work like you’d see with other less reliable bug classes.”
Instead, attackers can use a standardized malicious payload across many vulnerable targets, Emmons noted. “If exploitation is successful, the attackers gain full control of the software and all the information stored by it, along with the potential ability to move laterally into other systems.”
Meanwhile, the high-severity vulnerability CVE-2025-40536 would allow threat actors to bypass security controls and gain access to certain functionalities that should be restricted only to authenticated users. Finally, CVE-2025-40537 is a hardcoded credentials vulnerability that, “under certain situations,” could provide access to administrative functions.
How enterprises should respond
SolarWinds provides detailed instructions for upgrading vulnerable servers to Web Help Desk 2026.1. Security teams must be vigilant on this, analysts emphasize.
Emmons advised that the most important things defenders can do right now are upgrade to the latest version on an emergency basis, and investigate any anomalous activity on servers that might have been targeted.
“These are bugs that likely won’t take long to develop weaponized exploits for, so time is of the essence for the best outcome,” he emphasized.
SolarWinds’ troubles just keep going on
These vulnerabilities reflect an unfortunate pattern for SolarWinds, whose WHD has repeatedly been under attack. Most recently, in September, the software company addressed a second patch bypass (CVE-2025-26399) for a WHD RCE flaw that was flagged a year earlier by the Cybersecurity and Infrastructure Security Agency (CISA) as being actively exploited. Also in 2024, the federal agency called out a credential flaw hardcoded into WHD.
“It’s like, ‘not again,’” said Shipley. “Everyone has this visceral, emotional reaction based on what happened to them five years ago.”
Major breaches have a “brand blast radius, a brand half life,” he noted, and this may bring back “past traumas” for IT managers. SolarWinds is familiar to attackers, who realize it is a brand that could pay off.
“It’s all about the rolling impact, the ROI side,” he said. Threat actors understand that they have a narrow attack window, and they want to maximize their chances for data exfiltration or ransom. And, if they’re nation-state state actors, the goal is to create “maximum havoc.”
“It’s a perverse form of brand awareness that you never want,” said Shipley.
While this incident is bad news, the good news is it’s not the same error, he noted. Also, in terms of RCEs, SolarWinds hasn’t been as impacted as Cisco and Fortinet, the latter of which has faced criticism over ‘silent’ patching.
Vendors must get down past the symptom layer and address the root cause of vulnerabilities in programming logic, he said, pointing out, “they plug the hole, but don’t figure out why they keep having holes.”
Ultimately, he said, “this is unsustainably bad for IT managers. We’re hitting the breaking point.” In the US, cybersecurity should be a regulatory priority; while it was an area of focus for the previous administration, there’s been a “complete U-turn” under the current regime.
“The only way out of this mess is to have better code,” Shipley noted. But, “we are now doomed to the legacy code, [plus whatever vibe code adds to the mix]. The levees are going to break soon. We’re going to have our code Katrina moment,” he said.
View the full article
- 0 comments
- 29 views
-
In a report released Wednesday, researchers at Pillar Security say they have discovered campaigns at scale going after exposed large language model (LLM) and MCP endpoints – for example, an AI-powered support chatbot on a website.
“I think it’s alarming,” said report co-author Ariel Fogel. “What we’ve discovered is an actual criminal network where people are trying to steal your credentials, steal your ability to use LLMs and your computations, and then resell it.”
“It depends on your application, but you should be acting pretty fast by blocking this kind of threat,” added co-author Eilon Cohen. “After all, you don’t want your expensive resources being used by others. If you deploy something that has access to critical assets, you should be acting right now.”
Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, said that this campaign “is only going to grow to some catastrophic impacts. The worst part is the low bar of technical knowledge needed to exploit this.”
How big are these campaigns? In the past couple of weeks alone, the researchers’ honeypots captured 35,000 attack sessions hunting for exposed AI infrastructure.
“This isn’t a one-off attack,” Fogel added. “It’s a business.” He doubts a nation-state it behind it; the campaigns appear to be run by a small group.
The goals: To steal compute resources for use by unauthorized LLM inference requests, to resell API access at discounted rates through criminal marketplaces, to exfiltrate data from LLM context windows and conversation history, and to pivot to internal systems via compromised MCP servers.
Two campaigns
The researchers have so far identified two campaigns: One, dubbed Operation Bizarre Bazaar, is targeting unprotected LLMs. The other campaign targets Model Context Protocol (MCP) endpoints.
It’s not hard to find these exposed endpoints. The threat actors behind the campaigns are using familiar tools: The Shodan and Censys IP search engines.
At risk: Organizations running self-hosted LLM infrastructure (such as Ollama, software that processes a request to the LLM model behind an application; vLLM, similar to Ollama but for high performance environments; and local AI implementations) or those deploying MCP servers for AI integrations.
Targets include:
exposed endpoints on default ports of common LLM inference services; unauthenticated API access without proper access controls; development/staging environments with public IP addresses; MCP servers connecting LLMs to file systems, databases and internal APIs. Common misconfigurations leveraged by these threat actors include:
Ollama running on port 11434 without authentication; OpenAI-compatible APIs on port 8000 exposed to the internet; MCP servers accessible without access controls; development/staging AI infrastructure with public IPs; production chatbot endpoints (customer support, sales bots) without authentication or rate limiting. George Gerchow, chief security officer at Bedrock Data, said Operation Bizarre Bazaar “is a clear sign that attackers have moved beyond ad hoc LLM abuse and now treat exposed AI infrastructure as a monetizable attack surface. What’s especially concerning isn’t just unauthorized compute use, but the fact that many of these endpoints are now tied to the Model Context Protocol (MCP), the emerging open standard for securely connecting large language models to data sources and tools. MCP is powerful because it enables real-time context and autonomous actions, but without strong controls, those same integration points become pivot vectors into internal systems.”
Defenders need to treat AI services with the same rigor as APIs or databases, he said, starting with authentication, telemetry, and threat modelling early in the development cycle. “As MCP becomes foundational to modern AI integrations, securing those protocol interfaces, not just model access, must be a priority,” he said.
In an interview, Pillar Security report authors Eilon Cohen and Ariel Fogel couldn’t estimate how much revenue threat actors might have pulled in so far. But they warn that CSOs and infosec leaders had better act fast, particularly if an LLM is accessing critical data.
Their report described three components to the Bizarre Bazaar campaign:
the scanner: a distributed bot infrastructure that systematically probes the internet for exposed AI endpoints. Every exposed Ollama instance, every unauthenticated vLLM server, every accessible MCP endpoint gets cataloged. Once an endpoint appears in scan results, exploitation attempts begin within hours; the validator: Once scanners identify targets, infrastructure tied to an alleged criminal site validates the endpoints through API testing. During a concentrated operational window, the attacker tested placeholder API keys, enumerated model capabilities and assessed response quality; the marketplace: Discounted access to 30+ LLM providers is being sold on a site called The Unified LLM API Gateway. It’s hosted on bulletproof infrastructure in the Netherlands and marketed on Discord and Telegram. So far, the researchers said, those buying access appear to be people building their own AI infrastructure and trying to save money, as well as people involved in online gaming.
Threat actors may not only be stealing AI access from fully developed applications, the researchers added. A developer trying to prototype an app, who, through carelessness, doesn’t secure a server, could be victimized through credential theft as well.
Joseph Steinberg, a US-based AI and cybersecurity expert, said the report is another illustration of how new technology like artificial intelligence creates new risks and the need for new security solutions beyond the traditional IT controls.
CSOs need to ask themselves if their organization has the skills needed to safely deploy and protect an AI project, or whether the work should be outsourced to a provider with the needed expertise.
Mitigation
Pillar Security said CSOs with externally-facing LLMs and MCP servers should:
enable authentication on all LLM endpoints. Requiring authentication eliminates opportunistic attacks. Organizations should verify that Ollama, vLLM, and similar services require valid credentials for all requests; audit MCP server exposure. MCP servers must never be directly accessible from the internet. Verify firewall rules, review cloud security groups, confirm authentication requirements; block known malicious infrastructure. Add the 204.76.203.0/24 subnet to deny lists. For the MCP reconnaissance campaign, block AS135377 ranges; implement rate limiting. Stop burst exploitation attempts. Deploy WAF/CDN rules for AI-specific traffic patterns; audit production chatbot exposure. Every customer-facing chatbot, sales assistant, and internal AI agent must implement security controls to prevent abuse. Don’t give up
Despite the number of news stories in the past year about AI vulnerabilities, Meghu said the answer is not to give up on AI, but to keep strict controls on its usage. “Do not just ban it, bring it into the light and help your users understand the risk, as well as work on ways for them to use AI/LLM in a safe way that benefits the business,” he advised.
“It is probably time to have dedicated training on AI use and risk,” he added. “Make sure you take feedback from users on how they want to interact with an AI service and make sure you support and get ahead of it. Just banning it sends users into a shadow IT realm, and the impact from this is too frightening to risk people hiding it. Embrace and make it part of your communications and planning with your employees.”
View the full article
- 0 comments
- 49 views
-
In a report released Wednesday, researchers at Pillar Security say they have discovered campaigns at scale going after exposed large language model (LLM) and MCP endpoints – for example, an AI-powered support chatbot on a website.
“I think it’s alarming,” said report co-author Ariel Fogel. “What we’ve discovered is an actual criminal network where people are trying to steal your credentials, steal your ability to use LLMs and your computations, and then resell it.”
“It depends on your application, but you should be acting pretty fast by blocking this kind of threat,” added co-author Eilon Cohen. “After all, you don’t want your expensive resources being used by others. If you deploy something that has access to critical assets, you should be acting right now.”
Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, said that this campaign “is only going to grow to some catastrophic impacts. The worst part is the low bar of technical knowledge needed to exploit this.”
How big are these campaigns? In the past couple of weeks alone, the researchers’ honeypots captured 35,000 attack sessions hunting for exposed AI infrastructure.
“This isn’t a one-off attack,” Fogel added. “It’s a business.” He doubts a nation-state it behind it; the campaigns appear to be run by a small group.
The goals: To steal compute resources for use by unauthorized LLM inference requests, to resell API access at discounted rates through criminal marketplaces, to exfiltrate data from LLM context windows and conversation history, and to pivot to internal systems via compromised MCP servers.
Two campaigns
The researchers have so far identified two campaigns: One, dubbed Operation Bizarre Bazaar, is targeting unprotected LLMs. The other campaign targets Model Context Protocol (MCP) endpoints.
It’s not hard to find these exposed endpoints. The threat actors behind the campaigns are using familiar tools: The Shodan and Censys IP search engines.
At risk: Organizations running self-hosted LLM infrastructure (such as Ollama, software that processes a request to the LLM model behind an application; vLLM, similar to Ollama but for high performance environments; and local AI implementations) or those deploying MCP servers for AI integrations.
Targets include:
exposed endpoints on default ports of common LLM inference services; unauthenticated API access without proper access controls; development/staging environments with public IP addresses; MCP servers connecting LLMs to file systems, databases and internal APIs. Common misconfigurations leveraged by these threat actors include:
Ollama running on port 11434 without authentication; OpenAI-compatible APIs on port 8000 exposed to the internet; MCP servers accessible without access controls; development/staging AI infrastructure with public IPs; production chatbot endpoints (customer support, sales bots) without authentication or rate limiting. George Gerchow, CSO at Bedrock Data and an IANS faculty member, said Operation Bizarre Bazaar “is a clear sign that attackers have moved beyond ad hoc LLM abuse and now treat exposed AI infrastructure as a monetizable attack surface. What’s especially concerning isn’t just unauthorized compute use, but the fact that many of these endpoints are now tied to the Model Context Protocol (MCP), the emerging open standard for securely connecting large language models to data sources and tools. MCP is powerful because it enables real-time context and autonomous actions, but without strong controls, those same integration points become pivot vectors into internal systems.”
Defenders need to treat AI services with the same rigor as APIs or databases, he said, starting with authentication, telemetry, and threat modelling early in the development cycle. “As MCP becomes foundational to modern AI integrations, securing those protocol interfaces, not just model access, must be a priority,” he said.
In an interview, Pillar Security report authors Eilon Cohen and Ariel Fogel couldn’t estimate how much revenue threat actors might have pulled in so far. But they warn that CSOs and infosec leaders had better act fast, particularly if an LLM is accessing critical data.
Their report described three components to the Bizarre Bazaar campaign:
the scanner: a distributed bot infrastructure that systematically probes the internet for exposed AI endpoints. Every exposed Ollama instance, every unauthenticated vLLM server, every accessible MCP endpoint gets cataloged. Once an endpoint appears in scan results, exploitation attempts begin within hours; the validator: Once scanners identify targets, infrastructure tied to an alleged criminal site validates the endpoints through API testing. During a concentrated operational window, the attacker tested placeholder API keys, enumerated model capabilities and assessed response quality; the marketplace: Discounted access to 30+ LLM providers is being sold on a site called The Unified LLM API Gateway. It’s hosted on bulletproof infrastructure in the Netherlands and marketed on Discord and Telegram. So far, the researchers said, those buying access appear to be people building their own AI infrastructure and trying to save money, as well as people involved in online gaming.
Threat actors may not only be stealing AI access from fully developed applications, the researchers added. A developer trying to prototype an app, who, through carelessness, doesn’t secure a server, could be victimized through credential theft as well.
Joseph Steinberg, a US-based AI and cybersecurity expert, said the report is another illustration of how new technology like artificial intelligence creates new risks and the need for new security solutions beyond the traditional IT controls.
CSOs need to ask themselves if their organization has the skills needed to safely deploy and protect an AI project, or whether the work should be outsourced to a provider with the needed expertise.
Mitigation
Pillar Security said CSOs with externally-facing LLMs and MCP servers should:
enable authentication on all LLM endpoints. Requiring authentication eliminates opportunistic attacks. Organizations should verify that Ollama, vLLM, and similar services require valid credentials for all requests; audit MCP server exposure. MCP servers must never be directly accessible from the internet. Verify firewall rules, review cloud security groups, confirm authentication requirements; block known malicious infrastructure. Add the 204.76.203.0/24 subnet to deny lists. For the MCP reconnaissance campaign, block AS135377 ranges; implement rate limiting. Stop burst exploitation attempts. Deploy WAF/CDN rules for AI-specific traffic patterns; audit production chatbot exposure. Every customer-facing chatbot, sales assistant, and internal AI agent must implement security controls to prevent abuse. Don’t give up
Despite the number of news stories in the past year about AI vulnerabilities, Meghu said the answer is not to give up on AI, but to keep strict controls on its usage. “Do not just ban it, bring it into the light and help your users understand the risk, as well as work on ways for them to use AI/LLM in a safe way that benefits the business,” he advised.
“It is probably time to have dedicated training on AI use and risk,” he added. “Make sure you take feedback from users on how they want to interact with an AI service and make sure you support and get ahead of it. Just banning it sends users into a shadow IT realm, and the impact from this is too frightening to risk people hiding it. Embrace and make it part of your communications and planning with your employees.”
View the full article
- 0 comments
- 26 views
-
Sanderson has a large body of work, but some of his most popular fantasy books could be adapted first. Mistborn could be turned into a movie series, while The Stormlight Archive is being considered for television. Mistborn is a book series that's split into two eras, with the first three books featuring a group of magic-using metal manipulators or "Allomancers" overthrowing a dystopian empire. The second set of books follows the exploits of Wax and Wayne, two lawmen with magical abilities in a more modern setting.
There are two additional eras planned for the same Mistborn series, so Apple has access to content that could result in a dozen movies.
The Stormlight Archive currently features five epic fantasy books, each of which could easily be used for multiple seasons of a TV show. The Stormlight Archive is a classic good vs. evil tale, featuring the Knights Radiant against Voidbringers who want to conquer the world.
Sanderson has 10 total books planned for The Stormlight Archive, but the "Cosmere" universe also includes many other standalone novels, all of which are linked together. Sanderson is one of the most well-known current fantasy authors, and in addition to his own books, he finished Robert Jordan's The Wheel of Time after Jordan passed away.
A TV show based on the Stormlight Archive is already in the early stages of planning. Blue Marble, a film studio run by Pachinko producer Theresa Kang-Lowe, is set to produce. Kang-Lowe has an exclusive content production deal with Apple.
Apple won the deal after Sanderson met with multiple potential partners. Apple agreed to give Sanderson unprecedented control over screen translations, so he will write, produce, and consult on any TV shows or movies that Apple makes about the Cosmere universe. Sanderson is known for having some of the most popular Kickstarter campaigns to date, raising close to $100 million by selling his books.Tag: Apple TV Plus
This article, "Apple Signs Deal for Brandon Sanderson's 'Cosmere' Universe Movies and TV Shows" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
"So excited to work with the very best team in the world on my favorite products," he said.
This marks a return to Apple for de With, who previously worked on things such as iCloud, MobileMe, and the Find My app. He has also completed design work for other companies, such as Sony, Mozilla, Oracle, HP, and EA, in the past.
de With is a well-known figure in the online Apple and photography communities.
Apple's design team is undergoing many changes. Last year, the company's former software design chief Alan Dye left for Meta, and Apple's hardware engineering chief and leading CEO candidate John Ternus was reportedly tapped to oversee the company's entire hardware and software design teams towards the end of last year.
Over the past several years, some Apple designers have left to work with Jony Ive, the legendary former Apple design chief. Ive left Apple in 2019 to start his own design firm LoveFrom, and he has been working with OpenAI on a new AI device.
In related news, Halide's parent company Lux today launched a public preview of Halide Mark III, the next-generation version of its flagship camera app.
This article, "'Halide' Co-Founder Sebastiaan de With Joins Apple's Design Team" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 45 views
-
Apple has updated its developer release notes for the third betas of iOS and iPadOS 26.3 to outline the devices and features that are affected:Apple has not provided any details on why these features are not working on the latest betas, but the issue will presumably be fixed in the next round of betas.
We're expecting a public release of iOS 26.3 and related updates fairly soon, as the x.3 updates typically drop in late January each year. With just a few days left in the month, it appears the release schedule may slip into early February for this cycle, but we should be seeing release candidate versions seeded to developers and beta testers relatively soon ahead of the public releases.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Warning: These Continuity Features Are Broken on Latest iOS 26.3 and iPadOS 26.3 Betas" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
"Ted Lasso" is one of the most popular shows ever released on the Apple TV streaming service. The eponymous character Ted Lasso, played by Jason Sudeikis, starts off as a small-time football coach from Kansas who is hired to coach a professional soccer team in England, despite having no experience coaching soccer.
In the fourth season, Apple says Lasso returns to England to take on his biggest challenge yet: coaching a second division women's soccer team.
"Throughout the course of the season, Ted and the team learn to leap before they look, taking chances they never thought they would," said Apple.
The fourth season is currently in production, according to Apple, and fan favorites such as Hannah Waddingham, Juno Temple, Brett Goldstein, Brendan Hunt, and Jeremy Swift are all set to return in the upcoming episodes.
The third season of "Ted Lasso" was released in 2023, so there has been a long wait for a fourth season. The series has won several major awards since it debuted in 2020, with its overall positive tone making it a popular comfort show.Tag: Apple TV Shows
This article, "'Ted Lasso' is Returning to Apple TV, Here's When" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
The vm2 library, which is listed as a dependency by almost 900 other packages on NPM and many projects on GitHub, is not a stranger to sandbox escape vulnerabilities. In fact, in July 2023, its creator decided to stop maintaining the project and deprecate it after one such vulnerability.
Despite the project being unmaintained, in the absence of good alternatives, people have kept using it, leading to millions of downloads every month. In October 2025, the original maintainer decided to resurrect the project after patching all past vulnerabilities and announcing plans to rewrite it in TypeScript.
The new vulnerability patched this week is tracked as CVE-2026-22709 and affects versions older than 3.10.2. Users are advised to upgrade to the latest version as soon as possible.
“In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed,” the official advisory reads. “This allows attackers to escape the sandbox and run arbitrary code.”
Sandboxing is a cat-and-mouse game
Sandboxes like vm2 are needed by web and other Node-based applications whose functionality enables users or tools to upload and execute scripts. Because user-controlled code is untrusted by nature, it cannot be allowed to execute in the same context as the application itself. Yet the host application needs to monitor and see what the code does.
The vm2 library achieves this through a complex network of proxies that intercept and mediate interactions between the sandbox and the host environment. But the complexity of JavaScript means there will likely always be a way to trick this chain of proxies.
The project is honest about this in its description: “Objects can be accessed through prototype chains, constructors can be reached via error objects, symbols provide protocol hooks, and async execution creates timing windows. The sheer number of ways to traverse from one object to another in JavaScript makes building an airtight in-process sandbox extremely difficult.”
The maintainer clearly warns that new bypasses will likely be discovered in the future and while they will be patched, the cat-and-mouse game will continue. In his announcement about the project’s resurrection in October, he noted that he hopes AI-assisted vulnerability detection will help catch more of these issues in the future.
There are other alternatives to isolate code that would provide stronger security guarantees, such as full process sandboxing, virtual machines, containers, and more. But they come with heavier performance costs or add other complexities and hurdles. Not to mention, those approaches are not vulnerability-free either.
The maintainer advises that vm2 should only be used when:
You need tight integration with host objects and fast synchronous communication The untrusted code comes from a relatively trusted source (e.g., internal tools, plugin systems with vetted authors) You combine vm2 with other security layers (network isolation, filesystem restrictions, resource limits) You accept the risk and actively monitor for security updates View the full article
- 0 comments
- 29 views
-
Note: This image has been edited to include a pile of cash.
Patreon is a platform where creators such as YouTubers can receive payments from fans, which can be a valuable revenue stream alongside ads and sponsorships.
Apple initially told Patreon that its creators must move to the App Store's in-app purchase system by November 2025, or else Patreon would risk removal from the App Store, but the deadline was pushed back. Apple considers payments from supporters to creators on Patreon to be digital goods that it is entitled to receive a commission on.
Apple receives a 30% commission on in-app purchases and subscriptions, but this drops to 15% for a subscription that has been ongoing for more than a year.
Patreon said it is disappointed with how Apple has navigated this policy.
According to TechCrunch, only 4% of Patreon creators are still using the platform's legacy billing system, with the rest having already switched over.
Patreon has shared a FAQ with more details for creators.Tags: App Store, Patreon
This article, "Apple Will Soon Take Up to a 30% Cut From All Patreon Creators on iOS" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
The discount is available from now until February 12, and it is available when ordering flowers from the 1-800-Flowers website or app. To get the deal, use Apple Pay when checking out, and enter the promo code APPLEPAY.
1-800-Flowers is able to provide flower deliveries across the United States, with bouquet options varying by location.Tag: Apple Pay Promo
This article, "Apple Pay Promo Offers Discount on Valentine's Day Flowers" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Subscribe to the MacRumors YouTube channel for more videos.
We checked out the Creator Studio bundle to see if it's worth what Apple is charging.
Creator Studio includes Apple's pro image, audio, and video editing apps that were previously only available for one-time purchase. If you don't currently own Apple's apps and you have need for a range of creative tools, the bundle has the potential to be a good deal.
Many of Apple's apps are hundreds of dollars if you purchase them on a standalone basis. Here are the individual costs:
Final Cut Pro - $299.99
Logic Pro - $199.99
Pixelmator Pro - $49.99
Compressor - $49.99
Motion - $49.99
MainStage - $29.99
Together, the apps cost just about $680, so there is potentially money to be saved by paying $12.99 per month or $129 per year. Creator Studio provides full access to the apps, along with exclusive AI features that are not available in the standalone versions. Apple is even including Creator Studio-exclusive features in its free apps like Freeform, Keynote, Pages, and Numbers.
You can use Freeform, Keynote, Pages, and Numbers for free and purchase Apple's apps without opting for Creator Studio, but a Creator Studio subscription is the only way to get the new AI features that Apple has developed.
Unfortunately, there is no option to purchase access to just one or two apps at a lower subscription price. Creator Studio is all or nothing, so if you just want access to image editing capabilities with Pixelmator Pro and also the AI tools for Apple's iWork app, you have no option to pay less just for those. You have to pay the full $12.99 per month price even if you don't need some of the apps.
Apple envisions Creative Studio as a tool for creatives who need to do all their content creation and management on their own, from filming videos to creating audio for those videos to making graphics. It is a highly useful option for people who can take advantage of most of the apps, but it isn't going to make as much sense for those who just need one or two.
Creator Studio is best for people who have shied away from Apple's professional video and audio editing apps because of their high cost, or those who need tools for video creation, music making, and image editing. It would be nice if Apple could offer more specialized, affordable bundles in the future, much like Adobe does for its Creative Cloud apps.
Apple is offering a one-month free trial for those who want to try out Creator Studio, or a three-month trial with the purchase of an eligible Mac or iPad. Up to six family members can share a single Creative Studio subscription.
Do you plan to subscribe to Creative Studio? Let us know in the comments below.Tag: Apple Creator Studio
This article, "Apple Creator Studio Hands-On: What You Get for $12.99 Per Month" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 27 views
-
Pixelmator Pro is a popular image editing app that was acquired by Apple last year. There is already a more basic Pixelmator app available for the iPad and iPhone, but Apple says that app is "no longer being updated." To receive new features going forward, iPad users will need to move to the full-fledged Pixelmator Pro app.
Apple says Pixelmator Pro for iPad is compatible with iPad models equipped with the A16, A17 Pro, or M1 chip or later on iPadOS 26 or later.
Here are some of the Pixelmator Pro for iPad features highlighted by Apple:A full-featured Layers sidebar allows creators to use images, shapes, text, and video
Smart selection tools for isolating and editing specific parts of images
Advanced bitmap and vector masks
Super Resolution for intelligently upscaling photos
Deband for removing compression artifacts
Auto Crop with automatic composition suggestions
Apple Pencil support for pressure-sensitive brushing, plus hover, squeeze, and double tapPixelmator Pro for both iPad and Mac is available through the new Apple Creator Studio subscription bundle, which in the U.S. costs $12.99 per month or $129 per year. A one-time $49.99 purchase option remains available for the Mac app.
Some new "intelligent features" and "premium content" in Pixelmator Pro will only be available with an Apple Creator Studio subscription. For example, in both the iPad and Mac apps, Apple Creator Studio subscribers have access to a new Warp tool for twisting and shaping image layers. The one-time-purchase Mac app did not receive this feature.Tags: Apple Creator Studio, Pixelmator
This article, "Pixelmator Pro Launches on iPad With Apple Pencil Support and More" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 37 views
-
- 0 comments
- 40 views
-
Here is what is new in all versions of Final Cut Pro on the Mac, regardless of whether you have an active Apple Creator Studio subscription:Here is what is new in Final Cut Pro on the iPad, which is now only available with an Apple Creator Studio subscription for new customers:Here is what is new in all versions of Logic Pro on the Mac, regardless of whether you have an active Apple Creator Studio subscription:Here is what is new in Logic Pro on the iPad, which is now only available with an Apple Creator Studio subscription for new customers:If you were already subscribed to Final Cut Pro and/or Logic Pro on the iPad for $4.99 per month, you can continue to pay that price for access to the Apple Creator Studio versions of the apps on the iPad. If you want all of the other Mac and iPad apps that are included in Apple Creator Studio, you must pay the full $12.99 per month.
On the Mac, Final Cut Pro companion apps Motion and Compressor and Logic Pro companion app MainStage were all updated today with the same set of new features across both the one-time purchase and Apple Creator Studio versions of the apps.
Two other Apple apps updated today are iMovie on the Mac, and Final Cut Camera on the iPhone. Those apps are not part of Apple Creator Studio.
Editor's Note: Confusing, we know.Tags: Apple Creator Studio, Final Cut Pro, Logic Pro
This article, "Apple Updates Final Cut Pro and Logic Pro With These New Features" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
Among the platform’s key features is its continuous, real-time cryptographic visibility. Quantum-Safe acts as a central intelligence layer, collecting telemetry and logs from network infrastructure — such as PAN-OS NGFW and Prisma Access — and enriching them with data from an ecosystem of third-party security tools, according to the company. The feature enables the discovery and cataloging of applications, systems, infrastructure, and IoT devices, and it facilitates analysis of cryptographic traffic behavior, including protocols, encryption algorithms, key exchange mechanisms, certificates, and libraries used.
At the summit, Palo Alto CEO Nikesh Arora stressed that quantum computing is reaching a turning point similar to that of artificial intelligence. “It’s no longer a laboratory project, and its ability to solve problems at high speed is approaching production environments,” he said.
According to Arora and other technology experts, the technology poses a critical security challenge. “Quantum computers will be able to break cryptographic keys much faster than current systems, putting everything from private communications to digital assets like Bitcoin at risk,” he explained.
Due to the threat of “harvest now, decrypt later” techniques, in which encrypted data collected today could be decrypted more readily in the future with quantum computing, urgency to address post-quantum cryptography is rising.
“Regulators and companies are already demanding quantum transition plans to protect critical infrastructure and ensure operational continuity,” Arora said.
To that end, Palo Alto’s Quantum-Safe Security solution offers advanced cryptographic risk assessment and prioritization, correlating encryption strength with business criticality and data lifecycle. This identifies immediate exposures (“harvest now, decrypt later” risks) and high-value assets requiring priority migration, providing security teams with a clear, impact-based roadmap.
Another key feature is its remediation approach, which guides the transition in several stages. The solution helps modernize infrastructures to achieve a “quantum ready” state, activate post-quantum or hybrid (quantum-safe) algorithms, and, in the case of legacy systems or devices that cannot be upgraded, apply virtual patching through encryption translation. This mechanism enables vulnerable traffic to be re-encrypted in real-time with secure quantum standards, without modifying existing applications or code.
Quantum-Safe Security also incorporates a robust governance and ongoing compliance framework. It automates crypto hygiene management, maintains a dynamic cryptographic inventory (CBOM), and detects deviations or the use of weak ciphers in real-time. Furthermore, it facilitates regulatory compliance through automated reporting and audits aligned with global standards and regulations such as NIST, FIPS 140-3, and DORA.
The solution is designed to integrate with existing security and operations systems, including SIEM, EDR, load balancers, and vulnerability management tools, enabling a scalable, gradual transition compatible with complex business environments.
“Waiting for the hardware to be available to act could leave critical systems years behind, with serious risks to security and operational continuity,” Arora noted at the event. “The ability to break cryptography will force companies, governments, and regulators to anticipate, adapt, and protect critical data before this technology becomes fully operational. Those who act proactively will be able to mitigate risks and ensure business continuity in the new quantum era,” he said.
View the full article
- 0 comments
- 34 views
-
Externally, the second-generation AirTag itself is effectively indistinguishable from the original and continues to use a standard CR2032 coin cell. The only visual differences are slight changes to the text on the back, which is now all in capital letters and lists IP67 water and dust resistance, as well as NFC and Find My support.
The main PCB inside the second-generation AirTag is visibly thinner than that of the original model. The battery connectors are positioned at a different angle and the new board includes additional test pads that are likely related to manufacturing or diagnostics. Taylor also noted new markings inside the battery compartment, including a QR-code-like graphic.
The speaker assembly also sees changes. The speaker coil embedded in the plastic shell appears slightly larger than in the first-generation AirTag, while the speaker magnet is more firmly secured. In the original AirTag, the magnet could be removed relatively easily, which enabled relatively easy modifications. In the second-generation model, the magnet is more firmly secure and requires noticeably more effort to remove.
Taylor speculated that the increased use of adhesive could be related to anti-tampering efforts. Despite the removal of the speaker coil and magnet, the device was still able to connect to his iPhone, indicating that Apple has not introduced a firmware-level lockout or alert triggered by physical modifications.
After pairing the device to an iPhone, the sound the AirTag emits is a "slightly higher pitch" compared to the original. A user on X has noted that the chime has changed from the note "F" to the note "G."
Apple has also updated the AirTag's packaging, using a redesigned box with a narrower overall shape and updated front artwork. The printed text on the new box appears slightly raised via UV printing, and it now features paper adhesive pull tabs. Inside the box, the cardboard insert containing the AirTags is now simpler, with a single paper latch holding a lid over the tray of AirTags, which now sit as a row of four. In the original packaging, the AirTags sat in a doubled over folio in rows of two.Tag: AirTag
This article, "Teardown Reveals AirTag 2 Is Full of Hidden Changes" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 36 views
-
- 0 comments
- 41 views
-
Apple Creator Studio is a subscription bundle that provides access to the Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage apps on Mac and/or iPad, with U.S. pricing set at $12.99 per month or $129 per year.
A subscription to Apple Creator Studio also unlocks "intelligent features" and "premium content" in apps like Pixelmator Pro, Numbers, Pages, Keynote, and later Freeform.
On the iPhone and iPad, existing Keynote, Numbers, and Pages users will see updates to the apps in the App Store that contain both the free new features for everyone and paid new features for Apple Creator Studio subscribers.
On the Mac, the existing Keynote, Numbers, and Pages apps were updated (to version 14.5), but only to inform users that those existing apps will no longer be receiving new features of any kind. To receive new features, including free ones, you must install the new, separate Apple Creator Studio editions (version 15.1) of the apps.
Here is what is new in the Keynote app for all users:Here is what is new in the Keynote app for Apple Creator Studio subscribers:Here is what is new in the Numbers app for all users:Here is what is new in the Numbers app for Apple Creator Studio subscribers:Here is what is new in the Pages app for all users:Here is what is new in the Pages app for Apple Creator Studio subscribers:Tags: Apple Creator Studio, iWork, Keynote, Numbers, Pages
This article, "Apple Updates Keynote, Numbers, and Pages Apps With New Free and Paid Features" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 40 views
-
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
In terms of the 16GB/256GB SSD model, this is a solid second-best price. You can also get the M4 Mac mini with 16GB RAM/512GB SSD for $689.00, down from $799.00, and the model with 24GB RAM/512GB SSD for $889.99, down from $999.00.
$100 OFFM4 Mac mini (256GB) for $499.00
$110 OFFM4 Mac mini (16GB/512GB) for $689.00
$109 OFFM4 Mac mini (24GB/512GB) for $889.99
$130 OFFM4 Pro Mac mini (24GB/512GB) for $1,269.00
Apple last updated the Mac mini in late 2024, introducing a redesigned computer that's smaller than the previous generation and featuring the M4 and M4 Pro chips. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Take Up to $130 Off M4 Mac Mini on Amazon, Starting at $499" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
In today’s rapidly evolving cybersecurity landscape, threat intelligence tools have become indispensable for organizations aiming to stay one step ahead of emerging risks. In 2026, cyber threats are more sophisticated, targeted, and persistent than ever—making proactive threat detection, investigation, and response critical. The best threat intelligence software not only delivers real-time data on indicators of compromise (IoCs), threat actors, and campaigns but also enables automated workflows, integrates seamlessly with security stacks, and supports decision-making with contextual insights.
When choosing a threat intelligence tool in 2026, key considerations include:
Data quality and relevance — How accurate, prioritized, or contextualized is the threat intel? Integration capabilities — Does it work with SIEM, SOAR, EDR platforms? Automation and analytics — Can it enrich, score, and act on threats automatically? Usability and reporting — Is the dashboard intuitive? Can it generate customizable reports? Coverage and community — Does it include global data sources, sharing with peers, or threat intel feeds? This guide walks you through the top 10 threat intelligence tools of 2026, presenting short descriptions, features, pros and cons, a comparison table, a decision-making guide, and FAQs to help you pick the ideal solution for your organization.
Top 10 Threat Intelligence Tools in 2026
1. ANY.RUN
Short Description :
ANY.RUN is an interactive malware analysis and sandbox platform that allows security teams to execute, observe, and investigate suspicious files and URLs in real time. It is widely used by SOC teams, malware researchers, and incident responders for fast and visual threat analysis.
Key Features:
Interactive sandbox with real-time malware execution Supports files, URLs, and phishing analysis Detailed behavioral analysis (processes, network, registry, memory) MITRE ATT&CK mapping and threat indicators (IOCs) Team collaboration, task sharing, and public/private analysis sessions API access for automation and SOC integration Pros:
Real-time, hands-on malware interaction (not just static reports) Very fast analysis with clear visual timelines Excellent for training, threat hunting, and incident response Cons:
Advanced features require paid plans 2. Mandiant Advantage (FireEye)
Short Description:
Mandiant Advantage delivers intelligence derived from its incident response work. Perfect for organizations requiring actionable intelligence backed by forensic and response expertise.
Key Features:
Incident-driven threat intelligence Campaign and malware analysis reports Integration with FireEye/Victims’ EDR Custom dashboards and alerts Playbooks and response recommendations Pros:
Deep expertise from Mandiant’s response team High fidelity and actionable insights Cons:
Focused heavily on enterprise/incident response users Less suited for lightweight or budget-focused setups 3. ThreatConnect
Short Description:
ThreatConnect is a threat intelligence platform that emphasizes collaboration and workflow orchestration. Great for teams looking to operationalize intelligence with playbooks and community sharing.
Key Features:
Threat feed aggregation and normalization Playbook automation via APIs Collaboration and intelligence sharing Operational dashboards and TTP modeling Integration with threat data sources (OSINT, commercial) Pros:
Strong for collaborative teams and automation Flexible API and playbook capabilities Cons:
UI can feel complex for new users Feature-rich, but might be overkill for simple needs 4. Anomali ThreatStream
Short Description:
Anomali ThreatStream offers unified threat intelligence management with automated enrichment and powerful analytics. Suits organizations focused on SOC efficiency and large-scale feed aggregation.
Key Features:
Aggregation from multiple threat feeds Automated enrichment and context Threat scoring and prioritization Integration with SIEMs and EDRs Threat sharing and collaboration via TAXII Pros:
Excellent for feed consolidation Helps reduce data overload with enrichment Cons:
Pricing scales steeply with data volume Requires tuning for optimal prioritization 5. Palo Alto Networks Cortex XSOAR Intelligence
Short Description:
Integrated into Cortex XSOAR, this offers threat intel workflows embedded in SOAR operations. Ideal for organizations already using Palo Alto products seeking unified IR automation.
Key Features:
Playbook-driven orchestration Threat intel ingestion and enrichment Dashboarding within XSOAR platform Automated incident response workflows Collaboration and case management Pros:
Seamless integration with XSOAR Robust automation within a single platform Cons:
Best value when used in broader Cortex ecosystem May not fit organizations using different vendors 6. Microsoft Threat Intelligence (MSTI)
Short Description:
Microsoft’s solution gives organizations access to global threat signals from its cloud, email, and enterprise products. Great for Enterprises invested in Microsoft 365 and Azure.
Key Features:
Signals from Microsoft cloud, email, endpoints Integrated with Defender suite Secure score improvements and recommendations API access for automating intel workflows Graph-based threat analytics Pros:
Native integration with Microsoft stack Rich visibility across clouds and endpoints Cons:
Less flexible outside the Microsoft ecosystem Focused on Microsoft-related threat vectors 7. IBM X-Force Exchange
Short Description:
IBM X-Force Exchange provides a rich platform for threat intel sharing, investigation, and collaboration—leveraging IBM’s X-Force research. Suitable for analysts seeking community-driven threat insights.
Key Features:
Global threat feed and reporting Infographic summaries and dashboards Crowd-sourced intelligence sharing Integration via APIs and STIX/TAXII Historical trend insights Pros:
Community and sharing focus Backed by IBM’s threat research Cons:
UI may feel dated to some users Enterprise focus may overwhelm smaller teams 8. CrowdStrike Intelligence
Short Description:
Part of CrowdStrike Falcon, this tool delivers threat intelligence enriched by endpoint visibility and global telemetry. Ideal for organizations needing endpoint-centric, integrated intel.
Key Features:
Telemetry-driven threat analytics Real-time enemy actor tracking IOC enrichment and attribution Integration with Falcon EDR workflows Attack campaign trend dashboards Pros:
High-quality intel based on real endpoint data Unified threat detection and investigation Cons:
Requires Falcon deployment May be cost-prohibitive for small shops 9. VirusTotal Intelligence
Logo/Brand: [VirusTotal logo]
Short Description:
VirusTotal Intelligence offers access to multi-vendor antivirus and sandboxing data. Excellent for malware researchers and lean security teams needing raw and enriched sample intelligence.
Key Features:
Searchable malware sample database Verdicts from multiple antivirus engines Sandbox behavior reports API for automation Community tagging and analysis Pros:
Incredibly useful for malware hunters and small SOCs Freemium tier available Cons:
Focused more on malware than broader threat actors Requires analytic skills to interpret raw data 10. Intel 471
Logo/Brand: [Intel 471 logo]
Short Description:
Intel 471 delivers deep underground-focused cyber-crime and threat actor intelligence. Perfect for organizations with high risk exposure and need for criminal ecosystem tracking.
Key Features:
Dark-web and underground intel gathering Actor profiles and campaign timelines Phishing kit tracking and infrastructure mapping Enrichment and prioritization Integration with SIEM and SOAR Pros:
Unique focus on criminal ecosystems Proactive visibility into actor behavior Cons:
Expensive for smaller teams Narrow focus may not suit everyone Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingG2/Capterra Rating*Recorded FutureLarge orgs needing real-time contextWeb, APIsML-powered prioritizationCustom/Enterprise~4.5/5Mandiant AdvantageIncident response teamsWeb, API, SIEMsIncident-backed intelligenceCustom/Enterprise~4.4/5ThreatConnectTeams wanting workflow automationWeb, APIs, SOARPlaybook orchestrationCustom/Enterprise~4.3/5Anomali ThreatStreamSOCs consolidating feedsWeb, API, SIEMFeed aggregation & enrichmentCustom/Volume-based~4.2/5Cortex XSOAR Intelligence (Palo Alto)Palo Alto ecosystem usersXSOAR platformSeamless IR automation within SOARCustom~4.3/5Microsoft Threat IntelligenceMicrosoft-centric enterpriseAzure, Defender ecosystemGlobal intel from cloud+email+endpointIncluded/Defender tiers~4.1/5IBM X-Force ExchangeAnalysts seeking collaborationWeb, STIX/TAXIICrowd-sourced intel and sharingFree tier / Enterprise~4.0/5CrowdStrike IntelligenceEndpoint-centric orgsFalcon platformTelemetry-driven real-time intelAdd-on to Falcon~4.6/5VirusTotal IntelligenceMalware researchers, small SOCsWeb, APIMulti-AV + sandbox insightsFreemium / Paid plans~4.5/5Intel 471High-risk clients needing dark web intelWeb, API, SIEMUnderground & actor ecosystem insightsHigh-cost Enterprise~4.4/5 Which Threat Intelligence Tool Is Right For You?
Here’s a quick decision guide to help you choose:
Small or emerging SOC/malware researcher → VirusTotal Intelligence (freemium, focused malware insights) Microsoft-centric environments → Microsoft Threat Intelligence (native integration) Already using Palo Alto ecosystem → Cortex XSOAR Intelligence (built-in automation) Endpoint-telemetry users → CrowdStrike Intelligence for real-time detection & attribution Need enriched, aggregated feeds → Anomali ThreatStream or Recorded Future Responders needing forensic insight → Mandiant Advantage Teams wanting automation & sharing workflows → ThreatConnect Analysts needing crowd-sourced intel → IBM X-Force Exchange Monitoring criminal networks/dark web → Intel 471 Additionally, consider company size (enterprise vs small business), budget (freemium → custom pricing), and security stack integration needs when choosing.
FAQs
1. What is a threat intelligence tool and why is it important in 2026?
Threat intelligence tools collect, analyze, and deliver contextual insights about cyber threats—actors, malware, vulnerabilities—to help organizations detect, prioritize, and respond effectively amid increasingly sophisticated attacks.
2. Are there free or low-cost options for threat intelligence tools?
Yes! VirusTotal Intelligence offers freemium tiers suitable for malware analysis. IBM X-Force Exchange also provides free community intelligence. Many enterprise-grade tools offer limited trials or demos.
3. How do I integrate threat intelligence into my existing security stack?
Look for tools offering APIs, connectors, or native integrations with SIEMs (e.g., Splunk), SOAR platforms, EDR tools, or visualization dashboards. Automation-ready tools like Cortex XSOAR or ThreatConnect can help orchestrate workflows directly.
4. How much do these tools cost?
Pricing varies widely—from free/freemium (VirusTotal, IBM X-Force) to add-on modules (CrowdStrike Intel) and tiered or custom enterprise pricing (Recorded Future, Anomali). Always request quotes or trials to compare.
5. Should I prioritize breadth of feed coverage or depth of analysis?
It depends on your needs. Feed consolidators like Anomali or Recorded Future offer broad coverage. If you need deep, contextual insights (e.g. from incident cases or underground monitoring), Mandiant or Intel 471 may be more appropriate.
Conclusion
In 2026, the threat intelligence landscape continues evolving—driven by AI, automation, and real-time analytics. The top threat intelligence tools deliver not just raw data, but rich, actionable insights and seamless integration into security workflows. Whether you’re a small SOC analyst hunting malware or a global enterprise seeking automated response orchestration, there’s a tool tailored to your needs.
View the full article
- 0 comments
- 42 views
-
Similar in spirit to Apple's Lockdown Mode for iPhone, the feature is aimed primarily at journalists, activists, and public-facing figures. Once enabled, the setting locks various account options to their most restrictive settings.
For example, WhatsApp will automatically block attachments and media from senders who aren't in your contacts, reducing potential vectors for spyware or malicious files. Here's WhatsApp's support explanation about other settings that are impacted:
Strict account settings can be found in Settings ➝ Privacy ➝ Advanced. When it shows up for you could depend on your location, as WhatsApp says the rollout is happening gradually over the coming weeks. Bear in mind that you can't control Strict account settings from WhatsApp Web – it can only be accessed from your primary device.
WhatsApp also noted that it has transitioned parts of its codebase to Rust, a programming language known for its memory safety features. The company says this change helps protect photos, videos, and messages from spyware. More technical details are available on Meta's engineering blog.Tag: WhatsApp
This article, "WhatsApp Launches Strict Account Settings for High-Risk Users" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 44 views
-
Creator Studio includes Final Cut Pro, Logic Pro, and Pixelmator Pro on Mac and iPad, along with Motion, Compressor, and MainStage on the Mac. Final Cut Pro is Apple's video editing software, Logic Pro is for audio editing and creation, and Pixelmator Pro is an image editing app that Apple purchased in 2024.
Apple is still rolling out the full bundle, but links for the individual Creator Studio versions of the apps are now live and you can subscribe to Creator Studio from within them.
Final Cut Pro
Logic Pro
Pixelmator Pro
Motion
Compressor
MainStage
All of the apps with the exception of Pixelmator Pro for iPad were available prior to today, and they continue to be available for individual, standalone purchase. The Creator Studio bundle unlocks AI features that are not otherwise accessible in these apps, plus it adds new features to free apps like Keynote, Pages, and Numbers, with Freeform coming later. Creator Studio versions of those apps include:
Keynote
Pages
Numbers
Accessing the full functionality of Apple's video editing, photo editing, audio editing, and iWork apps will require a Creator Studio subscription going forward, though Apple will continue to offer updates for the standalone versions of the apps. Some of the tools exclusive to Creator Studio:
Final Cut Pro - Transcript search that uses AI to search for the soundbite you're looking for, visual search for finding specific parts of a video, and beat detection improvements that make it easier to match a video to the rhythm of the music. There are also new dynamic titles, transitions, and graphic elements to improve visuals.
Logic Pro - There's an option to add a Session Player to a song that plays synth keyboard and synth bass parts in a variety of styles. AI can be used to analyze any audio or MIDI region to extract harmonic and chord information. Logic Pro's iPad sound packs and producer packs are also now available on Mac. Users have access to royalty-free loops, samples, and instruments.
Pixelmator Pro - The Creator Studio version of Pixelmator Pro features a Liquid Glass design, a new warp tool for reshaping layers, and warp-powered mockups for apparel and products. Pixelmator Pro for iPad is also entirely new.
iWork - Includes a new content hub with Apple-curated royalty-free photos, premium templates, and themes. There are also options to generate and remix image creations right in documents, with a Super Resolution tool for upscaling images. In Keynote, you can generate slides and presenter notes using AI, while Magic Fill in Numbers runs a pattern analysis model across your data and suggests table contents for missing data.
There is no way to subscribe to just a single Creator Studio app at a lower price, as Apple only offers an all-in-one subscription.
Creator Studio can be downloaded from the iOS and Mac App Stores starting today. All new subscribers are eligible for a one-month free trial, and customers who purchase a new Mac or qualifying iPad model with an A16, A17 Pro, or M-series chip can get an extended three-month free trial.
The Creator Studio membership can be shared with up to five family members on a linked Apple Account. Students and educators are able to subscribe to Creator Studio for $2.99 per month or $29.99 per year.
Creator Studio's full functionality is available with iOS 26 and later, iPadOS 26 and later, and macOS 26 and later. Most of the apps require macOS 15.6 at a minimum and an M1 chip or newer for Mac use, though Pixelmator Pro requires a Mac with macOS 26.
As for the iPad, Final Cut Pro requires an A16 chip or later, Logic Pro requires an A12 Bionic Chip or later, and Pixelmator Pro requires an A16 chip or later.Tag: Apple Creator Studio
This article, "Apple's 'Creator Studio' App Bundle Now Available for $12.99 Per Month" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 36 views
-
Nvidia is expected to overtake Apple as the single largest source of revenue for TSMC. Analyst estimates suggest Nvidia will generate approximately $33 billion in revenue for TSMC during 2026, representing roughly 22% of the foundry's total revenue, compared with an estimated $27 billion, or about 18%, attributable to Apple. Nvidia chief executive Jensen Huang reportedly confirmed on a recent podcast that the transition has already occurred, saying that Nvidia is now TSMC's largest customer.
Apple has been widely regarded as TSMC's anchor customer for more than a decade. Apple relies on the Taiwanese company to manufacture its custom-designed A-series processors used in the iPhone and iPad, as well as its M-series chips for the Mac and iPad. That relationship has historically given Apple early access to TSMC's most advanced manufacturing technologies and allowed TSMC to justify the enormous capital investments required to develop each new generation of semiconductor process nodes.
The change reflects a rapid expansion in Nvidia's demand, driven by the global build-out of artificial intelligence infrastructure, where its graphics processing units are widely used as accelerators in data centers operated by major cloud service providers.
One key factor behind Nvidia's rising share of TSMC revenue is the nature of the chips it needs. AI accelerators are significantly larger, more complex, and more expensive to manufacture than Apple's A- or M-series chips. They often require leading-edge process nodes, advanced packaging techniques, and higher wafer costs, all of which translate into higher revenue per chip for TSMC. While Apple ships far higher volumes of processors overall, it requires smaller system-on-a-chip designs optimized for power efficiency and consumer devices, resulting in lower manufacturing costs per unit.
TSMC's growing reliance on AI customers could have direct implications for Apple. While it remains one of the foundry's most important customers, it is no longer the primary driver of TSMC's capacity expansion or capital expenditure decisions. Analysts say that Nvidia has effectively taken Apple's place as the scale customer that helps guide development and justify increased investment in each new leading-edge process node.Tags: CNBC, Nvidia, TSMC
This article, "Nvidia Overtakes Apple as TSMC's Biggest Customer" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 37 views
-
- 0 comments
- 29 views
-
Your Apple Account purchase history is a comprehensive log of all the content you've bought using your account, not just on your iPhone, but across all your Apple devices. Knowing how to access this information on your device can give you valuable insights into your digital spending habits, help you manage your subscriptions, or even assist in troubleshooting or disputing unauthorized purchases.
So whether you're trying to keep a budget, ensure that your family's purchases are appropriate, or simply curious about when you bought that app or movie, here's how to view your Apple Account purchase history on an iPhone or iPad logged into your account.
View Purchase History in Settings
Open the Settings app and tap your Apple Account banner at the top.
Tap Media & Purchases.
Tap View Account in the popup and authenticate with Face ID or Touch ID.
Scroll down and tap Purchase History.
You are now viewing the purchase history for this Apple Account across all the devices tied to the account. If you are looking for a specific purchase, you can use the search field at the top to enter a name, price, or order ID.
If you tap the blue text next to "Showing:" you can also filter the history by date range, price, and purchase type.
View Purchase History in App Store
In iOS 17.4 and iPadOS 17.4 or later, you can access the same purchase history a little bit faster via the App Store app on iPhone and iPad.
Simply tap your account profile in the top-right corner, then tap Purchase History and authenticate with Face ID or Touch ID when prompted.
This article, "Search Your Apple Account Purchase History on iPhone" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf.
Benutzernamen, Passwörter und Login-URLs
Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und Passwörter im Klartext, sondern oft auch die direkten Login-URLs. Besonders stark betroffen sind Gmail-Konten mit 48 Millionen Einträgen, gefolgt von 17 Millionen Facebook-Logins und 6,5 Millionen Instagram-Accounts.
Dem Forscher zufolge wurden die Daten mit Hilfe von Keylogging und einer Infostealer-Malware gesammelt.
Warnung vor möglichen Risiken
Die öffentlich zugänglichen Informationen stellen laut Fowler ein potenziell ernstes Sicherheitsrisiko dar. „Da die Daten E-Mail-Adressen, Benutzernamen, Passwörter und die genauen Anmelde-URLs enthalten, könnten Kriminelle potenziell automatisierte Credential-Stuffing-Angriffe durchführen“, warnt der Security-Spezialist.
Dies erhöhe die Wahrscheinlichkeit von Betrug, potenziellem Identitätsdiebstahl, Finanzkriminalität und Phishing-Kampagnen, die legitim erscheinen könnten, da sie sich auf echte Konten und Dienste beziehen.
Lesetipp: Datenbank mit 4,3 Milliarden Datensätzen offen im Netz
View the full article
- 0 comments
- 44 views
-
Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf.
Benutzernamen, Passwörter und Login-URLs
Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und Passwörter im Klartext, sondern oft auch die direkten Login-URLs. Besonders stark betroffen sind Gmail-Konten mit 48 Millionen Einträgen, gefolgt von 17 Millionen Facebook-Logins und 6,5 Millionen Instagram-Accounts.
Dem Forscher zufolge wurden die Daten mit Hilfe von Keylogging und einer Infostealer-Malware gesammelt.
Warnung vor möglichen Risiken
Die öffentlich zugänglichen Informationen stellen laut Fowler ein potenziell ernstes Sicherheitsrisiko dar. „Da die Daten E-Mail-Adressen, Benutzernamen, Passwörter und die genauen Anmelde-URLs enthalten, könnten Kriminelle potenziell automatisierte Credential-Stuffing-Angriffe durchführen“, warnt der Security-Spezialist.
Dies erhöhe die Wahrscheinlichkeit von Betrug, potenziellem Identitätsdiebstahl, Finanzkriminalität und Phishing-Kampagnen, die legitim erscheinen könnten, da sie sich auf echte Konten und Dienste beziehen.
Lesetipp: Datenbank mit 4,3 Milliarden Datensätzen offen im Netz
View the full article
- 0 comments
- 34 views
-
- 0 comments
- 51 views
-
On Monday, Apple released iOS 18.7.4, iOS 16.7.13, iOS 15.8.6, and iOS 12.5.8 for older iPhone models, along with iPadOS 15.8.6, iPadOS 16.7.3, and iPadOS 18.7.4 for iPad models.
The updates were intended to keep core system services functioning on devices that no longer receive major iOS releases, as well as fix an issue preventing some devices from being able to make emergency calls. Affected iPhone models include the following:
iPhone SE (1st generation)
iPhone SE (2nd generation)
iPhone 5s
iPhone 6 and iPhone 6 Plus
iPhone 6S and iPhone 6S Plus
iPhone 7 and iPhone 7 Plus
iPhone 8 and iPhone 8 Plus
iPhone X
iPhone XS and iPhone XS Max
iPhone XR
iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max
iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max
The following iPad models are also affected:
iPad mini 2
iPad mini 3
iPad Air
iPad Air 2
iPad mini 4
iPad Pro (9.7-inch)
iPad Pro (12.9-inch) (1st generation)
iPad (5th generation)
iPad (7th generation)
iPad (8th generation)
None of the updates address security vulnerabilities or introduce new features. According to Apple's release notes for the iOS 12 and iOS 15 updates, the main purpose is to replace an expiring security certificate. Without that replacement, services such as iMessage, FaceTime, and Apple Account sign-in would stop working after January 2027, when the original certificate expires.
Apple has not explained why it stopped signing the updates. In the past, however, the company has prevented installations of newly released iOS versions after discovering bugs or other issues, and then typically re-enabled updates once revised builds become available. We'll update this article when we learn more.
This article, "Apple Stops Signing Newly Released iOS Updates for Older iPhones" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
- 0 comments
- 50 views
-
The US Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities catalog the same day.
The vulnerability, tracked as CVE-2026-24858, is the second critical FortiCloud SSO flaw Fortinet has addressed in recent weeks. The company patched two similar authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, in December.
CVE-2026-24858 allowed attackers to compromise FortiGate firewalls, FortiManager, and FortiAnalyzer devices even when those systems were running the latest available firmware. Customers first reported breaches on January 20 and 21, with attackers creating new local administrator accounts on fully patched devices, Fortinet said in its advisory.
Fortinet has begun releasing patches for affected products, but most fixed versions are still listed as “upcoming” in the company’s advisory. The company released FortiOS 7.4.11 to address the vulnerability, with additional patched versions expected shortly.
“This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out on January 22,” the advisory added.
How the vulnerability works
CVE-2026-24858 is “an authentication bypass using an alternate path or channel vulnerability” affecting FortiOS, FortiManager, and FortiAnalyzer, according to Fortinet’s advisory. The flaw carries a CVSS score of 9.4.
The vulnerability “may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices,” Fortinet said in the advisory.
While FortiCloud SSO is not enabled in factory default settings, it automatically activates when administrators register devices to FortiCare through the GUI unless they manually disable the “Allow administrative login using FortiCloud SSO” toggle during registration.
Fortinet noted that while exploitation has only been observed through FortiCloud SSO, “this issue is applicable to all SAML SSO implementations.”
Attack details and indicators
Fortinet’s investigation into the exploitation revealed attackers used two specific FortiCloud accounts: “[email protected]” and “[email protected],” though the company warned “these addresses may change in the future.”
Fortinet identified multiple IP addresses associated with the attacks, including several Cloudflare-protected addresses that attackers used to obscure their activities.
“Following authentication via SSO, it has been observed that the actor creates a local admin account with one of the following names,” Fortinet warned, listing accounts including “audit,” “backup,” “itadmin,” “secadmin,” “support,” and “system.”
The attackers’ main operations focused on downloading customer configuration files and creating persistent admin accounts.
Emergency cloud-side shutdown
In response to the active exploitation, Fortinet disabled FortiCloud SSO across its entire cloud infrastructure on January 26 to protect customers from further attacks.
The feature was re-enabled 24 hours later with a critical safeguard. “It was re-enabled on January 27 and no longer supports login from devices running vulnerable versions. Consequently, customers must upgrade to the latest versions listed below for the FortiCloud SSO authentication to function,” Fortinet explained.
This server-side blocking means organizations running vulnerable versions cannot use FortiCloud SSO until they upgrade to patched releases, even though most of those patches are not yet available.
Affected products and patch status
The vulnerability affects FortiOS, FortiManager, FortiAnalyzer, and FortiProxy versions 7.0 through 7.6. Version 6.4 releases are not affected. Fortinet said it is still investigating whether FortiWeb and FortiSwitch Manager are also vulnerable.
Fortinet’s advisory lists most patched versions as “upcoming,” with FortiOS 7.4.11 appearing to be the only released fix so far. The company’s upgrade tool provides recommended upgrade paths once patches become available.
Federal deadline and immediate actions
CISA’s addition of CVE-2026-24858 to the KEV catalog means federal civilian executive branch agencies must patch affected systems by February 17, 2026, or discontinue use of vulnerable products. The agency said the vulnerability “is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.”
The company noted that “disabling FortiCloud SSO login on client side is not necessary at the moment,” though organizations can disable the feature locally through System Settings or CLI commands if desired.
View the full article
- 0 comments
- 131 views
-
- 0 comments
- 47 views
-
Analysts at the Halcyon Ransomware Research Center found that Sicarii generates fresh RSA key pairs for each execution and then discards the private key, leaving no recoverable key material for the encrypted systems.
Organizations affected by this variant cannot rely on ransom negotiation or third-party decryptors to restore files unless there is evidence that the underlying flaw has been fixed in the specific sample that infected them. “The issue appears to stem from poor encryption key management rather than deliberate design,” said Sakshi Grover, senior research manager, cybersecurity at IDC. “This reflects a broader trend in the ransomware ecosystem, where low barriers to entry and rapid monetization take precedence over technical robustness.”
Sicarii was first disclosed in December 2025, and has only a small track record of claimed victims, but its unusual technical attributes have forced researchers to claim it could have been vibe coded.
Encryption defect breaks standard RaaS model
Ransomware typically encrypts files using a public-key scheme where the attacker retains the private key or can regenerate it later, enabling a decryptor to work if the ransom is paid. Sicarii deviates from this model. In Halcyon observed samples, it generates a new RSA key pair entirely on the victim system during each execution and immediately discards the private key once encryption completes.
The victims end up with no viable path to recover encrypted data, even if they cooperate with attackers or use a published decryptor tool. According to a Halcyon alert, enterprises should assume failed recovery through ransom-related decryptors unless there is independent verification that the defect was eliminated in that strain.
“A Sicarii ransomware represents a nightmare scenario where traditional ransomware response strategies fail entirely,” said Agnidipta Sarkar, chief evangelist at ColorTokens. “As no decryptor can reconstruct the discarded private keys, enterprises will stare at ‘assume total data destruction,’ amplifying financial, operational, and reputational damage.”
Absence of a decryptor-based recovery forces organizations to plan for complete recovery through backups and alternate operational restoration methods, changing the cost-benefit analysis for them. This also heightens the importance of pre-existing, secure backup infrastructure and rapid isolation. Halcyon urged organizations to focus on immediate containment and restoration rather than ransom-based recovery. Affected systems should be isolated, the scope of infection identified, and operations restored only from known-good, offline, or immutable backups.
“Enterprises must invest in proactive zero trust micro-segmentation that is designed to be adopted in hours, leveraging existing EDR, agents, agentless mechanisms to contain threats at the initial access point, preventing encryption from spreading,” Sarkar added.
Unusual technical profile hints at vibe-coding
One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.
“Halcyon assesses with moderate confidence that the developers may have used AI-assisted tooling, which could have contributed to this implementation error,” the researchers said in the alert.
A Check Point Research’s analysis earlier this month had also highlighted a set of unusual and internally inconsistent characteristics. According to the analysis, Sicarri incorporates Israeli and Jewish activity symbolism in its branding and messaging, yet much of its underground activity appears in Russian. Also, the Hebrew language used in the malware and communications contains errors indicative of non-native or automated translation.
Beyond encryption, Check Point observed Sicarii performing credential harvesting, network reconnaissance, vulnerability scanning, and data exfiltration, indicating the operation includes tooling atypical to financially motivated ransomware. “Sicarii significantly raises the risk profile of ransomware incidents, shifting the impact from financial extortion to potential permanent data loss and prolonged business disruption,” Grover added. “In regulated industries, this can further escalate compliance, legal, and operational consequences.”
View the full article
- 0 comments
- 37 views
-
Posting on Weibo today, the account known as "Smart Pikachu" said the feature had entered late-stage engineering samples, while a teleconverter is also "under evaluation" for the device. The iPhone 18 Pro and iPhone 18 Pro Max are expected to launch in September 2026.
A variable aperture would give users manual control over how much light reaches the sensor, potentially reducing overexposure and offering new depth of field options beyond computational photography.
Apple supply chain analyst Ming-Chi Kuo said in December 2024 that the main rear camera on both iPhone 18 Pro models will offer variable aperture, which would be a first for the iPhone. A more recent report from October 2025 said Apple was moving ahead with plans to bring the technology to next-generation iPhones and was discussing components with suppliers.
Today's teleconverter claim, meanwhile, is a new one. In typical DSLR cameras, teleconverters are optical elements that increase effective focal length, improving zoom reach at the cost of light intake. In this context, a teleconverter could improve mid-to-long range zoom quality while reducing the camera's reliance on digital cropping – and a variable aperture could help offset the light loss by opening wider when engaged.
Apple's overall iPhone 18 Pro design will already be locked in at this stage in the development cycle. What Apple tends to continue doing at this point is evaluate specific features like camera modules. Apple may well be running parallel tests without committing any one feature to mass production, so there's still leeway for things to change.
In this case, Apple is likely using the late-stage engineering samples to check the optical performance and reliability, as well as to gauge how easy the camera system is to mass produce, so it could always still drop the feature if it fails to meet Apple's quality standards. Variable aperture was in fact rumored for at least one iPhone 17 model, but it failed to materialize.
Smart Pikachu is known for providing accurate details about Android products in advance of launch, but in terms of Apple rumors, they are a relative newcomer on the Chinese supply chain rumor scene, so these claims warrant caution. The leaker recently claimed that the upcoming iPhone 17e will feature a Dynamic Island and a downclocked A19 chip.Related Roundup: iPhone 18Tag: Smart PikachuRelated Forum: iPhone
This article, "iPhone 18 Pro Could Feature Teleconverter Alongside Variable Aperture" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 32 views
-
- 0 comments
- 39 views
-
- 0 comments
- 62 views
-
One recent study put the percentage of end-users logging in at their highest level of privilege at 91%.
Sanchit Vir Gogia, chief analyst at Greyhound Research, sees the widespread use of unnecessarily high privileges as the result of years of enterprise tech governance neglect.
“Enterprises are running complex, interdependent technology estates where privileged access underpins stability, recovery, and continuity,” he says. “In many environments, privileged access was granted years ago to support systems that no longer have clear owners, clean documentation, or modern authentication paths. That access now props up integrations, batch jobs, recovery scripts, vendor tooling, and fragile automation chains.”
Moreover, Gogia sees enterprises maintaining this status quo on privileges because reining it in “feels less like tightening security and more like introducing existential operational risk.”
“They are choosing predictability over disruption,” he explains. “Always-on privilege becomes the safest option in environments where architectural certainty no longer exists. It accumulates quietly over time as systems evolve faster than governance models. Mergers, cloud migrations, outsourcing, platform layering, and emergency fixes all leave behind privileged identities that nobody revisits. Over years, this creates an estate where privilege is deeply embedded into how work gets done.”
Because of that complexity, Gogia says, always-on becomes not just the easiest tactic, but the default one.
“Enterprises often fall back to permanent privilege because it works,” he says. “It keeps pipelines running, integrations stable, and systems responsive. Vaulting credentials does not solve the problem if those credentials never expire. Zero trust principles are sound, but their implementation frequently assumes a cleanliness that enterprise estates simply do not have. This mismatch explains why many organizations buy PAM tools, deploy them partially, and quietly allow exceptions to proliferate until the exception becomes the norm.”
As a result, PAM — and identity access management (IAM) — has become misaligned with how modern enterprise systems operate, Gogia says.
“Many tools still assume relatively static infrastructure, limited identity volumes, and manual intervention points,” he notes. “Modern enterprises operate dynamic, ephemeral environments where workloads spin up and down constantly, identities are created programmatically, and access requirements change in real-time.”
The perils of persistent privilege
Robert Kramer, vice president and principal analyst for Moor Insights & Strategy, agrees that excessive credentials are caused by decades of lax IT governance.
“They are stuck in legacy habits, stuck in their legacy operational ways,” Kramer says. “There should be a shift to more of a just-in-time model. Barely 1% of organizations have implemented that.”
The executive overseeing the 91% report — Charles Chu, general manager for IT and developer products at CyberArk — said staying logged in at the highest level certainly has a cybersecurity risk, but it also introduces the IT risk of massive system damage.
An accidental typo, for example, could cause massive damage if the typist is logged in at the highest level, Chu contends. “I could fat finger something and delete it by accident. Is it really so onerous to log in or out of something?”
That last question is not rhetorical. Chu suggests that some PAM packages are indeed too difficult to use, therefore causing user friction. “If the PAM tool itself is onerous to use, [end-users] will find ways to bypass it.”
JR Kunkle, president of Kunkle Consulting and former risk consultant with Deloitte & Touche, agrees about the typo risk. “Most interruptions in computers are due to errors or mistakes,” he says. “IT staff using an admin-level [privilege] can cause a production outage.”
But Kunkle, who also worked as an IT manager with Limited Brands and Honda, says defaulting to high privilege access can also undermine legal, compliance, and privacy efforts. “If the admin looks at sensitive data [that the admin was not supposed to see], it’s pretty easy for them to cover their tracks by erasing the access logs.”
Most observers, however, put the blame of excessive credentials on IT pros themselves.
“It is negating the controls that they have put in place. You could take down an entire company through carelessness or fat-fingering,” says Justin Greis, CEO of consulting firm Acceligence and former head of the North American cybersecurity practice at McKinsey. “It’s just human nature to take the easy road” and cut corners when it comes to privileged access.
Jason Sabin, CTO at DigiCert, is more blunt: “If an enterprise [IT worker] uses root, they are an idiot. You can screw up your world. You should never use root. Embrace least privilege. You should never use elevated privileges for ordinary mundane tasks.”
Paradigm shift ahead
Forrester analyst Geoff Cairns stresses the cybersecurity risks at play when organizations do not rein in excessive credential use.
“Persistent standing privilege, yes, I think that is rampant,” he says. “It is something that attackers can target and then leverage to move laterally through systems and create havoc. The elevated privilege makes that all the more impactful.”
Yet Cairns sees the hard road ahead in tackling this issue in modern enterprise environments.
“It is a challenging problem to solve in a very complex IT landscape, with on-prem, cloud, SaaS” and it is going to get exponentially worse with “the explosion of non-human identities,” including autonomous agents, Cairns says.
Greyhound Research’s Gogia agrees that non-human identities (NHIs) are going to make the problem of excess credential use far worse.
“The center of gravity has shifted away from human administrators. The most dangerous and least governed privilege now sits with non-human identities. Service accounts, APIs, cloud roles, CI/CD pipelines, SaaS connectors, automation frameworks, and autonomous systems operate continuously with standing access,” he says. “These identities authenticate programmatically, at machine speed, often across environments, and frequently with broader permissions than any individual would ever be granted.”
And the increasing proliferation of NHIs engaging with enterprise systems is pushing PAM and IAM toward a paradigm shift.
“Traditional PAM and IAM models were designed for humans who log in, perform tasks, and log out. They struggle when identities never log out,” Gogia says.
“Machine privilege is not an edge case,” he adds. “It is the majority case in modern environments. Enterprises attempting to apply human-style access reviews and approval workflows to these identities quickly discover that governance collapses under scale. This is where always-on privilege stops being a failure of discipline and becomes a failure of design assumptions.”
View the full article
- 0 comments
- 41 views
-
- 0 comments
- 53 views
-
Sometimes they look like management choices: who owns a workflow, which team runs a tool, how quickly something should ship. Other times, they barely register at all. You accept a default setting. You enable automation. You let a system act on your behalf because it saves time and seems low risk.
What we tend not to account for is that we will often own the outcomes of those actions, even when they feel misaligned with our intent or unfair in hindsight.
Most organizations still talk about delegation as an operational concern. It shows up in org charts, staffing models, workflow ownership, and efficiency debates about scale, speed, and cost. The underlying assumption is that delegation is a question of execution, not exposure.
That framing no longer holds.
The most consequential delegation decisions being made today are not primarily about people. They are about authority moving into systems.
Judgment, execution, interaction, and follow-through are increasingly being handed to software that can act on an organization’s behalf, often across multiple functions and systems at once.
In some cases, that transfer of authority is explicit. More often, it happens quietly through configuration settings, vendor defaults, and internal deployments that never trigger formal review because they appear narrow in scope or low risk. A customer support workflow gains the ability to issue credits. A finance system can initiate payments within limits. A productivity agent can move laterally across internal systems without human involvement.
These decisions are still discussed as operational choices. Who owns the workflow, which team runs the tool, and how quickly it can be deployed remain the dominant questions.
What gets lost in that framing is that these are not simply efficiency decisions. They are authority transfers, and authority always carries risk because it creates outcomes that persist even when intent, context, or oversight changes.
Delegation, in this context, is not an ops choice. It is a risk decision.
A concrete enterprise example
Consider how many organizations automated refunds and credits during the COVID-19 travel disruptions. Airlines and booking platforms, overwhelmed by volume and operational pressure, delegated financial decision-making to automated systems that could issue credits, delay refunds, or apply preset rules at scale.
In many cases, those systems operated exactly as configured. They stayed within internal thresholds, followed approved logic, and reduced immediate operational load. The problem surfaced later. Customers challenged outcomes. Regulators intervened. Audits examined controls.
What became clear was not a lack of tooling or intent, but an ownership gap. Authority to make binding financial decisions had been delegated to systems without clear articulation of who had accepted the regulatory and consumer-protection risk embedded in those configurations. When enforcement followed, the question was not whether the systems worked, but who had authorized them to act that way on the organization’s behalf.
What made this pattern durable was not the crisis itself, but how quickly emergency delegation became normalized infrastructure. The systems behaved as designed. The risk had simply never been owned explicitly.
The quiet moment risk moves
Every delegation decision implicitly answers a set of questions, whether leaders articulate them or not. Who is allowed to act, on whose behalf, under what constraints, and who ultimately absorbs the downside when outcomes diverge from intent.
Risk moves at the moment authority moves. It does not wait for scale, visibility, or failure.
Most organizations assume delegation is temporary and easily reversible. They expect to pilot, monitor, and adjust as they go. In practice, once authority has shifted into systems, it hardens quickly. Dependencies form. Teams adapt their workflows. Customers normalize the behavior. Control mechanisms lag behind operational reality.
This is where risk ownership gaps emerge. Authority persists, but accountability fragments.
Security as the first signal, not the whole story
Security teams are often the first to surface delegation risk, not because everything is a breach, but because security is where authority is most formally encoded. Permissions, identities, scopes, and automated actions make delegated authority visible in ways other functions do not see as quickly.
Automated remediation systems illustrate this clearly. These tools are designed to act quickly using valid permissions: disabling accounts, quarantining assets, blocking access, or triggering downstream workflows. When those systems act at scale, the actions are authorized and logged, yet the operational impact can be severe. Entire teams can be locked out of systems. Production workloads can be disrupted. Business-critical services can halt.
There is no intrusion to investigate and no policy violation to point to. The question becomes whether the system was ever meant to hold that much authority without tighter constraints and broader alignment.
Security surfaces the signal first because it deals in failure modes and observability. What follows, however, is not a security problem. It is an enterprise one.
This is an enterprise risk decision
Security risk is often the first visible signal, but it is rarely the full exposure. Delegation decisions create compound enterprise risk that spans operational resilience, financial integrity, legal accountability, reputation, and long-term strategy. No single function sees that full picture on its own.
Operationally, automated actions scale faster than human oversight, allowing small misconfigurations to propagate widely before intervention is possible. Financially, systems increasingly touch revenue, pricing, credits, payments, and contractual obligations, meaning losses can accumulate quietly before they are recognized. From a legal and regulatory perspective, intent offers little protection when outcomes cause harm; regulators and courts expect demonstrable governance over automated decision-making. Reputationally, customers experience outcomes, not internal distinctions between human and automated action. Strategically, authority that is vaguely defined tends to calcify into infrastructure, limiting future flexibility and slowing the organization’s ability to adapt.
This is why understanding delegation risk cannot sit with security alone. Meaningful risk assessment for AI deployments requires cross-functional coordination across security, product, legal, finance, compliance, operations, and leadership. Each function holds part of the risk surface, and none can define the organization’s exposure in isolation.
Aligning AI deployment decisions to risk appetite is not about finding a universally correct answer. Different organizations will make different tradeoffs based on their goals, constraints, and tolerance for uncertainty. What matters is that those tradeoffs are made deliberately, with a shared understanding of the risks being taken.
You cannot protect your investment, whether financial, reputational, or strategic, without understanding as much of the risk landscape as possible. Security teams often surface these issues first because they are trained to think in failure modes, but the consequences of delegation decisions are organizational, not technical.
Delegation risk does not belong to security, product, or legal alone. It belongs to leadership because it reflects how the organization chooses to exercise power.
When personal delegation becomes market risk
This same delegation dynamic is already emerging at the individual level as personal agents and AI systems increasingly act on people’s behalf at work and at home. Individuals are delegating purchasing, scheduling, research, communication, and decision support to tools that operate across platforms with minimal friction. In isolation, these choices feel personal and low risk. Structurally, they mirror enterprise delegation decisions exactly.
What changes at the individual level is not accountability, but awareness. When you delegate authority to a system in your job, responsibility is often traceable through roles, policies, and escalation paths. When you delegate authority to a personal agent, that same accountability collapses inward. The system may act autonomously, but outcomes still attach to the person who empowered it.
Thinking clearly about delegation at work therefore sharpens judgment at home. The same questions apply in both contexts: what authority have I granted, under what constraints, and am I prepared to own the outcomes if they diverge from my intent?
A visible example of this dynamic appeared when Instacart confirmed that it uses individualized pricing based on factors such as order history, demand, and market conditions. In effect, the system was delegated discretion over price negotiation at the individual level, without users having visibility into how that discretion was exercised. While the practice aligned with internal policy and commercial goals, many users experienced the outcomes as arbitrary or unfair because pricing authority operated without transparent constraints or explanation.
No single human made those pricing decisions in real time. Yet the consequences were real for consumers, and the trust impact was immediate. The issue was not a breach or a policy violation. It was delegated authority operating without shared understanding.
As personal agents begin interacting directly with enterprise agents in B2C environments, this pattern will intensify. Customer-side agents will negotiate, transact, and make requests directly with company-side systems, often without human awareness on either end. Misaligned assumptions, misunderstood intent, and automated escalation can occur at machine speed, with outcomes neither party explicitly anticipated.
In that environment, responsibility becomes difficult to trace unless authority, constraints, and accountability were deliberately designed from the start. What looks like consumer convenience today becomes institutional exposure tomorrow.
Wherever authority is delegated, whether by an organization or an individual, responsibility remains with the principal. Only the scale changes.
Why this matters to you, regardless of role
This is not only a leadership problem. It is an individual one.
Employees at every level increasingly rely on AI systems to draft communications, make recommendations, trigger actions, and interface with other tools, often using personal or semi-approved systems inside professional environments. When those systems act in ways that create harm, confusion, or exposure, responsibility rarely stays with the software. It flows back to the human who relied on it, the manager who normalized its use, or the organization that failed to set boundaries.
Understanding delegation as a risk decision is therefore not just about governance maturity. It is a form of professional self-protection in an environment where tools can act faster, farther, and more persistently than their users expect.
In a world of agent-to-agent interaction, your tools do not simply reflect your intent. They can commit you to outcomes you did not explicitly choose.
When individual delegation scales across a workforce or customer base, personal exposure becomes enterprise risk.
The business case leaders recognize
Closing the gap between delegation decisions and risk ownership is not about slowing innovation. It is about protecting core business fundamentals.
From a P&L perspective, delegated systems directly influence revenue, cost, and margin. When authority is unclear, losses appear as leakage, remediation expense, customer churn, and operational rework. These costs compound over time and rarely surface as a single, contained incident.
From an audit standpoint, informal delegation creates weaknesses in internal controls. Auditors expect clear ownership, documented authority, and effective oversight. When those elements are retrofitted after deployment, findings follow, confidence erodes, and leadership attention is diverted.
Regulators increasingly expect organizations to demonstrate governance over automated and algorithmic decision-making, particularly where systems interact directly with consumers. Claims that a system was authorized or that no one anticipated a specific outcome do not meet that bar. Traceability, accountability, and documented risk ownership matter.
At the executive and board level, delegation failures undermine credibility. In moments of stress, leadership is judged not on whether tools were innovative, but on whether risks were understood, owned, and managed. Ambiguity in those moments reads as negligence.
Explicit delegation preserves strategic optionality. When authority is bounded and revisable, organizations retain the ability to adapt. When it is vague, it becomes permanent by default.
When delegation becomes personal
Delegation is happening around you and through you, whether or not you approve systems or set policy.
Most of the time, nothing goes wrong. That is what makes the risk invisible.
But when something does go wrong, the question will not be whether the system was efficient or well-intentioned. It will be who understood the risk, who accepted it, and who is prepared to own the outcome.
Delegation does not remove responsibility. It redistributes it.
Understanding that is no longer optional.
This story was originally published on Command Line with Camille.
View the full article
- 0 comments
- 32 views
-
In the fast-paced world of software delivery, engineers are constantly under pressure to deliver high-quality products at speed. The integration of development and operations teams is crucial for breaking down silos and speeding up the software lifecycle. Without a unified approach, companies struggle with inefficiency, frequent failures, and delayed releases. This is where DevOps comes into play.
The “Certified DevOps Professional” course is designed to equip professionals with the skills to bridge the gap between development and operations. By leveraging industry-leading practices and tools, you’ll be able to automate workflows, integrate continuous testing, and optimize software delivery pipelines. This course is a game-changer for anyone looking to enhance their DevOps expertise and accelerate their career in the field.
Why this matters: DevOps brings efficiency, consistency, and reliability to software delivery, which is essential in today’s competitive market.
What Is DevOps?
DevOps is a set of practices, tools, and cultural philosophies that aims to improve collaboration between software developers and IT operations. It breaks down the traditional silos between development and operations teams, fostering a culture of collaboration and shared responsibility.
In DevOps, development and operations teams work together throughout the entire software lifecycle—planning, developing, testing, deploying, and monitoring—by using automation and continuous integration tools. By streamlining workflows, DevOps accelerates product delivery and enhances the quality of software.
Why this matters: DevOps is at the heart of modern software delivery, ensuring faster releases and a more collaborative environment.
Why DevOps Is Important in Modern DevOps & Software Delivery
DevOps has become an industry standard for many reasons. The primary value it offers is faster software delivery. It integrates practices like Continuous Integration/Continuous Deployment (CI/CD), which allows for frequent and reliable updates. DevOps also bridges the gap between development and operations, ensuring that software is built, tested, and deployed seamlessly.
The adoption of cloud computing, Agile methodologies, and microservices has made DevOps more relevant than ever. These technologies rely on the speed, flexibility, and reliability that DevOps provides. Without DevOps, companies risk falling behind in an industry that values rapid innovation.
Why this matters: DevOps accelerates innovation, reduces time to market, and increases the ability to deliver value continuously.
Core Concepts & Key Components
CI/CD (Continuous Integration and Continuous Deployment)
Purpose: Automates the process of building, testing, and deploying code. How It Works: CI ensures that code changes are integrated into a shared repository regularly, with automated tests confirming that changes are correct. CD ensures that the software is deployed automatically after it passes testing. Where It Is Used: In development environments to enable faster and more reliable releases. Infrastructure as Code (IaC)
Purpose: Automates the provisioning and management of infrastructure using code. How It Works: Developers and operations teams write scripts that automate the configuration of servers, networks, and other infrastructure components. Where It Is Used: Cloud platforms like AWS, Azure, and Google Cloud use IaC for scalability and reliability. Microservices Architecture
Purpose: Breaks down applications into smaller, manageable services that work independently but communicate with each other. How It Works: Each microservice can be deployed, scaled, and managed independently, offering flexibility and reducing downtime. Where It Is Used: In large-scale applications, like e-commerce platforms or cloud-native apps. Collaboration Tools
Purpose: Enhances team communication and coordination. How It Works: Tools like Jira, Slack, and GitHub help teams collaborate more effectively, tracking tasks, issues, and workflows in real time. Where It Is Used: In DevOps environments to streamline collaboration and communication. Why this matters: Understanding core concepts like CI/CD, IaC, and microservices is essential for leveraging the full power of DevOps in modern software delivery.
How DevOps Works (Step-by-Step Workflow)
Planning: The development team and operations team collaborate to determine the requirements for the software release. Development: The development team writes code and integrates it frequently into the shared repository. Testing: Automated tests are run on the integrated code to identify issues early. Deployment: The code is automatically deployed to production using CI/CD pipelines. Monitoring: Post-deployment, the software is monitored for performance and issues, and feedback is used for continuous improvement. This continuous loop helps teams deliver high-quality software at a rapid pace, ensuring business continuity and customer satisfaction.
Why this matters: DevOps streamlines the entire software lifecycle, reducing delays and increasing software quality.
Real-World Use Cases & Scenarios
In the tech industry, leading companies like Netflix, Amazon, and Spotify rely heavily on DevOps to scale their operations and deploy services rapidly. In these environments, DevOps practices allow teams to deliver frequent, bug-free releases and maintain system uptime even under heavy traffic.
A typical scenario involves a development team pushing code to a central repository multiple times a day, with automated testing and deployment ensuring that updates reach production without manual intervention. For example, Spotify uses microservices and DevOps principles to ensure that its music streaming service is always up to date, with minimal downtime.
Why this matters: Real-world examples show how DevOps is crucial for scaling operations and maintaining high service availability.
Benefits of Using DevOps
Productivity: Automation speeds up software delivery and frees up time for higher-value tasks. Reliability: Continuous testing and integration help identify bugs early, resulting in fewer production issues. Scalability: DevOps practices enable companies to scale their operations easily, whether through cloud services or containerization. Collaboration: DevOps fosters better communication between development and operations teams, ensuring smoother workflows. Why this matters: These benefits directly contribute to a company’s success by increasing efficiency and minimizing risks.
Challenges, Risks & Common Mistakes
Resistance to Change: Shifting to DevOps can face resistance from teams accustomed to traditional processes. Tool Overload: The sheer number of DevOps tools available can lead to confusion and improper implementation. Security Risks: Without proper security measures, automation can inadvertently expose systems to vulnerabilities. Lack of Training: Teams need the right skills to implement DevOps successfully, and without proper training, initiatives can fail. Why this matters: Understanding these risks and mistakes helps teams avoid costly errors and ensure successful DevOps adoption.
Comparison Table
AspectTraditionalDevOpsDeployment FrequencyLowHighAutomationLimitedExtensiveFeedback LoopsSlowReal-timeCollaborationSiloedCross-functionalToolsBasicIntegrated & AutomatedChange ManagementManualAutomatedQuality ControlManual TestingAutomated TestingCode IntegrationPeriodicContinuousSoftware DeliverySlowRapidScalingLimitedElastic Why this matters: The comparison highlights how DevOps improves upon traditional software delivery methods, making it more efficient and scalable.
Best Practices & Expert Recommendations
Start Small: Implement DevOps incrementally, starting with key processes like CI/CD. Use the Right Tools: Choose tools that integrate well with your existing systems to avoid complexity. Foster a Culture of Collaboration: Break down silos between teams to enhance communication and innovation. Automate Everything: Automate as much of the process as possible to reduce human error and improve speed. Why this matters: These best practices help ensure that DevOps implementations are successful and scalable.
Who Should Learn DevOps?
DevOps is ideal for developers, system administrators, cloud engineers, and anyone interested in automating and optimizing the software development lifecycle. While beginners can start learning DevOps basics, experienced IT professionals will find the advanced practices particularly useful for enhancing their skill set.
Why this matters: DevOps opens up new career opportunities for professionals across the IT landscape.
FAQs – People Also Ask
What is DevOps?
DevOps is a methodology that integrates software development and IT operations to improve collaboration and automation.
Why this matters: DevOps helps streamline workflows and accelerate software delivery. Why is DevOps used?
It’s used to automate and integrate software development and IT operations, ensuring faster and more reliable software delivery.
Why this matters: Faster delivery means businesses can respond to market demands quicker. Is DevOps suitable for beginners?
Yes, DevOps has beginner-friendly tools and resources, but hands-on experience is crucial for mastery.
Why this matters: Beginners can start small and build their DevOps expertise over time. How does DevOps compare with Agile?
DevOps focuses on automating operations, while Agile is focused on iterative development.
Why this matters: Combining both leads to faster, more efficient delivery cycles. Is DevOps relevant for DevOps roles?
Absolutely. DevOps skills are in high demand, especially in cloud and automation-centric roles.
Why this matters: DevOps is a critical skill set for modern IT professionals. How does DevOps improve collaboration?
By fostering a culture where developers, QA, and operations teams work together in real-time.
Why this matters: Improved collaboration leads to better product quality and faster release cycles. Branding & Authority
DevOpsSchool is a trusted global platform offering world-class DevOps training. With over 20 years of expertise in DevOps, SRE, Kubernetes, and more, DevOpsSchool has become a go-to resource for individuals and organizations looking to upskill in modern IT practices. Our training courses are designed by Rajesh Kumar, a renowned industry leader who has transformed hundreds of professionals into experts.
Rajesh Kumar, with over 20 years of hands-on experience, has been instrumental in shaping the DevOps landscape. He’s a mentor to thousands of professionals worldwide, providing them with the tools and knowledge they need to succeed in fast-paced, dynamic environments. With deep expertise in areas like Cloud platforms, CI/CD, and DataOps, Rajesh’s training helps professionals gain a competitive edge in the industry.
Why this matters: With DevOpsSchool’s expertise and Rajesh Kumar’s mentorship, you’ll be prepared to excel in the rapidly evolving world of DevOps.
Call to Action & Contact Information
Ready to take your DevOps skills to the next level? Enroll in the Certified DevOps Professional course today!
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
For more details, visit: Certified DevOps Professional Course
View the full article
- 0 comments
- 38 views
-
“The basic philosophy that I’ve had is data security, information security, information risk is a business risk issue, not a technology issue,” he said in an interview.
Katz realized that effective CISOs need a blend of technical and soft skills: they have to understand emerging technologies as well as business strategy. And in 2026, the story gets even more complicated, as CISOs operate in a difficult context, marked by tight budgets and geopolitical tensions.
As the role evolved, some skills that once served CISOs are no longer differentiators. In their place, new capabilities are taking the spotlight, especially those tied to emerging tech. Today’s CISOs are navigating a world built on cloud-native infrastructure, facing AI-generated attacks, and shifting regulatory rules.
In this context, the CISO needs to be an enabler of growth, not a blocker.
“In 2026, the CISO who thrives will look much more like a business value and resilience executive than a technical gatekeeper,” says Darren Argyle, co-founder of Cyber Resilience and former group chief information security risk officer at Standard Chartered Bank.
CISOs today are expected to influence strategy, secure investment, and guide transformation, not just protect the perimeter. And without the right mix of skills, doing all of that simply isn’t possible.
Must-have skills for CISOs in 2026
Ask security professionals what makes a strong CISO in 2026, and three qualities come up time and again: a deep understanding of the business and the wider world, strong knowledge of AI, and the ability to shape and influence culture.
That first one — understanding the business and the world it operates in — is foundational. CISOs who grasp the broader context are better equipped to spot emerging threats, align security with business goals, and make smarter decisions that build resilience and support growth.
This knowledge also puts them in a position to shape key decisions before risks even surface, which is exactly where modern CISOs need to be. “CISOs must deliberately cultivate the ability to influence strategy, not just enforce controls,” says Richard Bird, CSO at Singulr AI.
If CISOs operate as a “business translator,” framing security as a driver of value rather than just a cost, they can earn a comfortable seat at the leadership table. “A CISO who is seen to understand the business is accepted into the fold, rather than positioned as just a guardian at the gate,” says Christine Bejerasco, CISO at WithSecure.
This collaboration is often useful to both sides. “As security becomes more deeply integrated into strategic decision-making, the ability to articulate value in both directions is essential,” adds Blake Entrekin, deputy CISO at HackerOne.
But having social power and influence within an organization isn’t solely about access to the boardroom. It also comes from building trust and security awareness at all levels, which can be achieved by showing genuine interest in people’s day-to-day work.
“Think about how you can embed security into different areas of the organization by leveraging the work of the people already there, and how you can train them just enough to weave security into their existing processes,” Bejerasco says.
The second essential pillar of skills centers on artificial intelligence. CISOs need to understand the current state of AI and be up to date on the latest threats and misuse cases. This knowledge helps them “bring some sanity into an organization that’s often in a mad rush to incorporate AI into everything,” says Bejerasco. “You are no longer the detractor preventing the adoption of new technology. You become the saner voice in the room.”
Understanding where AI systems excel and where they fall short allows CISOs to guide adoption. But technical knowledge isn’t enough. They also need to communicate it clearly, translating complex risks into business language that the board can understand.
They can say something along the lines of: “Here’s the risk in financial, operational, and reputational terms, and here’s the investment trade-off,” Argyle says. “The irreplaceable CISOs will use AI as a force multiplier for business cost–benefit analysis but keep the judgment and storytelling firmly human. If you can’t credibly challenge the way your organization is using AI and data, you’re flying blind.”
When it comes to training, Argyle recommends that CISOs take “reputable courses in AI governance, secure use of LLMs, data protection, and model risk,” ideally from universities or industry-recognized providers.
A mistake CISOs can make is assuming they already know enough about AI to make informed decisions, when the field is evolving too quickly for static knowledge to suffice. “AI will continue to compress the time between reconnaissance and exploitation, requiring CISOs to anticipate how adversaries may use AI and how defenders can leverage the same tools to stay ahead,” Entrekin says.
Lastly, in 2026, the third must-have is building a strong security culture across every level of the organization, because, as Argyle puts it, “cyber is 20% technology and 80% behaviour.”
“The standout CISOs will be those who can shift the boardroom narrative to one of active support for culture change,” he says. “You know culture is taking hold when teams across the business apply secure-by-design principles as second nature.”
Top technical skills
In addition to strong knowledge of AI systems, today’s CISOs need a solid foundation in the technologies that define modern enterprise environments. The (ISC)² CISSP is still widely regarded as the gold standard for broad expertise in security architecture, risk management, and governance. “Regulators will expect this, and it still appears in pretty much all CISO jobs,” Argyle says.
The Cyber Leadership Program from the Cyber Leadership Institute is also highly valued. This program focuses on the leadership and influence skills CISOs need to shape strategy and secure investment.
Other useful certifications are those connected to cloud security architecture, such as CCSP. “If you don’t have an understanding of cloud security, these courses can help you understand shared responsibility models, identity-driven security, and how modern infrastructure operates at scale,” says Bejerasco.
Finally, Bird emphasizes the growing importance of financial fluency in cybersecurity leadership. “A modern risk quantification or cyber economics course is critical, since boards increasingly expect CISOs to express risk in financial terms rather than technical scores,” he says.
Top soft skills
Apart from technical skills, CISOs are also judged on how they strategize, communicate and lead. In 2026, they are expected to face pressure from all sides, including boards, regulators and vendors, not just attackers.
“Strategic judgment is foundational,” says Bird. “Especially knowing when not to act as much as when to intervene.”
Sharpening strategic judgment starts with pattern recognition — connecting the dots between incidents, threat intelligence, and the company’s broader business context. Then, CISOs need to distil that complexity into a few clear, actionable choices, each with defined risks, benefits and costs. “That’s how you move from doom report to strategic advisor,” says Argyle.
Strategic thinking will have a growing ethical dimension in 2026. One of the clearest tests, Bird says, will come in AI-driven environments, where CISOs must navigate complex decisions in the absence of clear legal guardrails. It’s the kind of area, he argues, that can “separate leaders from operators, notably when legal guidance lags behind technological reality.”
Critical decisions sometimes have to be made in the heat of the moment if disaster strikes. In those situations, the ability to stay calm under pressure is essential. “The CISO’s job in the first 72 hours is to lower the temperature, create clarity from ambiguity, and protect trust with the boardroom, authorities, regulators, customers and staff,” says Argyle.
Another soft skill to master in 2026 is the ability to build coalitions and negotiate well with product, data, legal, HR, finance, procurement and external partners. This means CISOs need to learn how to influence without having direct authority. “Security cannot operate in isolation,” says Entrekin. “Influence and collaboration are key.”
Closely linked to this is the ability to communicate well, to speak regulatory language and move fluently between technical, legal and business worlds. “Being able to talk to the board in business terms reduced my required three times a year board reporting to two times a year,” Bejerasco says. “They understood and got confident that they understood that I had it covered. That was helpful for both me and for them as well.”
All these skills have to be passed on to others in the team. A key part of the CISO’s role is to mentor, create opportunities for growth, and help team members gradually step into leadership themselves. “Investing in people ensures continuity, resilience, and long-term organizational capability,” says Entrekin.
Low-cost strategies for gaining top skills
Many CISOs and fractional CISOs want to keep learning, but there isn’t always a budget to match that ambition. Formal courses and certifications can run into the thousands of dollars, plus time away from the job. Yet the experts argue that there are low-cost solutions to this.
One of these is tapping into regional CISO communities. This can mean joining peer groups and roundtables where professionals compare playbooks and swap incident stories. CISOs can also find mentors or mentor younger professionals in turn, strengthening their skills while giving back to the community. “Regional CISOs communities can offer shared knowledge, peer support, and access to collective expertise at little or no cost,” Entrekin says.
Vendors, cloud providers, and partners also tend to have free training, as well as reference architectures and playbooks. “A smart CISO will negotiate learning access and workshops as part of contracts,” Argyle says.
Another low-cost strategy is to use large language models to explore emerging topics. These tools can summarize papers or threat intelligence reports, generate practice scenarios and act as a “sparring partner” for strategies. AI subscriptions are relatively affordable, and executives can repurpose decommissioned hardware from within the organization. This kind of setup allows CISOs to explore AI capabilities, limitations, and risks firsthand, without needing a large budget or a formal program.
Bejerasco also recommends reading books: “Books on negotiation, leadership, decision-making, and strategy are especially helpful and directly applicable to the CISO role, often more so than formal training.”
But another overlooked resource is the CISO’s own team. Argyle suggests creating internal “learning loops”: short, low-cost brown-bag sessions where risk experts, engineers, architects and product owners teach each other. “Lack of budget is a constraint, but it’s not an excuse,” he says. “The best CISOs I know have always been self-directed learners.
Less relevant courses
Not all courses and certifications add value to a CISO’s résumé. Credentials that are useful early in a cybersecurity career can become far less relevant by the time a security professional reaches an executive role. Examples include generic, entry-level security certifications, as well as tool-specific credentials that focus on button-clicking rather than system architecture.
“They are not useless, but they should no longer be treated as signals of senior security leadership,” Bird says.
Other credentials that are less useful as differentiators for CISOs in 2026 include single-vendor, product-specific certifications. Deep expertise in one specific firewall or endpoint solution might have been valuable in the past, but for someone in a CISO role, it just doesn’t carry a lot of weight.
“At the CISO level, it’s rarely decisive now, architectures are heterogeneous, and we’re increasingly buying platform outcomes, not hero products,” Argyle says. “These certs are fine for specialists, but they don’t move the needle much for an executive.”
Courses that focus purely on memorizing standards and passing exams — without requiring participants to grapple with real-world trade-offs — are also of diminishing value at the executive level. “As a CISO you’re expected to turn compliance into outcomes, not just recite clauses from a standard,” Argyle says.
For CISOs, though, certifications are necessary but not sufficient. They need to be backed by experience. Employers are looking for leaders who can run security programmes end-to-end, make tough trade-offs under pressure, manage incidents with confidence, and engage with the board with confidence. In a competitive job market, a long list of certifications won’t get anyone far unless it’s backed by real-world experience.
View the full article
- 0 comments
- 46 views
-
Sie denken, Ihre Sicherheitsmaßnahmen können Sie langfristig vor Cyberangriffen schützen? Oder dass Ihr Unternehmen zu klein und damit uninteressant für Hacker ist? Egal, ob Sie dem Mittelstand angehören, an der Börse gelistet sind oder zu den kritischen Infrastrukturen gehören: Jedes Unternehmen hat Daten, die Cyberkriminelle stehlen möchten.
Im Jahr 2025 wurden viele deutsche Unternehmen Opfer einer Cyberattacke. Die Folgen der Angriffe, die meist mittels Ransomware erfolgten, waren Betriebsstörungen gefolgt von Umsatzeinbußen, hohe Kosten für die Datenwiederherstellung sowie Reputationsschäden.
Auch für 2026 ist die Gefahr durch Cyberkriminelle hoch. Diese deutschen Unternehmen wurden bisher attackiert:
UnternehmenWannWasQuelleHanseMerkurJanuar 2026RansomwareDSGVO-PortalConceptnetJanuar 2026RansomwareCSOVerkehrsgesellschaft Main-TauberJanuar 2026RansomwareCSO Diese Unternehmen wurden im Jahr 2025 von einer Cyberattacke getroffen:
UnternehmenWannWasQuelleHascoDezember 2025Ransomwarewww.ransomware.liveMombergerDezember 2025CSOMusic StoreOktober 2025CSONickelhütte AueOktober 2025RansomwareCSOGeiger AntriebstechnikOktober 2025RansomwareCSOGubse AGOktober 2025CSOKWG SenftenbergSeptember 2025www.kwg-senftenberg.deHEM ExpertSeptember 2025DatendiebstahlCSOSchuler Service GroupSeptember 2025Ransomwarewww.ransomware.livedecor metallAugust 2025Ransomwarewww.ransomware.liveBüchnerBarellaAugust 2025CSOHeim & Haus Juli 2025RansomwareCSOKolbusJuni 2025Ransomwarewww.ransomware.liveSiloking Mayer MaschinenbauJuni 2025RansomwareCSOLeymann BaustoffeJuni 2025CSOMedia Broadcast Satellite GmbHJuni 2025Ransomwarewww.digitalfernsehen.deUnterwegs Outdoor ShopJuni 2025CSOWellteamMai/Juni 2025CSOVolkswagen GroupJuni 2025RansomwareCSOFunktel GmbHJuni 2025Ransomwarewww.ransomware.liveFasana GmbHMai/Juni 2025RansomwareCSOArcona Hotels & Resorts-GruppeMai 2025RansomwareCSOAdidasMai 2025CSOArla Foods Deutschland Mai 2025CSOROS RollentechnikMai 2025Ransomwarewww.ransomware.liveAutohaus JürgenMai 2025come-on.deRichard Scholz GmbH (BVG-Dienstleister)April/Mai 2025Datendiebstahl (BVG-Kundendaten)CSOReutlinger General-AnzeigerMai 2025Reutlinger General-AnzeigerOettingerApril 2025RansomwareCSOguenstiger.deApril 2025RansomwareCSOJ. Dahmen GmbH & Co. KG (JDC)April 2025DSGV-PortalRheinmetallApril 2025Ransomwarewww.ransomware.liveFAKO-M GetränkeApril 2025FAKO-M GetränkeSamsung Deutschland April 2025Datendiebstahl (Angriff über IT-Dienstleister Spectos)CSOHofmann Fördertechnik März 2025Ransomware?CSOHeilbronn MarketingMärz 2025RansomwareCSOFKM ElementeMärz 2025Ransomwarewww.ransomware.liveSozial-Holding MönchengladbachMärz 2025RansomwareCSOAerticketMärz 2025Ransomware?CSOQ railingMärz 2025Ransomwarewww.ransomware.liveStadtwerke SchwerteMärz 2025CSOWillms FleischFebruar 2025RansomwareCSOSüdkabelFebruar 2025suedkabel.deMETA E²F OperationsFebruar 2025RansomwareDSGVO-PortalAutohaus KießlingFebruar 2025RansomwareFalconFeeds.ioStürmer MaschinenFebruar 2025RansomwareCSOInSystFebruar 2025RansomwareCSOPamyraFebruar 2025RansomwareDSGVO-PortalVorwerkFebruar 2025DatendiebstahlCSOEscadaFebruar 2025RansomwareCSOEckert & ZieglerFebruar 2025www.ezag.com3 Screen SolutionsFebruar 2025UndercodenewsHEMIFebruar 2025RansomwareDSGVO-PortalAlltoursFebruar 2025AlltoursNeovita CosmeticsJanuar 2025RansomwareDSGVO-PortalWürttemberger MedienJanuar 2025RansomwareDSGVO-PortalSchauinsland ReisenJanuar 2025CSOGrohe AGJanuar 2025RansomwareCSOD-TrustJanuarZugriff auf DatenCSOTelering MarketingJanuar 2025RansomwareRansomware.liveWeininger Metall SystemJanuar 2025RansomwareCSO Diese Unternehmen wurden im Jahr 2024 Opfer einer Cyberattacke:
UnternehmenWannWasQuelleVosskoNovember 2024RansomwareCSOAEPOktober 2024RansomwareCSOIDEAOktober 2024RansomwareCSOSchweiger TransportOktober 2024RansomwareRansomware.liveHuber GroupOktober 2024 Celleheute.deSchäfer dein BäckerSeptember 2024RansomwareCSODiehl DefenceSeptember 2024SpywareCSOSchumag AGSeptember CSOClatronic InternationalSeptember 2024RansomwareRansomware.liveCBTSeptember 2024RansomwareRansomware.liveSybitAugust 2024PhishingCSOOptibeltAugust 2024 CSOMelchersJuli 2024RansomwareCSOSunExpressJuli 2024 CSOMittelbadische Entsorgungs- und Recyclingbetriebe (MERB)Juli 2024 CSOEurostrandJuli 2024Ransomware?CSOTÜV Rheinland AkademieJuli 2024RansomwareCSOLambertzJuni 2024RansomwareCSOMeiller KipperJuni 2024 https://www.meiller.com/de/wichtige-information/DG Immobilien ManagementJuni 2024 CSOWestfälische StahlgesellschaftJuni 2024Ransomwarehttps://www.ws-stahl.de/faq-zum-cyberangriff-vom-9-juni-2024/HoppeckeAnfang Juni 2024RanomwareCSOLemkenMai 2024 CSODeutsche TelekomMai 2024Ransomware?CSOMelting MindApril 2024RansomwareCSOMax WildApril 2024 https://www.maxwild.com/unternehmen/news/cyberangriff-auf-max-wild-gmbh/Bieler + LangApril 2024 bieler-lang.deHospitaltechnik PlanungsgesellchaftApril 2024 https://www.ht-hospitaltechnik.de/news/391-aktueller-cybervorfall-bei-der-ht.htmlGBI-Genios Deutsche WirtschaftsdatenbankApril 2024 CSOThyssenkruppFebruar 2024 CSOPSI SoftwareFebruar 2024 CSOKind HörgeräteFebruar 2024 CIOVartaFebruar 2024 CSOAnydeskFebruar 2024 CSOUnfallkasse ThüringenDezember 2023/ Januar 2024RansomwareCSOODAV AGJanuar 2024 CSOTransdevJanuar 2024 CIO Diese Unternehmen wurden im Jahr 2023 Opfer eines Hackerangriffs:
UnternehmenWannWasQuelleJunghans-Wolle/ Pro IdeeDezember 2023RansomwareCSOAllgaier AutomotiveDezember 2023 filstalwelle.deErfo BekleidungswerkDezember 2023RansomwareCSOKaDeWeNovember 2023RansomwareCSOBauer AG CIOSüdwestfalen ITOktober 2023RansomwareCSOMotel OneOktober 2023RansomwareCSOHäffnerOktober 2023RansomwareExplodingsecurityHochsauerlandWasser, Hochsauerland EnergieSeptemberr/Oktober 2023RansomwareCSOdegenia Versicherungsdienst AGSeptember/Oktober 2023 CSOMedgateAugust/September 2023 MedgateKendrion Kuhnke MalenteAugust 2023 CSOTrinkwasserverband StadeAugust 2023 CSOWildeboerJuli 2023RansomwareCSOSoftProjektJuli 2023RansomwareSoftProjektIT-Dienstleister der BarmerJuni 2023Software-SchwachstelleCSOVerivoxJuni 2023Software-SchwachstelleCSOMedizinischer DienstJuni 2023 CSODeutsche LeasingJuni 2023 CSOVerlagsgruppe VRMEnde Mai 2023 CSOHosting-Dienstleister von DenaMai 2023RansomwareCSOUnited HosterMai 2023RansomwareCSODienstleister von Heineking MediaMai 2023 CSOBlack Cat NetworksMai 2023RansomwareCSOGITAIMai 2023RansomwareCSOMaxim GroupAnfang Mai2023RansomwareCSOLux Automation RansomwareCSOBilstein GruppeEnde April 2023RansomwareCSOStürtz Maschinenbau22. April 2023RansomwareDSGVO PortalBadische Stahlwerke20. April 2023 CSOJobrad RansomwareCSOBitmarckApril 2023 CSOLürssenApril 2023RansomwareCSOEvotec6. April 2023 CIOÜstra31. März 2023 CSOBIG direkt28. März 2023 Ruhr NachrichtenMaterna25. März 2023 CSOSAF HollandMärz 2023 CIOMatthäi17. März 2023RansomwareCSOEnergieversorgung Filstal13. März 2023DDoSCSORheinmetall, NW7. März 2023DDoSCIOSteico, BY1. März 2023n.a.CSOSmart InsurTech, BE10. Februar 2023n.a.Smart InsurTechAlbert Ziegler, BW9. Februar 2023n.a.CSOUnternehmen in Bayern, BY6. Februar 2023RansomwarePolizei BayernKapellmann und Partner Rechtsanwälte, NW3. Februar 2023RansomwareKapellmannHäfele, BW2. Februar 2023RansomwareCSOStadtwerke Karlsruhe, BW1. Februar 2023RansomwareCSODürr, BWFebruar 2023n.a.CSOBayerischer Rundfunk, BYFebruar 2023PhishingCSOGeze, BWFebruar 2023n.a.GezeWisag Dienstleistungsholding, HEFebruar 2023n.a.Frankfurter Allgemeine ZeitungFlughafen Hamburg, HH25. Januar 2023DDoSHamburger AbendblattPlüsch-Tierheim, NW24. Januar 2023n.a.CSOSky Deutschland, BY21. Januar 2023n.a.Digital FernsehenBitmarck, NW19. Januar 2023n.a.CSOFritzmeier Group, BY17. Januar 2023n.a.CSOAdesso, NW11. Januar 2023n.a.CSOUnternehmen in Kaiserslautern, RPJanuar 2023Social EngineeringCSO Diese Unternehmen wurden im Jahr 2022 Opfer einer Cyberattacke:
UnternehmenWannWasQuelleIBB Business Team, BE27. Dezember 2022RansomwareIBB Business TeamSSI Schäfer Shop, RP23. Dezember 2022n.a.Schäfer Shop LinkedInThyssenkrupp, NRW 20. Dezember 2022n.a.CSOH-Hotels, HE11. Dezember 2022n.a.H-HotelsMeyer & Meyer, NI6. Dezember 2022n.a.CSORosenschon Partnerschaft, BY5. Dezember 2022n.a.Bayreuter TagblattDeutsche Klassenlotterie Berlin, BEDezember 2022n.a.Berliner KurierLand Brandenburg Lotto, BBDezember 2022n.a.RBB 24Lotto-Toto Sachsen-Anhalt, STDezember 2022n.a.MDRNordwest Lotto Schleswig-Holstein, SHDezember 2022n.a.FocusLotto Rheinland-Pfalz, RPDezember 2022n.a.SWRTechnolit, HEDezember 2022n.a.Technolit FacebookT-Mobile, NW25. November 2022n.a.CSOLandau Bedia, BE25. November 2022n.a.Landau MediaBisping & Bisping, BY17. November 2022n.a.Nürnberger NachrichtenRichard Wolf, BW3. November 2022RansomwareRichard WolfProphete, NWNovember 2022n.a.CSOOase, NRW29. Oktober 2022n.a.OaseAurubis, HH28. Oktober 2022n.a.CIOEnercity, NI26. Oktober 2022n.a.CIODeutsche Presse Agentur, HH17. Oktober 2022RansomwareCSOMetro, NRW17. Oktober 2022n.a.CSOHeilbronner Stimme, BW14. Oktober 2022RansomwareCIOWilken Software Group, BW12. Oktober 2022RansomwareCSOConvista, NRW10. Oktober 2022Zero DayConvistaHipp, BY5. Oktober 2022n.a.BR24Caritasverband München und Freising, BY11. September 2022RansomwareCSOElabs, HE8. August 2022n.a.ElabsMedi, BY7. August 2022n.a.CSOIHK, deutschlandweit4. August 2022DDoSCSOSemikron, BY1. August 2022RansomwareCSOContinental, NIAugust 2022n.a.CIOAutodoc, BEAugust 2022n.a.Skoda CommunitySaller-Bau, THAugust 2022n.a.Thüringer AllgemeineIsta, NW27. Juli 2022n.a.CSOASG, NI26. Juli 2022n.a.CSOWeidmüller, NW18. Juli 2022n.a.Neue WestfälischeHelinet, NW7. Juli 2022DDoSWestfälischer AnzeigerKnauf, BY29. Juni 2022n.a.KnaufBizerba, BW27. Juni 2022n.a.Schwarzwälder BoteApetito, NW26. Junin.a.CSOCount + Care, HE12. JuniRansomwareWissenschaftsstadt DarmstadtBauverein, HE12. JuniRansomwareFrankfurter RundschauHeag und Heag Mobilo, HE12. Juni 2022RansomwareFrankfurter RundschauFES, HE12. Juni 2022RansomwareCIOEntega, HE12. Juni 2022RansomwareCSOStadtreinigung Kassel, HE2. Juni 2022n.a.WeltSDZ Druck und Medien, BW31. Mai 2022n.a.Schwäbische PostJakob Becker, RP24. Mai 2022RansomwareCSOPosteo, BE17. Mai 2022DDoSCSOAGCO, BY5. Mai 2022RansomwareAGCOLudwig Freytag,NIMai 2022RansomwareNDRCWS, NWMai 2022n.a.Westfalen BlattSixt, BY29. April 2022n.a.CSODonau Stadtwerke Dillingen-Lauingen, BY18. April 2022n.a.Augsburger AllgemeineReitzner, BY18. April 2022n.a.Augsburger AllgemeineAHS, HH17. April 2022n.a.AirlinersIMA Schelling Group, NW15. April 2022n.a.Neue WestfälischeDeutsche Windtechnik, HB12. April 2022RansomwareCSOPerbit, NW7. April 2022RansomwareCSOKSB, ST7. April 2022n.a.MDRFraunhofer-Institut, STApril 2022RansomwareCSOTÜV Nord Group, NIApril 2022n.a.TÜV Nord GroupNordex, HH31. März 2022n.a.NordexWelcome Hotels, HE12. März 2022n.a.Welcome HotelsStollwerck, TH11. März 2022n.a.MDRElobau, BW4. März 2022RansomwareElobauBauking, NW3. März 2022RansomwareWestfalenpostRosneft, BEMärz 2022n.a.WeltTST, RPMärz 2022n.a.SWRTrützschler, NWMärz 2022RansomwareWDRFunke Mediengruppe, NW25. Februar 2022BotsDie ZeitKlopotek, BE18. Februar 2022RansomwareCSOSchultze & Braun Rechtsanwaltsgesellschaft, BW16. Februar 2022Zero DaySchultze & BraunOtto Dörner, HHFebruar 2022RansomwareSVZWisag Dienstleistungsholding, HE27. Januar 2022n.a.WisagGolfclub Hofgut Praforst, HE23. Januar 2022RansomwareOsthessen NewsThalia Bücher, NW20. Januar 2022Brute ForceTarnkappeUnfallkasse Thüringen, TH4. Januar 2022RansomwareUnfallkasse ThüringenOiltanking GmbH, HHJanuar 2022n.a.Handelsblatt Die Redaktion wird diese Listen regelmäßig aktualisieren. Jedoch erheben wir keinen Anspruch auf Vollständigkeit.
View the full article
- 0 comments
- 43 views
-
- 0 comments
- 61 views
-
In an internal memo to Apple employees, obtained by Bloomberg's Mark Gurman, Cook said he is "heartbroken by the events in Minneapolis."
"This is a time for deescalation," added Cook. "I believe America is strongest when we live up to our highest ideals, when we treat everyone with dignity and respect no matter who they are or where they're from, and when we embrace our shared humanity. This is something Apple has always advocated for."
Cook said he had a "good conversation" with U.S. President Donald Trump this week, in which he shared his views, but he did not elaborate.
Here is Cook's full memo to Apple employees, per Bloomberg:Cook was not specific, but he appears to be responding to the killing of Alex Pretti, a 37-year-old intensive care nurse for the U.S. Department of Veterans Affairs. Pretti was fatally shot by U.S. federal immigration agents following an encounter in Minneapolis on Saturday. The incident has stoked public outcry in the country.
37-year-old poet Renée Good was also shot and killed by a U.S. Immigration and Customs Enforcement (ICE) agent in Minneapolis on January 7.
Cook was criticized by some for attending a private screening of the upcoming documentary film "Melania" at the White House on Saturday, just hours after Pretti was killed. Critics said that it was poor timing for Cook to attend the VIP gathering, given the events that had transpired in Minneapolis earlier in the day.
Cook has maintained a working relationship with President Trump, and last year he gave him a gift containing a 24-karat pure gold bar.Tag: Tim Cook
This article, "Apple CEO Tim Cook Responds After ICE Shootings in Minneapolis" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 42 views
-
The attack starts with an original and ordinary webpage then attackers add client-side API calls to LLMs that can dynamically generate malicious JavaScript code in real time. This polymorphic technique is dangerous for several reasons. First, it can bypass any built-in AI model security guardrails. Second, because it delivers its malware from a trusted LLM domain it may bypass typical network analysis. Without any runtime behavioral analysis screening, it won’t easily be discovered or blocked, because the assembly of the final malware code happens inside a client’s browser and leaves no static payload residue anywhere else in the process.
The analysts at Unit 42 wrote a proof-of-concept code that calls popular LLMs such as DeepSeek and Google’s Gemini into returning the malicious JavaScript. The key step is to use separate prompts to craft AI prompts that translate the malware and describe its functionality as plain text, which then generate different pieces of the actual malware code. The AI model can generate a variety of phishing code content and then assemble the various pieces, both of which make detection more difficult. The assembly, as mentioned, is happening at the very end of this malware supply chain, what SquareX calls a last mile reassembling attack.
While this attack isn’t exactly novel, what is new is the type of code pieces that are generated by the AI that are more difficult to detect. The example used in the PoC described four code fragments in its prompting instructions, each fragment involving a different step in the malware’s operations. Each prompt would return a syntactically unique yet functionally identical variant of the malicious code, according to the analysts. Think of this as the AI version of custom-coded malware that was first invented decades ago by attackers looking to evade static signature detection algorithms.
There are several ways the final malware assembly can be accomplished, including using a backend proxy server or a content delivery network to further hide the malware’s true nature by providing trusted domains to deliver the goods.
“Unfortunately, at least some of this comes back to having the user as the last line of defense,” Allie Mellen, Forrester principal analyst, security and risk, told CSO. “This attack prevents the vendors from using some phishing detection techniques, but many of the core phishing detection capabilities are still relevant here.”
Jess Burn, a Forrester analyst for email security, agrees that there is some protection with existing defensive technologies. However, “even though this attack uses the browser and an LLM to build the phishing page on the fly, the issue is still how users got to that page in the first place. Well-tuned email and collaboration security tools that spot suspicious links, newly registered domains, look‑alike brands, and unusual sender behavior can still stop many of these campaigns at the message layer so the user never clicks through to the ‘magic’ page that turns malicious at runtime.”
Unit 42 of course recommends Palo Alto Networks’ products to help defend against this attack. Other solutions include using secure web gateways as well as secure enterprise browsers that can prevent last mile attacks.
View the full article
- 0 comments
- 34 views
-
“The vulnerability is serious,” said Johannes Ullrich, dean of research at the SANS Institute. “The root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components. The effect is similar to what an attacker could do with Office Macros. But Office Macros are typically blocked for documents downloaded from the internet. Microsoft implemented similar protections for OLE components, but this recent exploit found a way to bypass them.”
Despite efforts by Microsoft and email gateway vendors, emails with malicious attachments are still a significant attack vector, he added.
“It is important that organizations roll up this update quickly. Until it has been applied, filters on email gateways or endpoint protection signatures may help mitigate the threat.”
Fortunately the vulnerability, CVE-2026-21509, which has a CVSS score of 7.8, is fixed automatically in Office 2021 and up, however, admins should note that these applications need a restart for the patch to take effect. For Office 2016 and Office 2019, there’s a separate patch.
Jack Bicer, director of vulnerability research at Action1, said that for security teams and CISOs “the urgency is real: don’t wait, prioritize this update immediately, and ensure all Office applications are restarted so the protections take effect without delay.”
The flaw is exploited by sending malicious Office documents and convincing users to open them, “a classic technique that emphasizes the ongoing effectiveness of social engineering in real-world attacks,” he said.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the hole to its catalogue of known exploited vulnerabilities. Vulnerabilities in the catalogue must be remediated by federal civilian executive branch agencies by a specified date.
Asked for comment, a Microsoft spokesperson said the company recommends impacted customers follow the guidance on its CVE page. It also points out that Microsoft Defender has detections in place to block exploitation, and Office’s default Protected View setting provides an extra layer of protection by blocking malicious files from the internet.
“As a security best practice, we encourage users to exercise caution when downloading and enabling editing on files from unknown sources, as indicated in security warnings,” the spokesperson added.
This article originally appeared on Computerworld.
View the full article
- 0 comments
- 34 views
-
"Shrinking" follows a grieving therapist (Jason Segel) who starts to be unconventionally candid with his clients. Harrison Ford plays Segel's mentor, Dr. Paul Rhoades, and other cast members include Christa Miller and Jessica Williams.
Guest stars in the third season will include Cobie Smulders, Michael J. Fox, Jeff Daniels, Brett Goldstein, and others, according to Apple.
The first episode of "Shrinking" season three will be out tonight, and one new episode will follow every Tuesday at 9 p.m. Eastern Time through April 7.
The fourth season does not have a release date yet.
"Shrinking" is one of the most popular shows on the Apple TV streaming service, and it has received multiple Emmy Award nominations.Tag: Apple TV Shows
This article, "One of Apple TV's Most Popular Shows Gets Renewal" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
Introduced last September, the hypertension detection feature uses the health sensors on the Apple Watch and custom-designed algorithms to determine if a user seems to be regularly experiencing high blood pressure. If hypertension is detected over a 30-day period, the Apple Watch is able to send an alert suggesting that the user opt in to more frequent blood pressure monitoring with the guidance of a doctor.
According to Apple, hypertension is the leading modifiable risk factor for heart attack, stroke, and kidney disease, impacting 1.4 billion adults globally. Hypertension does not have visible symptoms in most cases, so it can go undiagnosed.
Apple Watch owners in the countries where Apple has added support can set up hypertension alerts in the Health app.
Hypertension alerts are available with the Apple Watch Series 9 and later and the Apple Watch Ultra 2 and later.
This article, "Apple Expands Apple Watch Hypertension Notifications to Six More Countries" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
Kuo says that Apple negotiates memory prices with suppliers on a quarterly basis, so price increases are expected in the second quarter of 2026. The upcoming price hike will be similar to the first quarter increase that has already seen Apple paying more for memory. Estimates suggest that prices are up 10 to 25 percent compared to last year.
The higher memory cost will impact the iPhone's gross margins, but Apple is in a position to establish deals to get a steady supply, and it is able to absorb some of the increased cost. From Kuo:
Apple may need to address memory price increases during the January 30 earnings call covering the first fiscal quarter of 2026 (October to December 2025). Kuo expects that Apple will avoid raising prices "as much as possible," and that at least the starting price of the iPhone 18 models will be flat.
Apple has previously absorbed component costs, and was able to keep iPhone 17 pricing relatively steady. The base iPhone 17 model did not go up in price and still starts at $799, though Apple did start charging $100 more for the iPhone 17 Pro because of the new 256GB minimum storage.
Components other than memory could also be in short supply in the coming months, leading to further supply chain issues that could force price increases. LPDDR and NAND are currently facing shortages and higher prices because of demand from the AI industry. Chip manufacturers are prioritizing advanced memory for AI servers over the memory used in smartphones, and there has been speculation that the memory price increase will cause smartphone costs to rise across multiple brands.Related Roundup: iPhone 18Tag: Ming-Chi KuoRelated Forum: iPhone
This article, "Apple to Keep iPhone 18 Starting Price Steady Despite Rising Memory Costs" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 42 views
-
Anyone can download and install public betas, and all that's required is to sign up on Apple's beta site. Once you've opted in, the software can be downloaded through the Software Update section in the Settings app on each device. The latest iOS 26.3, iPadOS 26.3, and watchOS 26.3 updates add support for the new second-generation AirTag, including Precision Finding on Apple Watch.
iOS 26.3 also adds a new tool for transitioning from an iPhone to an Android device. Transfers can be initiated during the device setup process, and moving data from one device to another can now be done without having to download a specific app.
The update includes changes to third-party wearables in the European Union, with more information available in our iOS 26.3 beta 2 feature list following yesterday's release to developers.
Apple is expected to release iOS 26.3 and iPadOS 26.3 to the public at the end of January.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Third Betas of iOS 26.3 and iPadOS 26.3 to Public Beta Testers" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 36 views
-
After signing up for beta testing on Apple's beta site, public beta testers can download the updates using the Software Update section in the System Settings app.
We don't know about any new features in macOS Tahoe 26.3 as of yet, but Apple might introduce new capabilities in later beta releases.
The beta is limited to developers and public beta testers at the current time, but we are expecting Apple to release the update at the end of January. Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Apple Releases Third macOS Tahoe 26.3 Public Beta" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
In the U.S., Google AI Plus is priced at $7.99, giving Google Gemini users a more affordable option for accessing upgraded AI services. Prior to now, Google AI Pro was the most affordable AI subscription plan at $19.99 per month.
Google AI Plus includes Gemini 3 Pro and Nano Banana Pro in the Gemini app, as well as AI filmmaking tools in Flow, and access to research and writing assistance in NotebookLM. It also includes 200GB of storage, with benefits able to be shared with up to five other family members.
For a limited time, Google is offering new AI Plus subscribers a 50 percent discount for the first two months of the subscription, dropping the price to $3.99. Customers will pay $3.99 for access for two months, before being charged the full $7.99 per month price.
Google One Premium 2TB customers who pay $9.99 per month will automatically get access to the benefits of Google AI Plus in the coming days.
Google AI Plus includes 200 monthly AI credits for video generation, which is 100 more credits than the free Google AI option. The free tier has limited access to Gemini 3 Pro, but subscribers will be able to use 3 Pro with fewer limitations, while also accessing Deep Research. The plan also offers limited access to Veo 3.1 Fast and Gemini in Chrome.
The more expensive $19.99 per month Google AI Pro plan has even more benefits than the $7.99 plan. It offers a higher number of AI credits, more access to Flow and Whisk, Gemini 3 Pro in Google Search, higher daily limits for Gemini Code assist, Gemini in Google apps like Gmail and Docs, access to Google Home Premium, and 2TB storage.
More information is available on Google's website.Tags: Gemini, Google
This article, "Google Brings Cheaper $7.99 'AI Plus' Plan to 35 Countries, Including U.S." first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
- 0 comments
- 53 views
-
Jobs unveiled the first-generation iPad at the Yerba Buena Center for the Arts in San Francisco on January 27, 2010. Designed to fill the gap between smartphones and laptops, the original iPad featured a 9.7-inch LED-backlit multitouch display, Apple's first custom designed chip, a 30-pin dock connector, and up to 64GB storage. With a starting price of $499, it offered users a new way to browse the web, read eBooks, watch videos, and interact with Apple's growing app ecosystem. Jobs described it as "a magical and revolutionary device."
The iPad used a version of iOS tailored for its larger display, bringing a big-screen experience to familiar mobile apps like Safari, Mail, and Photos. It introduced the iBooks app and iBookstore as part of an effort to compete in the e-reading space dominated by Amazon's Kindle. Its design was characterized by thick black bezels, a physical home button, and a convex aluminum back. It weighed 1.5 pounds and offered 10 hours of battery life.
The initial reception to the iPad was mixed. While many praised its lightweight computing and media consumption experience, others questioned its necessity and potential to replace laptops.
Nevertheless, the iPad sold over 300,000 units on its launch day in April 2010 and one million within its first month. It catalyzed the creation of a new product category, sparking competition from rivals such as Samsung, Microsoft, and Amazon. By the end of 2010, Apple had sold over 15 million iPads, generating $9.5 billion in revenue and solidifying the device as a key pillar of the company's product lineup.
The iPad has since become a tentpole device for Apple, expanding into product lines including the iPad mini, iPad Air, and iPad Pro and accessories such as the Apple Pencil and Magic Keyboard. Subsequent models introduced cameras, multitasking, different display size options, USB-C connectivity, and more. See Apple's original press release from 2010 for more information.
This article, "Apple's iPad Turns 16 Today" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
- 0 comments
- 55 views
-
Samsung Wide Fold mockup (Image credit: UniverseIce)
According to Korea's ETNews, the Wide Fold will see Samsung's largest initial production run for a special model in the past three years. The device is said to feature a 7.6-inch foldable OLED display with a 4:3 aspect ratio when unfolded, and a 5.4-inch cover screen.
Apple is expected to introduce a foldable iPhone this fall with a similar 4:3 inner display ratio. When folded, users will interact with a 5.3-inch outer display that is shorter and wider than a typical iPhone screen, while unfolding it will reveal a larger 7.7-inch iPad-style screen, according to The Information.
Industry analyst Ming-Chi Kuo expects Apple to sell somewhere between 8 and 10 million units by the end of the year, assuming it launches in 2026 and isn't pushed back into early next year. Either way, it appears that by matching the device's aspect ratio, Samsung is wasting no time going after Apple in a space that the Korean tech giant has so far dominated.
A source quoted in the report says the Wide Fold "is not considered dramatically harder to build than [the] TriFold," and Samsung may increase output depending on the market response. The upcoming Galaxy Z TriFold is expected to have only a limited run of around 200,000 units, compared to the Wide Fold's projected 1 million units. Samsung is expected to launch the TriFold device on January 30, starting at $2,899.
Samsung Wide Fold mockup (Image credit: UniverseIce)
ETNews reports that the Wide Fold will debut alongside the Galaxy Z Fold 8 and Flip 8 at Samsung's Q3 Unpacked event in July. If so, that's a change from previous years, when Samsung staggered its special models to avoid cannibalizing sales from its main lineup.
iPhone Fold: Launch, Pricing, and What to Expect From Apple's Foldable
Samsung's overall foldable shipments reportedly exceeded 6 million last year, and the company expects that figure to climb with the Wide Fold joining its portfolio. Apple is expected to unveil its first foldable alongside the iPhone 18 Pro models in September.Tags: Foldable iPhone, Samsung
This article, "iPhone Fold Rumored Display Size Has Samsung Preparing a Direct Rival" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
According to Apple's website, the new AirTag will be launching at a later date in these countries:
Brazil
Indonesia
Malaysia
The Philippines
Singapore
South Korea
Taiwan
Thailand
VietnamIn South Korea, Apple will begin accepting orders for the new AirTag on January 28 (local time), so orders should begin imminently in that country. In many of the other countries listed above, however, Apple simply says the new AirTag is coming soon.
The new AirTag features longer range for both Bluetooth and Precision Finding item tracking, a louder speaker, and some other minor changes.Tag: AirTag
This article, "AirTag 2 Launching Later in These Countries" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 35 views
-
Note: MacRumors is an affiliate partner with Nomad. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
All discounts in this sale have been automatically applied and do not require any coupon codes, and Nomad offers free shipping on orders that exceed $50 in value. You'll find a collection of iPhone 17 cases in this sale, including Nomad's Modern Case for $39 ($10 off), Modern Leather Case for $44 ($11 off), and Rugged Leather Case for $60 ($15 off).
UP TO 49% OFFNomad Overstock Sale
iPhone 17 Cases
Modern Case - $39, down from $49
Modern Leather Case - $44, down from $55
Rugged Leather Case - $60, down from $75
Modern Leather Folio - $60, down from $75
Charging
Stand One - $83, down from $119
Base One Max - $111, down from $159
iPad Cases
Leather Folio for iPad Air - $63, down from $125
Apple Watch Bands
Sport Slim Band - $39, down from $55
Rugged Case - $60, down from $119
If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Nomad's Overstock Sale Takes Up to 49% Off iPhone 17 Cases, MagSafe Stands, and More" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
New data published by SellCell provides a look at how users have responded to the push to update to iOS 26. The findings are based on a January 2026 survey of 2,000 U.S.-based adult iPhone users and focus on adoption status, update behavior, and perceived risks associated with installing iOS 26.
78% of SellCell's respondents say they have updated their iPhone to iOS 26, while 22% report that they are still running an earlier version of iOS. There have been other reports of low adoption for iOS 26, so 78% would be unusually high and may indicate a disproportionate number of tech enthusiasts among respondents. Realistically, the actual number likely lies somewhere in between at around 50%, as StatCounter shows. SellCell stresses that the data reflects self-reported behavior rather than device-verified installation rates.
Nevertheless, the survey highlights key reasons as to why some users have still not upgraded. 24.2% of respondents said they were concerned that iOS 26 could negatively affect battery life, while 23.8% worried about overall performance. 17.5% of respondents said they disliked the design changes debuted with Liquid Glass, or found it harder to read, while an additional 8.6% said they were frustrated that new visual elements could not be fully turned off. 15% of respondents said they worried it would be difficult or impossible to revert to an earlier version of iOS once iOS 26 was installed, while 11.4% cited reports of bugs or features breaking as a reason for hesitation.
SellCell's data also suggests that adoption does not necessarily reflect confidence. When asked about their general response to iOS update prompts, only 38.8% of respondents said they typically update immediately when prompted. The remaining 61.2% reported some form of delay or deferral, including waiting to see whether other users report problems, assuming updates occur automatically, dismissing reminders, or postponing updates for weeks or months. A smaller share said they only update once an app stops working on their current version of iOS.
In addition, the survey found that hesitation around iOS 26 is widespread even among users who have already installed the update. Across the full sample of 2,000 respondents, 72% selected at least one concern that made them hesitant about upgrading, while only 28% said that nothing they had seen put them off installing iOS 26. It is also notable that, of the 443 respondents who said they were still on an older version, 28% said they were unaware that iOS 26 was available, 23.7% said they assumed updates would install automatically, and 23.3% said they simply had not gotten around to updating. Related Roundups: iOS 26, iPadOS 26Tag: SellCellRelated Forum: iOS 26
This article, "iOS 26 Adoption Hits 50%, But Some Users Are Still Reluctant to Update" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist – unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, „ob“, sondern „wann“ ein Angriff erfolgt.
Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall: Im Voice of the CISO Report 2025 von Proofpoint gaben rund 76 Prozent der Befragten an, dass sie sich in den nächsten 12 Monaten einem erheblichen Cyberangriff ausgesetzt sehen. Im Vorjahr lag dieser Wert noch bei 70 Prozent.
Zudem glauben 58 Prozent der befragten CISOs, dass ihr Unternehmen nicht darauf vorbereitet ist. Neben dem allgemeinen Gefühl, dass ein Angriff fast unvermeidlich ist, räumen die Sicherheitschefs ein, dass verschiedene Herausforderungen sie bei ihren Aufgaben behindern. In erster Linie sehen sie bei ihrer Arbeit vier Probleme:
1. Teammitglieder werden nicht ausreichend befähigt, nach Prioritäten zu handeln
Viele CISOs geben offen zu, dass ihre Sicherheitsteams mehr Arbeit haben, als sie bewältigen können. Das führt zu viel Stress: Im 2025 CISO Pressure Index von Nagomi Security bekundeten rund 80 Prozent der CISOs, dass sie derzeit unter hohem oder extremem Druck stünden , BBei 87 Prozent hat der Druck bei in den vergangenen 12 Monaten zugenommen. Darüber hinaus geben 67 Prozent Befragten an, wöchentlich oder täglich ausgebrannt zu sein.
„Jeder CISO fühlt sich stark überfordert“, bestätigt Omar Khawaja, Leiter des Bereichs Field Security bei Databricks. „Um damit fertig zu werden, haben die CISOs gelernt, Prioritäten zu setzen.“ Bei den meisten stehe ganz oben auf ihrer Liste, die größten Risiken für das Unternehmen zu reduzieren, so Khawaja.
„Allzu oft schulen CISOs ihre Teammitglieder jedoch nicht, damit sie kompetente Entscheidungen treffen und Maßnahmen ergreifen können, die mit diesen Prioritäten übereinstimmen“, so der ehemalige CISO bei Highmark Health.Dadurch müssten Führungskräfte weiterhin alle Prioritätsentscheidungen treffen, was das gesamte Team verlangsamen würde.
CISOs sollten darauf hinarbeiten, dass ihre Teammitglieder wissen, wann und wie sie Prioritäten für ihre eigenen Arbeitsbereiche setzen müssen, „damit sich jedes einzelne Team auf die wichtigsten Dinge konzentriert“, fügt Khawaja hinzu.
„Dazu müssen Sie klare Mechanismen und Anweisungen für die Entscheidungsunterstützung schaffen“, erklärt er. „Es sollte Kriterien oder Faktoren geben, die festlegen, ob etwas vom Sicherheitsteam eine hohe, mittlere oder niedrige Priorität hat. Denn dann kann jedes Teammitglied jede Anfrage, die bei ihm eingeht, prüfen und sie sicher und effektiv priorisieren.“
2. Mit der Innovation und Einführung von KI nicht Schritt halten
Führungskräfte und Mitarbeiter haben sich gleichermaßen beeilt, künstliche Intelligenz einzusezten, angelockt von der Erwartung, dass KI Arbeitsabläufe verändern und Zeit, Geld sowie Aufwand sparen wird.
Die meisten CISOs haben jedoch mit der Geschwindigkeit der KI-Einführung durch ihre Geschäftskollegen nicht Schritt gehalten.
Laut einer Umfrage unter 921 IT- und Cybersicherheitsexperten im Rahmen des 2025 State of AI Data Security Report von Cyera nutzen 83 Prozent der Unternehmen KI. Aber nur 13 Prozent haben einen guten Überblick darüber, inwieweitdiese Systeme auf sensible Daten zugreifen oder wie sie mit ihnen umgehen; lediglich 16 Prozent behandeln KI als eigenständige Identität; nur elf Prozent der Unternehmen können riskante KI-Aktivitäten automatisch blockieren; und nur sieben Prozent verfügen über ein spezielles KI-Governance-Team.
„Die meisten CISOs kämpfen mit der Frage, wie sie die KI-Nutzung absichern können”, betont Robert T. Lee, Chief AI Officer und Forschungsleiter bei SANS.
Laut Lee verbieten viele CISOs aufgrund von Sicherheitsbedenken immer noch vorgeschlagene KI-Anwendungsfälle – was er als „Security Framework of No” bezeichnet – oder verlangsamen die Einführung, während sie die Sicherheit der KI bewerten.
„Es herrscht ein allgemeiner Mangel an Wissen darüber, wie man mit KI umgehen soll“, so Lee. „Fairerweise muss man sagen, dass die Unternehmen den CISOs hier nicht immer helfen“, bemerkt der Experte.
Ein anderer Punkt ist die häufig wechselnde KI-Strategie in vielen Unternehmen. „Eine neue KI-Version kommt heraus, und schon ändert sich die Agenda, und einen Monat später kommt etwas Neues heraus, und schon ändert sie sich wieder. Es ist also ein bewegliches Ziel, das das Sicherheitsteam schützen soll“, erklärt Lee.
Unabhängig davon ist es laut Lee klar, dass die Unfähigkeit des Sicherheitsteams, mit den KI-Innovationen Schritt zu halten, und der Wunsch des Unternehmens nach einer schnellen Einführung problematisch sind. „Indem es die Transformation verlangsamt, behindert dies nicht nur die Agenda des Unternehmens“,so der KI-Experte. „Es verhindert auch den Erfolg der Sicherheitsabteilung, da das Unternehmen oft die Security komplett umgeht, anstatt seine KI-Entwicklung zu verlangsamen oder zu stoppen.“
Infolgedessen sähen sich CISOs und ihre Unternehmen letztendlich mit Schatten-KI, unkontrollierten Agenten und undurchsichtigen Datenflüssen konfrontiert, die zu einem schlecht gesicherten, erweiterten Angriff führen, fügt Lee hinzu.
Natürlich besteht nach wie vor die Notwendigkeit, KI-Implementierungen angemessen zu bewerten und zu sichern, betont er und ergänzt, dass Unternehmen nicht einfach die Zusicherungen der Anbieter akzeptieren sollten, dass ihre KI-Komponenten sicher sind.
Nach Ansicht von Lee verfolgen CISOs, die mit der KI-Strategie ihrer Organisation Schritt halten, einen ganzheitlichen Ansatz, anstatt von Einsatz zu Einsatz zu arbeiten. Sie erstellen ein Risikoprofil für bestimmte Daten, sodass die Sicherheitsabteilung nicht viel Zeit mit der Bewertung von KI-Implementierungen verbringen muss und sich stattdessen auf KI-Anwendungsfälle konzentrieren kann, die Daten mit mittlerem oder hohem Risiko erfordern.
Außerdem würden sie einzelnen Abteilungen Sicherheitsmitarbeiter zuweisen, um den KI-Bedarf im Blick zu behalten. Zudem würden Sicherheitsteams in den Fähigkeiten geschult, die zur Bewertung und Sicherung von KI-Initiativen erforderlich sind.
3. Begrenzte Einführung von KI für Sicherheitsmaßnahmen
Wie ihre Kollegen aus dem Business setzen auch einige CISOs auf KI, um ihre Abläufe zu transformieren – doch trotz der Vorteile, die diese Technologie für die Cybersicherheit mit sich bringt, scheinen sie bei weitem nicht die Mehrheit zu bilden.
Die 2025 ISC2 Cybersecurity Workforce Study zeigt, dass nur 28 Prozent der 16.000 befragten Unternehmensleiter KI-Tools in ihre Sicherheitsabläufe integriert hatten. Die Studie ergab, dass 19 Prozent sie testeten und 22 Prozent sich in der frühen Evaluierungsphase befanden.
„CISOs haben etwas Aufholbedarf, wenn es darum geht, KI mit der gleichen Geschwindigkeit wie das Business einzusetzen“, betont Jon France, CISO von ISC2, einer Organisation für Cybersicherheitsschulungen und -zertifizierungen.
Dieses langsame Tempo bestehe fort, obwohl sich der Einsatz von KI in Sicherheitsabläufen als vorteilhaft erweist, fügt France hinzu und merkt an, dass 63 Prozent derjenigen, die KI-Sicherheitstools einsetzen, von einer deutlichen Steigerung ihrer Produktivität berichten.
In der ISC2-Studie gaben 40 Prozent der CISOs an, dass KI in kürzester Zeit den größten Einfluss auf Cybersicherheitsmaßnahmen haben wird, gefolgt von Sicherheitsmaßnahmen und Sicherheitstests (beide 30 Prozent), Schwachstellenmanagement (29 Prozent), Bedrohungsmodellierung und Endpunktschutz (beide 28 Prozent).
4. Mangel an benötigten Talenten und erforderlichen Fähigkeiten
CISOs berichten zwar schon seit langem von Schwierigkeiten bei der Einstellung ausreichend qualifizierter Sicherheitsmitarbeiter. Inzwischen sehen sie dieses Problem jedoch zunehmend als zentrales Hindernis für die Umsetzung ihrer Sicherheitsagenda.
In der Studie „2025 State of Cybersecurity Resilience” von Accenture identifizierten 83 Prozent der IT-Führungskräfte den Mangel an Cybertalenten „als großes Hindernis für die Erreichung einer starken Sicherheitslage”.
Das Problem ist dabei laut ISC2-Studie zweigeteilt:
Zunächst ist da der Fachkräftemangel: 63 Prozent der Befragten gaben 2025 an, dass sie einen leichten oder erheblichen Mangel an Cybersicherheitskräften haben, immerhin eine leichte Verbesserung gegenüber den 68 Prozent im Vorjahr.
Zweitens wächst die Qualifikationslücke. Dem Bericht zufolge haben 59 Prozent im Jahr 2025 einen kritischen oder erheblichen Bedarf an bestimmten Fähifkeiten (2024: 44 Prozent). 95 Prozent berichten von mindestens einem Skill-Bedarf – 5 Prozent mehr als im Vorjahr. Als dringendste Kompetenz nannten die Befragten KI-Know-how (41 Prozent), gefolgt von Cloud-Sicherheit (36 Prozent), Risikobewertung (29 Prozent), Anwendungssicherheit (28 Prozent), Sicherheitstechnik und Governance (27 Prozent) sowie Risiko und Compliance (ebenfalls 27 Prozent).
„Wir brauchen Menschen, die in der Lage sind, die Aufgaben von modernen Sicherheitsfunktionen zu erfüllen“, so France.
Auch Khawaja nennt den Mangel an „den richtigen Fähigkeiten im Sicherheitsteam“ als Hindernis für den Erfolg von CISOs. Er sieht die Herausforderung jedoch weniger im Fehlen von technischen Fähigkeiten oder sogar Soft Skills, sondern in sogenannten „Middle Skills“, etwa Risikomanagement und Change Management.
Diese Fähigkeiten werden nach Meinung von Khawaja immer wichtiger, um die Sicherheit besser mit dem Business zu verzahnen, die Benutzer zur Akzeptanz von Sicherheitsprotokollen zu bewegen und letztendlich die Sicherheitslage des Unternehmens zu verbessern. „Fehlen diese Fähigkeiten, kann das Sicherheitsteam nur begrenzt etwas ausrichten.”
Obwohl CISOs mit Arbeitsmarktbedingungen zu kämpfen haben, die weit außerhalb ihrer direkten Kontrolle und ihres Einflussbereichs liegen, gibt es laut Khawaja andere Maßnahmen, mit denen sie dem Mangel an Talenten und Fähigkeiten begegnen können. „Eine klare Talentstrategie, die sich auf die Einstellung von Mitarbeitern mit bestimmten Fähigkeiten und Kompetenzen konzentriert, kann CISOs dabei helfen, das zu bekommen, was sie zur Umsetzung ihrer Sicherheitsagenda benötigen.“ (jm)
View the full article
- 0 comments
- 33 views
-
Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist – unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, „ob“, sondern „wann“ ein Angriff erfolgt.
Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall: Im Voice of the CISO Report 2025 von Proofpoint gaben rund 76 Prozent der Befragten an, dass sie sich in den nächsten 12 Monaten einem erheblichen Cyberangriff ausgesetzt sehen. Im Vorjahr lag dieser Wert noch bei 70 Prozent.
Zudem glauben 58 Prozent der befragten CISOs, dass ihr Unternehmen nicht darauf vorbereitet ist. Neben dem allgemeinen Gefühl, dass ein Angriff fast unvermeidlich ist, räumen die Sicherheitschefs ein, dass verschiedene Herausforderungen sie bei ihren Aufgaben behindern. In erster Linie sehen sie bei ihrer Arbeit vier Probleme:
1. Teammitglieder werden nicht ausreichend befähigt, nach Prioritäten zu handeln
Viele CISOs geben offen zu, dass ihre Sicherheitsteams mehr Arbeit haben, als sie bewältigen können. Das führt zu viel Stress: Im 2025 CISO Pressure Index von Nagomi Security bekundeten rund 80 Prozent der CISOs, dass sie derzeit unter hohem oder extremem Druck stünden , BBei 87 Prozent hat der Druck bei in den vergangenen 12 Monaten zugenommen. Darüber hinaus geben 67 Prozent Befragten an, wöchentlich oder täglich ausgebrannt zu sein.
„Jeder CISO fühlt sich stark überfordert“, bestätigt Omar Khawaja, Leiter des Bereichs Field Security bei Databricks. „Um damit fertig zu werden, haben die CISOs gelernt, Prioritäten zu setzen.“ Bei den meisten stehe ganz oben auf ihrer Liste, die größten Risiken für das Unternehmen zu reduzieren, so Khawaja.
„Allzu oft schulen CISOs ihre Teammitglieder jedoch nicht, damit sie kompetente Entscheidungen treffen und Maßnahmen ergreifen können, die mit diesen Prioritäten übereinstimmen“, so der ehemalige CISO bei Highmark Health.Dadurch müssten Führungskräfte weiterhin alle Prioritätsentscheidungen treffen, was das gesamte Team verlangsamen würde.
CISOs sollten darauf hinarbeiten, dass ihre Teammitglieder wissen, wann und wie sie Prioritäten für ihre eigenen Arbeitsbereiche setzen müssen, „damit sich jedes einzelne Team auf die wichtigsten Dinge konzentriert“, fügt Khawaja hinzu.
„Dazu müssen Sie klare Mechanismen und Anweisungen für die Entscheidungsunterstützung schaffen“, erklärt er. „Es sollte Kriterien oder Faktoren geben, die festlegen, ob etwas vom Sicherheitsteam eine hohe, mittlere oder niedrige Priorität hat. Denn dann kann jedes Teammitglied jede Anfrage, die bei ihm eingeht, prüfen und sie sicher und effektiv priorisieren.“
2. Mit der Innovation und Einführung von KI nicht Schritt halten
Führungskräfte und Mitarbeiter haben sich gleichermaßen beeilt, künstliche Intelligenz einzusezten, angelockt von der Erwartung, dass KI Arbeitsabläufe verändern und Zeit, Geld sowie Aufwand sparen wird.
Die meisten CISOs haben jedoch mit der Geschwindigkeit der KI-Einführung durch ihre Geschäftskollegen nicht Schritt gehalten.
Laut einer Umfrage unter 921 IT- und Cybersicherheitsexperten im Rahmen des 2025 State of AI Data Security Report von Cyera nutzen 83 Prozent der Unternehmen KI. Aber nur 13 Prozent haben einen guten Überblick darüber, inwieweitdiese Systeme auf sensible Daten zugreifen oder wie sie mit ihnen umgehen; lediglich 16 Prozent behandeln KI als eigenständige Identität; nur elf Prozent der Unternehmen können riskante KI-Aktivitäten automatisch blockieren; und nur sieben Prozent verfügen über ein spezielles KI-Governance-Team.
„Die meisten CISOs kämpfen mit der Frage, wie sie die KI-Nutzung absichern können”, betont Robert T. Lee, Chief AI Officer und Forschungsleiter bei SANS.
Laut Lee verbieten viele CISOs aufgrund von Sicherheitsbedenken immer noch vorgeschlagene KI-Anwendungsfälle – was er als „Security Framework of No” bezeichnet – oder verlangsamen die Einführung, während sie die Sicherheit der KI bewerten.
„Es herrscht ein allgemeiner Mangel an Wissen darüber, wie man mit KI umgehen soll“, so Lee. „Fairerweise muss man sagen, dass die Unternehmen den CISOs hier nicht immer helfen“, bemerkt der Experte.
Ein anderer Punkt ist die häufig wechselnde KI-Strategie in vielen Unternehmen. „Eine neue KI-Version kommt heraus, und schon ändert sich die Agenda, und einen Monat später kommt etwas Neues heraus, und schon ändert sie sich wieder. Es ist also ein bewegliches Ziel, das das Sicherheitsteam schützen soll“, erklärt Lee.
Unabhängig davon ist es laut Lee klar, dass die Unfähigkeit des Sicherheitsteams, mit den KI-Innovationen Schritt zu halten, und der Wunsch des Unternehmens nach einer schnellen Einführung problematisch sind. „Indem es die Transformation verlangsamt, behindert dies nicht nur die Agenda des Unternehmens“,so der KI-Experte. „Es verhindert auch den Erfolg der Sicherheitsabteilung, da das Unternehmen oft die Security komplett umgeht, anstatt seine KI-Entwicklung zu verlangsamen oder zu stoppen.“
Infolgedessen sähen sich CISOs und ihre Unternehmen letztendlich mit Schatten-KI, unkontrollierten Agenten und undurchsichtigen Datenflüssen konfrontiert, die zu einem schlecht gesicherten, erweiterten Angriff führen, fügt Lee hinzu.
Natürlich besteht nach wie vor die Notwendigkeit, KI-Implementierungen angemessen zu bewerten und zu sichern, betont er und ergänzt, dass Unternehmen nicht einfach die Zusicherungen der Anbieter akzeptieren sollten, dass ihre KI-Komponenten sicher sind.
Nach Ansicht von Lee verfolgen CISOs, die mit der KI-Strategie ihrer Organisation Schritt halten, einen ganzheitlichen Ansatz, anstatt von Einsatz zu Einsatz zu arbeiten. Sie erstellen ein Risikoprofil für bestimmte Daten, sodass die Sicherheitsabteilung nicht viel Zeit mit der Bewertung von KI-Implementierungen verbringen muss und sich stattdessen auf KI-Anwendungsfälle konzentrieren kann, die Daten mit mittlerem oder hohem Risiko erfordern.
Außerdem würden sie einzelnen Abteilungen Sicherheitsmitarbeiter zuweisen, um den KI-Bedarf im Blick zu behalten. Zudem würden Sicherheitsteams in den Fähigkeiten geschult, die zur Bewertung und Sicherung von KI-Initiativen erforderlich sind.
3. Begrenzte Einführung von KI für Sicherheitsmaßnahmen
Wie ihre Kollegen aus dem Business setzen auch einige CISOs auf KI, um ihre Abläufe zu transformieren – doch trotz der Vorteile, die diese Technologie für die Cybersicherheit mit sich bringt, scheinen sie bei weitem nicht die Mehrheit zu bilden.
Die 2025 ISC2 Cybersecurity Workforce Study zeigt, dass nur 28 Prozent der 16.000 befragten Unternehmensleiter KI-Tools in ihre Sicherheitsabläufe integriert hatten. Die Studie ergab, dass 19 Prozent sie testeten und 22 Prozent sich in der frühen Evaluierungsphase befanden.
„CISOs haben etwas Aufholbedarf, wenn es darum geht, KI mit der gleichen Geschwindigkeit wie das Business einzusetzen“, betont Jon France, CISO von ISC2, einer Organisation für Cybersicherheitsschulungen und -zertifizierungen.
Dieses langsame Tempo bestehe fort, obwohl sich der Einsatz von KI in Sicherheitsabläufen als vorteilhaft erweist, fügt France hinzu und merkt an, dass 63 Prozent derjenigen, die KI-Sicherheitstools einsetzen, von einer deutlichen Steigerung ihrer Produktivität berichten.
In der ISC2-Studie gaben 40 Prozent der CISOs an, dass KI in kürzester Zeit den größten Einfluss auf Cybersicherheitsmaßnahmen haben wird, gefolgt von Sicherheitsmaßnahmen und Sicherheitstests (beide 30 Prozent), Schwachstellenmanagement (29 Prozent), Bedrohungsmodellierung und Endpunktschutz (beide 28 Prozent).
4. Mangel an benötigten Talenten und erforderlichen Fähigkeiten
CISOs berichten zwar schon seit langem von Schwierigkeiten bei der Einstellung ausreichend qualifizierter Sicherheitsmitarbeiter. Inzwischen sehen sie dieses Problem jedoch zunehmend als zentrales Hindernis für die Umsetzung ihrer Sicherheitsagenda.
In der Studie „2025 State of Cybersecurity Resilience” von Accenture identifizierten 83 Prozent der IT-Führungskräfte den Mangel an Cybertalenten „als großes Hindernis für die Erreichung einer starken Sicherheitslage”.
Das Problem ist dabei laut ISC2-Studie zweigeteilt:
Zunächst ist da der Fachkräftemangel: 63 Prozent der Befragten gaben 2025 an, dass sie einen leichten oder erheblichen Mangel an Cybersicherheitskräften haben, immerhin eine leichte Verbesserung gegenüber den 68 Prozent im Vorjahr.
Zweitens wächst die Qualifikationslücke. Dem Bericht zufolge haben 59 Prozent im Jahr 2025 einen kritischen oder erheblichen Bedarf an bestimmten Fähifkeiten (2024: 44 Prozent). 95 Prozent berichten von mindestens einem Skill-Bedarf – 5 Prozent mehr als im Vorjahr. Als dringendste Kompetenz nannten die Befragten KI-Know-how (41 Prozent), gefolgt von Cloud-Sicherheit (36 Prozent), Risikobewertung (29 Prozent), Anwendungssicherheit (28 Prozent), Sicherheitstechnik und Governance (27 Prozent) sowie Risiko und Compliance (ebenfalls 27 Prozent).
„Wir brauchen Menschen, die in der Lage sind, die Aufgaben von modernen Sicherheitsfunktionen zu erfüllen“, so France.
Auch Khawaja nennt den Mangel an „den richtigen Fähigkeiten im Sicherheitsteam“ als Hindernis für den Erfolg von CISOs. Er sieht die Herausforderung jedoch weniger im Fehlen von technischen Fähigkeiten oder sogar Soft Skills, sondern in sogenannten „Middle Skills“, etwa Risikomanagement und Change Management.
Diese Fähigkeiten werden nach Meinung von Khawaja immer wichtiger, um die Sicherheit besser mit dem Business zu verzahnen, die Benutzer zur Akzeptanz von Sicherheitsprotokollen zu bewegen und letztendlich die Sicherheitslage des Unternehmens zu verbessern. „Fehlen diese Fähigkeiten, kann das Sicherheitsteam nur begrenzt etwas ausrichten.”
Obwohl CISOs mit Arbeitsmarktbedingungen zu kämpfen haben, die weit außerhalb ihrer direkten Kontrolle und ihres Einflussbereichs liegen, gibt es laut Khawaja andere Maßnahmen, mit denen sie dem Mangel an Talenten und Fähigkeiten begegnen können. „Eine klare Talentstrategie, die sich auf die Einstellung von Mitarbeitern mit bestimmten Fähigkeiten und Kompetenzen konzentriert, kann CISOs dabei helfen, das zu bekommen, was sie zur Umsetzung ihrer Sicherheitsagenda benötigen.“ (jm)
View the full article
- 0 comments
- 30 views
-
Precision Finding can lead you to the exact location of an item with an AirTag attached to it, by showing you a directional arrow and your distance away from the item on a compatible iPhone, and now on a compatible Apple Watch too.
Precision Finding already existed on the above Apple Watch models for finding an iPhone 15 or newer, but there was no Precision Finding on the Apple Watch for finding an AirTag until now. As we confirmed, however, Precision Finding on the Apple Watch still does not work with the first-generation AirTag released in 2021.
To use Precision Finding to find a second-generation AirTag with a compatible Apple Watch, the watch must be running watchOS 26.2.1 or later.
How to set up the feature, according to Apple:
On your Apple Watch, go to Control Center.
Scroll to the bottom and tap Edit.
Tap the Add button.
Scroll down to Find Items.
Tap Find Items, then tap Find AirTag.
Tap Choose, then choose an item.
Tap the Done button, then tap Done.How to use the feature, according to Apple:On your Apple Watch, go to Control Center.
Scroll down and tap the Find AirTag button.
Follow the on-screen instructions and move around your space until your Apple Watch connects to your AirTag.
Follow the distance and direction information on your Apple Watch. When you are close to your AirTag, the watch screen turns green.If you have an original AirTag, you can still find it with Precision Finding on an iPhone 11 or newer.
With the AirTag 2, Precision Finding works at distances up to 1.5× farther away from an item compared to the original AirTag, but this longer range requires an iPhone 15 or newer, Apple Watch Series 9 or newer, or Apple Watch Ultra 2 or newer.
To learn more about the new AirTag, read our coverage of Apple's announcement.Tag: AirTag
This article, "Precision Finding on Apple Watch Doesn't Work With the Original AirTag" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 30 views
-
- 0 comments
- 32 views
-
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
This model of the AirPods Pro launched in September 2025 and has 2x better Active Noise Cancellation than the previous generation, better audio quality, a revised fit that's meant to improve comfort and stability, Live Translation for in-person conversations, and heart rate sensing for workouts.
$50 OFFAirPods Pro 3 for $199.00
Additionally, Amazon has the AirPods 4 with Active Noise Cancelation for $119.00, down from $179.00. This is a solid second-best price on the AirPods 4 with ANC, and both models have an estimated February 1 delivery date for free delivery options.
$60 OFFAirPods 4 (ANC) for $119.00
Keep up with all of this week's best discounts on Apple products and related accessories in our dedicated Apple Deals roundup.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "AirPod Pro 3 Return to $199 Record Low Price on Amazon, Plus AirPods 4 ANC at $119" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Issued in response to a June 6, 2025 executive order on strengthening federal cybersecurity, the advisory identifies classes of IT products that already use, or are transitioning toward, NIST-standardized PQC algorithms. CISA said the lists are intended to guide procurement and long-term migration planning as agencies assess systems that rely on public-key cryptography.
For enterprises, the guidance signals that quantum-safe cryptography is becoming a practical procurement consideration today, while also highlighting gaps. CISA noted that many listed product categories have implemented PQC for limited functions, such as key establishment, but are not yet fully quantum-resistant.
CISA noted PQC-ready product categories
The advisory highlighted several technology categories where PQC-compatible solutions are already available (or are in active transition) to help organizations evaluate purchase decisions and plan migration.
The advisory highlighted that several product categories under hardware and software are already using PQC Standards. These include cloud services (PaaS, IaaS), collaboration software (chat/messaging), web software (browsers and servers), and endpoint security (DAR security and full disk encryption).
Several other categories, including networking hardware and software, SaaS, telecommunications hardware, computers (physical or virtual), storage area networks, ICAM hardware, password managers, and antivirus software, were highlighted for their potential for adopting PQC.
CISA noted that none of these categories is fully quantum-resistant. “Most of these categories have implemented PQC for key encapsulation and key agreement but have not yet widely implemented PQC for digital signatures and authentication,” CISA said about the categories already using PQC Standards.
“As a result, these categories are not considered to be fully quantum resistant; CISA includes them on this list because one of their main security services is quantum resistant, and Federal Civilian Executive Branch (FCEB) departments and agencies should procure them appropriately.”
The advisory added a note for categories like operational technology (OT) and internet of things (IoT) devices that weren’t considered traditional IT products. “These also should be transitioning to PQC standards as well, but are out of scope for these lists,” it said.
PQC standards and algorithm roadmap
The CISA advisory is aimed at aligning technologies with the nascent PQC standards now added into federal policy. NIST’s post-quantum standardization project and its Federal Information Processing Standards (FIPS) publications formed the baseline for the advisory.
These include FIPS 203, which specifies the Module-lattice-Based Key Encapsulation Mechanism (ML-KEM) based on the CRYSTALS-KYBER algorithm for secure key establishment, FIPS 204, which defines the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) rooted in CRYSTALS-Dilithium for secure digital signatures, and FIPS 205, which covers the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) derived from SPHINCS+ hash-based signature scheme.
These standards implement mathematical constructions designed to resist both classical and quantum cryptanalytic attacks. To qualify as PQC-ready under CISA’s view, products are expected to implement these PQC primitives for key establishment (enabling two parties to negotiate secure session keys) and digital signatures (for authentication and integrity).
View the full article
- 0 comments
- 24 views
-
The update offers real-time collaboration with third-party apps like Asana, Slack, Figma, Canva, and more without requiring users to switch between tabs or apps.
The feature is powered by MCP Apps, a new extension to the Model Context Protocol that lets any MCP server deliver an interactive interface within supporting AI products. Anthropic open-sourced MCP last year as a universal standard for connecting tools to AI applications.
Per Anthropic's announcement, here's what you can now do directly in Claude:
Interactive tools are available on web and desktop for Pro, Max, Team, and Enterprise plans, with support said to be coming to Claude Cowork down the line.
The integrations are similar to ChatGPT's Apps system, introduced last October, which allows users to interact with third-party tools inside the chat interface.Tags: Anthropic, claude
This article, "Claude AI Now Lets You Use Slack, Figma, and Canva Within the Chat" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 28 views
-
Earlier this month, OpenAI announced the launch of ChatGPT Health, a dedicated section of ChatGPT where users can ask health-related questions completely separated from their main ChatGPT experience. For more personalized responses, users can connect various health data services such as Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton.
ChatGPT Health can also integrate with your medical records, allowing it to analyze your lab results and other aspects of your medical history to inform its answers to your health-related questions.
With this in mind, reporter Geoffrey Fowler gave ChatGPT Health access to 29 million steps and 6 million heartbeat measurements from his Apple Health app, and asked the bot to grade his cardiac health. It gave him an F.
Feeling understandably alarmed, Fowler asked his actual doctor, who in no uncertain terms dismissed the AI's assessment entirely. His physician said Fowler was at such low risk for heart problems that his insurance likely wouldn't even cover additional testing to disprove the chatbot's findings.
Cardiologist Eric Topol of the Scripps Research Institute was likewise unimpressed with the large language model's assessment. He called ChatGPT's analysis "baseless" and said people should ignore its medical advice, as it's clearly not ready for prime time.
Perhaps the most troubling finding, though, was ChatGPT's inconsistency. When Fowler asked the same question several times, his score swung wildly between an F and a B. ChatGPT also kept forgetting basic information about him, including his gender and age, despite it having full access to his records.
Anthropic's Claude chatbot fared slightly better – though not by much. The LLM graded Fowler's cardiac health a C, but it also failed to properly account for limitations in the Apple Watch data.
Both companies say their health tools aren't meant to replace doctors or provide diagnoses. Topol rightly argued that if these bots can't accurately assess health data, then they shouldn't be offering grades at all.
Yet nothing appears to be stopping them. The U.S. Food and Drug Administration earlier this month said the agency's job is to "get out of the way as a regulator" to promote innovation. An agency commissioner drew a red line at AI making "medical or clinical claims" without FDA review, but ChatGPT and Claude argue they are just providing information.
"People that do this are going to get really spooked about their health," Topol said. "It could also go the other way and give people who are unhealthy a false sense that everything they're doing is great."
ChatGPT's Apple Health integration is currently limited to a group of beta users. Responding to the report, OpenAI said it was working to improve the consistency of the chatbot's responses. "Launching ChatGPT Health with waitlisted access allows us to learn and improve the experience before making it widely available,” OpenAI VP Ashley Alexander told the publication in a statement.Tags: Apple Health, ChatGPT
This article, "ChatGPT's Apple Health Integration Flaws Exposed in New Report" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
From AI fatigue to some much-needed clarity
A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically, they’re both AI, but the risks are nowhere near the same. The easiest way to cut through the AI hype is to break AI into categories based on how independent the system is and how much damage it could do if something went wrong.
On one end, you have generative AI, which doesn’t act on its own. It responds to prompts. It creates content. It helps with research or writing. Most of the risk here comes from people using it in ways they shouldn’t — sharing sensitive data, pasting in proprietary code, leaking intellectual property and so on. The good news is that these problems are manageable. Clear acceptable-use policies, training people on what not to put into GenAI tools and implementing enforceable technical controls will handle a big chunk of the security considerations with generative AI.
The risk grows when companies let GenAI influence decisions. If the underlying data is wrong, poisoned or incomplete, then the recommendations built on top of that data will be wrong too. That’s where CISOs need to pay attention to data integrity, not just data protection.
Then there’s the other end of the spectrum: agentic AI. This is where the stakes are raised. Agentic systems don’t just answer questions — they take actions. They sometimes make choices. Some can trigger workflows or interact with internal systems with very little human involvement. The more independent the system, the bigger the potential impact. And unlike GenAI, you can’t rely on “better prompts” to fix the problem.
If an agentic AI drifts into “bad behavior,” the consequences can land extremely fast. That’s why CISOs need to get ahead of this category now. Once the business starts depending on autonomous systems, trying to bolt on safeguards afterward is almost impossible.
Why CISOs actually have an opening here
If you’ve been in security long enough, you’ve probably lived through at least one technology wave where the business moved ahead and security was asked to play catch-up. Cloud adoption is one recent example. And once that train left the station, there was no looking back and there was certainly no slowing down.
AI is different. Most companies – even the most forward-thinking ones – are still figuring out what they want from AI and how to best deploy it. Outside of tech, many executives are experimenting without any real strategy at all. This creates a window for CISOs to set expectations early.
This is the moment to define the “unbreakable rules,” shape which teams will review AI requests and put some structure around how decisions are made. Security leaders today have more influence than they did in earlier technology shifts, and AI governance has quickly become one of the most strategic responsibilities in the role.
Data integrity: Foundational to AI risk
When people talk about the CIA triad, “integrity” usually gets the least airtime. In most organizations, applications handle integrity quietly in the background. But AI changes how we think about it.
If the data feeding your AI systems is compromised, incomplete, incorrect or manipulated, then the decisions built on top of that data can affect financial processes, supply chains, customer interactions or even physical safety. The job of the CISO now includes making sure AI systems rely on trustworthy data, not just protected data. Those two aren’t the same thing anymore.
A simple, tiered approach to AI governance
To make sense of all the different AI use cases, I recommend a tiered approach. It mirrors how many companies already handle third-party risk: the higher the risk, the more scrutiny and controls you apply.
Step 1: Categorize AI usage
A practical AI governance program begins by categorizing each use case according to two core metrics: the system’s level of autonomy and its potential business impact. Autonomy spans a spectrum, from reactive generative AI to assisted decision-making, to human-in-the-loop agentic systems and ultimately to fully independent AI agents.
Each AI use case must be evaluated for its impact on the business, categorizing the impact simply as low, medium or high. Low-impact, low-autonomy systems may require only lightweight oversight, whereas high-autonomy, high-impact use cases demand formal governance, rigorous architectural review, continuous monitoring – and in some cases, explicit human oversight or the addition of a kill switch. This structured approach allows CISOs to quickly determine when stricter controls are needed and when concepts such as zero-trust principles should be applied inside AI systems themselves.
Step 2: Define table-stakes controls for all AI
Once risk tiering is in place, CISOs must ensure that foundational controls are consistently applied across all AI deployments. Regardless of the technology’s sophistication, every organization needs clear and enforceable acceptable use policies, security awareness training that addresses AI-specific risks and technical controls that prevent data leakage and undesirable behavior. Basic monitoring for anomalous AI activity further ensures that even low-risk generative AI use cases operate within safe and predictable boundaries.
Step 3: Determine where AI review will occur
With these foundations established, organizations must determine where AI governance will actually occur. The right forum depends on organizational maturity and existing structures. Some companies may integrate AI reviews into an established architecture review board or a privacy or security committee; others may need a dedicated, cross-functional AI governance body. Regardless of the structure chosen, effective AI oversight requires input from security, privacy, data, legal, product and operations. Governance cannot be the responsibility of a single department — AI’s impact reaches across the entire enterprise, and so must its oversight.
Step 4: Establish unbreakable rules and critical controls
Finally, before any AI use case is approved, the organization must articulate its non-negotiable rules and critical controls. These are the boundaries that AI systems must never cross, such as autonomously deleting data or exposing sensitive information. Some systems may require explicit human oversight, and any agentic AI that can bypass human-in-the-loop mechanisms must include a reliable kill switch.
Least-privilege access and zero-trust principles should also apply within AI systems, preventing them from inheriting more authority or visibility than intended. These rules should be dynamic, evolving as AI capabilities and business needs change.
AI isn’t optional anymore, but good governance can’t be optional either
CISOs don’t have to become machine-learning experts or slow the business down. What they do need is a clear, workable way to judge AI risks and keep things safe as adoption grows. Breaking AI down into understandable categories, pairing that with a simple risk model and getting the right people involved early will go a long way toward reducing the overwhelm.
AI will reshape every corner of the enterprise. The question is who will shape AI. For the first time in a long time, CISOs have the chance to set the rules, not scramble to enforce them.
Carpe diem!
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
- 0 comments
- 30 views
-
The subscriptions will reportedly include exclusive features to aid creativity, productivity, and expanded AI capabilities.
Meta says each app will have its own distinct set of premium features, giving users "more control over how they share and connect, while keeping the core experiences free." However, it sounds as if Meta hasn't yet settled on what each sub will offer, with the company planning to experiment with various bundles.
For Instagram, for example, premium subscribers could create unlimited audience lists, see which followers don't follow them back, and view Stories anonymously. Paid features on WhatsApp and Facebook are likely to provide equivalent functionality.
Meta also intends to incorporate Manus, an AI agent it recently acquired for a reported $2 billion, into its subscription plans. The company will continue selling Manus subscriptions to businesses separately.
AI-powered video appears to be another upcoming offering, courtesy of Meta's Vibes feature, which targets creators and businesses with verification badges and priority support. Vibes has been free since it launched last year, but Meta now plans to offer freemium access to Vibes video creation, with the option to subscribe to unlock additional video creation opportunities each month.
It won't be the first time a social platform has adopted subscription-based access. X (Twitter) has its paid-for tiers, and Snap has shown that the model can work, with Snapchat+ gaining 16 million subscribers at $3.99 per month. Tag: Meta
This article, "Premium Subscriptions Coming to Facebook, Instagram, WhatsApp" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 25 views
-
Teams now ship code many times a day, yet many engineers still fight slow releases, fragile deployments, noisy alerts, and last-minute rollbacks. As a result, they lose time in handoffs, and they lose trust in the delivery pipeline. Today, cloud platforms, microservices, and CI/CD demand consistent automation, strong operational habits, and clear ownership across development and operations. Therefore, a Certified DevOps Engineer path helps you build job-ready skills that connect planning, coding, testing, releasing, and operating systems with discipline and speed. In this guide, you will learn what the role-focused certification represents, how the workflow fits real delivery, what mistakes to avoid, and how to apply the practices in everyday projects. Why this matters: you reduce delivery risk while you improve reliability and team confidence.
What Is Certified DevOps Engineer?
A Certified DevOps Engineer validates your ability to apply core DevOps practices in real delivery work, not only to recall definitions. In practice, you align people, process, and automation so you can release changes safely and repeatedly. For example, you design a CI pipeline that runs tests, you package builds consistently, you automate infrastructure changes, and you add monitoring that tells the truth when incidents happen. You also use common tools such as Git, CI servers, containers, orchestration, configuration management, and observability to support the full lifecycle. DevOpsSchool describes its CDE as a program that tests knowledge and hands-on skills across CI/CD, automation, configuration management, and monitoring, with familiarity in tools like Jenkins, Docker, Kubernetes, Git, and Ansible. Why this matters: you prove practical readiness for modern delivery teams, not just theoretical awareness.
Why Certified DevOps Engineer Is Important in Modern DevOps & Software Delivery
Modern software delivery depends on short feedback loops, so teams must integrate code often and release with confidence. However, many organizations still suffer from manual approvals, environment drift, and inconsistent deployments. A Certified DevOps Engineer focus matters because it trains you to connect CI/CD with cloud operations, agile planning, and reliability habits. For example, you standardize builds, you automate provisioning, you treat configuration as code, and you monitor services with meaningful signals. As a result, teams reduce downtime, shorten lead time, and recover faster when failures happen. DevOpsSchool positions the CDE around implementing core DevOps practices and real-world problem solving in pipelines and cloud-native automation. Why this matters: you turn “faster delivery” into controlled delivery that protects customers and revenue.
Core Concepts & Key Components
DevOps Culture & Shared Ownership
Purpose: You remove silos so teams ship and operate together.
How it works: You define ownership, you use clear runbooks, and you agree on quality gates that everyone follows.
Where it is used: Product teams, platform teams, and SRE teams use shared ownership during releases and incidents. Why this matters: culture prevents repeat failures when tools alone cannot fix coordination gaps.
Version Control & Trunk-Based Practices
Purpose: You keep code changes small, reviewable, and easy to integrate.
How it works: You use Git workflows, you enforce code review, and you merge frequently to avoid long-lived drift.
Where it is used: Every pipeline starts with versioned source, versioned config, and versioned IaC. Why this matters: frequent integration reduces costly merge conflicts and late defect discovery.
CI Pipelines & Quality Gates
Purpose: You catch issues early and keep mainline stable.
How it works: You run unit tests, linting, security checks, and build packaging on every change, then you fail fast.
Where it is used: Developers and QA rely on CI to validate code before it reaches staging or production. Why this matters: early validation saves release time and prevents avoidable incidents.
CD, Release Strategy & Deployment Safety
Purpose: You deliver changes reliably, even under frequent releases.
How it works: You use staged rollouts, approvals where needed, and rollback plans; you adopt blue/green or canary when risk rises.
Where it is used: Internet-facing services, internal APIs, and regulated systems all use safer rollout patterns. Why this matters: safe deployment reduces the “Friday release fear” and protects uptime.
Infrastructure as Code & Configuration Management
Purpose: You prevent drift and you scale environments consistently.
How it works: You define infra and config declaratively, you run automated provisioning, and you audit changes through Git history.
Where it is used: Cloud provisioning, cluster setup, network rules, and server configuration all benefit from IaC. Why this matters: consistent environments reduce “works on my machine” failures.
Containers, Orchestration & Platform Standards
Purpose: You standardize runtime behavior across teams and environments.
How it works: You package apps in containers, you define resources and policies, and you orchestrate at scale using platforms like Kubernetes.
Where it is used: Microservices, batch jobs, and platform engineering setups rely on orchestration to scale safely. Why this matters: standard platforms reduce operational variance and speed up onboarding.
Observability, Monitoring & Incident Response
Purpose: You detect problems early and you restore service quickly.
How it works: You collect metrics, logs, and traces; you define SLOs; and you run incident processes with postmortems.
Where it is used: Production services, customer-facing apps, and internal platforms all need strong observability. Why this matters: visibility turns outages into manageable events with clear actions.
How Certified DevOps Engineer Works (Step-by-Step Workflow)
First, you start with a delivery goal, such as “ship a new API feature weekly without downtime,” and you map the pipeline from commit to production. Next, you store code and configuration in Git, and you set branching and review rules that match team risk. Then, you build a CI pipeline that runs tests, produces an artifact, and publishes it to a registry. After that, you define infrastructure and environment configuration as code, so every environment matches the same baseline. Next, you deploy through stages, so you validate in dev and staging before production, and you add release checks that reflect real service health. Finally, you monitor production with alerts that tie to customer impact, and you run incident response with runbooks and learning-focused postmortems. DevOpsSchool describes the CDE as testing skills in CI/CD, automation, configuration management, and monitoring, which aligns directly with this lifecycle workflow. Why this matters: a step-by-step workflow helps you scale delivery without scaling chaos.
Real-World Use Cases & Scenarios
In fintech, teams release payment updates frequently, so DevOps engineers coordinate secure pipelines, automated tests, and controlled rollouts to avoid transaction failures. In e-commerce, engineers handle traffic spikes, so they use autoscaling, observability, and canary releases to protect checkout flows during peak events. In SaaS products, platform teams standardize Kubernetes clusters and CI templates, so developers ship faster while SREs keep reliability consistent. Meanwhile, QA engineers integrate automated test suites into CI, and cloud engineers codify networking and identity policies through IaC, so teams reduce drift and audit effort. As a result, businesses improve lead time, lower incident rates, and increase deployment confidence across teams. Why this matters: real outcomes matter more than tooling lists, and use cases show how DevOps changes delivery performance.
Benefits of Using Certified DevOps Engineer
Productivity: You reduce manual steps, so teams spend more time building and less time firefighting. Reliability: You add repeatable pipelines and safer rollouts, so you prevent avoidable outages. Scalability: You standardize environments and automation, so the system grows without fragile one-off fixes. Collaboration: You align developers, QA, DevOps, and SRE on shared practices, so handoffs become smoother. Therefore, certification-focused learning helps you connect skills into one delivery system, not scattered tactics. Why this matters: benefits compound when you apply them together across the lifecycle.
Challenges, Risks & Common Mistakes
First, many beginners over-focus on tools, so they ignore process design and ownership, which later creates brittle pipelines. Next, teams often skip testing strategy, so they run slow pipelines with low signal, and they lose trust in automation. Also, engineers sometimes push IaC without governance, so they create security gaps and uncontrolled changes. Moreover, teams misuse alerts, so they trigger noise and burn out responders. To mitigate, you define quality gates, you enforce least privilege, you version everything, and you design alerts around user impact and SLOs. Why this matters: recognizing risks early prevents expensive rework and production instability.
Comparison Table
Traditional Ops-Heavy DeliveryCertified DevOps Engineer ApproachManual deployments during change windowsAutomated CI/CD with consistent release stepsTicket-driven environment changesIaC-driven changes with Git history and reviewSiloed dev vs ops responsibilitiesShared ownership across dev, ops, QA, and SRELate testing near release timeEarly testing in CI with fast feedbackSnowflake servers and hidden configStandardized config management and repeatable setupsBig-bang releases with high riskProgressive delivery (staged, canary, rollback-ready)Reactive monitoring after incidentsObservability-first monitoring tied to service healthLocal scripts and tribal knowledgeDocumented runbooks and repeatable automationSlow recovery due to unclear actionsIncident response process with learning postmortemsScaling by adding manual effortScaling by templates, platforms, and automation Why this matters: comparison clarifies what changes in day-to-day work when you move from manual delivery to disciplined delivery.
Best Practices & Expert Recommendations
First, treat everything as versioned work, including code, config, IaC, and pipeline definitions, so you can trace changes quickly. Next, keep pipelines fast and meaningful, so engineers trust results and act on failures immediately. Also, enforce security early with secret management and least privilege, so you reduce downstream risk. Moreover, standardize environments through templates and golden paths, so teams onboard faster and avoid drift. Finally, measure delivery and reliability with clear metrics like lead time, change failure rate, and recovery time, then improve them iteratively. Why this matters: best practices turn DevOps from a one-time setup into a sustainable operating model.
Who Should Learn or Use Certified DevOps Engineer?
Developers can use it to understand CI/CD, release strategy, and production readiness so they ship features responsibly. DevOps engineers can use it to strengthen automation, platform consistency, and delivery governance across teams. Cloud engineers can apply it to codify infrastructure and improve repeatability across regions and accounts. QA engineers can integrate test automation and quality gates into pipelines, while SREs can align monitoring, incident response, and reliability targets with delivery speed. It fits both early-career learners who need structured practice and experienced engineers who want to formalize and validate skills. Why this matters: the right audience match increases learning ROI and career impact.
FAQs – People Also Ask
1) What is Certified DevOps Engineer?
It validates practical DevOps skills across CI/CD, automation, configuration management, and monitoring. Why this matters: you prove applied capability, not just theory.
2) Do I need programming skills for it?
You should understand scripting basics and Git workflows, because automation and pipelines rely on them. Why this matters: small scripts often unlock big delivery improvements.
3) Is it suitable for beginners?
Yes, if you start with fundamentals and practice labs, then you connect tools into a workflow. Why this matters: structure helps beginners avoid random tool hopping.
4) How does it help in CI/CD work?
It strengthens pipeline thinking: tests, artifacts, deployment stages, and rollback readiness. Why this matters: CI/CD failures often cause delays and outages.
5) Which tools should I know?
Common stacks include Git, Jenkins, Docker, Kubernetes, and Ansible, alongside monitoring tools. Why this matters: tool familiarity speeds execution in real teams.
6) How does it compare with cloud-specific DevOps certifications?
It focuses on general DevOps delivery patterns, while cloud-specific certifications emphasize one provider’s services. Why this matters: you choose credentials that match your job scope.
7) Does it help SRE and reliability roles?
Yes, because it connects delivery changes with monitoring, incident response, and safer rollouts. Why this matters: reliability depends on how teams ship changes.
8) What experience level benefits most?
Both juniors and mid-level engineers benefit, because practice bridges gaps between learning and production work. Why this matters: applied practice accelerates confidence and outcomes.
9) What mistakes should I avoid while learning DevOps?
Avoid copying pipelines blindly, ignoring testing strategy, and treating alerts as noise generators. Why this matters: these mistakes create fragile systems and burnout.
10) How do I show value after certification?
You can improve one delivery metric, automate one painful manual task, and reduce one recurring incident pattern. Why this matters: measurable wins build trust and growth.
Branding & Authority
DevOpsSchool provides structured, hands-on learning that aligns with how modern teams ship and operate software at scale. When you learn through DevOpsSchool, you follow a platform approach that connects DevOps, DevSecOps, SRE, and cloud-native delivery so you can apply skills in real projects, not only in quizzes. The Certified DevOps Engineer page highlights practical domains such as CI/CD pipelines, automation, configuration management, and monitoring, which match day-to-day enterprise delivery expectations. Also, when you reference the official course page for Certified DevOps Engineer, you keep learning aligned with the curriculum and evaluation goals, so you avoid wasted effort. Why this matters: trusted structure helps you build skills that employers recognize and teams actually use.
Rajesh Kumar supports learners as a mentor with a practitioner-first approach, so you learn how to think in systems, not just how to click through tools. When you learn under Rajesh Kumar, you benefit from long-term hands-on exposure to modern delivery realities, including DevOps and DevSecOps practices, Site Reliability Engineering (SRE) methods, and DataOps, AIOps, and MLOps ways of working. Also, he emphasizes Kubernetes and cloud platforms, CI/CD automation, and practical troubleshooting, so you build confidence in production-style scenarios. The DevOpsSchool Certified DevOps Engineer page lists Rajesh Kumar among mentors, which reinforces the practitioner link between learning and industry needs. Why this matters: strong mentorship shortens your learning curve and improves how you operate under real delivery pressure.
Call to Action & Contact Information
Course page: Certified DevOps Engineer
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
- 0 comments
- 39 views
-
- 0 comments
- 32 views
-
So much so, that it predicts that 50% of organizations will implement a zero-trust stance for data governance by 2028 due to the proliferation of unverified AI-generated data.
According to data from a recent 2026 survey of CIOs and technology executives, 84% expect their companies to increase funding for generative AI. As organizations accelerate both the adoption and investment in AI initiatives, the volume of AI-generated data will continue to grow. This means that future generations of LLMs will increasingly be trained on the outputs of previous models, increasing the risk of “model crash,” where AI tools’ responses may no longer accurately reflect reality.
“Organizations can no longer implicitly trust data or assume it was human generated. As AI-generated data becomes pervasive and indistinguishable from human-created data, a zero-trust posture establishing authentication and verification measures, is essential to safeguard business and financial outcomes,” said Wan Fui Chan, executive vice president at Gartner, in a statement.
Chan also pointed out that “regulatory requirements for verifying ‘AI-free’ data are expected to intensify in certain regions.”
“However, these requirements may differ significantly across geographies, with some jurisdictions seeking to enforce stricter controls on AI-generated content, while others may adopt a more flexible approach,” Chan said in the release.
LLMs are typically trained using data extracted from the web, as well as a variety of other sources, including books, code repositories, and research articles. Some of these sources already contain AI-generated content, and if the current trend continues, almost all of them will eventually be filled with AI-generated data.
“In this evolving regulatory environment,” Chan continued, “all organizations will need the ability to identify and tag AI-generated data. Success will depend on having the right tools and a workforce skilled in information and knowledge management, as well as metadata management solutions that are essential for data cataloging.”
As a result, Gartner points out that proactive metadata management practices will become a key differentiator, as they will allow organizations to analyze, alert, and automate decision-making across all their data assets.
View the full article
- 0 comments
- 31 views
-
- 0 comments
- 43 views
-
- 0 comments
- 30 views
-
But a growing number of CISOs now expect an incident sooner than later: Some 76% said they feel at risk of experiencing a material cyberattack in the next 12 months, according to the Voice of the CISO Report released by security tech company Proofpoint in August 2025. That’s up from 70% the prior year.
The report also found that 58% of CISOs believe their organization is unprepared to respond.
Besides the overall feeling of near inevitability of attack, security chiefs acknowledge that various challenges keep them from boosting their overall security posture and feeling more confident in their ability to block or respond to attacks.
Here, security leaders share four issues that hold back the enterprise security agenda.
1. Failure to train and empower team members to act on priorities
CISOs readily admit their security teams have more work to do than can be done. That leads to a lot of stress: Some 80% of CISOs report being under high or extreme pressure today, according to the 2025 CISO Pressure Index from tech maker Nagomi Security, and 87% said that pressure has increased over the past 12 months. Additionally, 67% report being burned out weekly or daily.
“Every CISO feels very overwhelmed,” says Omar Khawaja, who leads Databricks’ field security practice, teaches at Carnegie Mellon University’s CISO program, and sits on the boards of HITRUST and FAIR Institute.
To cope, CISOs have become skilled at prioritizing, with tasks that reduce the most significant risks to the organization topping their lists.
Too often, however, CISOs don’t train their team members so they can competently make decisions and take actions that align with those priorities, says Khawaja, a former CISO at Highmark Health.
That keeps executives making all the priority calls, which ties them up and slows the whole team down.
CISOs should aim to have team members know when and how to make prioritization calls for their own areas of work, “so that every single team is focusing on the most important stuff,” Khawaja says.
“To do that, you need to create clear mechanisms and instructions for how you do decision-support,” he explains. “There should be criteria or factors that says it’s high, medium, low priority for anything delivered by the security team, because then any team member can look at any request that comes to them and they can confidently and effectively prioritize it.”
2. Inability to keep pace with AI innovation and adoption
Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.
But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.
According to a survey of 921 IT and cybersecurity professionals conducted for Cyera’s 2025 State of AI Data Security Report, 83% of organizations use AI but only 13% have strong visibility into how those systems access or handle sensitive data; only 16% treat AI as a distinct identity; only 11% of organizations can automatically block risky AI activity; and only 7% have a dedicated AI governance team.
“Most CISOs are wrestling with how to secure AI,” says Robert T. Lee, chief AI officer and chief of research at SANS, a security training and certification firm.
According to Lee, a good number of CISOs still either prohibit proposed AI use cases because of security concerns — what he terms the “Security Framework of No” — or slow adoption while they evaluate the AI’s security.
“There is a general lack of knowledge on how to approach AI,” Lee says.
In fairness to CISOs, the business doesn’t always help matters here, Lee notes. “At many organizations their AI strategy is changing quickly; a new AI version comes out and so their agenda changes, and then a month later something else new comes out and it changes again. There is this moving target of what the security team is being asked to secure,” he says.
Regardless, Lee says it’s clear that the security team’s inability to keep pace with AI innovation and the enterprise’s desire to quickly adopt is problematic. It stymies the organization’s agenda by slowing transformation. It also hinders the security department’s success, because the business often bypasses security altogether rather than have to slow or stop its AI journey.
As a result, CISOs and their organizations end up with shadow AI, unmanaged agents, and opaque data flows that create a poorly secured expanded attack, Lee adds.
Of course, there is still a need to adequately evaluate and secure AI deployments, Lee says, adding that organizations should not simply accept vendor assurances that their AI components are secure.
According to Lee, the CISOs who keep pace with their organization’s AI strategy take a holistic approach, rather than work deployment to deployment. They establish a risk profile for specific data, so security doesn’t spend much time evaluating AI deployments that use low-risk data and can prioritize work on AI use cases that need medium- or high-risk data. They also assign security staffers to individual departments to stay on top of AI needs, and they train security teams on the skills needed to evaluate and secure AI initiatives.
3. Limited adoption of AI for security operations
Like their business colleagues, some CISOs are embracing AI to transform their operations — but they appear far from being a majority, despite the benefits the technology brings to cybersecurity.
The 2025 ISC2 Cybersecurity Workforce Study found that only 28% of the 16,000 enterprise leaders surveyed had integrated AI tools into their security operations. The study found 19% testing them and 22% in the early evaluation phase.
“CISOs are playing a bit of catch-up” in terms of deploying AI at the same speed as the business, says Jon France, CISO of ISC2, a cybersecurity training and certification organization.
That slow pace exists even though use of AI in security operations is proving beneficial, France adds, noting that 63% of those who are using AI security tools reported a significant boost to their productivity.
According to the ISC2 study, “In terms of where AI is expected to have the most impact on cybersecurity operations in the shortest amount of time, 40% pointed toward network monitoring for the highest positive impact, followed by security operations and security testing (both at 30%), vulnerability management (29%), threat modeling and endpoint protection (both at 28%).”
4. The lack of needed talent and required skills
Although CISOs have long cited challenges in hiring enough qualified security workers, they’re increasingly citing it as a roadblock to advancing their security agendas.
The 2025 State of Cybersecurity Resilience from professional services firm Accenture found that 83% of IT executives identified their cyber talent shortage “as a major obstacle to achieving a strong security posture.”
The ISC2 study highlighted a two-headed problem.
First is the talent shortage, with 63% reporting in 2025 that they have a slight or significant cybersecurity shortage, a modest improvement over the 68% who said as much in 2024.
Second is the skills gap. According to the report, 59% in 2025 have critical or significant skills needs, up from 44% in 2024, and 95% have at least one or more skills needs, up 5% on the previous year. Survey respondents said AI was the most pressing skills need (41%), followed by cloud security (36%), risk assessment (29%), application security (28%), security engineering and governance, (27%) and risk and compliance (also at 27%).
“We need people who are suitable to discharge the duties of security roles today,” France says.
Khawaja also cites the lack of “the right skills on the security team” as an obstacle for CISO success.
However, Khawaja sees the challenge for CISOs not being about hiring for technical skills or even soft skills, but what he called “middle skills,” such as risk management and change management. These skills he sees becoming more crucial for aligning security to the business, getting users to adopt security protocols, and ultimately improving the organization’s security posture. “If you don’t have [those middle skills], there’s only so far the security team can go,” he says.
Although CISOs are fighting labor market forces that are well beyond their direct control and influences, Khawaja and others say there are steps CISOs can take to address their talent and skills shortages, saying a solid talent strategy that focuses on hiring for skills and competencies can help CISOs get what they need to advance their security agendas.
View the full article
- 0 comments
- 32 views
-
Cloud Security bleibt ein diffiziles Thema und die Tools, mit denen sie sich gewährleisten lässt, werden zunehmend komplexer und schwieriger zu durchschauen – auch dank der ungebrochenen Liebe der Branche zu Akronymen. Mit CNAPP kommt nun ein weiteres hinzu.
CNAPP – Definition
Die Abkürzung steht für Cloud-Native Application Protection Platform – und kombiniert die Funktionen von vier separaten Cloud-Security-Werkzeugen:
Cloud Infrastructure Entitlement Management (CIEM), um sämtliche Zugriffskontrollmaßnahmen und Risikomanagement-Tasks zu managen. Cloud Workload Protection Platform (CWPP), um Code in allen cloudbasierten Repositories abzusichern sowie Laufzeitschutz für die gesamte Entwicklungsumgebung und alle Code-Pipelines zu gewährleisten. Cloud Access Security Broker (CASB) für Authentifizierungs- und Encryption-Aufgaben. Cloud Security Posture Management (CSPM), das Threat Intelligence und Abhilfemaßnahmen kombiniert. Über diese vier „klassischen“ Elemente hat sich CNAPP inzwischen auch auf andere Bereiche ausgeweitet. Zum Beispiel:
API-, Skript-, Supply-Chain– sowie Infrastructure-as-Code (IaC)-Sicherheit, Container– und Serverless-Security, sowie weitere Posture-Management-Tools, einschließlich Daten- und SaaS-Applikationen. Aus Anwendersicht ist CNAPP damit sowohl schwer zu verstehen als auch diffizil zu evaluieren – und entsprechend schwer einzukaufen, wie Forrester-Chefanalyst Andras Cser in einem Blogbeitrag zum Thema nahelegt. Weil teilweise auch Security-Optionen außerhalb der Cloud abgedeckt würden, sei jede CNAPP-Kaufentscheidung und -Implementierung auch eine Team- oder abteilungsübergreifende Aufgabe, so der Analyst.
Anders ausgedrückt: Geht‘s um CNAPP, muss eine ganze Menge Software abgestimmt, gemanagt, integriert und verstanden werden. Um Ihnen den Überblick zu erleichtern, haben wir die Details zu den wichtigsten Anbietern und Angeboten in diesem Kaufratgeber zusammengetragen.
Der CNAPP-Markt
Geprägt hat die Produktkategorie – beziehungsweise das Akronym – einmal mehr Gartner. Das Analystenhaus verwendete den Begriff CNAPP erstmals in seinem „Innovation Insight“-Report aus dem August 2021.
Der Schlüssel zum Verständnis dieser Produktkategorie liegt in den Integrationsherausforderungen für Unternehmensanwender: Im „State of Observability Report“ von VMware geben 57 Prozent der Befragten an, dass innerhalb einer typischen Cloud-Anwendung bis zu 50 verschiedene Technologien zum Einsatz kommen – die im Schnitt mit zehn Monitoring-Tools gemanagt werden.
Und laut dem „Observability Report 2024“ (Download gegen Daten) von Dynatrace besteht eine typische Enterprise-Umgebung im Schnitt aus einem Dutzend unterschiedlichen Cloud-Plattformen, wobei regelmäßig ein Mix aus Private-, Public- und Hybrid-Cloud-Strategien zur Anwendung kommt. Hinzu kommen dann noch verschiedene Instanzen virtueller Maschinen, Kubernetes-Container sowie Serverless- und Microservices-Tools.
Diese erhebliche Integrationsbelastung könnte auch ein Grund dafür sein, dass der CNAPP-Markt im zweiten Quartal 2024 ein Gesamtvolumen von 700 Millionen Dollar erreicht hat und damit im Jahresvergleich um 42 Prozent gewachsen ist – wie die Analysten der Dell’Oro Group berichten.
CNAPP-Anbieter und ihre Angebote
Im Idealfall sollte eine CNAPP-Lösung:
Fehlkonfigurationen reduzieren, das Security-Niveau der Entwicklungspipeline optimieren, sowie effektiv automatisieren. Die Anbieter verfolgen mit Blick auf CNAPP zwei unterschiedliche Ansätze: Entweder sie fokussieren die DevSecOps– oder die traditionelle IT-Security-Perspektive. Ersteres hat einen stärkeren Fokus auf den Schutz der Applikationen selbst zur Folge (CIEM/CWPP), letzteres eine Ausweitung traditioneller Schutzmaßnahmen auf Netzwerkebene (CASB/CSPM). Bislang deckt kein CNAPP-Offering wirklich konsequent alle vier Bereiche ab.
Natürlich spielt künstliche Intelligenz (KI) auch in diesem Bereich zunehmend eine Rolle: Diverse CNAPP-Anbieter integrieren, beziehungsweise kombinieren KI-Agenten und agentenlose Lösungen in ihren Produkten, um ein umfassenderes Monitoring und eine möglichst breite Abdeckung und Scalability zu bieten.
Aqua Security Platform
Fokus: DevSecOps
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: „(No-)Breach-Garantie“ bis zu einer Million Dollar;
Preisgefüge: kostenlose Trial-Version; ab 850 Dollar pro Monat;
CrowdStrike Falcon Cloud Security
Fokus: DevSecOps / IT-Security
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: Cloud Detection and Response (CDR), AppSec, Schwachstellenanalyse für Container-Images;
Preisgefüge: Abonnement-Preis richtet sich nach den gewählten Produkten;
Data Theorem
Fokus: DevSecOps
Form: Separate Produkte für Cloud, Web und Supply Chain;
Besondere Features/Integrationen: Headliner Attack Policies, Artifact Scanning, zentrale Analyse-Engine, Kubernetes-Support;
Preisgefüge: komplex und teuer; unterschiedliche Tarife für jedes Produkt;
Lacework FortiCNAPP
Fokus: IT-Security
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: Verhaltensbasierte Schutzregeln, SOAR, AppSec, Scans für Build- und Deployment-Pipelines;
Preisgefüge: kostenlose Probeversion; richtet sich nach der Nutzungsdauer sowie den in Anspruch genommenen vCPUs;
Orca CNAPP
Fokus: IT-Security
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: Side Scanning, Risikopriorisierung, AppSec-Pipelines, KI-Features;
Preisgefüge: orientiert sich an Workloads, Storage Buckets und Datenbank-Scans sowie den eingesetzten Sensoren;
Palo Alto Networks Cortex Cloud
Fokus: IT-Security
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: CDR, AppSec-Integration, Laufzeitschutz und DSPM, Support für IBM und Akamai Clouds geplant;
Preisgefüge: komplex und teuer; richtet sich nach den gewählten Modulen und abgesicherten Workloads;
Qualys Total Cloud CNAPP
Fokus: IT-Security
Form: Einheitliche Plattform;
Besondere Features/Integrationen: CDR, Container und IaC-Security, SaaS Posture Management, KI-Funktionen;
Preisgefüge: kostenlose Probeversion; Abo-Modell auf Workload-Basis;
Sysdig Secure
Fokus: DevSecOps
Form: Einzelprodukt;
Besondere Features/Integrationen: „Next Generation“ CDR, Risikopriorisierung, KI-Funktionen und-Analysen;
Preisgefüge: Festpreis pro Host Model; ab circa 500 Dollar pro Monat;
Tenable Cloud Security
Fokus: IT-Security
Form: Standalone-Lösung oder als Bestandteil der Exposure-Management-Plattform Tenable One;
Besondere Features/Integrationen: Exposure Management, DSPM, KI Security, Kubernetes- und IaC-Support;
Preisgefüge: kostenlose Probeversion; komplexes Preismodell, das sich an Nodes oder Workloads ausrichten lässt;
Tigera Calico Cloud
Fokus: DevSecOps
Form: Einzelprodukt;
Besondere Features/Integrationen: fokussiert in erster Linie auf Container- und Kubernetes-Security;
Preisgefüge: kostenlose Open-Source-Version; kommerzielle Optionen mit Abo-Abrechnungsmodell oder pro Node-Stunde;
Uptycs
Fokus: IT-Security
Form: Einheitliche Plattform;
Besondere Features/Integrationen: XDR, AppSec, DSPM, KI- und ML-Funktionen;
Preisgefüge: diverse Optionen; ab circa 5.000 Dollar pro Jahr (200 Cloud Assets);
Wiz
Fokus: IT-Security
Form: Einheitliche Plattform mit verschiedenen Produkten;
Besondere Features/Integrationen: Risikopriorisierung mit Graph-basierten Visualisierungen und Analysen von Code zu Cloud zu Runtime, KI-Funktionen, Container- und Kubernetes-Support;
Preisgefüge: verschiedene Preispläne, die sich nach den Workloads richten;
5 Fragen vor dem CNAPP-Investment
Bevor Sie sich für einen dieser CNAPP-Anbieter entscheiden, sollten Sie sich folgende Fragen stellen:
Welche Cloud-Artefakte lassen sich mit der gewählten Lösung scannen? Einige Produkte (Lacework) fokussieren auf die drei großen IaaS-Anbieter, andere (Tigera) unterstützen nur die Kubernetes-Dienste der Hyperscaler. Wieder andere (Sysdig) nehmen vor allem Container und die verschiedenen Linux-Server, auf denen diese laufen, in den Fokus. Vor allem kommt es jedoch darauf an, die Artefakte kontinuierlich und (nahezu) in Echtzeit überwachen zu können. Wie werden Sicherheitsvorfälle gemeldet? Gibt es separate Zugriffsregeln, damit sich verschiedene Mitarbeiter auf bestimmte Bereiche konzentrieren können? Gibt es separate oder kombinierte, vordefinierte Sicherheitsrichtlinien, um Daten mit und ohne Agenten zu erfassen? Wie aussagekräftig sind die Dashboards und die Visualisierungen, die diese liefern? Inwieweit werden die vier Management-Tool-Bereiche abgedeckt? Einige Angebote bieten CWPP- und CSPM-Elemente, müssen aber, etwa für Kubernetes-Support, erweitert werden. Welche DevOps-Frameworks werden unterstützt? Wie sieht es mit Blick auf Open-Source-Repositories aus? Wie viel kostet die Lösung konkret? Nur wenige CNAPP-Anbieter bieten eine wirklich transparente Preisgestaltung. Insbesondere bei komplexen Preismodellen (Data Theorem, Qualys, Orca) besteht deshalb Klärungsbedarf. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article
- 0 comments
- 54 views
-
The warning comes from Oren Yomtov of Koi Security, who blogged Monday of discovering six zero day vulnerabilities in several package managers that could allow hackers bypass defenses that had been recommended last November after Shai-Hulud roamed through npm and compromised over 700 packages.
Those defenses are:
disabling the ability to run lifecycle scripts, commands that run automatically during package installation, saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if something doesn’t match, installation fails. If an attacker compromises a package and pushes a malicious version, the integrity check should catch the mismatch and block it from being installed. Those recommendations “became the standard advice everywhere from GitHub security guides to corporate policy docs” after November, says Yomtov, “because if malicious code can’t run on install, and your dependency tree is pinned, you’re covered.”
November’s advice still valid, but more issues need addressing
That advice is still valid, he added in an email interview.
However, the vulnerabilities he discovered — dubbed PackageGate — that allow hackers to get around those two defenses have to be addressed by all platforms, he said.
So far, the pnpm, vlt, and Bun platforms have addressed the bypass holes, Yomtov said, but npm and yarn haven’t. He therefore recommends that JavaScript developers use pnpm, vlt or Bun.
He added that, in any case, JavaScript developers should keep whatever JavaScript package manager they use up to date to ensure they have the latest patches.
GitHub statement ‘bewildering’
Microsoft, which owns and oversees npm through GitHub, referred questions about the vulnerabilities to GitHub. It said in a statement, “We are actively working to address the new issue reported as npm actively scans for malware in the registry.” In the meantime, it urges project developers to adopt the recommendations in this blog issued after the Shai-Hulud attacks.
The statement also notes that, last September, GitHub said it is strengthening npm’s security, including making changes to authentication and token management.
GitHub also warns that that, if a package being installed through git contains a prepare script, its dependencies and devDependencies will be installed. “As we shared when the ticket was filed, this is an intentional design and works as expected. When users install a git dependency, they are trusting the entire contents of that repository, including its configuration files.”
Yomtov found this explanation of intentional design “bewildering.”
Not the complete picture
He says the scripts bypass vulnerability was reported through the HackerOne bug bounty program on November 26, 2025. While other JavaScript package managers accepted the reports, npm said the platform was working as intended, and that the ‘ignore scripts’ command should prevent the running of unapproved remote code.
“We didn’t write this post to shame anyone,” Yomtov said in the blog. “We wrote it because the JavaScript ecosystem deserves better, and because security decisions should be based on accurate information, not assumptions about defenses that don’t hold up.
“The standard advice, disable scripts and commit your lockfiles, is still worth following. But it’s not the complete picture,” he said. “Until PackageGate is fully addressed, organizations need to make their own informed choices about risk.”
This article originally appeared on InfoWorld.
View the full article
- 0 comments
- 31 views
-
Here's everything new.
UWB 2 - The AirTag 2 adopts Apple's second-generation Ultra Wideband (UWB) chip.
Longer Range - UWB upgrades mean that Precision Finding works from 1.5x further away than before. Precision Finding is the feature that allows an AirTag to be precisely located in a close-range indoor area. It is able to lead you directly to the AirTag with a compatible device.
Precision Finding on Watch - Precision Finding was previously limited to the iPhone, but it now works on the Apple Watch Series 9 and later and Apple Watch Ultra 2 and later, as these devices have UWB chips.
Louder Speaker - The AirTag 2's speaker is up to 50 percent louder than the speaker in the original AirTag. The upgrade will make it easier to hear when playing a sound, plus it is an additional anti-stalking measure because it will be more difficult for sound to be masked.
Better Bluetooth - Apple is using a newer Bluetooth specification with increased range.
New Internal Design - To accommodate the updated speaker, Apple revamped the internals. Rumors suggested Apple would make it harder to tamper with the AirTag to remove the speaker, but we'll need to wait for a teardown for confirmation.
Updated Weight - The AirTag 2 weighs 0.42 ounces or 11.8 grams. it is seven percent heavier than the original AirTag.
Revamped Text - The text on the back of the AirTag is now all in capital letters, which is a good way to determine whether an AirTag is the first-generation model or the new model. The text also now lists IP67 water and dust resistance, plus it mentions NFC and Find My support. These features aren't new, but aren't listed on the back of the original AirTag.
Still Not For Pets - Apple's AirTag 2 announcement and product page specifically state that the device is for tracking objects, and not people or pets. Despite this, many people use AirTags for tracking their animals.
Reset Process - To reset an AirTag 2, you need to remove the battery, leave it out for at least five seconds, and then insert the battery again. The process has to be repeated four times. Apple says that it can take up to 12 seconds to hear the final tone. With the first AirTag, there was no need to wait after removing the battery before reinserting it.
Requires iOS 26.2.1 - If you want to use an AirTag 2, you're going to have to update your device to iOS 26.2.1. The AirTag 2 requires the latest Apple software, which means it won't work with devices that aren't able to run iOS 26.
The AirTag 2 does everything that the original AirTag does, taking advantage of the Find My network. When the AirTag is not in Bluetooth range of your own device, it is able to ping Apple devices owned by others to relay its location back to you for long distance tracking.
It also supports Lost Mode, with an NFC feature for discovering who a lost item belongs to, plus it has options for sharing item location with someone else (useful in airports with participating airlines), and it continues to use a CR2032 coin cell battery. Apple says the battery "works for more than a year" before needing to be replaced.
The AirTag 2 is still priced at $29, with a pack of four available for $99. Free engraving is also included in the price point. The new AirTag can be purchased today, with orders set to be delivered starting on Wednesday, January 28.Tag: AirTag
This article, "10+ Things to Know About the New AirTag 2" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 34 views
-
Subscribe to the MacRumors YouTube channel for more videos.
Dan covers how the new aluminum frame has held up, whether the updated display has been as resistant to scratching as promised, the usefulness of the upgraded front-facing camera, and what he thinks of the performance with the new vapor chamber cooling system.
This article, "Video: iPhone 17 Pro Long Term Review" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 28 views
-
Over the weekend, some U.S. TikTok users were unable to upload videos, which TikTok attributed to a power outage at a U.S. data center. TikTok users found they were unable to upload videos related to the Immigration and Customs Enforcement and the Saturday shooting in Minneapolis, leading to concerns over censorship. Users saw their videos put into a review process, or experienced fewer than expected video views. Some users received messages that their posts related to the shooting had been flagged as "Ineligible for Recommendation," while others were temporarily suspended.
This evening, TikTok said that it is still working to resolve the infrastructure issue, which apparently caused a "cascading systems failure" leading to a long list of bugs. TikTok users may see slower load times, timed-out requests, and 0 views or likes on videos.
The ongoing outage and the accompanying censorship fears have caused some TikTok users to abandon the platform for UpScrolled, an alternative video sharing social platform. UpScrolled is currently the number eight free app in the U.S. App Store, but it was as high as number two earlier today.
Users have also expressed concerns about an updated TikTok privacy policy that suggests it collects "citizenship or immigration status" along with precise user location information, but the prior TikTok privacy policy also included that wording.
The new TikTok USDS Joint Venture LLC is 80.1 percent owned by U.S. and global investors, including Oracle, Silver Lake, and Abu Dhabi-based MGX. The three companies each own 15 percent as managing investors, and other U.S. stakeholders include the Dell Family Office and affiliates of Susquehanna International Group. TikTok parent company ByteDance continues to hold a 19.9 percent stake.
A seven-member majority-American board of directors is operating the U.S. version of TikTok, with Adam Presser, TikTok's former global head of operations serving as CEO.
Under the agreement, the venture handles U.S. data protection, content moderation, and algorithm security. TikTok's recommendation algorithm is being retrained and updated on U.S. user data, and it has been secured in Oracle's cloud environment.Tag: TikTok
This article, "TikTok Faces Outage and Censorship Concerns Days After U.S. Ownership Deal Closes" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
iOS 12.5.8 is available for the iPhone 5s and the iPhone 6, meaning Apple is continuing to support these devices for 13 and 12 years after launch, respectively. The iPhone 5s came out in September 2013, while the iPhone 6 launched in September 2014.
According to Apple's release notes for the update, iOS 12.5.8 extends the certificate required for features like iMessage, FaceTime, and device activation, so they will continue to work after January 2027.
Originally, certificate-limited functions like device activation would have ceased when the certificate expired, but now key features on the two older iPhones will continue to work in the years to come.
Prior to now, the iPhone 5s and iPhone 6 last received software updates in January 2023, when Apple released important security fixes.
Apple has publicly committed to providing a minimum of five years of security updates for an iPhone from the time that it launches, but it often offers vulnerability fixes for an even longer period of time.
The iPhone 6s, for example, was released 11 years ago, but it received a security update in September 2025 with the launch of iOS 15.8.5. The device received an iOS 15.8.6 update just today, adding the same certificate extension.
Apple also released new versions of iOS 18 and iOS 16.
This article, "iPhone 5s Gets New Software Update 13 Years After Launch" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 25 views
-
In an updated support document, Apple says that iPhone users with an iPhone 12 or earlier should install the latest software updates to ensure that their mobile devices are able to make emergency 000 calls. Apple released iOS 18.7.4, iOS 16.7.13, iOS 15.8.6, and iOS 12.5.8 for older iPhones today.
Back in December, there was a technical failure in Australia that prevented the iPhone 12 models from being able to make emergency calls, which Apple addressed with the iOS 26.2 update. The additional software updates released today should help prevent further issues on other older devices in the future, as well as cellular Apple Watch models. watchOS 26.2.1, also available today, addresses any potential issues with the Apple Watch Series 6 and later.
Apple says that Australian mobile network operators are continuing to improve support for emergency calling on their networks, which led to the iPhone 12 technical failure. While carriers are working to mitigate further issues, there is a possibility that some older mobile phones might still run into problems.
Apple says that the following iPhones and Apple Watch models should be updated to the latest software version to prevent issues:
iPhone SE (1st generation)
iPhone SE (2nd generation)
iPhone 6 and iPhone 6 Plus
iPhone 6S and iPhone 6S Plus
iPhone 7 and iPhone 7 Plus
iPhone 8 and iPhone 8 Plus
iPhone X
iPhone XS and iPhone XS Max
iPhone XR
iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max
iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max
Apple Watch SE 2
Apple Watch Series 6
Apple Watch Series 7
Apple Watch Series 8
Apple Watch Series 9
Apple Watch Series 10
Apple Watch Ultra
Apple Watch Ultra 2
More information is available in Apple's support document covering emergency calls in Australia.
This article, "iOS 26.2.1 Addresses Emergency Call Problems on Older iPhones in Australia" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 29 views
-
Mobile networks determine location based on the cellular towers that a device connects to, but with the setting enabled, some of the data typically made available to mobile networks is being restricted. Rather than being able to see location down to a street address, carriers will instead be limited to the neighborhood where a device is located, for example.
According to a new support document, iPhone models from supported network providers will offer the limit precise location feature. In the U.S., only Boost Mobile will support the option, but EE and BT will offer support in the UK.
Germany: Telekom
United Kingdom: EE, BT
United States: Boost Mobile
Thailand: AIS, True
This new location limiting feature also only works with devices equipped with the Apple-designed C1 or C1X modems, which includes the iPhone Air, iPhone 16e, and cellular M5 iPad Pro. iOS 26.3 or iPadOS 26.3 are required.
You can enable the setting on a compatible device by opening the Settings app, tapping on your cellular service, tapping on Mobile Data Options, and then toggling on Limit Precise Location. You'll need to restart your device when turning the setting on or off.
Apple says that reducing location precision will not impact signal quality or user experience, and it does not affect the precision of location data provided to emergency responders during an emergency call.
It also only limits the location data available to mobile networks, and it does not have an effect on location data shared with apps through Location Services.
The new feature is available in iOS 26.3, which is being beta tested right now. The iOS 26.3 update will launch to the public in the coming weeks.
This article, "iOS 26.3 Adds Privacy Setting to Limit Carrier Location Tracking" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 26 views
-
According to The Hollywood Reporter, several tech CEOs attended the screening, which also included a VIP dinner. Along with Cook, other attendees included Zoom CEO Eric Yuan, Amazon CEO Andy Jassy, Amazon chairman Jeff Bezos, and AMD CEO Lisa Su.
Films are typically screened in the East Wing of the White House, but since Trump tore it down for a 90,000 square foot ballroom, a makeshift theater was constructed for the event. Attendees were provided with framed tickets, copies of Melania Trump's memoir, and commemorative black and white popcorn boxes, provided by gloved waiters to avoid fingerprints.
Cook has been working to maintain a close relationship with Trump, and he visited the White House several times in 2025, in addition to meeting with Trump in Japan and at Davos. Apple also donated an unspecified amount toward Trump's ballroom project, and Cook presented Trump with a glass plaque that included a 24-karat gold base. Prior to when Trump took office, Cook personally donated $1 million to Trump's inauguration.
The Melania Trump documentary is set to premiere in theaters on January 30, with a premiere set for January 29 at The Donald J. Trump and John F Kennedy Memorial Center for the Performing Arts. Amazon paid $40 million to fund the documentary, which tracks Melania from the 2025 presidential campaign to inauguration day. Director Brett Ratner reportedly spent months living at Mar-a-Lago to make the film.
"Melania" is Ratner's first directorial project since 2014 because he was accused of sexually assaulting six women back in 2017, and Warner Bros. cut ties with him.Tags: Donald Trump, Tim Cook
This article, "Apple CEO Tim Cook Visited White House for 'Melania' Documentary Screening" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 36 views
-
Developers can download the macOS Tahoe 26.3 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.
There's no word yet on what's included in macOS Tahoe 26.3, and no new features were found in the first two betas.
We'll likely see Apple release macOS Tahoe 26.3 at the end of January given past launch timelines.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Third macOS Tahoe 26.3 Beta Now Available for Developers" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 24 views
-
Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting the Software Update option.
iOS 26.3 adds a new tool for transitioning from an iPhone to an Android device. Transfers can be initiated during the device setup process, and moving data from one device to another can now be done without having to download a specific app.
Apple's transfer process supports moving photos, messages, notes, apps, passwords, phone number, and more.
The update also includes a Notification Forwarding setting for third-party wearables in the European Union, and there are some minor changes to the Weather wallpaper. More information on what's changed can be found in our iOS 26.3 beta 1 feature list.
Apple is expected to release the iOS 26.3 and iPadOS 26.3 to the public at the end of January.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Third Betas of iOS 26.3 and iPadOS 26.3 to Developers" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 31 views
-
The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.
We don't know what new features might be added in watchOS 26.3, visionOS 26.3, and tvOS 26.3, and nothing new has been discovered so far. Apple doesn't typically provide release notes for betas, so we might not know what's new until the software updates see a public launch unless there are outward-facing changes.
The software updates will probably launch right around the end of January based on past release timelines.
This article, "Apple Releases Third watchOS 26.3, tvOS 26.3 and visionOS 26.3 Betas" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 24 views
-
By combining Clawdbot with Docker Model Runner (DMR), you can build a high-performance, agentic personal assistant while keeping full control over your data, infrastructure, and spending.
This post walks through how to configure Clawdbot to utilize Docker Model Runner, enabling a privacy-first approach to personal intelligence.
What Are Clawdbot and Docker Model Runner?
Clawdbot is a self-hosted AI assistant designed to live where you already are. Unlike browser-bound bots, Clawdbot integrates directly with messaging apps like Telegram, WhatsApp, Discord, and Signal. It acts as a proactive digital coworker capable of executing real-world actions across your devices and services.
Docker Model Runner (DMR) is Docker’s native solution for running and managing large language models (LLMs) as OCI artifacts. It exposes an OpenAI-compatible API, allowing it to serve as the private “brain” for any tool that supports standard AI endpoints.
Together, they create a unified assistant that can browse the web, manage your files, and respond to your messages without ever sending your sensitive data to a third-party cloud.
Benefits of the Clawdbot + DMR Stack
Privacy by Design
In a “Privacy-First” setup, your assistant’s memory, message history, and files stay on your hardware. Docker Model Runner isolates model inference, meaning:
No third-party training: Your personal emails and schedules aren’t used to train future commercial models. Sandboxed execution: Models run in isolated environments, protecting your host system. Data Sovereignty: You decide exactly which “Skills” (web browsing, file access) the assistant can use.
Cost Control and Scaling
Cloud-based agents often become expensive when they use “long-term memory” or “proactive searching,” which consume massive amounts of tokens. With Docker Model Runner, inference runs on your own GPU/CPU. Once a model is pulled, there are no per-token fees. You can let Clawdbot summarize thousands of unread emails or research complex topics for hours without worrying about a surprise API bill at the end of the month.
Configuring Clawdbot with Docker Model Runner
Modifying the Clawdbot Configuration
Clawdbot uses a flexible configuration system to define which models and providers drive its reasoning. While the onboarding wizard (clawdbot onboard) is the standard setup path, you can manually point Clawdbot to your private Docker infrastructure.
You can define your provider configuration in:
Global configuration: ~/.config/clawdbot/config.json Workspace-specific configuration: clawdbot.json in your active workspace root. Using Clawdbot with Docker Model Runner
To bridge the two, update your configuration to point to the DMR server. Assuming Docker Model Runner is running at its default address: http://localhost:12434/v1.
Your config.json should be updated as follows:
{ "models": { "providers": { "dmr": { "baseUrl": "http://localhost:12434/v1", "apiKey": "dmr-local", "api": "openai-completions", "models": [ { "id": "gpt-oss:128K", "name": "gpt-oss (128K context window)", "contextWindow": 128000, "maxTokens": 128000 }, { "id": "glm-4.7-flash:128K", "name": "glm-4.7-flash (128K context window)", "contextWindow": 128000, "maxTokens": 128000 } ] } } }, "agents": { "defaults": { "model": { "primary": "dmr/gpt-oss:128K" } } } } This configuration tells Clawdbot to bypass external APIs and route all “thinking” to your private models.
Note for Docker Desktop Users:
Ensure TCP access is enabled so Clawdbot can communicate with the runner. Run the following command in your terminal:
docker desktop enable model-runner –tcp
Recommended Models for Personal Assistants
While coding models focus on logic, personal assistant models need a balance of instruction-following, tool-use capability, and long-term memory.
Model
Best For
DMR Pull Command
gpt-oss
Complex reasoning & scheduling
docker model pull gpt-oss
glm-4.7-flash
Fast coding assistance and debugging
docker model pull glm-4.7-flash
qwen3-coder
Agentic coding workflows
docker model pull qwem3-coder
Pulling models from the ecosystem
DMR can pull models directly from Hugging Face and convert them into OCI artifacts automatically:
docker model pull huggingface.co/bartowski/Llama-3.3-70B-Instruct-GGUF Context Length and “Soul”
For a personal assistant, context length is critical. Clawdbot relies on a SOUL.md file (which defines its personality) and a Memory Vault (which stores your preferences).
If a model’s default context is too small, it will “forget” your instructions mid-conversation. You can use DMR to repackage a model with a larger context window:
docker model package --from llama3.3 --context-size 128000 llama-personal:128k Once packaged, reference llama-personal:128k in your Clawdbot config to ensure your assistant always remembers the full history of your requests.
Putting Clawdbot to Work: Running Scheduled Tasks
With Clawdbot and DMR running, you can move beyond simple chat. Let’s set up a “Morning Briefing” task.
Verify the Model: docker model ls (Ensure your model is active). Initialize the Soul: Run clawdbot init-soul to define how the assistant should talk to you. Assign a Task:
“Clawdbot, every morning at 8:00 AM, check my unread emails, summarize the top 3 priorities, and message me the summary on Telegram.” Because Clawdbot is connected to your private Docker Model Runner, it can parse those emails and reason about your schedule privately. No data leaves your machine; you simply receive a helpful notification on your phone via your chosen messaging app.
How You Can Get Involved
The Clawdbot and Docker Model Runner ecosystems are growing rapidly. Here’s how you can help:
Share Model Artifacts: Push your optimized OCI model packages to Docker Hub for others to use. Join the Community: Visit the Docker Model Runner GitHub repo.
View the full article
- 0 comments
- 34 views
-
Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Specifically, you can get the AirPods Max for $429.99, down from $549.99, a deal that beats Amazon's current price by about $20 and is an overall solid second-best price. Even better, Best Buy has every color of the USB-C AirPods Max on sale at this price.
$119 OFFAirPods Max for $429.99
Best Buy also has Apple's 128GB Wi-Fi 11-inch iPad for $299.00, down from $349.00, as well as the 256GB Wi-Fi iPad for $399.00, down from $449.00. These are both second-best prices on the iPad, but some of the first markdowns on this model so far this year.
$49 OFF11-inch iPad (128GB Wi-Fi) for $299.00
Finally for Apple deals, Best Buy has the previous generation Apple Watch Ultra 2 for $549.00 today only, a massive discount on the original price of $799.00. This includes both Natural and Black color options, and it's the best price we've ever seen on this model.
$249 OFFApple Watch Ultra 2 for $549.00
$249 OFFApple Watch Ultra 2 (Milanese Loop) for $649.00
There are plenty of more deals to browse during this event, including up to 50 percent off select TVs, up to 60 percent off audio products, and more. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.
Deals Newsletter
Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!
Related Roundup: Apple Deals
This article, "Best Buy's 48-Hour Flash Sale Has Major Discounts on AirPods Max, iPad, Apple Watch, and More" first appeared on MacRumors.com
Discuss this article in our forums
View the full article
- 0 comments
- 33 views
-
|
|
|