Skip to content
View in the app

A better way to browse. Learn more.
hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Show all categories

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT. "EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, andView the full article
reporter

Apple Offering Up to 3 Free Months of Apple Arcade With Holiday Gift Card Purchase

Apple is offering U.S. customers who purchase and redeem an Apple Gift Card three months of free access to Apple Arcade. Holiday gift card purchases made before January 6, 2026 are eligible for the ‌Apple Arcade‌ trial, as long as the card is redeemed by January 13, 2026.


The offer is available to new or qualified returning ‌Apple Arcade‌ subscribers, but it is not an option for existing ‌Apple Arcade‌ subscribers. New subscribers can try ‌Apple Arcade‌ for three months, while returning subscribers get two months of access.

There is no minimum denomination required for the gift card purchase, and the gift card can be acquired from the Apple retail store or Apple online store. Apple gift cards from third-party retailers or new value added to an Apple Account balance are not eligible for the ‌Apple Arcade‌ trial. Only one trial per Apple Account is available.

Apple will provide the bonus code immediately after gift card redemption to an Apple Account balance. An Apple Account with a payment method on file is required, and the plan will automatically renew at $6.99 per month unless it is canceled.

‌Apple Arcade‌ is Apple's subscription gaming service, offering over 200 games with no in-app fees or ads. Up to six family members can access ‌Apple Arcade‌ with a single subscription.Tag: Apple Arcade
This article, "Apple Offering Up to 3 Free Months of Apple Arcade With Holiday Gift Card Purchase" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Google Photos for iOS Gets Redesigned Video Editor

Google is rolling out a redesigned video editor on iOS devices, providing an updated design that is "faster and easier to use." There's a universal timeline with support for multi-clip editing and storytelling, plus an adaptive canvas that makes editing simpler.


Tools that you need to edit photos and videos are easier to access, and Google says "everything you need is right where you expect it to be."

When creating videos, users can browse the Photos music library and quickly add a soundtrack to a highlight video.

There are also several features that are available on Android devices that could expand to iOS devices in the future. Android users have access to templates with pre-set formats that include built-in music, text, and cuts that are synced to a soundtrack, along with the option to add custom text overlays.

Google says that the new features will be available to users starting today.
This article, "Google Photos for iOS Gets Redesigned Video Editor" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple to Make More Foldable iPhones Than Expected

Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports.


In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million accompanying external displays. With Samsung Display serving as the exclusive supplier of these components, the production plan implies that Apple's own target output for the first-generation foldable ‌iPhone‌ is in the range of 10 million finished devices, since suppliers usually produce more components than Apple needs to account for yield and quality variations.

This production plan is more than 30% higher than initial industry expectations, which placed early foldable ‌iPhone‌ shipments between six million and eight million units. Those earlier estimates were based on the historical performance of the global foldable smartphone market, which has hovered just above 20 million units annually.

The report reiterated that the device is expected to feature a book-style, inward-folding design with a 5.35-inch external display and a 7.58-inch folding internal display. It is believed to contain an advanced hinge design and specialized material properties to minimize the crease in the folding display.

Apple reportedly plans to adopt Color Filter on Encapsulation (COE), a method that removes the traditional polarizer layer and integrates its functionality directly into the OLED stack. Eliminating the polarizer can reduce thickness and improve brightness. The device is also rumored to incorporate an Under Display Camera (UDC), allowing the internal display to achieve a more seamless full-screen appearance without a punch hole or visible camera cutout.

The first foldable ‌iPhone‌ is expected to launch next year alongside the iPhone 18 Pro and ‌iPhone 18‌ Pro Max.Tags: ETNews, Foldable iPhone, Samsung
This article, "Apple to Make More Foldable iPhones Than Expected" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Pay Now Lets You 'Pay Later' With Klarna in Two More Countries

Klarna is now available as a buy-now, pay-later option when using Apple Pay in France and Italy. This financing option lets you pay for your Apple Pay purchase in monthly installments, with the shortest payment plans being interest free.


Eligible customers can split purchases into three monthly installments, or choose to pay up to 30 days later, without paying any interest. For higher-value purchases with longer payment plans, Klarna says it offers competitive interest rates.

Klarna was already available via Apple Pay in the United States, Canada, the United Kingdom, Denmark, Spain, and Sweden, so there are now eight countries supported.

Apple discontinued its own buy-now, pay-later service called Apple Pay Later last year, and instead started partnering with third-party providers, including Klarna, Affirm, and Synchrony. Availability of these providers varies by country.

When checking out with Apple Pay online and in apps, iPhone and iPad users can select "Other Cards & Pay Later Options" to access installment payment plans from Klarna and other financing partners, where available. Starting with iOS 26, the buy-now, pay-later options are also available for in-store Apple Pay purchases.Related Roundup: Apple PayRelated Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+
This article, "Apple Pay Now Lets You 'Pay Later' With Klarna in Two More Countries" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Arcade Adding These Four Games in January

Apple Arcade will be adding four new games on Thursday, January 8, including True Skate+, Cozy Caravan, Sago Mini Jinja's Garden, and Potion Punch 2+.


True Skate+ is a skateboarding simulation game with realistic physics. You can flick a virtual skateboard with your fingers to perform various tricks.

Cozy Caravan is a kid-friendly, single-player game in which you navigate a caravan through picturesque landscapes, helping communities along the way.

Sago Mini Jinga's Garden is another kid-friendly game in which you plant gardens, harvest ingredients, and explore the open world at your own pace.

Potion Punch 2+ tasks you with mixing powerful potions.

Apple Arcade is a subscription service that provides access to hundreds of games across the iPhone, iPad, Mac, Apple TV, and Apple Vision Pro. All of the games are free of ads and in-app purchases. In the U.S., Apple Arcade costs $6.99 per month, and it is also bundled with other Apple services in all Apple One plans.

Apple Arcade can be accessed through the App Store and Apple Games apps.Tag: Apple Arcade
This article, "Apple Arcade Adding These Four Games in January" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Gemini for Chrome gets a second AI agent to watch over it

Google is deploying a second AI model to monitor its Gemini-powered Chrome browsing agent after acknowledging the agent could be tricked into taking unauthorized actions through prompt injection attacks.
“We’re introducing a user alignment critic where the agent’s actions are vetted by a separate model that is isolated from untrusted content,” the company said in a blog post about the addition. If the critic determines an action doesn’t match what the user asked for, it blocks the action, Google said.
“The primary new threat facing all agentic browsers is indirect prompt injection,” Chrome security engineer Nathan Parker wrote in the post, describing a situation where an agent is prompted to process information that then seeks to modify the initial prompt.
The Gemini-powered browsing agent, launched in September and currently in preview, can navigate websites, click buttons, and fill forms while users are logged into email, banking, and corporate systems. Malicious instructions hidden in web pages, iframes, or user-generated content could “cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive data,” Parker wrote.
That’s where the user alignment critic comes in: The second model reviews each proposed action before Chrome executes it, acting as what Parker called “a powerful, extra layer of defense against both goal-hijacking and data exfiltration.”
Why prompt injection is hard to stop
Prompt injection has emerged as the top vulnerability in AI systems over the past year. OWASP found it in 73% of production AI deployments it assessed in 2024, ranking it the number one risk in its list of threats to large language model applications.
The UK’s National Cyber Security Centre warned Sunday that prompt injection attacks may never be fully mitigated because LLMs can’t reliably distinguish between instructions and data. The agency called it a “confused deputy” vulnerability, where a trusted system is tricked into performing actions on behalf of an untrusted party.
Researchers have already demonstrated the threat. In January, attackers embedded instructions in a document that caused an enterprise AI system to leak business intelligence and disable its own safety filters. Security firm AppOmni disclosed last month that ServiceNow’s AI agents could be manipulated through instructions hidden in form fields, with one agent recruiting others to perform unauthorized actions.
For Chrome, the stakes are particularly high. A compromised browsing agent would have the user’s full privileges on any logged-in site, potentially bypassing the browser’s site isolation protections that normally prevent websites from accessing each other’s data.
Google’s two-model defense
To address these risks, Google’s solution splits the work between two AI models. The main Gemini model reads web content and decides what actions to take. The user alignment critic sees only metadata about proposed actions, not the web content that might contain malicious instructions.
“This component is architected to see only metadata about the proposed action and not any unfiltered untrustworthy web content, thus ensuring it cannot be poisoned directly from the web,” Parker wrote in the blog. When the critic rejects an action, it provides feedback to the planning model to reformulate its approach.
The architecture is based on existing security research, drawing from what’s known as the dual-LLM pattern and CaMeL research from Google DeepMind, according to the blog post.
Google is also limiting which websites the agent can interact with through what it calls “origin sets.” The system maintains lists of sites the agent can read from and sites where it can take actions like clicking or typing. A gating function, isolated from untrusted content, determines which sites are relevant to each task.
The company acknowledged this first implementation is basic. “We will tune the gating functions and other aspects of this system to reduce unnecessary friction while improving security,” Parker wrote.
Beyond the user alignment critic and origin controls, Chrome will require user confirmation before the browsing agent navigates to banking or medical sites, uses saved passwords through Google Password Manager, or completes purchases, according to the blog post. The browsing agent has no direct access to stored passwords.
A classifier runs in parallel checking for prompt injection attempts as the agent works. Google has built automated red-teaming systems generating malicious test sites, prioritizing attacks delivered through user-generated content on social media and advertising networks.
Grappling with an unsolved problem
The prompt injection challenge isn’t unique to Chrome. OpenAI has called it “a frontier, challenging research problem” for its ChatGPT agent features and expects attackers to invest significant resources in these techniques.
Gartner has gone one step further and advised enterprises to block AI browsers in their systems. The research firm warned that AI-powered browsing agents could expose corporate data and credentials to prompt injection attacks.
The NCSC took a similar position, urging organizations to assume AI systems will be attacked and to limit their access and privileges accordingly. The agency said organizations should manage risk through design rather than expecting technical fixes to eliminate the problem.
Chrome’s agent features are optional and remain in preview, the blog post said.
This article first appeared on Computerworld.
View the full article
reporter

Racks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you think

The physical roots of resilience
Five years ago, at 2 a.m., I stood in a data center aisle watching a core switch lose a power supply. The room was cold, the fans loud and the alert light blinked amber. Within four seconds, the backup unit took over. Not a single packet dropped. That seamless, silent shift captured the essence of networking redundancy at its best: automatic, invisible and flawless. It was the kind of moment engineers live for — a quiet victory in the dark.
Today, that same principle faces relentless pressure. Networks have outgrown physical racks and now span hybrid clouds, edge nodes, SD-WAN overlays, API gateways and micro-segmented virtual fabrics. Redundancy no longer means just extra hardware or twin fiber links. It demands survival against misconfigured routing policies, regional DNS outages, zero-day exploits in router firmware and cascading failures triggered by human error or supply chain compromise. The landscape has evolved dramatically, but the core lessons — built on discipline, foresight and trust — endure.
My journey began with physical infrastructure, back when reliability was measured in cables and chassis. Every server connected through dual paths, with link aggregation bundles split across two top-of-rack switches, each uplinked to separate core routers over distinct fiber routes. I once spent an entire weekend labeling cables with color-coded heat shrink: red for primary, blue for backup. It was meticulous, almost meditative work. When a technician accidentally kicked a patch cord loose during a floor tile replacement, traffic shifted in under 200 milliseconds. No alarms triggered. No user complaints. The monitoring dashboard stayed green. That reliability felt like muscle memory: predictable, testable and deeply tangible. It was redundancy you could touch, trace and trust.
Cloud complexity and policy traps
Networks, however, no longer stay confined to racks. They live in routing tables, BGP sessions, cloud control planes and software-defined overlays. Many organizations rush to multi-region cloud setups, believing geographic distance alone guarantees resilience. It does not. Last year, I oversaw a global e-commerce platform with active-passive failover across two regions. Health checks withdrew prefixes from the primary if latency crossed 80 ms.
During a routine maintenance window, a junior engineer mistyped a BGP community tag. Instead of marking one subnet, the change blocked the entire backup path with a no-export rule. Traffic surged onto an already saturated primary link, pushing packet loss to 11 percent. The backup route was healthy, advertising correctly and fully reachable — yet policy prevented its use. We corrected the error in six minutes, but customers felt the impact for nearly 40. The takeaway was stark: redundancy without aligned policies is mere decoration, expensive and useless when it matters most. This mirrors the 2024 Cloudflare 1.1.1.1 hijack incident caused by a leaked border gateway (BGP) route.
As cloud environments grow, consistency becomes harder to maintain. A small template tweak in one availability zone can cascade across regions if copied unchecked, turning intended protection into widespread failure. Teams now manage configurations like code, with versioning, peer reviews, staged testing and automation to enforce uniformity. Tools like infrastructure-as-code pipelines, policy engines and drift detection systems are no longer optional — they are the new standard for scalable resilience.
SD-WAN extends these challenges to branch locations, linking multiple internet paths for fluid failover and intelligent, application-aware routing. It promises simplicity and agility. Yet a single carrier firmware update can degrade performance everywhere, even when links remain active. I’ve seen MTU mismatches, encryption mismatches and path preference bugs ripple through hundreds of sites in minutes. Phased rollouts, strict change policies and gradual deployment rings prevent blanket disruption.
The same discipline applies at the edge, where devices in retail stores, warehouses or remote clinics depend on local backups for speed and continuity. A rushed firmware push can erase that safety net across all units, forcing field teams to restore from USB drives or mobile hotspots. Careful staging, rollback plans and on-site recovery kits are now part of every deployment checklist.
Routing mistakes and DNS breakdowns lurk as quiet, persistent risks. One errant rule can dead-end traffic and even solid backups stay idle if policies block them. Robust prefix filters, route validation and RPKI enforcement keep paths safe. Likewise, DNS backups must operate independently — free of shared anycast IPs, providers or control planes — to avoid joint collapse. Security checks, DNSSEC and diverse resolver strategies strengthen failover. These are not add-ons; they are foundational to modern network hygiene.
Anticipating the inevitable: Pre-mortem and defense in depth
The next outage is already taking shape, hidden until the first alert. It might hide in a supply chain flaw inside a trusted IOS-XR patch, quietly altering routes worldwide. Or it could stem from a single flawed intent policy in an ACI fabric, isolating entire application layers with surgical precision. External forces like wildfires, floods or geopolitical events can force data center evacuations, knocking out power grids and delaying generators for hours. The 2021 Fastly global outage — triggered by one valid config change exposing a hidden bug — shows how fast a CDN can collapse. These scenarios are not speculation; they are probabilities waiting to strike, each with its own failure signature.
Experience reframes the question. Failure is inevitable in infrastructure work. What matters is how it unfolds, how precisely and whether the design anticipates that exact failure mode. Resilience now means shaping failure’s impact, not stopping it. This mindset demands a new ritual: the pre-mortem. In every design review, we assume total failure at peak load. We trace dependencies — transit providers, certificate authorities, undersea cables, even physical access roads. We hunt for shared fate: two “diverse” carriers in the same conduit, a single control plane for multi-region DNS or a vendor update applied globally without validation. Each discovery triggers action: a new peer, a policy rewrite, a satellite link or a dark fiber lease. AWS recommends pre-mortems in its Reliability Pillar.
Two years ago, I sat in a dim network operations center at 3 a.m., cold coffee forgotten, as one BGP update spread chaos via a global transit provider. A peer leaked a default route with lower preference, sucking outbound traffic into oblivion. The backup path was fully functional, yet our policy still favored the tainted route. For 17 minutes, half the internet vanished for users. Customers raged. Executives demanded answers. A swift prefix filter fixed it, but the lesson lingered: redundancy requires not just a second path, but intelligence to choose it wisely and reject the wrong one. That night, I rewrote our change process: no routing policy touches production without simulation, peer review and automated testing.
Observability unifies the picture. A consolidated view of logs, traffic flows, performance metrics and control plane health spots weakening paths before collapse, enabling fixes before users notice. Cost tensions persist. Leaders crave full redundancy yet settle for cheaper, correlated links that fail together. Genuine resilience needs true separation, geographic distance and sometimes higher budgets, all justified by the disruptions avoided. A $50,000 cross-connect can prevent a $2 million outage. The math is simple.
Automation now manages routine failovers, sensing issues and shifting traffic instantly so engineers tackle root causes, not manual switches. The next disruption looms from software bugs, policy slips, physical cuts or zero-day attacks. Effective planning means expecting breakdown, mapping vulnerabilities and scripting clear recovery. In a recent breach, an attacker tried hijacking core routing via a compromised jump host. Layered defenses — RPKI, prefix filters and automated session resets — contained it. Users saw only a 40 ms blip. Redundancy had matured from spare cables into a dynamic blend of security, automation and vigilance.
The foundational principles hold: remove single points of failure, secure real separation, automate responses and monitor relentlessly. The scale has ballooned — from patch panels to cloud regions, from local switches to global routes — but the mission stays constant: keep data moving regardless of obstacles. Outages will come. They always do. But with redundancy woven into a tested, trusted and adaptable network, their sting will fade and the packets will keep flowing.


This article is published as part of the Foundry Expert Contributor Network.
Want to join?

View the full article
reporter

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future's Insikt Group, which was previously tracking it as TAG-150.View the full article
reporter

Pebble’s founder introduces a $75 AI smart ring for recording brief notes with a press of a button

After rebooting the Pebble smartwatch, founder Eric Migicovsky is expanding his company's device lineup with a new smart wearable: an AI-powered smart ring known as Index 01. Named for the finger where the ring is meant to be worn, the new $75 ring is not meant to be a competitor to the always-on, always-listening AI devices, like the AI pendant Friend, but instead offers a way to record quick notes and reminders with a press of a button on the ring's side. AI only comes into play via the open source, speech-to-text, and AI models that run locally on your smartphone, via the open source Pebble mobile app. That is, if the Ring's button is not being pressed, it's not recording. (And this is a press-and-hold gesture, too, which means you can't start the ring's recording and then let go to surreptitiously record a conversation.) You can wear the stainless steel ring while in the shower, washing hands, doing dishes, or in the rain, but you would have to take it off for other water-related activities, like swimming. At launch, it's water-resistant to 1 meter. The ring is also not a fitness tracker or sleep monitor. It doesn't record details about your heart rate or health. And it's not there to be your AI friend. "I'm not trying to build some AI assistant thing," Migicovsky told TechCrunch in an interview. "I build things that solve one main problem, and they solve it really well," he explains. "I think of [the ring] as external memory for my brain...that's what this is. It's always with you." Plus, the ring has been designed to be highly reliable and privacy-preserving, he says, as all your thoughts are stored on your phone, not in the cloud. There is no subscription. Migicovsky has been wearing the ring for three months now and says he cannot imagine going back to a world where he doesn't always have a memory device with him. "The problem is that, during the day, I get ideas or I remember something, and if I don't write it down that second, I forget it," he says. The ring solves this problem, he adds, without becoming another device you need to charge. "The battery lasts for years," Migicovsky claims. Technically, the ring is said to support roughly 12 to 14 hours of recording. On average, the founder says he uses it 10-20 times per day to record 3-6 second thoughts. At that rate, he'll get about two years of usage. When the ring's battery dies, you can ship it back to the company for recycling. When using Index, you can record up to five minutes of audio, which can be saved to the ring and synced to your phone later. This makes sense for recording briefer, personal thoughts and notes, even when you don't have your phone handy, but it wouldn't work for recording a longer chat, like a presentation, meeting, or in-person interview of some kind. The ring also supports 99+ languages and has a bit of on-device memory, in case you're not in Bluetooth range of your device, where the recording is ultimately saved and transcribed. (The raw audio is retained, too, in case the speech-to-text is garbled due to loud background noise). If you own a Pebble smartwatch or one from another brand, your recorded thought can even appear on the watch's screen so you can verify it's correct. The ring works with Pebble's mobile app, which offers notes and reminders, but can optionally integrate with your phone's calendaring system, too, or other apps, like Notion. And the ring's software is open source, which makes it hackable by the community, the founder points out. Because of its open nature, the ring's button is already programmable. In addition to the press-and-hold gesture, you can program the ring to do other things with a single or double press, like play or pause your music or control the shutter on your phone's camera. You could use it to send a message through the universal chat app Beeper, which Migicovsky also created, or you could add your own voice actions via MCP. A new approach to hardware Migicovsky acknowledges that hardware can be difficult to get right -- as the previous exit of Pebble to Fitbit showed. (Fitbit, too, was later acquired by Google in 2021). "I didn't earn any money during Pebble -- we exited, but it was not a great exit," Migicovsky admits. This year, however, he decided to reboot the Pebble project after Google open sourced the PebbleOS, which opened up the door to new hardware. With his new company, Core Devices, Migicovsky plans to do things differently. Still, the founder doesn't regret his previous choices, he clarifies. "I wouldn't have gone back and changed anything. I loved what we built. I loved what we did. I love the company that we built, but it's not the only way to build a company," he told TechCrunch. " And, speaking as an ex-YC partner, there are -- there's a time and a place for building a venture-backed startup. Some companies are phenomenal when they raise money and build a big team, and I tried that...I think what I'm doing now is trying an alternative path, which is [to] start from profitability," he says. The new company is a small team of five, self-funded, and focused on sustainability. So far, Core Devices has shipped the Pebble 2 Duo smartwatch with a black-and-white display. Its first run sold out, and the company is now preparing to ship the upgraded version, the Pebble Time 2. The newer device, which has seen 25,000 pre-orders, is a stainless steel watch with a larger, color e-ink screen. As for the Index 01, the ring's pre-order offer ends in March 2026. After that, the price increases to $99. It currently comes in silver, polished gold, and matte black and works with iOS and Android devices. Customers can select from eight ring sizes and three colors.View the full article
reporter

NIS2 umsetzen – ohne im Papierkrieg zu enden

Vadi Fuoco – shutterstock.com
NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO‑Folgenabschätzungen oder das IT‑Sicherheitsgesetz – sie haben gemeinsam, dass Unternehmen gigantische Dokumentationsberge produzieren müssen. Diese erhöhen weder die tatsächliche Sicherheit, noch sind sie realistisch prüfbar.
Compliant ist in der Regel derjenige, der eine umfangreiche Dokumentation aller Prozesse und regelmäßigen Prüfungen vorlegen kann. Diese sind zumeist so ausführlich, dass ihre Erstellung bereits nahezu unzumutbare Aufwände verursacht und ihre manuelle Prüfung praktisch unmöglich wird. Selbst wenn man sie prüfen würde, wären die Informationen nicht präzise genug, um echte Sicherheit zu belegen.
Sicherheit gehört in die Planung
In vielen Unternehmen entsteht dadurch eine absurde Praxis: Das technische Team baut funktionierende Infrastruktur und losgelöst davon schreibt ein Compliance‑Beauftragter im Nachhinein eine seitenlange Rechtfertigung, warum die Lösung angeblich sicher sei.
Das ist ungefähr so, als würde Volkswagen ein Auto bauen und erst danach verfasst jemand 40 Seiten darüber, warum dieses Auto den Sicherheitsstandards entsprechen sollte. In der realen Industrie läuft es natürlich anders: Sicherheitsanforderungen fließen bereits in die Planung ein, technologische Mindeststandards sind definiert, und Qualitätsprozesse überwachen die Umsetzung automatisch. Compliance ergibt sich aus Technik – nicht aus Leitz‑Ordnern.
In anderen Bereichen, wie der Steuerprüfung, hat man dieses Problem längst erkannt und die Automatisierung relevanter Prozesse gesetzlich vorgeschrieben (Stichwort: elektronische Registrierkasse, revisionssichere Buchhaltungssoftware). Das erspart ehrlichen Unternehmern nicht nur enorme manuelle Arbeit, sondern reduziert vor allem das Missbrauchsrisiko.
Leider werden in Deutschland nur wenige Dinge so konsequent umgesetzt wie das Eintreiben unserer Steuern.
Anders als beim Thema Steuerlast sollten Unternehmen jedoch ein intrinsisches Interesse daran haben, ihre IT‑Sicherheit korrekt zu implementieren. Das Bußgeld für einen NIS2‑Verstoß kann bis zu zehn Millionen Euro oder zwei Prozent des weltweiten Jahresumsatzes betragen. Die wirtschaftlichen Schäden erfolgreicher Cyberangriffe sind oft existenzbedrohend und summieren sich bereits heute auf dreistellige Milliardenbeträge pro Jahr.
Auch wenn es nicht ausdrücklich gesetzlich vorgeschrieben ist, gibt es mittlerweile – nicht zuletzt durch AI‑gestützte Werkzeuge – die Möglichkeit, Sicherheitsprozesse und ihre vollständige Dokumentation so weit zu automatisieren, dass sich Security, Compliance und Auditierbarkeit in einem einzigen technischen Prozess vereinen lassen. Das spart nicht nur Ressourcen, sondern erhöht auch die tatsächliche Sicherheit.
Wie dies im Detail aussehen kann, zeigt ein Beispiel einer SaaS‑Applikation in der Cloud.
 
IT im Wandel: von Textdokumenten zu deklarativer Technik
NIS2 verlangt im Kern drei Dinge: konkrete Sicherheitsmaßnahmen, Prozesse und Richtlinien zur Steuerung dieser Maßnahmen sowie belastbare Nachweise, dass sie im Alltag funktionieren. Die Prozessdokumentation – also Policies, Zuständigkeiten und Abläufe – ist für die meisten größeren Unternehmen nichts grundsätzlich Neues. ISO‑27001‑basierte Informationssicherheits-Managementsysteme (ISMS), HR‑Prozesse und Management‑Handbücher existieren oft seit Jahren. Entscheidend für NIS2 sind deshalb vor allem zwei Ebenen: die technischen Maßnahmen und die Evidenz, dass sie wirksam sind.
Genau hier zeigt sich der Umbruch der letzten Jahre. Früher wurden Konzepte, Maßnahmen und Spezifikationen von Software‑ und IT‑Infrastrukturen überwiegend in Textform dokumentiert. Programmcode war zu komplex, Konfigurationen lagen verstreut in Dateien, Ticketsystemen oder im Kopf einzelner Administratoren. Im Nachgang hat man Dokumente geschrieben – häufig durch fachfremde Kollegen. Dieses Vorgehen war vor allem aus zwei Gründen problematisch: Es skaliert nicht in wachsenden, verteilten Umgebungen, und es passt nicht zu dem Ziel, technische Prozesse konsequent zu automatisieren.
In modernen Systemen setzt man deshalb auf Verfahren wie Test‑ oder Behaviour‑driven Development und Infrastructure as Code (IaC), die – konsequent angewendet – textuelle Dokumentation weitgehend ersetzen. Die von NIS2 geforderten technischen Spezifikationen können direkt auf diese Artefakte referenzieren: IaC‑Definitionen legen Verschlüsselung, Netzsegmente oder Backup‑Szenarien fest, und CI/CD‑Pipelines spielen sie revisionssicher in die Produktion aus.
Änderungen sind damit nicht nur technisch exakt beschrieben, sondern über Commits und Deployments auch zeitlich nachvollziehbar. Die Evidenz für Aspekte, die sich nicht vollständig deklarativ fassen lassen – etwa die Sicherheit der Software‑Supply‑Chain oder des Anwendungscodes – kann über Security‑Checks in der CI/CD‑Pipeline und eine laufende Bewertung durch SIEM‑ und CNAPP‑Systeme abgebildet werden.
Wie das konkret aussehen kann, zeigt sich besonders deutlich in folgenden Bereichen:
Identity & Access Management, Schwachstellenmanagement in der Software‑Supply‑Chain sowie im Monitoring, Incident Handling und Meldepflichten.  
Identity & Access Management: Policies as Code statt Rollen‑Excel
Identity & Access Management ist eine der zentralen Säulen von NIS2. Gefordert sind nicht nur „irgendwelche“ Rollen, sondern ein Zugriffskonzept nach Need‑to‑know, Least Privilege und Separation of Duties. In der Praxis lässt sich das gut in drei Ebenen denken: bewusste Vergabe von Rechten, ein realistischer Lebenszyklus dieser Rechte – und eine Architektur, die Lateral Movement so weit wie möglich verhindert.
Statt Berechtigungen in Excel, Admin‑UIs und verstreuten Wikis zu pflegen, werden Rollen und Zugriffsrechte als Policies as Code, beziehungsweise Infrastructure as Code definiert – etwa als Terraform‑Module oder JSON/YAML‑Policies in einem Git‑Repository. Alle Änderungen laufen ausschließlich über Merge Requests und werden über eine CI/CD‑Pipeline ausgerollt.
Damit ist klar nachvollziehbar, wer welche Rechte geändert hat, wer das freigegeben hat und wann die Änderung produktiv gegangen ist. Die Dokumentations‑ und Nachweispflichten von NIS2 ergeben sich so direkt aus Git‑History und Pipeline‑Logs, ohne dass jemand zusätzliche Word‑Konzepte schreiben muss.
Ein Rollenmodell allein ist noch kein Least Privilege. NIS2 verlangt, dass Rechte regelmäßig überprüft und überflüssige Berechtigungen entfernt werden. In Cloud‑Umgebungen mit hunderten Accounts, Services, Pods und Functions ist das manuell kaum noch handhabbar.
Hier setzen Cloud‑Identity‑Entitlement‑Management‑Systeme (CIEM) an. Sie lesen alle effektiven Berechtigungen aus der Umgebung aus, korrelieren sie mit Audit‑Logs und zeigen, welche Rechte tatsächlich genutzt werden und wo Überprivilegierung besteht. Besonders bei Non‑Human Identities (Service‑Accounts, Workloads) ist das entscheidend, weil genau hier oft sehr breite Rechte vergeben werden, die Angreifern später als Sprungbrett dienen.
Einige Start-Ups bieten mittlerweile sogar CIEM-Systeme, welche mit Hilfe von AI automatisch IAM-Policies für die entsprechenden Rollen generieren können.
 
Schwachstellenmanagement & Software‑Supply‑Chain: SBOM statt Scanner‑PDF
Der zweite Block, den NIS2 und die neue Durchführungsverordnung 2024/2690 für digitale Dienste scharf stellen, ist das Schwachstellenmanagement im eigenen Code und in der Lieferkette. Gefordert sind regelmäßige Vulnerability‑Scans, Verfahren zur Bewertung und Priorisierung, fristgerechte Behandlung kritischer Schwachstellen sowie ein geregeltes Vulnerability‑Handling und – wo nötig – Coordinated Vulnerability Disclosure. Für Cloud‑ und SaaS‑Provider kommen Supply‑Chain‑Pflichten hinzu, etwa gegenüber Cloud‑, CI/CD‑ und Registry‑Dienstleistern.
Im klassischen Schwachstellenmanagement werden SCA‑, SAST‑ und DAST‑Scanner einfach „über alles drüber geworfen“. Das Ergebnis sind endlose Listen an Findings, von denen ein Großteil Fehlalarme oder für das konkrete System nicht relevant ist. Diese Daten landen dann in Excel‑Tabellen oder einer Schwachstellendatenbank, in der Teams versuchen, Prioritäten zu vergeben. Gerade bei Zero‑Day‑Lücken führt das zu hektischen Ad‑hoc‑Analysen: Welche unserer Komponenten sind betroffen? Ist die Schwachstelle in unserer Architektur überhaupt ausnutzbar? Was tun wir, solange es noch keinen Patch gibt?
Der moderne Ansatz ist, alle DevSecOps‑Findings in einem zentralen System zu konsolidieren. Dort fließen Ergebnisse aus SCA, SAST und DAST zusammen, werden mit Kontext aus Software Bill of Materials (SBOMs), Architektur und Exponiertheit angereichert und mit Hilfe von AI vorgefiltert. False Positives lassen sich so drastisch reduzieren, und übrig bleibt eine deutlich kleinere Menge an tatsächlich relevanten Schwachstellen, inklusive einer Einschätzung, wie kritisch sie im konkreten Setup sind.
Diese verdichteten Findings können direkt in Ticketsysteme und ins SOC weitergegeben werden, wo sie wie Incidents behandelt, nachverfolgt und für NIS2‑Reports ausgewertet werden. Aus einem wuchernden Scanner‑Output wird so ein steuerbarer Prozess, der sowohl die gesetzlichen Anforderungen als auch die Realität im Betrieb abbildet.
 
Monitoring, Incident‑Handling und Meldestelle
Der dritte Bereich, in dem NIS2 schnell zum Papiertiger wird, ist die Kombination aus Monitoring, Incident Response und den neuen Meldepflichten. Die Richtlinie gibt klare Deadlines vor: Frühwarnung innerhalb von 24 Stunden, eine strukturierte Meldung nach 72 Stunden, ein Abschlussbericht nach spätestens einem Monat. Viele Organisationen reagieren darauf, indem sie neue Templates, Excel‑Listen und Meldehandbücher bauen – oft weitgehend losgelöst vom bestehenden SOC.
Im Ernstfall bedeutet das: Das SOC bekämpft den Vorfall, während parallel eine „NIS2‑Taskforce“ versucht, Informationen aus Tickets, Mails und Ad‑hoc‑Chats so aufzubereiten, dass sie in ein Formular passen. Die Folge sind doppelte Arbeit, Informationsverluste und Berichte, die zwar Seiten füllen, aber wenig darüber sagen, wie gut Detection und Response tatsächlich funktionieren.
In einer Cloud‑SaaS‑Umgebung bietet sich ein anderer Weg an: Statt NIS2‑Reporting als eigenes Dokumentenprojekt zu verstehen, wird ein modernes DevSecOps‑basiertes SOC aufgebaut, so dass alle sicherheitsrelevanten Signale von vornherein an einem Ort zusammenlaufen: Cloud‑Infrastruktur, CI/CD‑Pipelines, Anwendungen, IdP und IAM.
Die Regeln, nach denen diese Daten korreliert, angereichert und in Incidents überführt werden, sind als Code definiert und versioniert. T Detection‑Logik (Threat Detection and Response), Schwellenwerte und Playbooks liegen im Repository und werden wie Anwendungscode über Pipelines ausgerollt. Große Teile der klassischen SOC‑Arbeit lassen sich damit automatisieren: Aus Roh‑Logs werden konsistente Incidents mit Kontext, ohne dass jemand manuell Textbausteine zusammenkopieren muss. CNAPP (Cloud-Native Application Protection Platform ) und ähnliche Plattformen übernehmen gleichzeitig Speicherung und Archivierung der Daten, sodass der Nachweis der Überwachungstätigkeit im System mitläuft, statt in gesonderten Doku‑Schleifen erzeugt zu werden. Machine‑Learning‑ und AI‑Komponenten helfen zusätzlich, False Positives zu reduzieren, ähnliche Ereignisse zu clustern und auffällige Muster hervorzuheben – das SOC konzentriert sich auf die wenigen Vorfälle, die wirklich Aufmerksamkeit brauchen.
Auf Prozessebene bleiben Playbooks und Meldewege wichtig – aber schlank. Ein IR‑Playbook definiert Incident‑Klassen, Eskalationspfade und Kommunikationsregeln, inklusive der Kriterien, ab wann ein Vorfall als „NIS2‑signifikant“ gilt. Ein Meldeprozess regelt, wer die Informationen aus SOC und Fachbereichen konsolidiert und über die BSI‑Meldestelle einreicht.
Die eigentliche Dokumentation entsteht auch hier im Wesentlichen automatisch: Incident‑Tickets enthalten Timeline, betroffene Services, Impact, Ursache und Maßnahmen; ein Kennzeichen „NIS2‑relevant“ und ein Meldestatus verknüpfen sie mit den externen Berichten. Aus SIEM‑ und IR‑Daten lassen sich Kennzahlen wie MTTD, MTTR oder die Zeit zwischen Detection und Erstmeldung direkt berechnen – genau die Größen, an denen sich ablesen lässt, ob NIS2 gelebter Prozess ist oder nur eine neue Schublade im Dokumentenschrank.
NIS2 als Architektur‑Test, nicht nur als Doku‑Übung
NIS2 zwingt Unternehmen, ihre Sicherheitsmaßnahmen, Prozesse und Nachweise explizit zu machen. Das ist unbequem – gerade für Organisationen, die bisher stark ad hoc gearbeitet haben. Ob daraus ein Papiertiger oder ein echter Sicherheitsgewinn wird, entscheidet sich aber nicht im Gesetzestext, sondern in der Architektur.
Wer versucht, die Richtlinie vor allem mit Word, PowerPoint und Excel „wegzudokumentieren“, wird viel Aufwand und wenig Resilienz produzieren. Werden hingegen IdP und IAM, CI/CD‑Pipelines, SBOM‑ und Vulnerability‑Tools, SIEM und IR‑Plattform so aufgesetzt, dass sie die geforderten Controls und Nachweise quasi nebenbei liefern, bekommt man NIS2‑Compliance als Nebeneffekt einer modernen Security‑Landschaft. (jm)
View the full article
reporter

NIS2 umsetzen – ohne im Papierkrieg zu enden

Vadi Fuoco – shutterstock.com
NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO‑Folgenabschätzungen oder das IT‑Sicherheitsgesetz – sie haben gemeinsam, dass Unternehmen gigantische Dokumentationsberge produzieren müssen. Diese erhöhen weder die tatsächliche Sicherheit, noch sind sie realistisch prüfbar.
Compliant ist in der Regel derjenige, der eine umfangreiche Dokumentation aller Prozesse und regelmäßigen Prüfungen vorlegen kann. Diese sind zumeist so ausführlich, dass ihre Erstellung bereits nahezu unzumutbare Aufwände verursacht und ihre manuelle Prüfung praktisch unmöglich wird. Selbst wenn man sie prüfen würde, wären die Informationen nicht präzise genug, um echte Sicherheit zu belegen.
Sicherheit gehört in die Planung
In vielen Unternehmen entsteht dadurch eine absurde Praxis: Das technische Team baut funktionierende Infrastruktur und losgelöst davon schreibt ein Compliance‑Beauftragter im Nachhinein eine seitenlange Rechtfertigung, warum die Lösung angeblich sicher sei.
Das ist ungefähr so, als würde Volkswagen ein Auto bauen und erst danach verfasst jemand 40 Seiten darüber, warum dieses Auto den Sicherheitsstandards entsprechen sollte. In der realen Industrie läuft es natürlich anders: Sicherheitsanforderungen fließen bereits in die Planung ein, technologische Mindeststandards sind definiert, und Qualitätsprozesse überwachen die Umsetzung automatisch. Compliance ergibt sich aus Technik – nicht aus Leitz‑Ordnern.
In anderen Bereichen, wie der Steuerprüfung, hat man dieses Problem längst erkannt und die Automatisierung relevanter Prozesse gesetzlich vorgeschrieben (Stichwort: elektronische Registrierkasse, revisionssichere Buchhaltungssoftware). Das erspart ehrlichen Unternehmern nicht nur enorme manuelle Arbeit, sondern reduziert vor allem das Missbrauchsrisiko.
Leider werden in Deutschland nur wenige Dinge so konsequent umgesetzt wie das Eintreiben unserer Steuern.
Anders als beim Thema Steuerlast sollten Unternehmen jedoch ein intrinsisches Interesse daran haben, ihre IT‑Sicherheit korrekt zu implementieren. Das Bußgeld für einen NIS2‑Verstoß kann bis zu zehn Millionen Euro oder zwei Prozent des weltweiten Jahresumsatzes betragen. Die wirtschaftlichen Schäden erfolgreicher Cyberangriffe sind oft existenzbedrohend und summieren sich bereits heute auf dreistellige Milliardenbeträge pro Jahr.
Auch wenn es nicht ausdrücklich gesetzlich vorgeschrieben ist, gibt es mittlerweile – nicht zuletzt durch AI‑gestützte Werkzeuge – die Möglichkeit, Sicherheitsprozesse und ihre vollständige Dokumentation so weit zu automatisieren, dass sich Security, Compliance und Auditierbarkeit in einem einzigen technischen Prozess vereinen lassen. Das spart nicht nur Ressourcen, sondern erhöht auch die tatsächliche Sicherheit.
Wie dies im Detail aussehen kann, zeigt ein Beispiel einer SaaS‑Applikation in der Cloud.
 
IT im Wandel: von Textdokumenten zu deklarativer Technik
NIS2 verlangt im Kern drei Dinge: konkrete Sicherheitsmaßnahmen, Prozesse und Richtlinien zur Steuerung dieser Maßnahmen sowie belastbare Nachweise, dass sie im Alltag funktionieren. Die Prozessdokumentation – also Policies, Zuständigkeiten und Abläufe – ist für die meisten größeren Unternehmen nichts grundsätzlich Neues. ISO‑27001‑basierte Informationssicherheits-Managementsysteme (ISMS), HR‑Prozesse und Management‑Handbücher existieren oft seit Jahren. Entscheidend für NIS2 sind deshalb vor allem zwei Ebenen: die technischen Maßnahmen und die Evidenz, dass sie wirksam sind.
Genau hier zeigt sich der Umbruch der letzten Jahre. Früher wurden Konzepte, Maßnahmen und Spezifikationen von Software‑ und IT‑Infrastrukturen überwiegend in Textform dokumentiert. Programmcode war zu komplex, Konfigurationen lagen verstreut in Dateien, Ticketsystemen oder im Kopf einzelner Administratoren. Im Nachgang hat man Dokumente geschrieben – häufig durch fachfremde Kollegen. Dieses Vorgehen war vor allem aus zwei Gründen problematisch: Es skaliert nicht in wachsenden, verteilten Umgebungen, und es passt nicht zu dem Ziel, technische Prozesse konsequent zu automatisieren.
In modernen Systemen setzt man deshalb auf Verfahren wie Test‑ oder Behaviour‑driven Development und Infrastructure as Code (IaC), die – konsequent angewendet – textuelle Dokumentation weitgehend ersetzen. Die von NIS2 geforderten technischen Spezifikationen können direkt auf diese Artefakte referenzieren: IaC‑Definitionen legen Verschlüsselung, Netzsegmente oder Backup‑Szenarien fest, und CI/CD‑Pipelines spielen sie revisionssicher in die Produktion aus.
Änderungen sind damit nicht nur technisch exakt beschrieben, sondern über Commits und Deployments auch zeitlich nachvollziehbar. Die Evidenz für Aspekte, die sich nicht vollständig deklarativ fassen lassen – etwa die Sicherheit der Software‑Supply‑Chain oder des Anwendungscodes – kann über Security‑Checks in der CI/CD‑Pipeline und eine laufende Bewertung durch SIEM‑ und CNAPP‑Systeme abgebildet werden.
Wie das konkret aussehen kann, zeigt sich besonders deutlich in folgenden Bereichen:
Identity & Access Management, Schwachstellenmanagement in der Software‑Supply‑Chain sowie im Monitoring, Incident Handling und Meldepflichten.  
Identity & Access Management: Policies as Code statt Rollen‑Excel
Identity & Access Management ist eine der zentralen Säulen von NIS2. Gefordert sind nicht nur „irgendwelche“ Rollen, sondern ein Zugriffskonzept nach Need‑to‑know, Least Privilege und Separation of Duties. In der Praxis lässt sich das gut in drei Ebenen denken: bewusste Vergabe von Rechten, ein realistischer Lebenszyklus dieser Rechte – und eine Architektur, die Lateral Movement so weit wie möglich verhindert.
Statt Berechtigungen in Excel, Admin‑UIs und verstreuten Wikis zu pflegen, werden Rollen und Zugriffsrechte als Policies as Code, beziehungsweise Infrastructure as Code definiert – etwa als Terraform‑Module oder JSON/YAML‑Policies in einem Git‑Repository. Alle Änderungen laufen ausschließlich über Merge Requests und werden über eine CI/CD‑Pipeline ausgerollt.
Damit ist klar nachvollziehbar, wer welche Rechte geändert hat, wer das freigegeben hat und wann die Änderung produktiv gegangen ist. Die Dokumentations‑ und Nachweispflichten von NIS2 ergeben sich so direkt aus Git‑History und Pipeline‑Logs, ohne dass jemand zusätzliche Word‑Konzepte schreiben muss.
Ein Rollenmodell allein ist noch kein Least Privilege. NIS2 verlangt, dass Rechte regelmäßig überprüft und überflüssige Berechtigungen entfernt werden. In Cloud‑Umgebungen mit hunderten Accounts, Services, Pods und Functions ist das manuell kaum noch handhabbar.
Hier setzen Cloud‑Identity‑Entitlement‑Management‑Systeme (CIEM) an. Sie lesen alle effektiven Berechtigungen aus der Umgebung aus, korrelieren sie mit Audit‑Logs und zeigen, welche Rechte tatsächlich genutzt werden und wo Überprivilegierung besteht. Besonders bei Non‑Human Identities (Service‑Accounts, Workloads) ist das entscheidend, weil genau hier oft sehr breite Rechte vergeben werden, die Angreifern später als Sprungbrett dienen.
Einige Start-Ups bieten mittlerweile sogar CIEM-Systeme, welche mit Hilfe von AI automatisch IAM-Policies für die entsprechenden Rollen generieren können.
 
Schwachstellenmanagement & Software‑Supply‑Chain: SBOM statt Scanner‑PDF
Der zweite Block, den NIS2 und die neue Durchführungsverordnung 2024/2690 für digitale Dienste scharf stellen, ist das Schwachstellenmanagement im eigenen Code und in der Lieferkette. Gefordert sind regelmäßige Vulnerability‑Scans, Verfahren zur Bewertung und Priorisierung, fristgerechte Behandlung kritischer Schwachstellen sowie ein geregeltes Vulnerability‑Handling und – wo nötig – Coordinated Vulnerability Disclosure. Für Cloud‑ und SaaS‑Provider kommen Supply‑Chain‑Pflichten hinzu, etwa gegenüber Cloud‑, CI/CD‑ und Registry‑Dienstleistern.
Im klassischen Schwachstellenmanagement werden SCA‑, SAST‑ und DAST‑Scanner einfach „über alles drüber geworfen“. Das Ergebnis sind endlose Listen an Findings, von denen ein Großteil Fehlalarme oder für das konkrete System nicht relevant ist. Diese Daten landen dann in Excel‑Tabellen oder einer Schwachstellendatenbank, in der Teams versuchen, Prioritäten zu vergeben. Gerade bei Zero‑Day‑Lücken führt das zu hektischen Ad‑hoc‑Analysen: Welche unserer Komponenten sind betroffen? Ist die Schwachstelle in unserer Architektur überhaupt ausnutzbar? Was tun wir, solange es noch keinen Patch gibt?
Der moderne Ansatz ist, alle DevSecOps‑Findings in einem zentralen System zu konsolidieren. Dort fließen Ergebnisse aus SCA, SAST und DAST zusammen, werden mit Kontext aus Software Bill of Materials (SBOMs), Architektur und Exponiertheit angereichert und mit Hilfe von AI vorgefiltert. False Positives lassen sich so drastisch reduzieren, und übrig bleibt eine deutlich kleinere Menge an tatsächlich relevanten Schwachstellen, inklusive einer Einschätzung, wie kritisch sie im konkreten Setup sind.
Diese verdichteten Findings können direkt in Ticketsysteme und ins SOC weitergegeben werden, wo sie wie Incidents behandelt, nachverfolgt und für NIS2‑Reports ausgewertet werden. Aus einem wuchernden Scanner‑Output wird so ein steuerbarer Prozess, der sowohl die gesetzlichen Anforderungen als auch die Realität im Betrieb abbildet.
 
Monitoring, Incident‑Handling und Meldestelle
Der dritte Bereich, in dem NIS2 schnell zum Papiertiger wird, ist die Kombination aus Monitoring, Incident Response und den neuen Meldepflichten. Die Richtlinie gibt klare Deadlines vor: Frühwarnung innerhalb von 24 Stunden, eine strukturierte Meldung nach 72 Stunden, ein Abschlussbericht nach spätestens einem Monat. Viele Organisationen reagieren darauf, indem sie neue Templates, Excel‑Listen und Meldehandbücher bauen – oft weitgehend losgelöst vom bestehenden SOC.
Im Ernstfall bedeutet das: Das SOC bekämpft den Vorfall, während parallel eine „NIS2‑Taskforce“ versucht, Informationen aus Tickets, Mails und Ad‑hoc‑Chats so aufzubereiten, dass sie in ein Formular passen. Die Folge sind doppelte Arbeit, Informationsverluste und Berichte, die zwar Seiten füllen, aber wenig darüber sagen, wie gut Detection und Response tatsächlich funktionieren.
In einer Cloud‑SaaS‑Umgebung bietet sich ein anderer Weg an: Statt NIS2‑Reporting als eigenes Dokumentenprojekt zu verstehen, wird ein modernes DevSecOps‑basiertes SOC aufgebaut, so dass alle sicherheitsrelevanten Signale von vornherein an einem Ort zusammenlaufen: Cloud‑Infrastruktur, CI/CD‑Pipelines, Anwendungen, IdP und IAM.
Die Regeln, nach denen diese Daten korreliert, angereichert und in Incidents überführt werden, sind als Code definiert und versioniert. T Detection‑Logik (Threat Detection and Response), Schwellenwerte und Playbooks liegen im Repository und werden wie Anwendungscode über Pipelines ausgerollt. Große Teile der klassischen SOC‑Arbeit lassen sich damit automatisieren: Aus Roh‑Logs werden konsistente Incidents mit Kontext, ohne dass jemand manuell Textbausteine zusammenkopieren muss. CNAPP (Cloud-Native Application Protection Platform ) und ähnliche Plattformen übernehmen gleichzeitig Speicherung und Archivierung der Daten, sodass der Nachweis der Überwachungstätigkeit im System mitläuft, statt in gesonderten Doku‑Schleifen erzeugt zu werden. Machine‑Learning‑ und AI‑Komponenten helfen zusätzlich, False Positives zu reduzieren, ähnliche Ereignisse zu clustern und auffällige Muster hervorzuheben – das SOC konzentriert sich auf die wenigen Vorfälle, die wirklich Aufmerksamkeit brauchen.
Auf Prozessebene bleiben Playbooks und Meldewege wichtig – aber schlank. Ein IR‑Playbook definiert Incident‑Klassen, Eskalationspfade und Kommunikationsregeln, inklusive der Kriterien, ab wann ein Vorfall als „NIS2‑signifikant“ gilt. Ein Meldeprozess regelt, wer die Informationen aus SOC und Fachbereichen konsolidiert und über die BSI‑Meldestelle einreicht.
Die eigentliche Dokumentation entsteht auch hier im Wesentlichen automatisch: Incident‑Tickets enthalten Timeline, betroffene Services, Impact, Ursache und Maßnahmen; ein Kennzeichen „NIS2‑relevant“ und ein Meldestatus verknüpfen sie mit den externen Berichten. Aus SIEM‑ und IR‑Daten lassen sich Kennzahlen wie MTTD, MTTR oder die Zeit zwischen Detection und Erstmeldung direkt berechnen – genau die Größen, an denen sich ablesen lässt, ob NIS2 gelebter Prozess ist oder nur eine neue Schublade im Dokumentenschrank.
NIS2 als Architektur‑Test, nicht nur als Doku‑Übung
NIS2 zwingt Unternehmen, ihre Sicherheitsmaßnahmen, Prozesse und Nachweise explizit zu machen. Das ist unbequem – gerade für Organisationen, die bisher stark ad hoc gearbeitet haben. Ob daraus ein Papiertiger oder ein echter Sicherheitsgewinn wird, entscheidet sich aber nicht im Gesetzestext, sondern in der Architektur.
Wer versucht, die Richtlinie vor allem mit Word, PowerPoint und Excel „wegzudokumentieren“, wird viel Aufwand und wenig Resilienz produzieren. Werden hingegen IdP und IAM, CI/CD‑Pipelines, SBOM‑ und Vulnerability‑Tools, SIEM und IR‑Plattform so aufgesetzt, dass sie die geforderten Controls und Nachweise quasi nebenbei liefern, bekommt man NIS2‑Compliance als Nebeneffekt einer modernen Security‑Landschaft. (jm)
View the full article
reporter

Apple's M5 iPad Pro Returns to All-Time Low Black Friday Prices at Up to $180 Off

Amazon and Best Buy today opened up big discounts across the M5 iPad Pro lineup, offering as much as $180 off select tablets. Prices start at $899.00 for the 256GB Wi-Fi 11-inch M5 iPad Pro at Amazon, down from $999.00. All deals in this sale match — or beat — the record low prices we tracked during Black Friday.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

For the larger models, you can save up to $180 on the 13-inch M5 iPad Pro on Amazon this week. If you're shopping for the 2TB Nano-Texture Glass Wi-Fi model, Amazon has this tablet for $2,219.00, down from $2,399.00, as well as a few other 13-inch models between $100 and $170 off.

$100 OFF11-inch M5 iPad Pro (256GB Wi-Fi) for $899.00
$100 OFF13-inch M5 iPad Pro (512GB Wi-Fi) for $1,399.00

In regards to the Amazon discounts, many of the deals are beginning to see delayed delivery estimates, with some arriving after the Christmas holiday. If you're shopping for holiday presents, be sure to get your orders in soon.

11-Inch M5 iPad Pro

256GB Wi-Fi - $899.00 ($100 off)
512GB Wi-Fi - $1,099.00 ($100 off) [matched at Best Buy]
1TB Wi-Fi - $1,474.73 ($125 off)
1TB Nano-Texture Glass Wi-Fi - $1,576.00 ($123 off)
2TB Wi-Fi - $1,851.00 ($148 off)
2TB Nano-Texture Glass Wi-Fi - $1,999.00 ($100 off)
13-Inch M5 iPad Pro

256GB Wi-Fi - $1,197.00 ($102 off)
512GB Wi-Fi - $1,399.00 ($100 off) [matched at Best Buy]
1TB Wi-Fi - $1,756.00 ($143 off)
1TB Nano-Texture Glass Wi-Fi - $1,851.00 ($148 off)
2TB Wi-Fi - $2,129.00 ($170 off)
2TB Nano-Texture Glass Wi-Fi - $2,219.00 ($180 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find this holiday season? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Apple's M5 iPad Pro Returns to All-Time Low Black Friday Prices at Up to $180 Off" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns forView the full article
reporter

iFixit Launches Free iOS Repair App With AI-Powered FixBot

iFixit today announced the launch of a new iFixit app that's available to download from Apple's App Store (and the Play Store on Android devices). It includes all of the iFixit repair guides in a format that's ideal for mobile devices, along with a workbench that keeps track of repairs, a battery lifespan predictor, and an AI repair buddy called FixBot.


The iFixit repair app is able to monitor an iPhone's battery in real time, providing graphs of how a battery deteriorates over time. The graphs provide users with advanced notice of when a battery might need to be replaced.

FixBot is able to provide AI assistance to solve issues with smartphones, laptops, tablets, and more. Users can describe a problem with text or voice, and FixBot will provide help with diagnosis and repair. FixBot can respond to questions verbally for hands-free use, and there's also an option to share images with the AI.

iFixit says that FixBot is trained on millions of successful iFixit community repairs rather than generic information, which makes it a useful repair tool. FixBot is available in the iFixit app, and it can also be used on iFixit's website.

The app includes all of iFixit's repair guides, but it is aware of what smartphone the user has and will default to showing repair information for that device for quick information on fixes.

There are options for purchasing repair parts directly from iFixit, with the app able to check for device compatibility before a purchase is made.

iFixit did have an app that was available up until 2015, but Apple pulled it from the App Store after iFixit tore down an Apple TV developer kit. Apple said that iFixit violated the Apple terms of service with the teardown, and banned the iFixit developer account. Ten years later, iFixit was allowed to return to the ‌App Store‌.

The iFixit app can be downloaded from the App Store for free, and more information on the app is available on iFixit's website. Access to FixBot is free for now, and later, there will be both a free version and a $4.99 per month Enthusiast plan with document uploads.Tag: iFixit
This article, "iFixit Launches Free iOS Repair App With AI-Powered FixBot" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Building Nexus Expertise for Hyderabad’s Tech Sector

Hyderabad is one of India’s top technology cities. The city is home to many tech companies, growing startups, and large businesses from different fields. All these organizations need good ways to manage their software development work. This is where Nexus Repository Manager helps. It is a smart system that organizes and manages all the parts needed to build software.
For technology professionals in Hyderabad, learning Nexus Training in Hyderabad can help your career. This guide explains what Nexus is, why it matters, what good training should include, and how you can benefit from learning these skills in Hyderabad.
What is Nexus and Why is it Important?
Nexus Repository Manager is more than just storage for software parts. Think of it as the main library for everything your development teams need. When developers build software, they use many different pieces like code packages, libraries, and tools. Nexus keeps all these organized in one place so teams can work better.
Using Nexus has clear benefits. First, it saves time. Instead of downloading the same parts repeatedly from the internet, developers can get them quickly from the local Nexus system. This is especially helpful for Hyderabad teams working across different times and network conditions.
Second, it makes things more secure. Nexus acts like a security guard for your software supply. It can stop unsafe parts and keep good records of everything used in development. This is very important for Hyderabad’s banks, hospitals, and government offices that have strict security rules.
Third, it makes development more reliable. When internet services have problems, teams can keep working because they have local access to all their needed parts. This reliability is valuable for Hyderabad companies that need steady development progress.
Fourth, it helps save money. Through smart storage management, Nexus helps companies use their resources well without wasting money on extra infrastructure.
Finally, it helps teams work together better. With everything organized in one place, different teams can easily share parts and work together more effectively. This teamwork is important for Hyderabad’s various technology companies.
Why Hyderabad Needs More People with Nexus Skills
Hyderabad’s technology sector keeps growing fast. Areas like HITEC City and Gachibowli host hundreds of companies. This growth means more need for professionals who understand modern software development tools like Nexus.
Several reasons explain this need in Hyderabad. Many traditional businesses in the city are changing to use more technology. Companies in medicine, manufacturing, and services are adopting new software methods, creating need for people who can set up and manage systems like Nexus.
Companies are also paying more attention to security during development. This approach, called DevSecOps, puts security at every stage. Nexus helps this by allowing security checks at the part level.
As Hyderabad companies move to cloud systems and use more containers, they need better ways to manage Docker images and other cloud parts. Nexus has special features for these needs that are becoming important skills.
Security concerns continue to grow. With more awareness of software supply attacks, Hyderabad companies want tools that give them control over what parts they use. This makes Nexus skills valuable for security-focused companies in the city.
The job market in Hyderabad stays competitive. Having special skills like Nexus repository management can help you stand out from other job seekers and create chances for better positions and higher pay.
What Good Nexus Training Should Cover
Good Nexus training should give you both theory knowledge and practical skills. A complete program will cover several important areas you need to work well with Nexus.
You should start with the basic concepts. This means understanding what Nexus does, the different ways it can be set up, and the types of storage spaces it manages. Getting this foundation right is important before moving to more advanced topics.
Next comes installation and configuration. Good training will show you how to install Nexus in different environments and set it up properly for your needs. This includes understanding network needs and storage setup that fit Hyderabad’s systems.
Repository management is a main area of learning. You’ll learn how to create and manage storage spaces for different types of packages – whether you work with Java, JavaScript, Python, containers, or other technologies common in Hyderabad companies.
Security implementation is very important. Training should cover how to set up access controls, configure login methods, and add security checking tools. These skills are especially valuable for Hyderabad organizations with strict rules to follow.
You’ll also learn about maintenance and troubleshooting. This includes how to keep Nexus running smoothly, monitor its performance, and solve common issues that might come up in working environments.
Integration with other tools is another important area. You’ll learn how to connect Nexus with the automation tools that Hyderabad companies commonly use, like Jenkins, GitLab, and Azure DevOps.
Finally, training should cover advanced features. This includes high-availability setups, automation using APIs, and performance optimization methods that become important as you work with larger systems in growing Hyderabad companies.
Comparing Learning Approaches
People learn in different ways. Some prefer to learn independently, while others do better with structured guidance. Understanding these differences can help you choose the right approach for your Nexus learning journey.
Learning AspectLearning on Your OwnStructured Training ProgramFinding InformationSearching online, reading documents, watching tutorialsOrganized curriculum with everything in orderGetting HelpAsking on forums, hoping for answersDirect access to instructors who can explain clearlyPractical ExperienceCreating your own projects and learning through trial and errorGuided exercises that simulate real work situationsTime RequiredOften takes longer as you navigate learning materials independentlyMore efficient with a clear learning path and scheduleLearning Best PracticesDiscovering effective methods through your own mistakesLearning proven approaches from experienced professionalsNetworking OpportunitiesLimited interaction with other learnersConnecting with classmates who share similar professional goalsCertification PreparationStudying independently using available resourcesStructured preparation including practice tests and guidance Key Topics in Comprehensive Nexus Training
A complete Nexus training program should cover all essential areas you need for professional work. Here’s what quality training typically includes:
Training TopicWhat You’ll LearnRelevance to Hyderabad ProfessionalsFundamental ConceptsHow Nexus works, deployment options, repository typesFoundation for working with Hyderabad’s diverse tech environmentsSetup & ConfigurationInstallation methods, initial setup, network configurationPractical skills for Hyderabad’s specific infrastructure needsRepository ManagementCreating and organizing different repository typesEssential for handling various technology stacks in Hyderabad companiesSecurity ImplementationAccess controls, authentication methods, security policiesCritical for Hyderabad’s regulated sectors like finance and healthcareMaintenanceRegular upkeep, performance monitoring, troubleshootingKeeps systems reliable in Hyderabad’s production environmentsTool IntegrationConnecting with CI/CD tools and development systemsIntegrates with automation platforms common in Hyderabad organizationsAdvanced FeaturesHigh availability, API automation, optimization techniquesPrepares you for larger implementations in Hyderabad’s expanding companies Advantages of Hyderabad-Focused Learning
Learning Nexus within Hyderabad’s specific technology context offers distinct benefits. Training designed for Hyderabad professionals includes examples and scenarios relevant to local industries. You might learn about pharmaceutical component management, financial services compliance requirements, or government security needs—all immediately applicable to Hyderabad workplaces.
Hyderabad has unique technology infrastructure considerations. Local training understands these and addresses how to implement solutions that work well with Hyderabad’s specific setup, including considerations for HITEC City and other technology zones.
Networking becomes more valuable when learning with other Hyderabad professionals. You build connections with people who work in similar environments and face similar challenges. These relationships can support your career growth in Hyderabad’s tech community.
Trainers familiar with Hyderabad’s job market can provide insights about what skills local employers value most and which certifications carry weight in Hyderabad companies.
Understanding how Hyderabad organizations typically operate—their team structures, decision processes, and technology adoption patterns—helps you implement solutions that align with local workplace culture and expectations.
Why DevOpsSchool is a Good Choice for Hyderabad Learners
DevOpsSchool has established itself as a trusted provider of DevOps training with specific relevance to Hyderabad’s technology professionals. Their approach focuses on practical learning that translates directly to workplace effectiveness.
Their courses are designed around real situations Hyderabad professionals encounter. The content stays current, reflecting new features and evolving best practices in the industry.
They recognize that Hyderabad professionals have varied schedules and learning preferences. That’s why they offer multiple learning formats—instructor-led online sessions, self-paced options, and customized corporate training solutions.
Support extends beyond course completion. You gain access to additional resources, community forums, and ongoing learning opportunities that help you continue developing your skills in Hyderabad’s tech environment.
Practical application is emphasized throughout. Every training module includes hands-on practice through guided exercises and projects that mirror real work challenges faced by Hyderabad technology teams.
Career development support is integrated into the training experience. You receive guidance on building professional portfolios, preparing for relevant certifications, and effectively presenting your new skills when pursuing opportunities in Hyderabad’s job market.
Learning from Expert Instructor: Rajesh Kumar
The Nexus Training in Hyderabad offered through DevOpsSchool is guided by Rajesh Kumar, whose extensive industry experience brings valuable perspective to the learning process.
With over twenty years of practical experience across multiple technology domains, Rajesh provides insights that go beyond basic tool usage. He explains not just how to perform tasks, but why certain approaches work better and how to think about solving real problems you’ll encounter in Hyderabad workplaces.
This practical perspective is particularly valuable. You learn how to design effective solutions that support organizational objectives, not just how to use Nexus features. You gain understanding of what works well at scale, common implementation challenges to avoid, and strategies for securing organizational support for new technology practices—all knowledge that proves valuable when implementing Nexus solutions in Hyderabad’s diverse business environments.
Who Benefits from Nexus Training in Hyderabad?
This training serves multiple professional roles within Hyderabad’s technology sector. DevOps engineers working with automation pipelines will find these skills valuable for building more robust systems. System administrators responsible for development infrastructure will learn how to deploy and maintain repository servers effectively.
Build and release engineers who manage dependencies and coordinate releases need sophisticated artifact management capabilities that this training provides. Software developers seeking deeper understanding of complete software supply chains will gain valuable perspective on dependency management.
Technical leads and engineering managers who design workflows and select tools for their teams will learn how to make informed decisions about repository management implementations. IT managers overseeing development tools and processes will understand how to implement effective systems that support organizational goals.
Individuals beginning their technology careers or transitioning into tech roles will build foundational skills that Hyderabad employers value. Quality assurance professionals involved in build validation and deployment processes will better understand artifact management and version control.
Career Benefits of Nexus Expertise
Learning Nexus creates several pathways for professional advancement in Hyderabad’s technology sector. In Hyderabad’s competitive job market, specialized skills help distinguish candidates. Organizations seeking professionals with modern development practice understanding often prioritize candidates with Nexus expertise.
These skills can facilitate transitions into dedicated roles. You might move into DevOps positions, platform engineering roles, or developer productivity positions that typically offer increased responsibility and enhanced compensation.
You’ll develop better problem-solving capabilities. With deeper repository management understanding, you can diagnose and resolve complex build, dependency, and deployment issues more efficiently, increasing your value to teams and organizations.
The skills have cross-industry applicability. They’re valuable across different sectors, with varied technology stacks, and in organizations of different sizes. This versatility means your skills remain relevant as your career evolves in Hyderabad’s diverse tech landscape.
You establish foundation for advanced practices. Nexus expertise prepares you for related areas like Infrastructure as Code, continuous security validation, and software supply chain optimization—all areas gaining importance in Hyderabad’s technology environment.
Most significantly, you can contribute tangible value. Professionals who implement effective repository management solutions directly impact their organizations’ development efficiency, cost management, and security posture—outcomes that organizations recognize and appreciate.
Choosing the Right Training Program
With multiple training options available in Hyderabad, careful consideration helps ensure you choose effectively. Evaluate instructor backgrounds. Prioritize trainers with substantial real-world implementation experience, particularly with environments similar to those in Hyderabad organizations.
Review curriculum comprehensiveness. Ensure programs cover both fundamental concepts and practical advanced topics with appropriate balance between theoretical understanding and hands-on application.
Consider learning format compatibility. Determine whether in-person, live online, or self-paced learning aligns best with your schedule constraints, learning preferences, and professional commitments in Hyderabad.
Assess support availability. Quality training programs provide assistance when needed, both during and after course completion. Resources and community access significantly enhance learning experience and outcomes.
Examine provider reputation. Select organizations with demonstrated track records of delivering valuable training within Hyderabad’s technology community.
If professional certification matters for your goals, verify whether training aligns with relevant certifications valued by Hyderabad employers.
Evaluate return on investment. Consider total investment—time, financial resources, opportunity costs—against potential career benefits, skill development, and professional network expansion the training offers in Hyderabad’s context.
Beginning Your Learning Journey
Investing in Nexus Training in Hyderabad represents strategic commitment to professional development within one of India’s most dynamic technology ecosystems. This commitment extends beyond learning specific tool features to developing fundamental understanding of modern software supply chain management—competencies increasingly essential as Hyderabad organizations accelerate digital initiatives and adopt sophisticated development practices.
Quality training transforms professionals from passive tool users to strategic solution architects capable of designing, implementing, and optimizing repository management systems that enhance team productivity, strengthen security postures, and improve software delivery outcomes. By developing these capabilities through reputable training providers and dedicated learning efforts, Hyderabad technology professionals position themselves for increased responsibility, enhanced compensation, and greater impact within their organizations.
The journey toward mastering Nexus repository management in Hyderabad begins with recognizing strategic value of these skills, selecting appropriate learning pathway, and committing to practical application of acquired knowledge. For professionals prepared to undertake this step, opportunities for growth, contribution, and advancement within Hyderabad’s vibrant technology sector have never been more accessible.
Start Your Nexus Learning in Hyderabad Today
If you’re ready to develop valuable, practical skills aligning with Hyderabad’s evolving technology requirements, exploring comprehensive Nexus Training in Hyderabad represents forward-looking investment in your professional future.
Connect with DevOpsSchool to Begin:
Website: https://www.devopsschool.com/ Email: [email protected] Phone & WhatsApp (India): +91 84094 92687 Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
reporter

How Nexus Makes Chennai Tech Work Smoother

Chennai has become a vibrant technology hub. Companies across many industries here are embracing modern software development practices. This includes manufacturing, automotive, healthcare, finance, and growing startups. As these organizations transform digitally, they need efficient tools to manage all the different parts of their software. This is where Nexus Repository Manager becomes important. It’s a smart system that organizes everything needed to build software—from code packages and libraries to container images and development tools.
For technology professionals in Chennai, learning Nexus Training in Chennai can really help your career. This guide explains why Nexus skills matter, what good training should include, and how this knowledge can improve your professional standing in Chennai’s tech world.
Why Nexus Matters in Today’s Software Development
Nexus Repository Manager serves as the main hub for managing software components. It’s more than just storage—it’s a complete system that organizes how all the different pieces of software move through development. For companies in Chennai, Nexus provides several important benefits that make work easier and more efficient.
First, it makes development faster. When developers need certain tools or code packages, Nexus keeps a local copy so they don’t have to download them repeatedly from the internet. This saves valuable time, especially for Chennai teams working with code from around the world.
Second, it improves security. Nexus acts like a security guard for your software supply chain. It can block unsafe components and keep detailed records of everything used in development. This is especially important for Chennai’s banking, healthcare, and manufacturing companies that have strict rules to follow.
Third, it makes work more reliable. Sometimes internet connections or external services have problems. Nexus reduces dependence on these external sources, so teams in Chennai can keep working even when there are connectivity issues.
Fourth, it helps control costs. Through smart storage management and cleanup rules, Nexus helps organizations use their storage efficiently without wasting money on unnecessary infrastructure.
Finally, it helps teams work together better. By keeping everything organized in one central place, Nexus makes it easier for different teams to share components and work consistently across the organization.
The Growing Need for Nexus Skills in Chennai
Chennai’s technology environment is changing quickly. More and more companies need professionals who understand not just how to write code, but how to manage the complete software development process. Several factors are creating this demand for Nexus skills.
Many traditional industries in Chennai are going through digital transformation. Companies in automotive, manufacturing, healthcare, and finance are adopting modern software practices. This means they need people who can set up and manage the supporting systems like Nexus.
Organizations are also paying more attention to security throughout development, an approach called DevSecOps. Nexus plays an important role here by allowing security checks and policy enforcement right at the component level.
As Chennai companies move their systems to the cloud and use more containers, they need better ways to manage Docker images and other cloud components. Nexus provides special features for these needs.
Security concerns are growing too. With more awareness about software supply chain attacks, Chennai companies want tools that give them visibility and control over what components they use. This makes Nexus skills valuable for security-focused organizations.
The job market in Chennai is competitive. Having specialized skills like Nexus repository management can help you stand out from other candidates and create opportunities for better positions and higher pay.
What Good Nexus Training Should Include
Effective Nexus training should give you both the theory and the practical skills you need. A good training program will take you through several important areas.
You should learn the basic concepts first—understanding what Nexus does, the different ways it can be deployed, and the types of repositories it manages. This foundation is important before moving to more advanced topics.
Next comes installation and setup. Good training will show you how to install Nexus in different environments and configure it properly for your needs.
Repository management is a key area. You’ll learn how to create and manage repositories for different types of packages—whether you’re working with Java, JavaScript, containers, or other technologies.
Security implementation is crucial. Training should cover how to set up access controls, configure authentication methods, and integrate security scanning tools.
You’ll also learn about maintenance and troubleshooting—how to keep Nexus running smoothly, monitor its performance, and solve common problems that might come up.
Integration with other tools is another important area. You’ll learn how to connect Nexus with the automation tools that Chennai companies commonly use.
Finally, training should cover advanced features like high-availability setups, automation using APIs, and performance optimization for when you’re working at larger scales.
Comparing Learning Approaches: Which Works Best for You?
People have different ways of learning. Some try to learn independently, while others do better with guided instruction. Here’s how these approaches compare:
Learning AspectLearning on Your OwnStructured Training ProgramFinding InformationSearching online, reading documents, watching tutorialsOrganized curriculum with everything in one placeGetting Help When StuckPosting on forums, hoping someone answersDirect access to instructors who can explain clearlyHands-on PracticeSetting up your own projects, learning through trial and errorGuided exercises that simulate real work situationsTime RequiredOften takes longer as you figure things out yourselfMore efficient with a clear learning pathLearning Best MethodsDiscovering what works through your own mistakesLearning proven approaches from experienced professionalsMeeting Other LearnersMostly learning aloneConnecting with classmates who share similar goalsPreparation for CertificationsStudying on your own with online resourcesStructured preparation with practice tests and guidance Key Topics Covered in Comprehensive Nexus Training
A complete Nexus training program should cover all the essential areas you need to work effectively. Here’s what you can expect to learn:
Training ModuleWhat You’ll LearnWhy It Matters for Chennai ProfessionalsFundamentals & SetupHow Nexus works, different installation methods, basic configurationUnderstanding the foundation before working with Chennai’s specific infrastructureRepository ManagementCreating and managing different repository types, storage optimizationEssential for handling diverse technology stacks used in Chennai companiesSecurity ConfigurationSetting up access controls, authentication, security policiesCritical for Chennai’s regulated industries like banking and healthcareMaintenance & MonitoringRegular upkeep, performance tracking, troubleshooting common issuesKeeps systems running smoothly in Chennai’s production environmentsCI/CD IntegrationConnecting Nexus with Jenkins, GitLab, Azure DevOps and other toolsIntegrates with automation systems commonly used in Chennai organizationsAdvanced FeaturesHigh availability, REST API automation, performance optimizationPrepares you for larger-scale implementations in growing Chennai companies Benefits of Learning in Chennai
Learning Nexus specifically in Chennai offers some unique advantages that generic training might miss. Training designed for Chennai professionals includes examples and scenarios relevant to local industries. You might learn about automotive component management, healthcare compliance requirements, or financial services security needs—all things that make the training immediately useful in Chennai workplaces.
Chennai has its own technology infrastructure considerations. Local training understands these and can address how to implement solutions that work well with Chennai’s specific setup.
Networking becomes more meaningful when you’re learning with other Chennai professionals. You build connections with people who work in similar environments and face similar challenges. These connections can be valuable throughout your career.
Trainers who know the Chennai job market can give you insights about what skills local employers are looking for and which certifications are most valued in Chennai companies.
Understanding how Chennai organizations typically work—how they structure teams, make decisions, and adopt new technology—helps you implement solutions that fit well with local workplace culture and processes.
Why DevOpsSchool is a Good Choice
DevOpsSchool has built a reputation as a reliable place to learn DevOps skills in Chennai. Their approach focuses on practical learning that you can actually use at work. Rather than just teaching theory, they emphasize skills that translate directly to workplace success.
Their courses are designed around real situations you might encounter in Chennai workplaces. The content stays current, reflecting new features and best practices as they evolve.
They understand that people have different schedules and learning preferences. That’s why they offer various learning formats—instructor-led online sessions, self-paced options, and customized training for companies.
Support doesn’t end when the course finishes. You get access to additional resources, community forums, and ongoing learning opportunities that help you continue growing your skills.
Practical skills are emphasized throughout. Every part of the training includes hands-on practice through guided exercises and projects that resemble real work challenges.
They also help with career development—guiding you on how to build a professional portfolio, prepare for certifications, and present your new skills effectively when pursuing career opportunities in Chennai.
Learning from an Experienced Professional
The Nexus Training in Chennai offered through DevOpsSchool is taught by Rajesh Kumar, who brings over twenty years of practical experience. Learning from someone with this depth of experience makes a significant difference.
Rajesh doesn’t just show you which buttons to click. He explains why certain approaches work better than others and how to think about solving real problems you’ll encounter at work. His teaching connects theoretical concepts to practical business needs.
This practical perspective is especially valuable. You learn not just how to use Nexus, but how to design effective solutions that support organizational goals. You gain insights about what works well at scale, common mistakes to avoid, and strategies for getting organizational support for new technology practices—all knowledge that proves valuable when implementing Nexus solutions in Chennai’s diverse business environments.
Who Can Benefit from This Training?
This training isn’t just for one specific job role. Several different types of professionals in Chennai can benefit from learning Nexus.
DevOps engineers who work with CI/CD pipelines and automation will find these skills valuable for building more robust systems. System administrators responsible for development infrastructure will learn how to deploy and maintain repository servers effectively.
Build and release engineers who manage dependencies and coordinate releases need sophisticated artifact management capabilities. This training provides exactly that.
Software developers who want to understand more about the complete software supply chain will gain valuable perspective. Technical leads and engineering managers who design workflows and select tools for their teams will learn how to make better decisions about repository management.
IT managers overseeing development tools and processes will understand how to implement effective systems. People starting their tech careers or transitioning into technology roles will build foundational skills that Chennai employers value.
How This Helps Your Career
Learning Nexus can help your career in several ways. In Chennai’s competitive job market, specialized skills make you stand out. Companies looking for professionals who understand modern development practices often seek candidates with Nexus expertise.
These skills can open doors to different roles. You might move into dedicated DevOps positions, platform engineering roles, or developer productivity positions that often come with more responsibility and better compensation.
You’ll become better at solving problems. With deeper understanding of repository management, you can diagnose and resolve complex build, dependency, and deployment issues more efficiently. This makes you more valuable to your team and organization.
The skills are versatile. They’re useful across different industries, with different technology stacks, and in organizations of various sizes. This versatility means your skills remain relevant as your career evolves.
You build a foundation for learning more advanced practices. Nexus expertise prepares you for related areas like Infrastructure as Code, continuous security practices, and software supply chain optimization—all areas that are becoming more important in Chennai’s technology landscape.
Most importantly, you can make a real impact. Professionals who implement effective repository management solutions contribute directly to their organizations’ development speed, cost management, and security—outcomes that organizations notice and value.
Choosing the Right Training
With several training options available, it’s important to choose carefully. Consider the instructor’s background. Look for trainers who have real implementation experience, particularly with environments similar to what you find in Chennai organizations.
Check what the curriculum covers. Make sure it includes both basic concepts and practical advanced topics. There should be a good balance between theory and hands-on practice.
Think about the learning format. Consider whether in-person, live online, or self-paced learning works best for your schedule and learning style.
Look at what support is available. Quality training programs offer help when you need it, both during and after the course. Resources and community access can make a big difference in your learning experience.
Consider the provider’s reputation. Choose organizations that are known for delivering valuable training in the Chennai tech community.
If certification matters to you, check whether the training aligns with relevant professional certifications that employers in Chennai value.
Think about your return on investment. Consider what you’re investing—time, money, opportunity—and weigh it against the career benefits, skill development, and professional connections the training offers.
Taking the Next Step
Investing in Nexus Training in Chennai is about more than learning another tool. It’s about developing important skills that support modern software development practices. As Chennai companies continue adopting new ways of working, professionals who understand how to manage software components efficiently will find many opportunities.
Good training changes how you approach software development. It helps you collaborate better with teams and improve what you deliver. By choosing quality training and committing to learning, you position yourself for growth in Chennai’s expanding technology sector.
The journey starts with recognizing the value of these skills, selecting the right learning path, and applying what you learn to real work situations. For professionals ready to take this step, there are many opportunities waiting in Chennai’s technology world.
Start Your Learning Journey
If you’re ready to build valuable skills for Chennai’s tech industry, comprehensive Nexus Training in Chennai is a smart choice for your professional development.
Get in touch with DevOpsSchool:
Website: https://www.devopsschool.com/ Email: [email protected] Phone & WhatsApp (India): +91 84094 92687 Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
reporter

Apple Launches Tap to Pay on iPhone in Hong Kong

Apple has announced the availability of Tap to Pay on iPhone in Hong Kong, allowing independent sellers, small merchants, and large retailers in the region to use ‌iPhones‌ as a payment terminal.


Tap to Pay allows iPhones to accept payments via Apple Pay, contactless credit and debit cards, and other digital wallets‌‌‌. All transactions are encrypted, and Apple has no information about what is purchased or the person who made the purchase.

No additional hardware or credit card machine is required‌ to use Tap to Pay on iPhone. The feature uses NFC technology to securely authenticate the contactless payments, plus the feature also supports PIN entry, which includes accessibility options.

From today, Adyen, Global Payments, KPay, and SoéPay are the first payment platforms in Hong Kong to offer Tap to Pay on iPhone. Apple says the rollout cuts across key sectors, including taxi, retail, food and beverage, and professional services.

Tap to Pay on ‌iPhone‌ launched in February 2022 in the United States, and since then, Apple has expanded it to more than 50 countries and regions around the world. Tags: Hong Kong, Tap to Pay on iPhone
This article, "Apple Launches Tap to Pay on iPhone in Hong Kong" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Bangalore’s Complete Guide to Nexus Implementation

In the dynamic tech ecosystem of Bangalore, the need for streamlined software development practices has never been more critical. With companies moving towards faster release cycles and more complex application architectures, managing dependencies and binaries efficiently has become a key challenge. This is where tools like Sonatype Nexus Repository Manager prove invaluable. For professionals in India’s Silicon Valley looking to upskill, finding comprehensive Nexus Training in Bangalore can be the differentiator in their career journey. This blog explores why Nexus expertise matters, what effective training should cover, and how it can accelerate your growth in the Bangalore tech market.
Why Nexus? The Repository Manager Shaping Modern DevOps
Sonatype Nexus Repository isn’t just a storage solution—it’s a complete component management platform that sits at the heart of your DevOps toolchain. As organizations embrace microservices, containerization, and polyglot programming environments, the sheer number of dependencies and build artifacts explodes. Nexus helps tame this complexity by acting as a single source of truth for all binaries, from Java JARs and npm packages to Docker images and Python wheels.
The impact on software delivery is profound:
Accelerated Build Times: Local caching of dependencies means developers and CI/CD pipelines aren’t waiting for downloads from the internet. Enhanced Security & Compliance: It acts as a policy enforcement point, allowing organizations to block vulnerable components and ensure only approved artifacts are used. Improved Reliability: Reduces dependency on external repositories, protecting you from outages in services like Maven Central or npmjs. Better Collaboration: Provides a centralized, organized library of internal artifacts, making it easier for teams to share and reuse components. However, simply installing Nexus is not enough. To truly unlock these benefits, teams need to understand its architecture, configuration nuances, and integration patterns. This is where specialized Nexus Training in Bangalore becomes essential, providing the practical knowledge needed to implement and manage repository solutions effectively.
The Bangalore Advantage: Why Localized Training Matters
Bangalore’s unique position as India’s technology capital creates specific demands and opportunities for IT professionals. The concentration of multinational R&D centers, innovative startups, and established IT services companies means the competition for skilled talent is intense. Localized training offers distinct benefits that generic online courses often miss:
Relevant Industry Context: Training designed for the Bangalore market addresses common architectures and toolchains used by local companies, from enterprises to high-growth startups. Networking Opportunities: In-person or locally-focused virtual classes connect you with peers, instructors, and potential mentors within the same professional ecosystem. Understanding Local Implementation Challenges: Discussions can cover region-specific considerations, such as integration with local development practices or compliance with data residency norms. Career Pathway Clarity: Trainers familiar with the Bangalore job market can provide realistic guidance on how Nexus skills apply to roles available in the city’s diverse tech landscape. What to Expect from Quality Nexus Training
A comprehensive training program should take you from foundational concepts to advanced repository management. Look for a curriculum that covers:
Core Concepts & Installation: Understanding repository types (proxy, hosted, group), deployment models, and initial configuration best practices. Repository Management: Setting up repositories for different formats (Maven, npm, Docker, NuGet, PyPI), configuring cleanup policies, and managing storage. Security & Access Control: Implementing LDAP/Active Directory integration, creating fine-grained roles and privileges, and setting up SSL certificates. Maintenance & Optimization: Performing backups, upgrades, monitoring performance, and troubleshooting common issues. CI/CD Integration: Connecting Nexus with Jenkins, GitLab CI, Azure DevOps, and other automation servers. Security Scanning Integration: Setting up tools like Sonatype CLM or integrating with other security scanners to enable DevSecOps practices. Key Skills Developed Through Professional Training
Skill CategorySelf-Learning ApproachStructured Training ApproachArchitecture DesignTrial and error; may miss optimal patternsLearns proven patterns for high availability and scalingSecurity ConfigurationRisk of insecure setups or permission gapsSystematic approach to secure access and vulnerability preventionTroubleshootingRelies on forums; resolution can be slowDevelops methodical debugging skills through guided scenariosIntegration KnowledgeLimited to documented examplesHands-on labs for real-world CI/CD pipeline integrationBest PracticesLearned through mistakes in productionTaught upfront by experienced practitionersPerformance TuningOften overlooked or addressed reactivelyProactive strategies for optimizing repository performance The DevOpsSchool Advantage: Your Learning Partner in Bangalore
When choosing where to build your expertise, the training provider’s reputation and methodology matter immensely. DevOpsSchool has established itself as a trusted name for professionals seeking practical, in-depth knowledge of DevOps tools and practices. Their philosophy centers on moving beyond theoretical concepts to deliver hands-on, applicable skills that translate directly to workplace challenges.
What makes DevOpsSchool particularly effective for learners in Bangalore and beyond is their commitment to a comprehensive learning experience:
Real-World Focus: Courses are designed around actual implementation scenarios you’ll encounter in professional environments. Flexible Learning Formats: Offering options that suit different schedules and learning preferences, including instructor-led online sessions that maintain interactive quality. Continuous Support: Providing resources and community access that help you apply and reinforce your learning long after the course ends. Industry-Aligned Content: Their curriculum is regularly updated to reflect the latest features and evolving best practices in tools like Nexus. Learning from an Industry Expert: Rajesh Kumar
The true value of any training program lies in the expertise of those guiding it. The Nexus Training in Bangalore from DevOpsSchool is led by Rajesh Kumar, whose two decades of hands-on experience bring a depth of practical knowledge that transforms how the subject is taught. His background isn’t limited to a single tool or methodology; it spans the entire modern IT landscape—from foundational DevOps and SRE principles to cutting-edge areas like AIOps, Kubernetes orchestration, and multi-cloud strategies.
Rajesh Kumar’s teaching approach demystifies complex topics by connecting them to tangible business outcomes and day-to-day engineering challenges. Learning from him means gaining insights not just on how to configure Nexus, but on how to architect a robust artifact management strategy that supports faster, more secure software delivery. His mentorship helps professionals transition from simply using tools to strategically implementing solutions that drive efficiency and reliability.
Who Will Benefit from This Training?
This program is designed for a range of roles involved in building, deploying, and maintaining software:
DevOps Engineers seeking to strengthen the foundational infrastructure of their CI/CD pipelines. Build & Release Engineers responsible for managing dependencies and ensuring reproducible builds. System Administrators who need to deploy and maintain robust repository servers. Software Developers who want to deepen their understanding of the dependency management and build process. Technical Leads & Architects designing the toolchain and infrastructure for development teams. IT Professionals in Bangalore aiming to enhance their skill set for the local job market’s specific demands. Taking the Next Step in Your Professional Journey
Investing in Nexus Training in Bangalore is an investment in your ability to contribute to modern, efficient software development practices. In a market that values tangible skills and practical expertise, understanding how to effectively manage the complex web of dependencies in today’s applications makes you a more valuable and versatile professional.
This isn’t just about learning a tool—it’s about building a critical piece of knowledge that enables faster delivery, stronger security, and better collaboration within your team and organization. By choosing a reputable platform and learning from seasoned experts, you equip yourself with both the technical skills and the strategic understanding needed to excel.
Ready to Build Your Expertise in Repository Management?
Take control of your learning path and gain a skill set that’s in high demand across Bangalore’s tech industry. Explore how comprehensive training can help you master Nexus and advance your career.
Start Your Learning Journey with DevOpsSchool:
Website: https://www.devopsschool.com/ Email: [email protected] Phone & WhatsApp (India): +91 84094 92687 Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
reporter

New Relic Best Practices for System Reliability

In today’s hyper-competitive digital landscape, ensuring your applications are performant, reliable, and efficient is non-negotiable. Downtime and poor user experience directly impact revenue and reputation. A single hour of downtime can cost businesses thousands or even millions in lost revenue, damage to brand reputation, and customer churn. This is where robust application performance monitoring (APM) becomes critical. Newrelic Training has emerged as a cornerstone for professionals aiming to harness the full potential of observability platforms. As businesses increasingly rely on dynamic, cloud-native architectures spanning multiple cloud providers, microservices, and containerized environments, the ability to monitor, analyze, and troubleshoot complex distributed systems is a coveted skill. This blog delves deeply into why proficiency with tools like New Relic is essential and how structured education can fast-track your expertise from basic monitoring to advanced observability engineering.
Why New Relic? The Comprehensive Observability Powerhouse
New Relic stands out in the crowded APM and observability space by offering a truly unified data platform that consolidates telemetry data from every layer of your technology stack. It transcends basic monitoring to provide full-stack observability, encompassing metrics (quantitative measurements), events (discrete occurrences), logs (timestamped records), and traces (distributed transaction flows). This MELT framework creates a holistic, 360-degree view of your systems that is invaluable for DevOps teams, Site Reliability Engineers (SREs), and developers tasked with maintaining system health, optimizing performance, and ensuring business continuity. Unlike traditional monitoring tools that work in isolation, New Relic’s platform approach enables teams to connect the dots between infrastructure performance, application behavior, and end-user experience seamlessly.
Proactive Problem Resolution: Shift from reactive fire-fighting to proactive issue identification using predictive analytics and baselining. Machine learning algorithms can detect anomalies before they cause user-facing incidents, allowing teams to resolve potential problems during off-peak hours or through automated remediation workflows. Unified Platform: Correlate data across your entire software stack—from browser and mobile applications through backend services, databases, and down to underlying infrastructure (VMs, containers, serverless) and third-party cloud services—in one centralized, queryable interface. This eliminates the need to context-switch between multiple dashboards. Data-Driven Decisions: Move beyond gut feelings and anecdotal evidence. Use precise, queryable data through NRQL (New Relic Query Language) to make informed, evidence-based decisions about capacity planning, feature development prioritization, resource allocation, and cost optimization. Improved Collaboration: Break down traditional silos between development, operations, and business teams by providing a single source of truth for performance data. Shared dashboards, alert policies with collaborative runbooks, and integrated incident management foster a true DevOps culture focused on shared ownership of system reliability. However, the power of such a comprehensive and feature-rich platform is only unlocked when teams know how to configure, navigate, and interpret it effectively. This is where formal Newrelic Training becomes a strategic investment, turning the tool from a simple alerting system into a powerful engine for business insight and technical excellence.
The Critical Need for Structured, Expert-Led Newrelic Training
While New Relic’s interface is designed to be intuitive, mastering its advanced capabilities—such as custom instrumentation, distributed tracing analysis, synthetic monitoring script creation, and building complex NRQL queries for custom dashboards—requires expert guidance. Without proper training, teams often underutilize the platform, implementing only basic uptime monitoring and missing out on sophisticated features like error inbox analysis, vulnerability management, or AI-powered anomaly detection that could save hundreds of debugging hours and prevent significant revenue loss.
A comprehensive, structured training course helps you systematically build competency:
Navigate the Platform Efficiently: Learn the architecture of New Relic One, understanding where to find critical data quickly, how to organize entities into meaningful groupings, and how to customize your workspace for daily workflows. Implement Industry Best Practices: Move from basic setup to optimized configuration. Learn methodologies for proper agent instrumentation across different languages, creating meaningful and actionable alert conditions (avoiding alert fatigue), establishing effective SLOs/SLIs, and implementing tagging strategies for cost and performance analysis. Master Advanced Capabilities: Dive deep beyond the surface into powerful features: writing complex NRQL queries for custom insights, interpreting distributed traces to pinpoint latency bottlenecks in microservices, creating browser and API synthetic checks for proactive user journey validation, and configuring log parsing and enrichment for faster root cause analysis. Align Technical Metrics with Business Goals: Learn to translate raw telemetry data into business intelligence. Create executive dashboards that track revenue-impacting KPIs, configure alerts based on business transactions, and use data to demonstrate the ROI of performance improvements and stability investments. Comparing Learning Paths: Self-Guided vs. Structured Training
FeatureSelf-Guided Learning (Documentation, Blogs, Tutorials)Structured Newrelic Training (Instructor-Led Program)Curriculum Depth & StructureFragmented, often focused on specific features or use cases without context. Lacks a logical progression from fundamentals to advanced engineering.Comprehensive, end-to-end curriculum with a pedagogical flow. Builds foundational knowledge before advancing to complex topics like custom APM and integration design.Time to ProficiencyLonger and uncertain, with high potential for critical knowledge gaps and misunderstood concepts that lead to poor platform implementation.Accelerated and reliable. A clear, guided path to mastery ensures efficient learning and practical competency within a defined timeframe.Hands-on, Scenario-Based ExperienceLimited to personal experimentation on sandbox environments, often without real-world problem contexts or validation of correct approaches.Guided labs and exercises based on real-world scenarios (e.g., e-commerce outage simulation, performance degradation analysis). Provides project work that mirrors professional challenges.Access to Expert Guidance & MentorshipNone. Difficult questions or unique challenges often lead to dead ends in community forums or unanswered support tickets.Direct access to seasoned instructors for live doubt resolution, code reviews, and architecture advice. Learn the “why” behind best practices, not just the “how.”Learning Industry Best Practices & PitfallsLearned through costly trial and error in production environments, risking performance issues or misconfigurations.Explicitly taught based on the instructor’s extensive industry experience. Learn common pitfalls and anti-patterns to avoid from the start.Networking & Peer LearningMinimal to none—an isolated learning journey.Opportunities for collaborative problem-solving and knowledge sharing with a cohort of professionals from diverse industries, expanding your professional network.Certification & Career ReadinessSelf-assessed preparation; difficult to gauge readiness for recognized certifications like the New Relic Certified Performance Pro.Structured preparation includes mock exams, exam strategy sessions, and guidance on building a portfolio of work that validates your skills to employers. As the detailed comparison illustrates, a dedicated, expert-led course offers a more reliable, efficient, and in-depth path to becoming a true New Relic expert who can architect observability solutions rather than just operate a dashboard.
What to Look for in a Top-Tier Newrelic Training Program
Choosing the right training provider is crucial for achieving a tangible return on your educational investment. An exceptional, industry-respected program should offer more than just video tutorials; it should provide a transformational learning experience:
Comprehensive, Current Curriculum: The curriculum should cover fundamentals (agents, dashboards, basic alerts) to advanced engineering topics like custom instrumentation using the Telemetry SDK, building alerting policies with dynamic thresholds, integrating observability into CI/CD pipelines for deployment validation, and using New Relic’s APIs for automation and custom integrations. Expert-Led Instruction by Practitioners: Learning should be guided by instructors who are active consultants or engineers, not just theorists. They should possess deep, real-world, hands-on experience designing and implementing observability at scale in complex, polyglot, and hybrid-cloud environments. Hands-on Labs with Real-World Scenarios: Theory is foundational, but the ability to apply knowledge is irreplaceable. Look for courses offering extensive lab time in sandboxed environments that simulate realistic challenges—troubleshooting a cascading failure, optimizing a slow database query visible in traces, or reducing cloud costs by analyzing infrastructure data. Career and Certification Support: The program should offer clear guidance on career paths in observability (e.g., APM Engineer, Observability Platform Owner) and provide dedicated support for preparing for and obtaining professional certifications that validate your expertise in the marketplace. Why DevOpsSchool is Your Premier Learning Partner for Observability Mastery
When seeking high-quality, career-transforming technical education, the platform’s credibility, pedagogy, and track record are paramount. DevOpsSchool has firmly established itself as a leading destination for IT professionals seeking to master modern, in-demand practices like DevOps, SRE, and Cloud Native technologies. Their pedagogical approach goes beyond superficial “tool training” tutorials, focusing instead on building deep, practical, and architectural competency that translates directly to workplace success and innovation.
What fundamentally sets DevOpsSchool apart is its commitment to a holistic, student-centered learning ecosystem designed for the working professional:
Industry-Relevant, Continuously Updated Courses: Curricula are not static. They are continuously revised by practitioners to reflect the latest tool features, emerging best practices (e.g., OpenTelemetry integration), and evolving industry trends, ensuring learners graduate with forward-looking skills. Flexible, Global Learning Modes: Catering to a worldwide audience with adaptable options: live, interactive online instructor-led training for real-time engagement; self-paced video libraries for reinforcement; and customized corporate workshops designed to upskill entire teams with organization-specific use cases. Strong, Supportive Professional Community: Graduates gain access to active forums, alumni networks, and regular webinar updates. This provides ongoing support, a platform for knowledge exchange, and networking opportunities long after the course concludes. Outcome-Focused Design: Every module is designed with tangible job roles and practical problem-solving at its core. The emphasis is on enabling learners to design systems, not just operate tools, ensuring you gain strategic skills that employers actively seek and value. Learn from a Global Authority: Rajesh Kumar
The quality, depth, and practical relevance of instruction are the soul of any truly effective training program. At the helm of the Newrelic Training at DevOpsSchool is Rajesh Kumar, a visionary trainer, consultant, and thought leader with a distinguished career spanning over two decades of hands-on, at-the-keyboard experience. His expertise is not confined to a single domain or tool; it spans the entire spectrum of modern IT operations and software delivery, including deep specializations in DevOps, DevSecOps, Site Reliability Engineering (SRE), DataOps, AIOps, MLOps, Container Orchestration with Kubernetes, and Multi-Cloud strategies.
Rajesh Kumar’s teaching methodology is fundamentally rooted in real-world application and pattern recognition. He does not merely teach the location of buttons in New Relic; he imparts a critical mindset and a systematic framework for building observable, resilient, scalable, and efficient systems. His global recognition and respect stem from a unique ability to deconstruct abstract, complex architectural topics into digestible, actionable concepts, having successfully mentored thousands of professionals worldwide to advance their careers and lead digital transformation initiatives. Learning under his guidance means gaining insights from a practitioner who has personally navigated several evolutions of IT operations—from monolithic data centers to hybrid cloud and serverless architectures—and who possesses a profound understanding of the exact skills, patterns, and principles needed to solve today’s and tomorrow’s most pressing technology challenges.
Who Should Enroll in This Comprehensive Newrelic Training?
This program is meticulously designed for a broad spectrum of IT professionals who play a role in building, maintaining, or improving software systems:
DevOps Engineers aiming to integrate robust, automated observability into CI/CD pipelines to enable “shift-left” monitoring, validate deployment success with canary analysis, and create a feedback loop from production to development. Site Reliability Engineers (SREs) responsible for defining and measuring Service Level Objectives (SLOs), managing error budgets, conducting proactive capacity planning, and ensuring system reliability, latency efficiency, performance, and availability. Software Developers & Application Architects who want to move beyond “it works on my machine” to understand the true production performance, resource consumption, and failure modes of their code and architectural decisions. System Administrators, Cloud Engineers & IT Managers overseeing infrastructure, cloud spend, and application health who need unified visibility to optimize resources, control costs, and ensure platform stability. Performance Test & QA Engineers looking to correlate synthetic test results with real-user monitoring (RUM) data, identify performance regressions, and build a data-backed case for performance as a quality attribute. Tech Leads, Engineering Managers & Solution Architects who are designing observable systems from first principles, selecting and governing observability tooling, and establishing organizational standards for monitoring and alerting. Unlocking Your Potential: The Strategic Path Forward
Investing in Newrelic Training is a direct investment in both your long-term career capital and your organization’s operational excellence and competitive edge. In an era defined by digital services where user patience is thin and alternatives are plentiful, the professionals who can architect, implement, and leverage observability to ensure flawless performance and rapid innovation are indispensable. By choosing a reputable, expert-driven platform like DevOpsSchool and learning from an authority like Rajesh Kumar, you equip yourself with far more than tool-specific knowledge. You gain a strategic skill set, a problem-solving framework, and a professional network that will position you as a leader in the future of software operations and reliability engineering.
Don’t just passively monitor your systems—actively understand, optimize, and innovate upon them. Transform from a passive observer of dashboards to an active engineer of reliability, performance, and business insight.
Ready to Become a Leader in Observability and Performance Engineering?
Take the definitive next step in your professional journey. Explore the comprehensive, expert-led Newrelic Training program and discover other cutting-edge courses designed to propel your career into the forefront of modern IT.
Contact DevOpsSchool Today to Start Your Journey:
Website: https://www.devopsschool.com/ Email: [email protected] Phone & WhatsApp (India): +91 84094 92687 Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
reporter

How to Streamline Zero Trust Using the Shared Signals Framework

Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down. TheView the full article
reporter

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm. ChiefView the full article
reporter

Implementing Robust Alerts and Notifications in Nagios

In today’s technology-driven business environment, where organizations completely rely on their digital infrastructure, even a brief server interruption or application slowdown can cause significant customer loss, reputation damage, and substantial financial consequences. How can companies ensure their websites, applications, networks, and connected systems operate reliably at optimal performance levels? The solution lies in implementing comprehensive, proactive monitoring strategies. This is where Nagios, a powerful and proven monitoring platform, becomes absolutely essential. Acting as the central nervous system for entire IT ecosystems, Nagios continuously observes all components and immediately notifies technical teams when issues emerge or potential problems are detected. For IT professionals, system administrators, DevOps specialists, and site reliability engineers (SREs), developing expertise with Nagios isn’t just an additional qualification—it represents a fundamental career necessity. This comprehensive guide explores Nagios in depth and demonstrates how selecting proper training can transform individuals from beginners to skilled monitoring professionals capable of safeguarding critical business infrastructure.
Understanding Nagios and Its Critical Importance in Modern IT Operations
Nagios stands as a powerful, open-source monitoring framework that has served as the foundation for IT infrastructure observation for more than two decades. Imagine it as a constantly vigilant guardian for your complete digital environment. Beyond simple observation, Nagios actively examines servers (both physical and virtual), network switches, routers, applications, services, and environmental factors like data center temperature. Through specialized programs called “plugins,” Nagios conducts regular assessments. When storage drives approach capacity, web services become unresponsive, database processes consume excessive memory, or website performance degrades, Nagios generates immediate, detailed notifications for designated technical personnel. This proactive approach enables support teams to address issues frequently before end-users experience any disruption, supporting the “Five Nines” (99.999%) availability standard and optimal performance that modern enterprises require.
Nagios maintains its enduring value through exceptional reliability, extensive adaptability, and a vibrant global community. Its architecture demonstrates both resilience and scalability, capable of expanding from monitoring dozens to thousands of devices. As open-source software, it eliminates licensing expenses while providing complete customization control. Thousands of freely available plugins enable monitoring of virtually any device or service imaginable, from conventional Windows servers to specialized IoT equipment. Learning Nagios equips professionals with fundamental principles and architectural understanding of infrastructure monitoring—knowledge that remains transferable as newer commercial monitoring solutions often follow similar paradigms. Essentially, Nagios provides the foundational knowledge essential for anyone pursuing expertise in system reliability and technical operations management.
Comprehensive Learning: What Professional Nagios Training Delivers
Effective professional training extends beyond demonstrating interface navigation or configuration file editing. It cultivates deep conceptual understanding of monitoring frameworks, empowering students to design, implement, and troubleshoot customized monitoring solutions for diverse environments. Here’s a detailed examination of topics covered in thorough Nagios Training, progressing from theoretical foundations to practical implementation:
Fundamental Concepts & Architecture: Initial modules establish essential mental models, covering core components: Hosts (monitored devices), Services (specific checkable items on hosts like CPU utilization or HTTP status), Plugins (scripts performing actual checks), and Contacts (notification recipients). Trainees learn distinctions between passive and active monitoring, Nagios scheduling mechanisms, and status information flow through the system. Installation & Core Configuration: Following theoretical foundations, hands-on exercises guide students through Nagios Core installation on Linux systems, including dependency management, source compilation or package utilization, and establishing directory structures. Since Nagios configuration relies heavily on text files, students develop proficiency editing critical files like nagios.cfg (primary configuration), objects/ directory files (defining hosts, services, contacts), and resources.cfg (containing sensitive information). This segment teaches creation of initial host and service definitions. Plugin Mastery & Check Implementation: While Nagios provides the monitoring engine, plugins deliver its capabilities. Training covers locating, installing, and utilizing the extensive Nagios Plugins collection for common verifications (connectivity, storage space, process counts). Crucially, students learn to interpret plugin return codes (OK, WARNING, CRITICAL, UNKNOWN) and their outputs. Advanced instruction includes developing custom shell or Python scripts as plugins, enabling monitoring of unique environmental aspects like proprietary application metrics or business processes. Advanced Configuration & Object Management: For managing extensive environments efficiently, training covers object inheritance through templates. Rather than defining identical parameters for numerous servers, students create host templates for consistent, scalable configuration management. Additional topics include configuring host and service dependencies (preventing alerts for downstream devices when core infrastructure fails) and organizing resources through hostgroups and servicegroups. Notification & Alert Management: Unseen alerts provide no value. Comprehensive training covers establishing notification commands for email, SMS (via gateways), and integration with modern collaboration platforms like Slack, Microsoft Teams, or PagerDuty. Students configure escalation policies to reroute unacknowledged alerts to secondary responders or management. Training also covers defining time periods that respect maintenance windows and off-hours for alert delivery. Web Interface & Data Visualization: Students gain familiarity with the Nagios Classic web interface for viewing status dashboards, acknowledging issues, scheduling maintenance downtime, and reviewing historical reports. Courses often incorporate visualization enhancements, including graphing tools that transform performance metrics into charts for trend analysis and capacity planning, answering questions like “What is our database growth rate?” or “When will storage capacity be exhausted?” Advanced Concepts & Scalability: Enterprise-focused modules address sophisticated architectures including Distributed Monitoring, where central Nagios servers aggregate results from multiple monitoring nodes performing actual checks, enabling oversight across network segments or geographical regions. Additional topics may include high-availability Nagios server configurations and integrating Nagios with broader DevOps ecosystems, such as feeding data into log aggregation systems (ELK stack) or ticketing platforms for automated incident creation. Why DevOpsSchool Represents the Optimal Choice for Nagios Education
When investing valuable time, effort, and resources into mastering complex technologies, selecting the appropriate educational platform and instructor significantly influences learning outcomes. DevOpsSchool has established itself as a premier destination for IT professionals worldwide seeking practical, industry-aligned, immediately applicable skills. Their educational philosophy emphasizes bridging the gap between theoretical knowledge and real-world implementation. Courses feature intensive hands-on laboratories, realistic projects, and scenario-based learning that mirrors actual workplace challenges, ensuring graduates possess genuine job readiness rather than mere certificate completion.
The distinguishing factor for their Nagios instruction lies in its exceptional leadership and mentorship. The program benefits from the guidance of Rajesh Kumar, whose name represents quality in DevOps and SRE education. More than a conventional instructor, Rajesh brings over twenty years of practical experience as a practitioner, architect, and thought leader in IT operations. His expertise spans contemporary methodologies including DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes container orchestration, and Multi-Cloud strategies. This extensive practical knowledge informs every training aspect—connecting Nagios configuration to broader DevOps principles like feedback loops and blameless postmortems, and relating monitoring alerts to SRE concepts like error budgets and service level objectives (SLOs). Learning under such expert guidance provides contextual insights and industry best practices seldom available through standard tutorials or documentation, delivering substantial competitive advantage in today’s job market.
Tangible Benefits: Professional Training Outcomes and Advantages
Enrolling in structured, mentor-guided training offers distinct advantages over fragmented self-directed learning from disparate online resources. The following comparison illustrates key differences:
AspectSelf-Directed Learning (Blogs/Videos)Structured Nagios Training at DevOpsSchoolCurriculum Depth & StructureDisorganized, potentially outdated, or incomplete content without logical progression.Comprehensive, logically sequenced curriculum developed by experts ensuring gradual knowledge building without gaps.Hands-on, Supervised LaboratoriesRarely available; when found, often lack proper explanation or support mechanisms.Real-time, guided laboratory sessions using live, pre-configured environments performing job-relevant tasks with expert supervision.Query Resolution & MentorshipSlow or non-existent; typically reliant on public forums with delayed responses.Direct, immediate access to expert mentors and instructors for clarification and in-depth discussion.Peer Networking & CollaborationIsolated learning experience with minimal professional interaction.Live engagement with peer cohorts and industry professionals, building valuable support networks and career connections.Career Validation & CredibilityDifficult to demonstrate competency to employers; viewed video lists carry minimal weight.Recognized certificate of completion from an established institution serving as verified credential on resumes and professional profiles.Practical Project ExperienceTypically absent, leaving conceptual knowledge disconnected from application.Capstone projects requiring application of learned skills to solve complex, simulated business monitoring problems, creating portfolio artifacts. Benefits are substantial and multifaceted. Participants gain organized knowledge rather than fragmented information, progress beyond theory to acquire practical skills through guided implementation, access direct expert guidance for challenging concepts, build professional networks, and obtain credentials that enhance resumes and professional credibility in the employment marketplace.
Ideal Candidates for Professional Nagios Training
This training delivers exceptional value across multiple IT roles. Professionals in the following positions will experience significant effectiveness and marketability improvements through Nagios mastery:
System Administrators: Individuals directly responsible for server uptime, health, and performance maintenance who require proactive monitoring solutions. DevOps Engineers: Professionals building automated CI/CD pipelines and infrastructure-as-code who require monitoring for deployment feedback and environment reliability assurance. Site Reliability Engineers (SREs): Specialists focused on creating scalable, highly reliable software systems where defining service level indicators (SLIs) and objectives (SLOs) necessitates robust monitoring frameworks. Network Engineers: Experts managing network infrastructure (routers, switches, firewalls) who can utilize Nagios plugins for SNMP monitoring, bandwidth analysis, and comprehensive device health surveillance. IT Managers & Team Leaders: Supervisors requiring high-level infrastructure health visibility for informed resource allocation, risk assessment, and priority decision-making. Technical Support & NOC Engineers: Personnel in support or Network Operations Centers seeking transition to proactive, engineering-focused positions where monitoring expertise represents a crucial advancement step. All IT Professionals: Anyone building foundational infrastructure monitoring understanding—a fundamental competency for career growth in systems operations, cloud administration, or technical support roles. Commencing Your Professional Development Journey
The path to becoming a proficient Nagios specialist, while detailed, becomes straightforward and achievable with proper guidance. Nagios Training at DevOpsSchool is carefully structured to guide learners from fundamental concepts to advanced configuration confidence. While basic Linux familiarity is helpful, expertise isn’t prerequisite. Initial course segments establish the “why” behind monitoring before addressing the “how.” Students establish virtual laboratory environments, perform Nagios installations from initial setup, and create basic configuration files to monitor local system resources.
Progression introduces complexity organically—advancing from single-server monitoring to template and group configurations for managing numerous systems. Students implement email alerting and develop custom plugins for specific checks. The curriculum emphasizes “learning by doing” throughout, requiring active task completion, configuration file editing in terminal environments, debugging service check anomalies, and solving progressively challenging scenarios. This repetitive, practical application solidifies knowledge, develops muscle memory, and builds genuine confidence for managing Nagios deployments in real-world, potentially high-pressure situations.
Conclusion: Strategic Investment in Monitoring Expertise
Within contemporary IT environments, where distributed, complex systems are critical to business continuity, observability and proactive monitoring have evolved from optional enhancements to essential core competencies. Nagios, with its proven robustness and flexibility, remains a cornerstone and validated starting point in this vital domain. Mastery extends beyond resume enhancement—it unlocks opportunities in system administration, cloud operations, DevOps, and SRE roles where reliability assurance commands premium recognition and compensation.
Selecting dedicated, in-depth Nagios Training represents a strategic professional investment. Participants gain not only technical capability but comprehensive architectural understanding for achieving and demonstrating system reliability. With expert mentorship from recognized professionals like Rajesh Kumar and the supportive, practical learning environment provided by DevOpsSchool, students receive meticulous preparation for success. They learn appropriate concepts, practice in safe settings, and earn certifications that serve as credible competency validation for current and prospective employers, creating distinction in competitive technology job markets.
Ready to establish yourself as the infrastructure monitoring authority ensuring no system anomaly goes undetected? Begin your transformation with comprehensive, expert-led Nagios Training today.
For detailed information, enrollment procedures, and schedule availability, please contact:
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Website: DevOpsSchool

View the full article
reporter

Boost Your IT Career with Nagios Monitoring Expertise.

In the modern digital world, every company depends on its computers and online systems to operate effectively. When these systems stop working, even for a short time, businesses face immediate and serious problems. These problems include losing money, upsetting customers, and harming their reputation. This is especially important in Pune, a major hub for technology companies and IT professionals. For those working in Pune’s technology industry, possessing the ability to keep systems running smoothly is a critical skill that employers actively seek.
The most widely trusted tool for this crucial responsibility is Nagios. Nagios is a powerful, open-source monitoring system designed to keep a constant, vigilant watch over computer servers, network equipment, and software applications. It functions by continuously checking the status of all these components and sending an instant alert to the IT team at the very first sign of a problem. Learning Nagios goes beyond simply understanding a software program. It is about developing a proactive skill set that makes you an indispensable asset to any organization, directly contributing to business stability and supporting future growth.
To genuinely learn how to use Nagios effectively, you need proper, hands-on instruction. This comprehensive guide will explain exactly what Nagios is, outline the complete range of skills you need to acquire, and show you precisely where to find high-quality, expert-led training right here in Pune.
What is Nagios? A Clear and Simple Guide
Nagios is specialized software dedicated to monitoring IT infrastructure. A helpful way to understand its purpose is to think of it as a dedicated, 24/7 security team for your company’s entire digital environment. It is always on duty, never takes a break, and works around the clock to ensure everything is secure and operational.
It works through a straightforward and effective three-part cycle: Watching, Measuring, and Alerting. The first step involves Watching. Nagios observes all your critical IT assets. This includes everything from physical servers in a data center to virtual servers in the cloud and essential network devices like routers and switches. The second step is Measuring. It constantly gathers key performance data from these assets. This data might include how much free space remains on a server’s hard drive, what percentage of the memory is being used, or how quickly a company website loads for a user. The third and most critical step is Alerting. If Nagios detects any issue—such as a server’s disk reaching 95% capacity—it instantly sends a notification. This alert is delivered directly to the responsible IT personnel via their preferred method, such as email, a text message (SMS), or a team communication app like Slack or Microsoft Teams. This early warning system allows technical teams to resolve minor issues promptly, preventing them from escalating into major outages that could halt business operations.
Implementing Nagios offers clear and significant benefits for any business in Pune, from a small, agile startup to a large, established corporation. It actively prevents costly downtime by enabling IT staff to fix problems before they cause a system failure. It makes computer systems faster and more reliable by providing valuable data that informs intelligent upgrade decisions and performance tuning. It enhances overall security by monitoring network traffic for unusual or suspicious patterns that could indicate a breach attempt. Perhaps most importantly, it saves the IT department a substantial amount of time by automating thousands of routine daily checks. This automation frees up skilled staff to focus on strategic, innovative projects that drive the business forward.
What a Complete Nagios Training Course Should Teach You
A truly valuable Nagios training program should guide you on a journey from grasping fundamental concepts to confidently deploying and managing the software in a real-world job setting. It must be logically structured, comprehensive, and rich with practical, hands-on exercises that build genuine competency rather than just theoretical knowledge.
Your educational journey must begin by establishing a strong foundation in Nagios’s core architecture and components. You need to become fluent in its basic operational language. This foundational knowledge includes understanding what a “Host” is—which is any device you intend to monitor, such as a server, a network printer, or a router. You must comprehend “Services”—the specific metrics or functions you check on each host, like CPU usage, disk space, or whether a particular application is running. You will get to know “Plugins,” the small, specialized programs or scripts that perform each individual check. Finally, you need to master “Configuration Files,” the simple text files where you write all the instructions that tell Nagios exactly what to monitor, how to monitor it, and who to notify if something goes wrong.
After solidifying the core concepts, the next essential phase is immersive, hands-on practice. The most effective way to learn any technical skill is by doing. A premier course will provide step-by-step, guided labs on how to install Nagios Core on a Linux operating system. You will learn how to prepare the server environment, successfully complete the installation process, securely access the Nagios web dashboard, and write your very first configuration file to monitor the local machine’s own resources, such as its CPU, memory, and disk usage. This practical, experiential learning is irreplaceable and builds the confidence necessary for managing real deployments.
The training must then expand to cover the vast and versatile ecosystem of Nagios plugins, which are what give the tool its incredible flexibility and power. You will learn to effectively use the standard plugins that come bundled with Nagios for common tasks, such as checking network connectivity (ping), verifying a website is online (HTTP), or ensuring an email server is responding (SMTP). More importantly, you will learn how to locate, install, and configure third-party or custom plugins for specialized monitoring needs, such as checking the health of a database (like MySQL or PostgreSQL) or a unique business application developed in-house. For highly specific requirements, a robust course should even introduce you to the basics of writing simple custom scripts that Nagios can execute as plugins, allowing you to monitor virtually anything unique to your organization.
A monitoring system’s value is only realized if its alerts are timely, accurate, and actionable. Therefore, a comprehensive course dedicates significant time to designing intelligent and reliable notification workflows. You will learn to configure alerts to reach your team through their preferred communication channels—be it email, SMS, or modern collaboration tools. You will implement escalation policies to ensure critical issues are never missed, creating rules such as, “If the primary on-call engineer does not acknowledge this server-down alert within 10 minutes, automatically escalate it to the IT manager.” You will also define time periods and contact groups to respect working hours and direct alerts to the correct responders, preventing unnecessary nighttime notifications for low-priority issues.
To communicate the value of your monitoring work to business leadership, you must learn to create clear visibility and reporting. High-quality training should cover how to build informative dashboards that provide an at-a-glance view of overall system health. It should also teach you how to generate and schedule professional reports on system uptime, performance trends, and historical data. These tangible outputs are crucial for demonstrating the return on investment (ROI) of a well-managed monitoring system.
Finally, for IT professionals aiming to work within Pune’s larger corporate enterprises or managed service providers, the course must address the challenges of scale and enterprise architecture. This advanced segment covers concepts like Distributed Monitoring, which involves setting up a hierarchy of monitoring servers to efficiently oversee vast, geographically dispersed networks. It explores High Availability (HA) configurations to ensure the Nagios monitoring system itself is fault-tolerant and never becomes a single point of failure. It also includes Performance Tuning techniques to optimize Nagios for efficiently managing and executing thousands of service checks across a large infrastructure.
Here is a concise table summarizing this structured learning progression:
Your Skill LevelWhat You Will LearnWhat You Can Do After CompletionBeginner / FoundationCore concepts, installation, basic host and service configuration.Install Nagios on a Linux server and monitor its local resources (CPU, memory, disk) along with basic network devices.Intermediate / PracticalRemote monitoring (using NRPE), advanced plugin usage, configuring effective alerts and notifications.Deploy and manage monitoring for a company’s entire server fleet, set up custom application checks, and administer a reliable alerting system for an IT team.Advanced / EnterpriseDesigning distributed architectures, implementing high availability, performance tuning, and integrating with external tools (e.g., Grafana, ticketing systems).Architect, implement, and oversee a scalable, resilient, and enterprise-grade monitoring solution for a large organization. Where to Find the Best Nagios Training in Pune
To acquire this full spectrum of professional skills correctly, you need a training provider with a proven track record of delivering practical, job-focused education. For IT professionals, system administrators, and engineers in Pune, the standout and most recommended choice is DevOpsSchool. They have built a strong and respected reputation for creating courses that translate directly into workplace competence and career advancement, not just theoretical certification.
Their training methodology is distinguished by several key advantages that cater to the needs of modern learners. Their curriculum is meticulously crafted around real-world scenarios and current industry demands, ensuring you learn the exact skills that employers are looking for today. They offer the essential flexibility of live, interactive online classes, making it feasible and convenient for working professionals across Pune—whether in Kharadi, Viman Nagar, or Hinjewadi—to participate without disrupting their work schedules. Their commitment to student success extends far beyond the virtual classroom through ongoing support via dedicated community forums, alumni networks, and direct access to instructors for post-course guidance. Crucially, the entire program is designed with your long-term career growth in mind, thoroughly preparing you for valuable industry-recognized certifications while also providing insights and guidance to enhance your professional profile and job prospects.
You can explore the detailed module-by-module syllabus, view upcoming batch schedules, and begin the enrollment process directly on their dedicated course portal: Nagios Training In Pune.
Why Learning from an Expert Mentor is Invaluable
The depth, quality, and ultimate usefulness of any technical training program are fundamentally defined by the expertise and experience of the instructor. The most effective and efficient way to master a complex tool like Nagios is to learn directly from an individual who has personally deployed, optimized, scaled, and troubleshot it in demanding, real-world production environments over many years.
This is a fundamental and distinguishing strength of the DevOpsSchool program. The curriculum is developed and delivered under the expert guidance of Rajesh Kumar. Rajesh is not merely a trainer; he is a veteran IT consultant, architect, and globally recognized thought leader with over two decades of hands-on, practical experience across the entire spectrum of modern IT operations, including DevOps, Site Reliability Engineering (SRE), cloud platforms, and infrastructure monitoring.
Learning from an expert of Rajesh’s caliber provides a significant and lasting advantage. You gain far more than just the procedural knowledge of how to click buttons and edit configuration files. You acquire the strategic understanding of why certain architectural choices, configuration practices, and troubleshooting methodologies are considered best practices. You benefit from his extensive real-world experience, learning how to anticipate common pitfalls, avoid costly mistakes, and implement efficient, reliable solutions. This rich context and practical wisdom transform you from a novice user who simply follows instructions into a knowledgeable and confident professional capable of making sound technical decisions and designing robust monitoring strategies.
Who Should Take This Nagios Training in Pune?
This comprehensive learning path is meticulously designed to serve a wide and diverse range of roles within Pune’s vibrant, growing, and competitive IT ecosystem. It is an ideal investment for System Administrators who are ready to transition from a reactive “break-fix” mode to a proactive, preventive system management philosophy. It is equally valuable for DevOps Engineers and Site Reliability Engineers (SREs) who need to embed robust monitoring, observability, and alerting into their continuous integration and deployment (CI/CD) pipelines and service management practices. Network Engineers and Administrators responsible for the health, performance, and security of organizational network infrastructure will find the skills directly applicable and immediately valuable. IT Managers and Team Leads seeking to upskill their teams, improve operational reliability, and demonstrate greater value to the business will see a high return on this training investment. Furthermore, students, recent graduates, and career-changers in Pune looking to build a compelling, in-demand, and future-proof skill set to successfully launch or transition into a rewarding IT operations or cloud infrastructure role will find this course provides an excellent and practical foundation.
Take the Next Strategic Step for Your Career
In the competitive and fast-evolving landscape of Pune’s technology sector, proactively developing and certifying in-demand technical skills is the most reliable strategy for achieving meaningful career advancement, increasing earning potential, and ensuring long-term job security. Learning Nagios in-depth professionally elevates your value proposition by positioning you as a key guardian of business continuity, performance, and operational excellence. This skill set directly opens doors to new opportunities, grants greater responsibility, and enhances your professional marketability.
If you are ready to take definitive control of system reliability, become the go-to expert for infrastructure health and performance, and accelerate your career trajectory, a clear and proven pathway exists. The detailed, practical, and expert-led Nagios Training In Pune offered by DevOpsSchool, under the seasoned mentorship of Rajesh Kumar, provides all the necessary tools, knowledge, support, and industry recognition you need to succeed.
Begin your transformative learning journey today to build a stronger, more resilient, and more successful future in information technology.
Get More Information and Enroll Today
For detailed information regarding upcoming batch schedules, comprehensive course fee structures, corporate training packages, and to secure your enrollment in the next session, please reach out to the DevOpsSchool team directly.
Contact Details:
Email: [email protected] Phone & WhatsApp (India): +91 84094 92687 Phone & WhatsApp (USA): +1 (469) 756-6329 Website: https://www.devopsschool.com/ View the full article
reporter

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is alsoView the full article
reporter

Ermittler kappen Tausende Nummern von mutmaßlichen Betrügern

fongbeerredhot – shutterstock.com
Im Kampf gegen Anlagebetrüger, «Enkeltrick»-Kriminelle und falsche Polizisten ist den Ermittlern nach eigenen Angaben ein großer Schlag gelungen. Die Infrastruktur der mutmaßlichen Cyberkriminellen sei erheblich geschwächt worden, teilten das bei der Generalstaatsanwaltschaft Karlsruhe eingerichtete Cybercrime-Zentrum Baden-Württemberg, das baden-württembergische Landeskriminalamt (LKA) und die Bundesanstalt für Finanzdienstleistungsaufsicht (Bafin) gemeinsam mit.
Die Ermittler nahmen demnach Rufnummern ins Visier, die im Zusammenhang mit betrügerischen Online-Plattformen stehen sollen. Bis zum 5. Dezember seien mehr als 3.500 überwiegend deutsche Nummern ausgemacht worden, über die mutmaßlich Telefonate mit Opfern geführt wurden. Diese Festnetz-, Handy – und Internetnummern wurden inzwischen von den zuständigen Anbietern abgeschaltet. Zusätzlich seien gut 350 österreichische Nummern in Abstimmung mit den Wiener Behörden vom Netz genommen worden.
“Kriminelle Dienstleister” im Visier
Beim Online-Anlagebetrug handeln die meist unbekannten Täter international und arbeitsteilig. So sollen möglichst viele Anlegerinnen und Anleger in die Falle gelockt werden. Rufnummern werden demnach vielfach an Betrugsnetzwerke vermietet und massenweise genutzt, um Straftaten zu begehen. Das Vorgehen bezeichnen die Ermittlungsbehörden als “Crime as a Service” – also kriminelle Dienstleistungen. Die nun gesperrten Nummern stehen auch im Verdacht, für Maschen wie «Enkeltrick» und “Falsche Polizisten” genutzt worden zu sein.
Das Ziel der Operation Herakles sei es, die technische Infrastruktur, die Cyber-Betrüger zur Umsetzung ihrer Taten nutzen, langfristig zu zerstören und so Verbraucherinnen und Verbraucher in Deutschland zu schützen. Bereits im Juni und Oktober dieses Jahres waren im Rahmen derselben Operation mehr als 2.200 Internetseiten abgeschaltet worden, die Menschen zu vermeintlichen Investitionen auf manipulierten Handelsplattformen verleitet sollten. 
Deutschland soll für Betrüger unwirtschaftlich werden
Mit der Nummern-Abschaltung wurden Generalstaatsanwalt Jürgen Gremmelmaier zufolge Tausende potenzielle Betrugsversuche verhindert. So entziehe man den Cyberkriminellen aktiv die Grundlage ihres Handelns. Der Präsident des Landeskriminalamts Baden-Württemberg, Andreas Stenger, betonte die strategische Wirkung der Operation: “Um dagegenzuhalten, müssen die Täter einen immensen organisatorischen Aufwand betreiben, der mit erheblichen Kosten verbunden ist”, teilte er mit. Deutschland solle so für solche Dienste unwirtschaftlich und dadurch unattraktiv werden. (dpa/jm)

View the full article
reporter

Ermittler kappen Tausende Nummern von mutmaßlichen Betrügern

fongbeerredhot – shutterstock.com
Im Kampf gegen Anlagebetrüger, «Enkeltrick»-Kriminelle und falsche Polizisten ist den Ermittlern nach eigenen Angaben ein großer Schlag gelungen. Die Infrastruktur der mutmaßlichen Cyberkriminellen sei erheblich geschwächt worden, teilten das bei der Generalstaatsanwaltschaft Karlsruhe eingerichtete Cybercrime-Zentrum Baden-Württemberg, das baden-württembergische Landeskriminalamt (LKA) und die Bundesanstalt für Finanzdienstleistungsaufsicht (Bafin) gemeinsam mit.
Die Ermittler nahmen demnach Rufnummern ins Visier, die im Zusammenhang mit betrügerischen Online-Plattformen stehen sollen. Bis zum 5. Dezember seien mehr als 3.500 überwiegend deutsche Nummern ausgemacht worden, über die mutmaßlich Telefonate mit Opfern geführt wurden. Diese Festnetz-, Handy – und Internetnummern wurden inzwischen von den zuständigen Anbietern abgeschaltet. Zusätzlich seien gut 350 österreichische Nummern in Abstimmung mit den Wiener Behörden vom Netz genommen worden.
“Kriminelle Dienstleister” im Visier
Beim Online-Anlagebetrug handeln die meist unbekannten Täter international und arbeitsteilig. So sollen möglichst viele Anlegerinnen und Anleger in die Falle gelockt werden. Rufnummern werden demnach vielfach an Betrugsnetzwerke vermietet und massenweise genutzt, um Straftaten zu begehen. Das Vorgehen bezeichnen die Ermittlungsbehörden als “Crime as a Service” – also kriminelle Dienstleistungen. Die nun gesperrten Nummern stehen auch im Verdacht, für Maschen wie «Enkeltrick» und “Falsche Polizisten” genutzt worden zu sein.
Das Ziel der Operation Herakles sei es, die technische Infrastruktur, die Cyber-Betrüger zur Umsetzung ihrer Taten nutzen, langfristig zu zerstören und so Verbraucherinnen und Verbraucher in Deutschland zu schützen. Bereits im Juni und Oktober dieses Jahres waren im Rahmen derselben Operation mehr als 2.200 Internetseiten abgeschaltet worden, die Menschen zu vermeintlichen Investitionen auf manipulierten Handelsplattformen verleitet sollten. 
Deutschland soll für Betrüger unwirtschaftlich werden
Mit der Nummern-Abschaltung wurden Generalstaatsanwalt Jürgen Gremmelmaier zufolge Tausende potenzielle Betrugsversuche verhindert. So entziehe man den Cyberkriminellen aktiv die Grundlage ihres Handelns. Der Präsident des Landeskriminalamts Baden-Württemberg, Andreas Stenger, betonte die strategische Wirkung der Operation: “Um dagegenzuhalten, müssen die Täter einen immensen organisatorischen Aufwand betreiben, der mit erheblichen Kosten verbunden ist”, teilte er mit. Deutschland solle so für solche Dienste unwirtschaftlich und dadurch unattraktiv werden. (dpa/jm)

View the full article
reporter

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, takeView the full article
reporter

Manufacturing fares better against ransomware — with room for improvement

The manufacturing industry is performing better in protecting itself against ransomware, according to a recent study from security provider Sophos.
Compared to previous years’ results, many manufacturing companies are now able to stop ransomware attacks before data is encrypted. This year just 40% of cyberattacks against manufacturing entities resulted in data encryption. This is the lowest figure in five years and a decrease from 74% in 2024, Sophos reports.
However, data theft remains a key risk in the sector, with 39% of manufacturers whose data was encrypted by ransomware also suffering data loss — one of the highest rates of all industries surveyed.
One consequence, according to the study, is that more than half of the affected companies paid the ransom despite improved defense measures. The median ransom amount was around €861,000, compared to a median demand of approximately €1 million.
Skilled labor shortages and inadequate protection facilitate attacks
More than four in 10 manufacturing companies (43%) cited a lack of expertise as the reason for the cyber incident. Unknown security vulnerabilities were mentioned by 42%, and a lack of protective measures by 41%.
Furthermore, the results show that ransomware attacks continue to place a heavy burden on IT and security teams. Almost half of manufacturing companies (47%) reported increased stress within their teams following data encryption. Meanwhile, 44% are experiencing increased pressure from management, and 27% confirmed a change in leadership as a result of the attack — a proportion in line with overall trends for security leaders losing their jobs after a ransomware attack.
The study surveyed 332 manufacturing companies worldwide that were affected by ransomware in the past year.
See also:
8 biggest cybersecurity threats manufacturers face Manufacturers still poorly prepared for cyberattacks as IT/OT converge View the full article
reporter

GenAI-Security als Checkliste

Das Open Web Application Security Project (OWASP) gibt Unternehmen eine Checkliste für (mehr) GenAI-Sicherheit an die Hand.
Foto: Gannvector | shutterstock.com
Während Unternehmen wie OpenAI, Anthropic, Google oder Microsoft aber auch Open-Source-Alternativen bei ihren Generative-AI– und Large-Language-Model-Angeboten exponentielle User-Zuwächse verzeichnen, sind IT-Sicherheitsentscheider bemüht, mit der rasanten KI-Entwicklung in ihren Unternehmen Schritt zu halten.
Die Non-Profit-Organisation OWASP trägt dieser Entwicklung mit einer neuen Veröffentlichung Rechnung: der “LLM AI Cybersecurity & Governance Checklist“.
LLM-Bedrohungskategorien
Das Thema KI ist ziemlich umfangreich, weswegen die OWASP-Checkliste vor allem darauf abzielt, Führungskräfte dabei zu unterstützen, die wesentlichen Risiken im Zusammenhang mit generativer KI und großen Sprachmodellen möglichst schnell zu identifizieren und entsprechende Abhilfemaßnahmen einzuleiten. Das soll gewährleisten, dass Unternehmen über die nötigen, grundlegenden Sicherheitskontrollen verfügen, um generative KI und LLM-Tools, -Services und Produkte sicher einzusetzen.
Dabei betont OWASP, dass die Checkliste keinen Anspruch auf Vollständigkeit erhebt und sich mit zunehmender Reife der Technologie und Tools ebenfalls weiterentwickeln wird. Die Sicherheitsexperten ordnen LLM-Bedrohungen in verschiedene Kategorien ein, wie die nachfolgende Abbildung veranschaulicht:
Die OWASP KI-Bedrohungs-Map.
Foto: OWASP
Geht es darum, eine LLM-Strategie festzulegen, müssen Unternehmen vor allem mit den einzigartigen Risiken umgehen, die generative KI und LLMs aufwerfen. Diese müssen durch organisatorische Governance und entsprechende Security-Kontrollen minimiert werden. Im Rahmen ihrer Veröffentlichung empfehlen die OWASP-Experten Unternehmen einen sechsstufigen Ansatz, um eine wirksame LLM-Strategie zu entwickeln:
Mit OWASP in sechs Schritten zum LLM-Deployment.
Foto: OWASP
Auch hinsichtlich der Deployment-Typen in Sachen LLM empfiehlt OWASP, ganz genau hinzusehen und entsprechende Überlegungen anzustellen:
Welche Art von KI-Modell ist für Sie die richtige?
Foto: OWASP
Die OWASP-KI-Checkliste
Im Folgenden haben wir die von OWASP veröffentlichte Checkliste etwas “aufgedröselt”. Folgende Bereiche sollten Sie im Rahmen Ihrer Generative-AI- respektive LLM-Initiativen unbedingt prüfen.
Adversarial Risk
Dieser Bereich umfasst sowohl Wettbewerber als auch Angreifer und konzentriert sich nicht nur auf die Angriffs-, sondern auch auf die Unternehmenslandschaft. In diesen Bereich fällt beispielsweise, zu verstehen, wie die Konkurrenz KI einsetzt, um bessere Geschäftsergebnisse zu erzielen und die internen Prozesse und Richtlinien (beispielsweise Incident-Response-Pläne) zu aktualisieren, um für Cyberangriffe und Sicherheitsvorfälle im Zusammenhang mit generativer KI gewappnet zu sein.
Threat Modeling
Die Bedrohungsmodellierung gewinnt im Zuge des von zahlreichen Security-Institutionen propagierten “Secure-by-Design”-Ansatzes zunehmend an Bedeutung. In diesen Bereich fallen etwa die Überlegungen, wie Angreifer LLMs und generative KI für schnellere Exploits nutzen können, wie Unternehmen schadhafte KI-Nutzung erkennen können und wie sich die Technologie über interne Systeme und Umgebungen absichern lässt.
KI-Bestandsaufnahme
“Man kann nichts schützen, von dessen Existenz man nichts weiß” greift auch in der Generative-AI-Welt. Im Bereich der KI-Bestandsaufnahme geht es darum, Assets für intern entwickelte Lösungen und externe Tools und Plattformen zu erfassen.
Dabei ist nicht nur wichtig, die Tools und Services zu kennen, die genutzt werden, sondern auch über die Verantwortlichkeiten Bescheid zu wissen. OWASP empfiehlt zudem, KI-Komponenten in SBOMs zu erfassen und Datenquellen nach Sensibilität zu katalogisieren. Darüber hinaus sollte es auch einen Prozess geben, der gewährleistet, dass zukünftige Tools und Services aus dem unternehmerischen Inventar sicher ein- und ausgegliedert werden können.
KI-Security- und -Datenschutz-Schulungen
Der Mensch ist das schwächste Glied in der Sicherheitskette – heißt es oft. Das muss allerdings nicht so sein – vorausgesetzt, Unternehmen integrieren KI-Sicherheits- und Datenschutztrainings in ihre GenAI-Journey.
Das beinhaltet beispielsweise, der Belegschaft ein Verständnis über aktuelle AI- und LLM-Initiativen zu vermitteln – genauso wie zur Technologie an sich und den wesentlichen Problemen im Bereich Security. Darüber hinaus ist in diesem Bereich eine Kultur unabdingbar, die von Trust und Transparenz geprägt ist. Das ist auch ein ganz wesentlicher Punkt, um “Schatten-KI” zu verhindern. Anderenfalls werden Plattformen heimlich genutzt und die Security untergraben.
Business Cases für KI etablieren
Ganz ähnlich wie zuvor bei der Cloud erstellen die meisten Unternehmen keine kohärenten, strategischen Geschäftsmodelle für den Einsatz neuer Technologien – auch nicht, wenn es um generative KI und LLMs geht. Sich von Hype und FOMO anstecken zu lassen, ist relativ schnell geschehen – ohne soliden Business Case riskieren Unternehmen aber nicht nur, schlechte Ergebnisse zu erzielen.
Governance
Ohne Governance ist es nahezu unmöglich, Rechenschaftspflicht und klare Zielsetzungen zu realisieren. In diesen Bereich der OWASP-Checkliste fällt beispielsweise, ein RACI-Diagramm zu erstellen, dass die KI-Initiativen eines Unternehmens dokumentiert, Verantwortlichkeiten zuweist und unternehmensweite Richtlinien und Prozesse etabliert.
Rechtliches
Die rechtlichen Auswirkungen von KI sollten keinesfalls unterschätzt werden – sie entwickeln sich rasant weiter und können Reputation und finanziellem Gefüge potenziell beträchtliche Schäden zufügen. In diesen Bereich können diverse Aspekte fallen – zum Beispiel:
Produktgarantien im Zusammenhang mit KI,
KI-EULAs oder
Intellectual-Property-Risiken.
Kurzum: Ziehen Sie Ihr Legal-Team oder entsprechende Experten hinzu, um die verschiedenen rechtsbezogenen Aktivitäten zu identifizieren, die für Ihr Unternehmen relevant sind.
Regulatorisches
Aufbauend auf den juristischen Diskussionen entwickeln sich auch die regulatorischen Vorschriften schnell weiter – ein Beispiel ist der AI Act der EU. Unternehmen sollten deshalb die für sie geltenden KI-Compliance-Anforderungen ermitteln.
LLM-Lösungen nutzen oder implementieren
Der Einsatz von LLM-Lösungen erfordert spezifische Risiko- und Kontrollüberlegungen. Die OWASP-Checkliste nennt in diesem Bereich unter anderem die Aspekte:
Access Control umsetzen,
KI-Trainings-Pipelines absichern,
Daten-Workflows mappen und
bestehende oder potenzielle Schwachstellen in LLMs und Lieferketten identifizieren.
Darüber hinaus sind kontinuierliche Audits durch Dritte, Penetrationstests und auch Code-Reviews für Zulieferer empfehlenswert.
Testing, Evaluierung, Verifizierung, Validierung (TEVV)
Der TEVV-Prozess wird vom NIST in seinem AI Framework ausdrücklich empfohlen. Dieser beinhaltet:
Continuous Testing,
Evaluierungen,
Verifizierungen und
Validierungen sowie
Kennzahlen zu Funktionalität, Sicherheit und Zuverlässigkeit von KI-Modellen.
Und zwar über den gesamten Lebenszyklus von KI-Modellen hinweg.
Modell- und Risikokarten
Für den ethischen Einsatz von großen Sprachmodellen sieht die OWASP-Checkliste Modell- und Risiko-“Karten” vor. Diese können den Nutzern Verständnis über KI-Systeme vermitteln und so das Vertrauen in die Systeme stärken. Zudem ermöglichen sie, potenziell negative Begleiterscheinungen wie Bias oder Datenschutzprobleme offen zu thematisieren.
Die Karten können Details zu KI-Modellen, Architektur, Trainingsmethoden und Performance-Metriken beinhalten. Ein weiterer Schwerpunkt liegt dabei auf Responsible AI und allen Fragen in Zusammenhang mit Fairness und Transparenz.
Retrieval Augmented Generation
Retrieval Augmented Generation (RAG) ist eine Möglichkeit, die Fähigkeiten von LLMs zu optimieren, wenn es darum geht, relevante Daten aus bestimmten Quellen abzurufen. Dazu gehört, vortrainierte Modelle zu optimieren und bestehende auf neuen Datensätzen erneut zu trainieren, um ihre Leistung zu optimieren. OWASP empfiehlt, RAG zu implementieren, um den Mehrwert und die Effektivität großer Sprachmodelle im Unternehmenseinsatz zu maximieren.
KI-Red-Teaming
Last, but not least empfehlen die OWASP-Experten auch, KI-Red-Teaming-Sessions abzuhalten. Dabei werden Angriffe auf KI-Systeme simuliert, um Schwachstellen zu identifizieren und existierende Kontroll- und Abwehrmaßnahmen zu validieren.
OWASP betont dabei, dass Red Teaming für sich alleine keine umfassende Lösung respektive Methode darstellt, um Generative AI und LLMs abzusichern. Vielmehr sollte KI-Red-Teaming in einen umfassenderen Ansatz eingebettet werden. Essenziell ist dabei jedoch laut den Experten insbesondere, dass im Unternehmen Klarheit darüber herrscht, wie die Anforderungen für Red Teaming aussehen sollten. Ansonsten sind Verstöße gegen Richtlinien oder gar juristischer Ärger vorprogrammiert. (fm)
Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
View the full article
reporter

Google's First AI Smart Glasses Coming in 2026

Google is developing two pairs of smart glasses with artificial intelligence that will launch in 2026, the company said today. The first set of glasses have AI integration and are designed for screen-free assistance with built-in speakers, microphones, and cameras for speaking to Google Gemini.


Users will be able to take photos using the camera, and then ask Gemini questions about their surroundings for real-time help.

The second set of glasses has the same AI capabilities along with an in-lens display that is able to display helpful information like turn-by-turn directions or live translation captions. Both sets of glasses will connect to a smartphone, with processing done on that device. The glasses will run Android XR, Google's platform for wearables.

Google is partnering with Samsung to develop the glasses, plus it is working with Warby Parker and Gentle Monster, two companies that design eyeglasses. Google says that its glasses options will be stylish, lightweight, and comfortable enough to wear all day.

The Google smart glasses will compete with the Meta Ray-Bans and any upcoming products from Apple. Meta already has Ray-Ban and Oakley glasses with AI and Ray-Bans with an in-lens display. Rumors suggest that Apple is working to unveil its first set of AI smart glasses as soon as 2026.Tag: Google
This article, "Google's First AI Smart Glasses Coming in 2026" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases Safari Technology Preview 233 With Bug Fixes and Performance Improvements

Apple today released a new update for Safari Technology Preview, the experimental browser that was first introduced in March 2016. Apple designed ‌Safari Technology Preview‌ to allow users to test features that are planned for future release versions of the Safari browser.


‌Safari Technology Preview‌ 233 includes fixes and updates for Animations, HTML, MathML, Rendering, Web API, and Web Inspector.

The current ‌Safari Technology Preview‌ release is compatible with machines running macOS Sequoia and macOS Tahoe, the newest version of macOS.

The ‌Safari Technology Preview‌ update is available through the Software Update mechanism in System Preferences or System Settings to anyone who has downloaded the browser from Apple’s website. Complete release notes for the update are available on the Safari Technology Preview website.

Apple’s aim with ‌Safari Technology Preview‌ is to gather feedback from developers and users on its browser development process. ‌Safari Technology Preview‌ can run side-by-side with the existing Safari browser and while it is designed for developers, it does not require a developer account to download and use.
This article, "Apple Releases Safari Technology Preview 233 With Bug Fixes and Performance Improvements" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

iPhone Users in Japan Can Now Send Messages via Satellite

iPhone users in Japan are now able to use Apple's Messages via satellite feature, Apple said today. Messages via satellite works on the ‌iPhone‌ 14 or later and the Apple Watch Ultra 3, allowing users who have no cellular or Wi-Fi connection to use satellite connectivity for messaging.


When attempting to send a message with no cellular or Wi-Fi connection, ‌iPhone‌ users in Japan will see a message that prompts them to connect to the nearest satellite. After connecting, users can send and receive iMessages, SMS messages, emoji characters, and use the Messages Tapback feature.

Messages sent via satellite offer the same end-to-end encryption as messages sent over Wi-Fi or cellular.

Japanese users already had access to emergency SOS via satellite and the option to share location via satellite in the Find My app, so the new Messages via satellite option joins those two features.

iOS 18 or later is required for Messages via satellite on ‌iPhone‌, while the feature needs watchOS 26 or later on the ‌Apple Watch Ultra 3‌. Satellite connectivity continues to be free for all ‌iPhone‌ and Apple Watch users with supported devices.Tag: Japan
This article, "iPhone Users in Japan Can Now Send Messages via Satellite" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

ICEBlock App Developer Sues Trump Officials, Claims Apple Was Pressured to Remove App

The developer behind the ICEBlock app that Apple removed from the App Store at the Trump administration's request is suing for suppression of free speech. The lawsuit names Pam Bondi, Kristi Noem, and other government officials, accusing them of First Amendment violations (via NPR).


Key to the lawsuit is a statement from Bondi, who claimed Apple removed the app after the government asked Apple to do so. "We reached out to Apple today demanding they remove the ICEBlock app from their ‌App Store‌ -- and Apple did so," said Bondi.

ICEBlock allows iPhone users to report the location of United States Immigration and Customs Enforcement (ICE) agents when the agents are spotted in public. The app was removed from the ‌App Store‌ in early October, though people who downloaded it before it was pulled are still able to use it. ICEBlock had over a million users when it was removed from the ‌App Store‌.

Joshua Aaron, the app's developer, argues that the creation, distribution, and promotion of ICEBlock is lawful and protected by the First Amendment. He claims that the government officials named in the lawsuit used the authority of their offices to pressure, threaten, and coerce Apple to remove the app.

Apple is not named in the lawsuit, and is not being targeted by Aaron. When the app was removed from the ‌App Store‌, Apple said that the app violated guideline 1.1.1, and made it clear that it was removed at the behest of the government.

Aaron asks that the court allow ICEBlock to be reinstated, and that government officials be prevented from threatening or pressuring ICEBlock distributors.
This article, "ICEBlock App Developer Sues Trump Officials, Claims Apple Was Pressured to Remove App" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter
OHC_logo_transparent_01.jpeg flags-medium.png OHC_logo_blue_square_small.jpeg

 

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.