Skip to content
View in the app

A better way to browse. Learn more.
hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Show all categories

Will Final Cut Pro on Mac Get Every New Feature Without a Subscription? Here's What Apple Says

Apple has confirmed that it will continue to offer a one-time-purchase version of Final Cut Pro for Mac for $299.99, but will that version receive every new feature?


In an interview with digital filmmaking news website CineD, Apple marketing manager Bryan O'Neil Hughes said both the one-time-purchase and Apple Creator Studio versions of Final Cut Pro for Mac will include the new "intelligent" features Visual Search, Transcript Search, and Beat Detection, but his comment did not explicitly confirm if both versions of the app will receive every additional "intelligent" feature in the future. We have reached out to Apple for comment, and we will update this story if we receive a response.

What we do know is that the one-time-purchase version of Final Cut Pro for Mac will miss out on some "premium content," according to Apple's website:In the interview, Hughes went on say that both the one-time-purchase and Creator Studio versions of Final Cut Pro for Mac will continue to receive updates and "work as you expect," but we have still yet to see Apple explicitly confirm if both versions of the Mac app will have 100% feature parity forever. For now, though, it seems like customers with the one-time-purchase version will only miss out on "premium content."

Apple's website is more explicit about Logic Pro and MainStage, promising feature parity:Some other apps in the Creator Studio bundle, including Pixelmator Pro, Keynote, Numbers, Pages, and Freeform, will be receiving some "intelligent" features that will not be available without a subscription, so it is a mixed bag.

For example, only Pixelmator Pro users with a Creator Studio subscription will be receiving a new Warp tool that allows you to twist and shape image layers.

Across the Keynote, Pages, and Numbers apps, Creator Studio subscribers will have access to a new Content Hub with high-quality photos and graphics, as well as new premium templates, themes, and more. Apple said its Freeform app will also be updated with "intelligent" features for Creator Studio subscribers later this year.

Keynote, Numbers, Pages, and Freeform never cost money, but the apps will effectively be "freemium" now. Fortunately, Apple has ensured that all four of the apps will continue to receive other new features and updates without a subscription.

Overall, the introduction of the Creator Studio bundle makes for a more confusing landscape with less feature parity in some apps, and customers who dislike subscriptions have been voicing their disappointment. Keeping one-time purchase options around helps alleviate some concerns, but not everyone is happy with this direction.

Apple Creator Studio launches on Wednesday, January 28, with U.S. pricing set at $12.99 per month or $129.99 per year — read our earlier coverage to learn more.Tags: Apple Creator Studio, Final Cut Pro
This article, "Will Final Cut Pro on Mac Get Every New Feature Without a Subscription? Here's What Apple Says" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Output from vibe coding tools prone to critical security flaws, study finds

Popular vibe coding platforms consistently generate insecure code in response to common programming prompts, including creating vulnerabilities rated as ‘critical,’ new testing has found.
Security startup Tenzai’s top-line conclusion: the tools are good at avoiding security flaws that can be solved in a generic way, but struggle where what distinguishes safe from dangerous depends on context.
The assessment, which it conducted in December 2025, compared five of the best-known vibe coding tools — Claude Code, OpenAI Codex, Cursor, Replit, and Devin — by using pre-defined prompts to build the same three test applications.
In total, the code output by the five tools across 15 applications (three each) was found to contain a total of 69 vulnerabilities. Around 45 of these were rated ‘low-medium’ in severity, with many of the remainder rated ‘high’ and around half a dozen ‘critical’.
While the number of low-medium vulnerabilities was the same for all five tools, only Claude Code (4 flaws), Devin (1) and Codex (1) generated critical-rated vulnerabilities.
The most serious vulnerabilities concerned API authorization logic (checking who is allowed to access a resource or perform an action), and business logic (permitting a user action that shouldn’t be possible), both important for e-commerce systems.
“[Code generated by AI] agents seems to be very prone to business logic vulnerabilities. While human developers bring intuitive understanding that helps them grasp how workflows should operate, agents lack this ‘common sense’ and depend mainly on explicit instructions,” said Tenzai’s researchers.
Offsetting this, the tools did a good job of avoiding common flaws that have long plagued human-coded applications, such as SQLi or XSS vulnerabilities that are both still prominently featured in the OWASP Top 10 list of web application security risks.
“Across all the applications we developed, we didn’t encounter a single exploitable SQLi or XSS vulnerability,” said Tenzai.
Human oversight
The vibe coding sales pitch is that it automates everyday programming jobs, boosting productivity. While this is undoubtedly true, Tenzai’s test shows that the idea has limits; human oversight and debugging are still needed.
This isn’t a new discovery. In the year since the concept of ‘vibe coding’ was developed, other studies have found that, without proper supervision, these tools are prone to introducing new cyber security weaknesses.
But it’s not simply that vibe coding platforms aren’t picking up security flaws in their code; in some cases, defining what counts as good or bad is simply impossible using general rules or examples.
“Take SSRF [Server-Side Request Forgery]: there’s no universal rule for distinguishing legitimate URL fetches from malicious ones. The line between safe and dangerous depends heavily on context, making generic solutions impossible,” said Tenzai. 
The obvious solution is that, having invented vibe coding agents, the industry should now focus on vibe coding checking agents, which, of course, is where Tenzai, a small startup not long out of stealth mode, thinks it has found a gap in the market for its own technology. It said, “based on our testing and recent research, no comprehensive solution to this issue currently exists. This makes it critical for developers to understand the common pitfalls of coding agents and prepare accordingly.”
Debugging AI
The deeper question raised by vibe coding isn’t how well tools work, then, but how they are used. Telling developers to keep eyes on vibe code output isn’t the same as knowing this will happen, any more than it was in the days when humans made all the mistakes.
“When implementing vibe coding approaches, companies should ensure that secure code review is part of any Secure Software Development Lifecycle and is consistently implemented,” commented Matthew Robbins, head of offensive security at security services company Talion. “Good practice frameworks should also be leveraged, such as the language-agnostic OWASP Secure Coding Practices, and language-specific frameworks such as SEI CERT coding standards.” 
Code should be tested using static and dynamic analysis before being deployed, Robbins added. The trick is to get debugging right. “Although vibe coding presents a risk, it can be managed by closely adhering to industry-standard processes and guidelines that go further than traditional debugging and quality assurance,” he noted.
However, according to Eran Kinsbruner, VP of product marketing at application testing organization Checkmarx, traditional debugging risks being overwhelmed by the AI era.
“Mandating more debugging is the wrong instinct for an AI-speed problem. Debugging assumes humans can meaningfully review AI-generated code after the fact. At the scale and velocity of vibe coding, that assumption collapses,” he said.
“The only viable response is to move security into the act of creation. In practice, this means agentic security must become a native companion to AI coding assistants, embedded directly inside AI-first development environments, not bolted on downstream.”
View the full article
CSOonline

Iran’s partial internet shutdown may be a windfall for cybersecurity intel

The near-total internet blackout imposed by the Iranian government starting January 8, reportedly due to a crackdown on protesters, may offer a rare opportunity to SOC staffers and other cybersecurity analysts, briefly allowing all government traffic sources to be identified and digitally fingerprinted, a massive help in tracking Iranian state actors.
Among global malicious state actors, Iran is near the top, behind China, Russia and North Korea, which suggests that this kind of intel on Iranian systems might prove useful.
One cybersecurity vendor CEO argues that it is indeed a potential threat intel goldmine.
In an almost-total internet blackout, “the attack surface available to state hackers shrinks. They can no longer hide in the noise of millions of residential IPs. They are forced to route their attacks through the few remaining whitelisted pipes, which are exactly those boring government agencies such as Agriculture, Energy, Universities,” said Kaveh Ranjbar, CEO of Whisper Security. “Advanced Persistent Threat (APT) groups routinely co-opt benign government infrastructure to launch attacks because it looks clean. When the rest of the country is dark, those boring servers become the only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”
Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs to flag those sources.
“For a CISO, the calculus is simple: User traffic is zero. If Amazon or a bank sees traffic from Tehran during a blackout, it is not a customer buying books or checking a balance. It is not a remote employee. [All] of the traffic is machine-generated and state-sanctioned. Even if it’s just a misconfigured cron job at the Ministry of Water, it is an anomaly. But more often, it is scanning, probing, or reconnaissance,” Ranjbar said.
“You don’t need a list of malicious agencies,” he observed. “You need to know that the entire visible IP space of Iran is currently a privileged enclave. If a server is allowed to speak to the outside world while 80 million citizens are silenced, that server is, by definition, an asset of the state. In a zero-trust environment, that makes it a high-confidence Indicator of Compromise (IoC) if it touches your network.”
Analysts and consultants, however, were reserved about the approach, but pointed out that, on an ROI basis, it will typically require minimal effort to capture that data during the blackout, so it can’t hurt much to do so. 
“I don’t think there’s any downside to capturing it,” said Robert Kramer, vice president/principal analyst at Moor Insights & Strategy. 
Data might be of limited value
But, Kramer and other experts said, the nature of state actors today may make that captured data of limited value. 
State actors for those four countries are among the most sophisticated, experienced, and best-financed attackers anywhere. One of their top skills is not only knowing how to cover their tracks, but how to create false logs and other deceptions to make the attack look like it is being launched from anywhere other than its true source. In short, if the logs point to the attack coming from China, a CISO knows that the attack almost certainly wasn’t launched by China. 
Sanchit Vir Gogia, chief analyst at Greyhound Research, said that he sees some of the potential value, but added that it is limited. 
In this kind of blackout, “the few packets that escape become disproportionately meaningful. You’re looking at whitelisted ASNs, state-controlled telecoms and government-operated services. That residual traffic helps map adversary digital infrastructure with surprising clarity. The presence of DNS queries, passive malware beacons, or control-plane BGP signals during a blackout gives analysts a blueprint of national priorities.” Gogia said. 
But, he stressed, that’s where the value may stop. “Residual traffic does not readily convert into block rules or SIEM logic. It does not hand you command-and-control servers on a silver platter. Most of it is either benign or diagnostic. And unless correlated with strong behavioral signals, it rarely survives the trip from strategic context to operational action,” he said.
“Yes, you might find an Iranian IP that kept chattering when no one else could. But was it a threat actor’s box, or just a government website? Without high-confidence enrichment, it’s guesswork. Worse, if that same IP goes back to hosting payroll services a week later, your SOC is stuck chasing shadows. That’s why this intelligence is best used for threat modelling, not triage.”
Gogia added that the captured data is also likely to expire relatively quickly.
“Routing anomalies and observable proxies are equally unstable. During partial shutdowns, traffic might reroute through unexpected neighbors or temporarily migrate to backup ISPs,” he noted. “A sharp analyst might catch an Iranian subnet using a German transit point during a blackout. But once service restores, that path disappears. If you treated it as a long-term IoC, it would quickly become a dead end.”
Setting aside deliberate deception, there is also a lot of legitimate traffic coming from Iranian government agencies, Matthew Stern, CEO at CNC Intelligence, pointed out. 
“This may offer short-term insight into routing behavior, protocol usage, and infrastructure dependencies that Iranian state-linked operators may later reuse. However, this should not be overstated,” Stern said. “Government traffic is not inherently malicious and sophisticated Iranian cyber actors frequently operate through foreign infrastructure, compromised hosts, and third-party services outside Iran, which significantly limits the long-term defensive value of domestic traffic fingerprinting.”
Nonetheless, cybersecurity consultant Brian Levine, executive director of FormerGov, said the rare nature of this shutdown makes it worth performing whatever data capture is viable. 
The signal to noise ratio flips
“From an intelligence perspective, this is one of the rare moments when the signal‑to‑noise ratio flips. If traffic is flowing out of Iran right now, odds are high it’s state‑linked, and that alone makes it worth capturing,” Levine said. “Even legitimate Iranian government activity can be valuable to SOCs. State actors tend to reuse infrastructure, routes, and operational patterns. Today’s ‘normal’ traffic can become tomorrow’s attribution breadcrumb.”
Although Levine agreed that the quantity of actionable long-term data is likely small, he thinks it is still worth capturing. “Collecting digital fingerprints during a blackout won’t solve attribution on its own, but it can sharpen it. In cyber defense, even a few percentage points of clarity can make the difference between catching an intrusion early and missing it entirely.”
However, two VP analysts with Gartner, Jeremy D’Hoinne and Akif Khan, were more skeptical of the data’s value and discouraged CISO teams from pursuing it.
“Attribution is dangerous based on fragmented technical evidence,” D’Hoinne said. “Don’t get distracted.”
Khan was more blunt. “In the fog of war, trying to find verifiable information is very challenging. Without being able to corroborate, I don’t think this goes beyond an intellectual exercise. If people in your enterprise SOC have the time to do this, they need to refocus their priorities.”
View the full article
CSOonline

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)View the full article
Hacker News

Verizon is Down: iPhones Show 'SOS' Mode Due to Network Outage

Verizon is experiencing a major outage across the U.S. today, with hundreds of thousands of customers reporting issues with the network on the website Downdetector. There are also complaints across Reddit and other social media platforms.


iPhone users and others with Verizon service are generally unable to make phone calls, send text messages, or use data over 5G or LTE due to the outage. iPhone users may see "SOS" in the status bar, as the device cannot connect to Verizon's network.

AT&T and T-Mobile customers may be indirectly impacted by Verizon's outage.

Apple explains what "SOS" means in a support document:Verizon is aware of the outage, and it is working on a fix.

"We are aware of an issue impacting wireless voice and data services for some customers," said Verizon, in a social media post, shortly after 1 p.m. Eastern Time. "Our engineers are engaged and are working to identify and solve the issue quickly. We understand how important reliable connectivity is and apologize for the inconvenience."

We will update this story once the outage is fully resolved.

Tag: Verizon
This article, "Verizon is Down: iPhones Show 'SOS' Mode Due to Network Outage" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Will Apple Announce New MacBook Pros This January?

While the entry-level 14-inch MacBook Pro was updated with an M5 chip in October, we are still waiting for higher-end MacBook Pro models with M5 Pro and M5 Max chips, and there are some signs that might point towards a late January launch this year.


First, Apple's new Creator Studio bundle of creative apps launches on Wednesday, January 28. Given that Creator Studio includes many professional Mac apps, such as Final Cut Pro, Logic Pro, and Pixelmator Pro, Macworld speculated that the week of January 28 would be a fitting time for Apple to release new MacBook Pro models too.

Second, Apple's next quarterly earnings call is scheduled for Thursday, January 29, and the company has introduced new products shortly before these calls on numerous occasions over the years and touched on them in the opening remarks.

Third, there is precedent, as Apple unveiled MacBook Pro models with M2 Pro and M2 Max chips with a press release in January 2023.

Again, all of this is speculation, so do not set your expectations too high. But, sometimes where there is smoke there is fire.

Beyond the M5 chip, the entry-level 14-inch MacBook Pro received only one notable change last year: PCIe 5.0 storage. Apple says this results in up to 2× faster SSD read and write speeds compared to the previous-generation model.

The higher-end 14-inch and 16-inch MacBook Pro models with the M5 Pro and M5 Max chips are likewise expected to have few other changes.

Bigger changes to the MacBook Pro are expected with the two-generations-away models, in either late 2026 or at some point in 2027. Rumored upgrades include an OLED display with touchscreen capabilities, a thinner design, built-in cellular connectivity, and M6 chips manufactured with TSMC's advanced 2nm process, for even greater year-over-year performance gains. For that reason, it will probably be wise to skip the MacBook Pro models with M5 Pro and M5 Max chips unless you really need to upgrade.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Caution)Related Forum: MacBook Pro
This article, "Will Apple Announce New MacBook Pros This January?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Best Buy's Winter Sale Includes Big Discounts on Apple Devices, TVs, Monitors, and More

Best Buy kicked off a new Winter Sale this week, with notable markdowns on Apple devices, TVs, headphones and speakers, monitors, appliances, and much more. This sale is set to last through January 19, and you don't need to be a My Best Buy Plus or Total member to see the deals.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In terms of Apple devices, you can find solid deals on MacBook Air, AirPods Max, iPad Pro, MacBook Pro, Beats accessories, and more. In most cases Best Buy is offering same day pick-up on these products, and there are several free shipping options as well.

SITEWIDE SALEBest Buy Winter Sale

Some of the biggest discounts you'll find in Best Buy's Winter Sale are on TVs, with as much as $1,300 off select models. Best Buy has Samsung's popular line of The Frame TVs on sale, including the 65-inch 2025 model for $1,199.99 ($600 off) and the 65-inch The Frame Pro for $1,899.99 ($300 off), both of which match the low prices we tracked over the holidays at Samsung's own website.

Apple

20W USB-C Power Adapter - $14.99 ($4 off)
AirPods Max - $449.99 ($100 off)
13-inch M4 MacBook Air - $799.00 ($200 off)
14-inch M5 MacBook Pro - $1,449.00 ($150 off)
13-inch M5 iPad Pro (1TB Nano-Texture) - $1,799.00 ($200 off)
TVs

55-inch Toshiba C350 4K Smart Fire TV - $199.99 ($200 off)
65-inch Samsung U7900 4K Smart TV - $329.99 ($140 off)
65-inch LG UA7050 4K Smart TV - $329.99 ($160 off)
75-inch LG LED 4K Smart TV - $449.99 ($240 off)
65-inch Samsung OLED 4K Smart TV - $899.99 ($1,100 off)
98-inch Hisense QLED 4K Smart Google TV - $999.99 ($1,300 off)
65-inch Samsung The Frame TV (2025) - $1,199.99 ($600 off)
65-inch LG OLED 4K Smart TV - $1,399.99 ($1,300 off)
65-inch Samsung The Frame Pro - $1,899.99 ($300 off)
Monitors

27-inch LG 120Hz Monitor - $104.99 ($145 off)
27-inch Samsung Curved 100Hz Monitor - $139.99 ($60 off)
34-inch LG UltraWide 100Hz Monitor - $199.99 ($100 off)
27-inch Alienware OLED Monitor - $479.99 ($70 off)
49-inch Samsung Odyssey OLED Curved Monitor - $999.99 ($700 off)
Audio

Beats Pill - $99.99 ($50 off)
Beats Solo 4 Headphones - $149.99 ($50 off)
Beats Studio Pro Headphones - $249.99 ($100 off)
Bose QuietComfort Ultra Headphones - $279.00 ($150 off)
Sony Bravia Theater Bar 6 - $499.99 ($200 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Buy's Winter Sale Includes Big Discounts on Apple Devices, TVs, Monitors, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Arcade Adding These Four Games in February

Apple Arcade will be adding another four games on Thursday, February 5, with complete details about each game outlined in Apple's announcement.


Retrocade will allow Apple Vision Pro users to play classic arcade games like Asteroids, PAC-MAN, Breakout, Galaga, and Space Invaders in an immersive 3D environment, complete with leaderboards, daily challenges, and more.

An arcade edition of the popular PC game Sid Meier's Civilization VII is also coming to Apple Arcade next month, across the Mac, iPad, and iPhone. The award-winning strategy game tasks players with building the greatest empire in the world.

The other two games coming to Apple Arcade next month are I Love Hue Too+, in which you arrange colorful tiles, and rhythm game Felicity's Door.

Apple Arcade is a subscription service that provides access to hundreds of games across the iPhone, iPad, Mac, Apple TV, and Apple Vision Pro. All of the games are free of ads and in-app purchases. In the U.S., Apple Arcade costs $6.99 per month, and it is also bundled with other Apple services in all Apple One plans.

Apple Arcade can be accessed through the App Store and the Apple Games app.Tag: Apple Arcade
This article, "Apple Arcade Adding These Four Games in February" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple's Foldable iPhone Rumored to Be Built With Liquid Metal and Improved Titanium

Apple is planning to use advanced liquid metal and improved titanium alloys for its first foldable iPhone, according to new supply-chain information.


According to the Korean Naver user known as "yeux1122," citing a material company source, the hinge used in Apple's first foldable ‌iPhone‌ will be made from liquid metal, an "amorphous" material Apple has been exploring for over 15 years. The main body of the device will apparently use a revised titanium material that improves strength while reducing overall weight when compared with existing titanium ‌iPhone‌ frames, despite having virtually the same surface area.

Apple's relationship with liquid metal goes back years, tracing back to a 2010 deal with Liquidmetal Technologies. Apple received a "perpetual, worldwide, fully-paid, exclusive license" to commercialize Liquidmetal-related intellectual property in the field of consumer electronic products.

Around the same time, Apple started using the material in small ‌iPhone‌ and iPad parts such as the SIM ejector tool. In subsequent years, Apple repeatedly renewed or extended aspects of its arrangement with Liquidmetal Technologies, but the material remained difficult to scale for high-volume structural components and it has never seen significant use. Liquid metal has continued to surface in Apple patent filings and rumors over the years.

Liquid metal lacks a crystalline structure, meaning that it offers high strength, resists permanent bending, and holds up well under repeated mechanical stress. Those characteristics have led Apple to repeatedly explore liquid metal in patents covering hinges and other moving parts, especially for foldable devices where the material's fatigue resistance and spring-like behavior are essential to hinge durability.

For the body of the device, titanium provides a stronger strength-to-weight ratio than aluminum or stainless steel, but foldable designs add further constraints because of their larger size and the need to manage weight around the hinge. Changes to both the titanium alloy itself and the manufacturing process to increase strength while reducing weight for a given surface area could help remedy this. The foldable ‌iPhone‌ is likely to be Apple's fourth attempt at a titanium ‌iPhone‌, so it has had several generations to iterate on the alloy's composition to optimize particular properties.

Apple's first foldable ‌iPhone‌ is expected to debut in the fall of this year alongside the iPhone 18 Pro and ‌iPhone 18‌ Pro Max. It is rumored to feature a wide, book-style folding design with a 7.8-inch inner display and a 5.5-inch outer display, a crease-free display, the A20 chip and Apple's C2 modem, two rear cameras, Touch ID, and more. Tags: Foldable iPhone, Liquidmetal Technologies, Naver
This article, "Apple's Foldable iPhone Rumored to Be Built With Liquid Metal and Improved Titanium" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More

While the iPhone 18 Pro models are still around nine months away, a leaker has shared some alleged details about the devices.


In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max.

Consistent with previous rumors, the leaker claimed that both of the models will have a breakthrough new feature: under-screen Face ID.

Last month, The Information also reported that the iPhone 18 Pro and iPhone 18 Pro Max would be equipped with under-screen Face ID, and it said the front camera would be moved to the top-left corner of the screen on the devices. As a result, the report said the devices would no longer have a pill-shaped cutout in the screen.

If under-screen Face ID does finally materialize this year, it is unclear if the iPhone 18 Pro models would have a Dynamic Island. Even if the TrueDepth sensor cutouts for Face ID are hidden under the screen, perhaps the Dynamic Island would still pop up at least briefly for things such as low battery alerts and Live Activities.

As for the standard iPhone 18 and the iPhone Air 2, the leaker expects those devices to have a Dynamic Island, and the same 6.3-inch and 6.5-inch display sizes as the equivalent previous-generation models, respectively.

All in all, here is what the leaker expects:iPhone 18: 6.3-inch display (120Hz/LTPO) and Dynamic Island
iPhone Air 2: 6.5-inch display (120Hz/LTPO) and Dynamic Island
iPhone 18 Pro: 6.3-inch display (120Hz/LTPO) and under-screen Face ID
iPhone 18 Pro Max: 6.9-inch display (120Hz/LTPO) and under-screen Face IDThe display sizes above are rounded.

Apple is expected to release the iPhone 18 Pro and iPhone 18 Pro Max in the typical September timeframe this year, but rumors suggest the standard iPhone 18 and the iPhone Air 2 will not launch until around March 2027.

Digital Chat Station has more than three million followers on Weibo, and the account has accurately leaked some Apple information in the past. Of course, rumors do not always pan out, so nothing is official at this point.Related Roundups: iPhone 18, iPhone AirTags: Digital Chat Station, Face IDBuyer's Guide: iPhone Air (Buy Now)Related Forum: iPhone
This article, "New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

AI Agents Are Becoming Privilege Escalation Paths

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants, chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example:View the full article
Hacker News

Get $200 Off Apple's M4 MacBook Air, Available From $799

You can get the 13-inch M4 MacBook Air (256GB) for $799.00 today on Amazon, down from $999.00. You'll find similar $200 discounts across nearly the entire M4 MacBook Air lineup, and all of these deals are being matched at Best Buy.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

If you're looking for the larger model, you can get the 15-inch 256GB computer for $999.00, down from $1,199.00. You'll also find many of the 512GB models of the 13-inch and 15-inch M4 MacBook Air on sale this week.

$200 OFF13-inch M4 MacBook Air (256GB) for $799.00
$200 OFF15-inch M4 MacBook Air (256GB) for $999.00

These prices are solid second-best prices on the M4 MacBook Air, and we haven't tracked record low prices since before Christmas. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get $200 Off Apple's M4 MacBook Air, Available From $799" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (View the full article
Hacker News

Apple Releases New Firmware Update for iPhone Air MagSafe Battery

Apple this week released another firmware update for the iPhone Air MagSafe Battery, but there are no specific details about what it includes.


The latest iPhone Air MagSafe Battery firmware has a version number of 8B32, up from 8B25. In the Settings app on the iPhone Air, the new firmware is listed as version 101.0, while the previous firmware was listed as version 99.0 in the app.

New Firmware: 101.0 (Version) / 8B32 (Build)
Previous Firmware: 99.0 (Version) / 8B25 (Build)Apple does not share release notes for iPhone Air MagSafe Battery firmware updates, so it is unclear what is new. However, it would be reasonable to assume the update includes performance and stability improvements, and/or bug fixes.

iPhone Air MagSafe Battery firmware updates automatically install in the background over time, while the accessory is charged and actively being used.

You can check the version number of the ‌MagSafe‌ Battery's firmware by attaching it to an ‌iPhone Air‌, opening the Settings app on the device, and tapping on General → About → ‌iPhone Air‌ ‌MagSafe‌ Battery. If you see 101.0, it is up to date.Related Roundup: iPhone AirTag: iPhone Air MagSafe BatteryBuyer's Guide: iPhone Air (Buy Now)
This article, "Apple Releases New Firmware Update for iPhone Air MagSafe Battery" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

SpyCloud, the leader in identity threat protection, today announced the launch of its Supply Chain Threat Protection solution, an advanced layer of defense that expands identity threat protection across the extended workforce, including organizations’ entire vendor ecosystems. Unlike traditional third-party risk management platforms that rely on external surface indicators and static scoring, SpyCloud Supply Chain Threat Protection provides timely access to identity threats derived from billions of recaptured breach, malware, phished, and combolist data assets, empowering organizations – from enterprise security teams to public sector agencies – to act on credible threats rather than simply observe and accept risk.
Supply Chain Threat Protection addresses a critical gap in enterprise security: the inability to maintain real-time awareness of identity exposures affecting third-party partners and vendors. According to the 2025 Verizon Data Breach Investigations Report, third-party involvement in breaches doubled year-over-year, jumping from 15% to 30% primarily due to software vulnerabilities and weak security practices. As supply chain compromises continue to escalate, security teams need intelligence that goes beyond questionnaires and external scans to reveal active threats like phishing campaigns targeting their trusted partners, confirmed credential theft, and malware-infected devices exposing critical business applications to criminals. 


For government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense Industrial Base suppliers had over 11,000 dark web exposed credentials – an 81% increase from the previous year. SpyCloud Supply Chain Threat Protection enables federal, state, and local agencies to identify when suppliers or contractors have been compromised – allowing them to take proactive measures before an identity exposure escalates into a matter of national security.
“Third-party threats have evolved far beyond what traditional vendor assessment tools can detect,” said Damon Fleury, Chief Product Officer at SpyCloud. “Public and private sector organizations need to know when their vendors’ employees are actively compromised by malware or phishes, when authentication data is circulating on the dark web, and which partners pose the greatest real downstream threat to their business. Our new solution delivers those signals by transforming raw underground data into clear, prioritized actions that security teams use to protect their organization.”
Supply Chain Threat Protection enables organizations and agencies to continuously monitor thousands of suppliers, with each company’s threats enumerated in detail, and also represented in an at-a-glance Identity Threat Index. The Index is a comprehensive and continuously updated analysis that quantifies vendor security posture through the lens of identity exposure, from both active and historical phishing, breach, and malware sources, and surfaces which partners pose the most significant risk based on verified dark web intelligence.
Key Capabilities Include:
Real Evidence of Compromise: Timely recaptured identity data from breaches, malware, and successful phishes collected continuously from the criminal underground, with context that gives security teams enhanced visibility into the identity threats facing suppliers today. Identity Threat Index: Aggregates multiple verified data sources weighted by the recency, volume, credibility, and severity of compromise, emphasizing verified identity data over static breach records for more robust and real-time visibility into vendor risk. Compromised Applications: Identifies the internal and third-party business applications exposed on malware-infected supplier devices to support deeper investigation and risk assessment. Enhanced Vendor Management and Communications: Facilitates sharing of actionable evidence and detailed executive-level reports directly with vendors to collaboratively improve security posture, transforming vendor relationships from adversarial scoring to collaborative protection. Integrated Response: Leveraging SpyCloud’s console, teams now have access to identity threat protection beyond the traditional employee perimeter with this extension to suppliers, allowing analysts to respond to workforce identity threats within a single tool.  SpyCloud Supply Chain Threat Protection is designed to support multiple use cases across Security Operations, Infosec, Vendor Risk Management, and GRC teams. Organizations can leverage the solution for vendor due diligence during procurement and onboarding, continuous risk reviews to strengthen vendor relationships, and accelerated incident response when vendor exposures threaten their own environments.
“Security teams and their counterparts across the business are overwhelmed with vendor assessments, questionnaires, and risk scores that often don’t translate to real prevention,” said Alex Greer, Group Product Manager at SpyCloud. “Our customers have often reported that when they’re evaluating doing business with a new vendor, they lack the actionable data their legal and compliance teams need for evidence-based decision making. That’s where SpyCloud stands out. Surfacing verified identity threats tied directly to vendor compromise, letting teams escalate to leadership when to restrict data access and prioritize efforts for the greatest impact on reducing organizational risk.”
Unlike existing solutions that rely on external surface indicators and static scoring, SpyCloud provides threat data derived from underground sources – the same recaptured darknet identity data that criminals actively use to target organizations and agencies. This fundamental difference enables SpyCloud customers to move from passive risk acceptance to proactive and holistic identity threat protection.
To learn more about defending organizations from the exposures of vendors and suppliers, registration is open for SpyCloud’s upcoming Live Virtual Event, Beyond Vendor Risk Scores: How to Solve the Hidden Identity Crisis in Your Supply Chain, on Thursday, January 22, 2026, at 11 am CT. 
About SpyCloud
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To learn more and see insights on your company’s exposed data, users can visit spycloud.com.
Contact
Media Specialist
Phil Tortora
REQ on behalf of SpyCloud
[email protected]
View the full article
CSOonline

Apple Struggling With Key Material Shortage as AI Chips Drain Supply

Apple is confronting a newly intensified supply-chain challenge for future chips as the AI boom has created a global shortage of a key material, Nikkei Asia reports.


Apple is said to be struggling to secure sufficient supplies of high-end glass cloth fiber, a material that plays a critical role in the printed circuit boards and chip substrates used in iPhones and other devices. The most advanced forms of this glass cloth are apparently produced almost entirely by one supplier, Nitto Boseki.

Apple began using Nittobo's premium glass cloth in chips years before AI computing drove widespread demand for similar materials. As AI workloads have expanded, however, companies such as Nvidia, Google, Amazon, AMD, and Qualcomm have moved aggressively into the same supply pool, placing unprecedented pressure on Nittobo's limited capacity.

In response, Apple has taken several unusual steps to protect its supply chain. The company reportedly sent staff to Japan last autumn and stationed them at Mitsubishi Gas Chemical, which produces substrate materials and relies on Nittobo's glass cloth. Apple is also believed to have approached Japanese government officials for assistance in securing supply.

Apple is additionally working to qualify alternative suppliers, though progress has been slow. Apple has engaged with smaller Chinese glass fiber producers, including Grace Fabric Technology, and asked Mitsubishi Gas Chemical to help oversee quality improvements. Other potential entrants from Taiwan and China are attempting to scale production, but industry sources said achieving consistent quality at the required level remains difficult.

Each glass fiber must be extremely thin, uniform, and free of defects, as the glass cloth is embedded deep inside the chip substrate and cannot be repaired or replaced after assembly. Because of this, major chipmakers have been reluctant to adopt lower-grade materials, even temporarily.

Apple has discussed using less-advanced glass cloth as a stopgap, but doing so would require extensive testing and validation and would not significantly ease supply constraints for 2026 products. Similar concerns are affecting other chipmakers.Tag: Nikkei
This article, "Apple Struggling With Key Material Shortage as AI Chips Drain Supply" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

DataOps Platforms: Become Skilled in Data Pipeline Operations

Introduction: Problem, Context & Outcome
Organizations collect massive volumes of data, yet teams still struggle to turn that data into reliable, timely insights. Data pipelines often break without warning, analytics reports conflict with each other, and engineers spend days fixing issues after business users raise complaints. As companies push toward real-time decisions, AI-driven features, and continuous experimentation, traditional data practices cannot keep up. Therefore, teams now need faster, safer, and more predictable ways to deliver data, just like modern software delivery.
DataOps Trainers help organizations solve these challenges by applying DevOps-style automation, collaboration, and quality controls to data workflows. They focus on practical execution rather than theory. By reading this blog, you will understand why DataOps matters today, how it integrates with DevOps, and what outcomes professionals achieve with structured DataOps training. Why this matters: Without DataOps, data delivery remains slow, fragile, and unreliable.
What Is DataOps Trainers?
DataOps Trainers are professionals who teach DataOps as an operating model for building, testing, deploying, and maintaining data pipelines. They explain DataOps in simple, practical terms, making it easy for teams to move from manual data handling to automated, repeatable workflows. Instead of treating data as a byproduct, teams learn to manage data as a continuously delivered product.
In real DevOps environments, DataOps Trainers show how data engineers, DevOps engineers, analysts, and QA teams collaborate effectively. They explain how version control, CI/CD, automation, and monitoring apply to data pipelines. For example, teams test data transformations before releasing dashboards to business users. As a result, learners gain production-ready skills used in enterprise data platforms. Why this matters: Practical DataOps training builds trust in data and speeds up decision-making.
Why DataOps Trainers Is Important in Modern DevOps & Software Delivery
Modern applications depend heavily on analytics, machine learning, and real-time data. Consequently, unreliable data pipelines create broken features and misleading insights. DataOps has gained strong industry adoption because it introduces discipline, automation, and continuous feedback into data workflows. However, many teams fail to adopt DataOps fully due to unclear processes and lack of skilled guidance.
DataOps Trainers help teams align data delivery with Agile, CI/CD, cloud, and DevOps practices. They explain how DataOps enables faster experimentation, reliable analytics, and better collaboration across teams. Moreover, they show how DataOps supports governance, compliance, and scalable cloud data platforms. Why this matters: DataOps transforms data from a risk into a dependable business asset.
Core Concepts & Key Components
Automated Data Pipelines
Purpose: Deliver data reliably from source to consumers.
How it works: Uses orchestration tools to schedule, monitor, and manage workflows.
Where it is used: Data warehouses, lakes, and analytics platforms.
Version Control for Data Workflows
Purpose: Track and manage changes safely.
How it works: Stores pipeline code, configurations, and schemas in repositories.
Where it is used: Collaborative data engineering environments.
Data Quality & Validation
Purpose: Ensure data accuracy and consistency.
How it works: Applies automated checks for completeness, schema, and values.
Where it is used: Production analytics and reporting systems.
Monitoring & Observability
Purpose: Detect failures and anomalies early.
How it works: Monitors freshness, volume, and pipeline health metrics.
Where it is used: Enterprise data platforms and cloud pipelines.
Governance & Collaboration
Purpose: Maintain standards and accountability.
How it works: Uses shared workflows, documentation, and access controls.
Where it is used: Regulated and large-scale organizations.
Why this matters: These components enable scalable, reliable, and auditable data delivery.
How DataOps Trainers Works (Step-by-Step Workflow)
First, trainers evaluate current data workflows, delays, and quality issues. Next, they introduce DataOps principles using real enterprise scenarios. Then, learners design automated pipelines with version control and validation built in. Trainers explain how data flows safely across development, testing, and production environments.
After that, learners implement monitoring and alerts for pipeline health and data quality. Trainers also demonstrate how DataOps integrates with CI/CD and cloud-native platforms. Finally, learners review governance, cost control, and continuous improvement practices. Why this matters: A structured workflow prepares teams to deliver trusted data continuously.
Real-World Use Cases & Scenarios
Retail companies use DataOps to ensure accurate sales and inventory analytics. Financial institutions rely on DataOps to meet regulatory and audit requirements. SaaS companies use DataOps to support product analytics and rapid experimentation. QA teams validate pipelines before data reaches dashboards. Cloud and SRE teams monitor data platforms alongside applications.
For example, a global enterprise reduced reporting errors by automating data validation and deployment. As a result, leadership trusted analytics for faster decisions. Why this matters: Real-world scenarios show DataOps delivers measurable business impact.
Benefits of Using DataOps Trainers
Productivity: Faster analytics delivery through automation Reliability: Consistent, high-quality data outputs Scalability: Pipelines that grow with data volume Collaboration: Strong alignment across data, DevOps, and business teams Why this matters: These benefits enable confident, data-driven decision-making.
Challenges, Risks & Common Mistakes
Many teams treat DataOps as a tooling upgrade instead of a cultural shift. Others skip data testing or delay monitoring until failures occur. Some teams exclude business stakeholders from workflows. Trainers help avoid these risks by emphasizing process, collaboration, and automation together. Why this matters: Avoiding common mistakes prevents broken dashboards and lost trust.
Comparison Table
Traditional Data ManagementDataOps ApproachManual pipelinesAutomated pipelinesSlow releasesContinuous deliveryLimited testingAutomated validationSiloed teamsCross-functional teamsReactive fixesProactive monitoringWeak governancePolicy-driven governanceLow trust in dataHigh trust in dataHard to scaleCloud-ready scalabilityDelayed insightsNear real-time insightsHigh operational riskReduced risk Why this matters: The comparison highlights why organizations adopt DataOps.
Best Practices & Expert Recommendations
Automate pipeline creation and testing. Validate data at every stage. Monitor freshness and quality continuously. Use version control everywhere. Encourage shared ownership across teams. Trainers emphasize sustainable practices over quick fixes. Why this matters: Best practices keep DataOps effective as systems scale.
Who Should Learn or Use DataOps Trainers?
Data engineers, DevOps engineers, cloud engineers, SREs, QA teams, and analytics professionals benefit from DataOps training. Beginners learn structured foundations, while experienced professionals refine enterprise-grade data delivery practices. Why this matters: DataOps supports every role that relies on trustworthy data.
FAQs – People Also Ask
What are DataOps Trainers?
They provide hands-on DataOps training. Why this matters: Practical skills matter.
Is DataOps suitable for beginners?
Yes, trainers start from fundamentals. Why this matters: Beginners gain confidence.
How is DataOps different from DevOps?
DataOps focuses on data workflows. Why this matters: Data needs specialized practices.
Is DataOps relevant for DevOps engineers?
Yes, DevOps principles apply to data delivery. Why this matters: Integration improves outcomes.
Does DataOps work with cloud platforms?
Yes, cloud platforms support DataOps well. Why this matters: Cloud adoption drives DataOps.
Is data testing important in DataOps?
Yes, testing ensures data quality. Why this matters: Quality builds trust.
Can QA teams participate in DataOps?
Yes, QA validates data pipelines. Why this matters: Shared responsibility improves results.
Is DataOps used in enterprises?
Yes, large organizations adopt DataOps widely. Why this matters: Enterprise adoption proves value.
Does DataOps support ML workflows?
Yes, DataOps complements MLOps. Why this matters: ML depends on reliable data.
Does DataOps training help career growth?
Yes, data reliability skills are in high demand. Why this matters: Skills drive long-term growth.
Branding & Authority
DevOpsSchool is a globally trusted platform delivering enterprise-grade DevOps, cloud, and data engineering education. It enables professionals to master DataOps Trainers through structured programs, hands-on labs, and production-aligned learning. Learners gain real-world experience with automated pipelines, data quality checks, governance, and cloud-scale data operations. Why this matters: Trusted platforms ensure skills remain relevant and credible.
Rajesh Kumar brings more than 20 years of hands-on expertise across DevOps & DevSecOps, Site Reliability Engineering (SRE), DataOps, AIOps & MLOps, Kubernetes & Cloud Platforms, and CI/CD & Automation. He focuses on solving real data delivery challenges at enterprise scale. Why this matters: Experienced mentorship accelerates mastery and reduces costly learning gaps.
Call to Action & Contact Information
Develop reliable, scalable data delivery skills with enterprise-ready DataOps training.
Course details:
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329


View the full article
reporter

CrowdStrike to add browser security to Falcon with Seraphic acquisition

CrowdStrike has agreed to acquire Israel-based Seraphic Security, a browser runtime security company, to extend its Falcon platform to browser-native enterprise security.
Expected to close by April, the acquisition will allow CrowdStrike to integrate Seraphic’s browser-native protection with its Falcon endpoint telemetry and threat intelligence capabilities. The move comes just days after CrowdStrike announced plans to acquire SGNL, a continuous identity authorization company.
Browser as attack surface
With web browsers increasingly serving as the primary interface for enterprise work, communication, SaaS applications, and AI tools, they are emerging as one of the most exposed layers in corporate IT environments.
“Traditional endpoint controls like EDR focus on the OS level and miss in-session browser activity, while network tools like firewalls can’t inspect HTTPS-encrypted sessions or user actions within apps. They lack visibility into browser telemetry, shadow IT, malicious extensions, and data flows, leaving gaps that attackers exploit via phishing, session hijacking, and zero-days,” said Amit Jaju, global partner/senior managing director – India at Ankura Consulting. He added that web browsers pose risks even in controlled environments because they inherently process untrusted internet code, enabling zero-day exploits, malicious extensions acting as supply chain attacks, and credential theft that bypasses perimeter defenses.
CrowdStrike said the Seraphic acquisition will allow it to extend the Falcon platform deeper into in-browser activity.  With Seraphic, the company aims to transform the SOC by correlating trillions of endpoint signals with deep, in-session browser telemetry. This will allow the Falcon platform to understand user intent, application context, and data flow in real time.
“Seraphic’s true USP lies in its ability to make the browser session itself a governable security surface, rather than treating the browser as a passive extension of the endpoint,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “Most enterprise security stacks stop at device health and identity validation. They confirm who logged in and from what device, but they lose visibility once the user begins interacting inside SaaS applications. Seraphic addresses this by enforcing policy inside the live browser session, covering user actions, session behaviour, and data movement that never touches disk and never triggers network anomalies. When integrated into CrowdStrike Falcon, it moves from detecting threats around user activity to governing behaviour during it.”
Gen AI altering browser risk
Generative AI has fundamentally altered the browser risk profile. Gogia noted that the browser is now a bidirectional data exchange, where employees routinely feed sensitive context into AI systems. Most of this activity happens outside formal enterprise governance.
Copying internal data into AI prompts, uploading files for summarisation, or using AI-enhanced browser features has become one of the fastest-growing data leakage paths in organisations. As a result, browser-level enforcement is one of the few practical ways to address this without resorting to unrealistic bans.
CrowdStrike will also integrate SGNL’s continuous authorization technology, enabling permissions to be dynamically granted or revoked on a per-session and risk-level basis.
The two solutions combined will create what the company described as a unified security fabric.
The integration will be designed to secure how generative AI applications and agents are accessed, to prevent shadow AI tools from scraping or exfiltrating sensitive enterprise data. It will also aim to prevent the copying, uploading, or screen-grabbing of sensitive data using AI-based content filtering and granular execution-layer controls, stop session hijacking, sophisticated phishing, and man-in-the-browser attacks at the point of execution by randomizing the browser’s JavaScript engine.
In addition, CrowdStrike will extend protection to unmanaged and BYOD devices by securing the browser session without requiring a full endpoint agent.
View the full article
CSOonline

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. "An improper neutralization of special elements used in an OS command ('OS commandView the full article
Hacker News

Datadog for DevOps Engineers: Become Job Ready

Introduction: Problem, Context & Outcome
Modern engineering teams operate highly distributed systems that span cloud infrastructure, microservices, containers, and third-party APIs. However, many engineers still lack clear visibility into how these systems behave in real time. Metrics remain isolated, logs feel overwhelming, and traces often stay unused. As a result, teams detect failures late, struggle to identify root causes, and spend excessive time reacting instead of preventing issues. Meanwhile, business expectations continue to rise. Organizations now demand faster releases, stable platforms, and predictable performance. This reality makes expert guidance from Datadog Trainers increasingly important. Datadog offers deep observability, yet teams often underuse it without structured training. In this blog, you will learn what Datadog trainers deliver, how Datadog supports modern DevOps practices, and how expert-led learning helps teams build reliable, insight-driven systems at scale. Why this matters: strong observability transforms chaos into clarity and protects both systems and business outcomes.
What Is Datadog Trainers?
Datadog Trainers are experienced professionals and training programs that teach Datadog as a unified monitoring and observability platform. They focus on real-world implementation rather than basic feature overviews. Trainers explain how Datadog collects and correlates metrics, logs, traces, and events across applications, infrastructure, and cloud services. They also demonstrate how developers, DevOps engineers, and SREs use Datadog daily to understand performance, reliability, and user impact. In practical DevOps environments, Datadog trainers guide teams to design meaningful dashboards, configure actionable alerts, and analyze incidents with confidence. As cloud-native architectures grow across industries, Datadog expertise continues to gain relevance for startups and enterprises alike. Learners gain hands-on experience that directly applies to production systems and operational challenges. Why this matters: practical Datadog training converts raw monitoring data into confident operational decisions.
Why Datadog Trainers Is Important in Modern DevOps & Software Delivery
Modern DevOps practices rely on rapid feedback, continuous improvement, and system reliability. Datadog supports these principles by providing end-to-end observability across the entire delivery lifecycle. Therefore, Datadog trainers play a critical role in helping teams adopt monitoring with structure and purpose. They explain how Datadog integrates with CI/CD pipelines, cloud platforms, container orchestration, and Agile delivery models. Without proper training, teams often experience alert fatigue, poor dashboard design, and limited incident visibility. Trainers address these problems by teaching service-level monitoring, signal prioritization, and correlation across telemetry types. As a result, teams improve mean time to detection, reduce recovery duration, and collaborate more effectively. Why this matters: DevOps delivery succeeds only when teams clearly see and understand system behavior.
Core Concepts & Key Components
Infrastructure Monitoring
The purpose of infrastructure monitoring is to track the health and performance of hosts, virtual machines, and containers. Datadog agents collect metrics such as CPU usage, memory consumption, disk throughput, and network latency. Teams use these metrics to identify capacity risks and abnormal behavior early.
Log Management
Log management centralizes application and system logs into one searchable platform. Datadog indexes logs and enables fast filtering and correlation. Teams rely on logs to investigate errors, validate deployments, and reconstruct incident timelines.
Application Performance Monitoring (APM)
APM traces requests as they move across services and dependencies. Datadog visualizes request latency, error rates, and bottlenecks. Developers and SREs use APM to identify slow endpoints and inefficient code paths.
Dashboards and Visualization
Dashboards present system health in a clear visual format. Trainers show how to design dashboards that highlight service status, customer impact, and operational risk.
Alerts and Event Management
Alerts notify teams when metrics exceed thresholds or anomalies appear. Trainers teach how to configure alerts that reduce noise and focus attention on meaningful issues.
Why this matters: understanding Datadog components allows teams to observe systems holistically instead of troubleshooting blindly.
How Datadog Trainers Works (Step-by-Step Workflow)
Training begins by assessing current monitoring maturity and system architecture. Trainers introduce Datadog fundamentals using real infrastructure and application examples. Learners install Datadog agents, collect metrics, and create dashboards early in the process. Next, trainers integrate Datadog with applications, cloud services, and container platforms. They simulate common incidents such as latency spikes, memory leaks, and traffic surges. Learners analyze telemetry, correlate metrics with logs and traces, and respond effectively. This workflow closely mirrors the DevOps lifecycle from deployment to monitoring to incident response. Why this matters: structured workflows prepare engineers for real operational pressure.
Real-World Use Cases & Scenarios
Technology companies use Datadog to monitor cloud-native platforms and microservices architectures. DevOps engineers track infrastructure health and deployment impact. Developers analyze application latency and error trends during releases. QA teams validate performance under load and during regression testing. SRE teams manage reliability targets, SLIs, and on-call operations. E-commerce platforms protect customer experience during peak traffic. Financial organizations use Datadog to support compliance, audit, and stability requirements. Across industries, teams improve uptime and delivery quality through better visibility. Why this matters: real-world adoption demonstrates Datadog’s direct business value.
Benefits of Using Datadog Trainers
Productivity: faster issue resolution through unified visibility Reliability: early detection of performance and stability risks Scalability: observability that grows with distributed systems Collaboration: shared insights across DevOps, developers, and SREs Why this matters: trained teams shift from reactive firefighting to proactive system management.
Challenges, Risks & Common Mistakes
Many teams enable Datadog without defining monitoring goals. Others collect excessive metrics and generate noisy alerts. Some dashboards focus on technical detail while ignoring business impact. Datadog trainers address these challenges by teaching signal selection, alert hygiene, and service-level observability. They also encourage continuous review and tuning. Why this matters: avoiding common mistakes ensures observability investments deliver real operational value.
Comparison Table
AspectTraditional MonitoringDatadog ObservabilityVisibilityFragmentedUnifiedAlert QualityNoisyActionableRoot Cause AnalysisSlowFastCloud IntegrationLimitedDeepAPM SupportBasicNativeLogs CorrelationManualAutomaticScalabilityRestrictedHighTeam AlignmentSiloedSharedIncident ResponseReactiveProactiveBusiness InsightMinimalStrong Why this matters: comparison clarifies why modern teams adopt full observability platforms.
Best Practices & Expert Recommendations
Define clear monitoring objectives before implementation. Track golden signals consistently. Design dashboards around decisions instead of visual appeal. Review alerts frequently and remove noise. Correlate metrics, logs, and traces during every incident. Learn from trainers with real production experience instead of theory-only exposure. Why this matters: best practices turn observability into a strategic capability.
Who Should Learn or Use Datadog Trainers?
Developers gain deeper insight into application behavior. DevOps engineers improve infrastructure visibility and deployment confidence. SREs strengthen reliability engineering and incident response. QA engineers validate performance and stability under load. Beginners learn observability fundamentals, while experienced professionals refine advanced monitoring strategies. Why this matters: Datadog skills apply across nearly every modern engineering role.
FAQs – People Also Ask
What are Datadog Trainers?
They provide hands-on training for Datadog observability. Why this matters: clarity improves learning outcomes.
Why do teams use Datadog?
It provides unified visibility across systems. Why this matters: visibility prevents outages.
Is Datadog suitable for beginners?
Yes, with guided instruction. Why this matters: accessibility speeds adoption.
How does Datadog help DevOps teams?
It monitors the full delivery lifecycle. Why this matters: feedback improves deployments.
Can developers use Datadog daily?
Yes, for application performance insights. Why this matters: performance shapes user experience.
Does Datadog work with cloud platforms?
Yes, through deep native integrations. Why this matters: cloud observability remains essential.
Is Datadog useful for QA teams?
Yes, for performance and stability validation. Why this matters: quality drives reliability.
How long does Datadog training take?
Typically a few weeks. Why this matters: planning supports commitment.
Can Datadog reduce downtime?
Yes, by detecting issues early. Why this matters: uptime protects revenue.
Is Datadog relevant for SRE roles?
Absolutely. Why this matters: SRE depends on observability.
Branding & Authority
DevOpsSchool is a globally trusted training platform that delivers enterprise-ready education in DevOps, cloud, automation, and observability. It emphasizes hands-on labs, real production scenarios, and job-relevant learning outcomes. Learners gain confidence managing complex systems instead of theoretical familiarity alone. The platform aligns training with industry expectations and long-term career growth. Why this matters: trusted platforms ensure credibility and sustainable expertise.
Rajesh Kumar brings over 20 years of hands-on industry experience across DevOps & DevSecOps, Site Reliability Engineering, DataOps, AIOps & MLOps, Kubernetes, cloud platforms, CI/CD, and automation. He mentors professionals through Datadog Trainers programs with a strong focus on real-world observability outcomes and operational excellence. Why this matters: expert mentorship transforms tools into practical value.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

Datadog for DevOps Teams: Become Industry Ready —Pune

Introduction: Problem, Context & Outcome
Engineering teams in Pune increasingly manage complex systems built on cloud services, containers, and microservices. However, many teams still lack clear visibility into system behavior. Metrics scatter across tools, logs remain siloed, and traces stay underused. As a result, teams detect issues late, struggle with root-cause analysis, and spend long hours firefighting incidents. Meanwhile, modern businesses expect DevOps teams to identify problems early, understand impact quickly, and recover systems fast. This shift makes expert guidance from Datadog Trainers in Pune highly valuable. Datadog offers powerful observability features, but teams need structured learning to extract real value. In this blog, you will learn what Datadog trainers in Pune provide, how Datadog fits into modern DevOps delivery, and how focused training enables engineers to build highly observable and reliable systems. Why this matters: strong observability improves system stability, team confidence, and business resilience.
What Is Datadog Trainers in Pune?
Datadog Trainers in Pune are experienced professionals and structured training programs that teach Datadog as a unified monitoring and observability platform. These trainers focus on practical implementation rather than isolated feature walkthroughs. They explain how Datadog collects and correlates metrics, logs, traces, and events across infrastructure, applications, and cloud services. Moreover, they show how DevOps, SRE, and development teams use Datadog daily to monitor performance, detect anomalies, and understand system behavior. Developers learn how traces connect code performance to user experience. DevOps engineers learn how infrastructure signals affect application health. Pune’s growing fintech, SaaS, and cloud-native ecosystem has increased demand for Datadog skills. Learners gain hands-on experience building dashboards and alerts aligned with real production systems. Why this matters: practical Datadog training converts data into clear, actionable insight.
Why Datadog Trainers in Pune Is Important in Modern DevOps & Software Delivery
Modern DevOps relies on continuous feedback and fast learning cycles. Datadog plays a central role by providing end-to-end observability across the delivery pipeline. Therefore, Datadog trainers in Pune help teams adopt monitoring with purpose and structure. They explain how Datadog integrates with CI/CD pipelines, container platforms, cloud services, and Agile workflows. Without proper training, teams often face alert fatigue, poor dashboard design, and limited context during incidents. Trainers resolve these challenges by teaching service-oriented monitoring, signal prioritization, and correlation strategies. Consequently, teams reduce downtime, accelerate recovery, and improve collaboration between development and operations. Why this matters: DevOps delivery improves only when teams see and understand system behavior clearly.
Core Concepts & Key Components
Infrastructure Metrics
The purpose of infrastructure metrics is to measure resource usage and health. Datadog collects CPU, memory, disk, and network metrics from servers, VMs, and containers. Teams use these metrics to detect capacity issues and abnormal behavior.
Log Management
Log management centralizes application and system logs. Datadog indexes logs and enables fast search and filtering. Teams rely on logs to investigate failures and verify system behavior during incidents.
Application Performance Monitoring (APM)
APM tracks request paths through services. Datadog traces transactions across microservices and dependencies. Developers and SREs use APM to identify latency sources and inefficient code paths.
Dashboards and Visualization
Dashboards present metrics, logs, and traces visually. Trainers teach how to design dashboards that reflect service health, customer impact, and operational priorities.
Alerts and Event Management
Alerts trigger notifications when metrics or patterns breach expectations. Trainers show how to configure alerts that reduce noise and focus attention on meaningful issues.
Why this matters: understanding Datadog components enables teams to detect, analyze, and resolve problems with confidence.
How Datadog Trainers in Pune Works (Step-by-Step Workflow)
Training starts with evaluating current monitoring practices and system architecture. Trainers introduce Datadog fundamentals through real infrastructure scenarios. Learners install Datadog agents, collect metrics, and visualize data quickly. Next, trainers connect Datadog to applications, cloud platforms, and containers. They simulate real incidents such as traffic spikes, latency increases, and resource exhaustion. Learners investigate dashboards, correlate logs and traces, and resolve issues efficiently. This structured workflow reflects the real DevOps lifecycle from deployment to monitoring to incident response. Why this matters: step-by-step practice builds operational readiness.
Real-World Use Cases & Scenarios
Organizations in Pune use Datadog to monitor cloud-native applications, APIs, and data platforms. DevOps engineers track infrastructure and container health. Developers analyze application latency and error rates. QA teams validate performance during load and regression testing. SRE teams manage reliability, uptime, and on-call response. E-commerce companies protect customer experience during high traffic events. Financial services teams use Datadog to meet compliance and monitoring requirements. Across these scenarios, teams reduce downtime and improve delivery quality. Why this matters: real-world usage demonstrates Datadog’s business impact.
Benefits of Using Datadog Trainers in Pune
Productivity: faster troubleshooting through unified visibility Reliability: early detection of performance and stability issues Scalability: monitoring that grows with distributed systems Collaboration: shared dashboards across engineering roles Why this matters: trained teams move from reactive firefighting to proactive operations.
Challenges, Risks & Common Mistakes
Teams often enable too many metrics without purpose. Others create noisy alerts or ignore tracing data. Some dashboards fail to reflect business priorities. Datadog trainers in Pune address these issues by teaching signal selection, alert hygiene, and service-level thinking. They also emphasize continuous tuning and review. Why this matters: avoiding common mistakes ensures observability delivers real value.
Comparison Table
AspectTraditional Monitoring ToolsDatadog PlatformVisibilityFragmentedUnifiedAlert QualityNoisyFocusedRoot Cause AnalysisSlowFastCloud IntegrationPartialNativeAPM SupportLimitedBuilt-inLogs CorrelationManualAutomatedScalabilityRestrictedHighTeam AlignmentSiloedSharedIncident ResponseReactiveProactiveBusiness InsightMinimalStrong Why this matters: comparison highlights why teams adopt modern observability platforms.
Best Practices & Expert Recommendations
Define monitoring goals before implementation. Track golden signals consistently. Design dashboards around decisions, not visuals. Review and tune alerts regularly. Correlate metrics, logs, and traces during incidents. Learn from trainers with real production experience. Why this matters: best practices transform observability into a strategic capability.
Who Should Learn or Use Datadog Trainers in Pune?
DevOps engineers managing cloud infrastructure benefit immediately. Developers gain visibility into application performance. SREs strengthen reliability and incident response practices. QA engineers validate system behavior under load. Beginners learn observability fundamentals, while experienced professionals refine advanced monitoring strategies. Why this matters: Datadog skills apply across modern engineering roles.
FAQs – People Also Ask
What is Datadog Trainers in Pune?
It refers to professionals providing hands-on Datadog training. Why this matters: clarity improves learning choices.
Why do teams use Datadog?
It delivers unified observability. Why this matters: visibility prevents outages.
Is Datadog good for beginners?
Yes, with guided learning. Why this matters: accessibility accelerates adoption.
How does Datadog support DevOps?
It monitors the full lifecycle. Why this matters: feedback improves delivery.
Can developers use Datadog effectively?
Yes, for performance insights. Why this matters: performance impacts users.
Does Datadog integrate with cloud platforms?
Yes, deeply and natively. Why this matters: cloud visibility remains essential.
Is Datadog useful for QA teams?
Yes, for performance validation. Why this matters: quality drives stability.
How long does Datadog training take?
Usually a few weeks. Why this matters: planning helps commitment.
Can Datadog reduce downtime?
Yes, through early detection. Why this matters: uptime protects revenue.
Is Datadog relevant for SRE roles?
Yes, it supports reliability goals. Why this matters: SRE depends on observability.
Branding & Authority
DevOpsSchool is a globally trusted training platform that delivers enterprise-ready education in DevOps, monitoring, cloud, and automation. It prioritizes hands-on labs, real production scenarios, and practical learning outcomes. Learners build confidence managing complex systems instead of relying on theoretical knowledge. The platform aligns training with industry expectations and evolving DevOps practices. Why this matters: trusted platforms ensure long-term skill credibility.
Rajesh Kumar brings more than 20 years of hands-on industry experience across DevOps & DevSecOps, Site Reliability Engineering, DataOps, AIOps & MLOps, Kubernetes, cloud platforms, CI/CD, and automation. He mentors professionals through Datadog Trainers in Pune programs with a strong focus on real-world observability challenges and outcomes. Why this matters: expert mentorship turns tools into operational excellence.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.  Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download theView the full article
Hacker News

Hackerangriff löst Fehlalarm in Halle aus

rame435 – shutterstock.com
In der Stadt Halle (Saale) ist es am Samstag (10. Januar) zu einem Fehlalarm gekommen. Gegen 22 Uhr heulten alle betriebsfähigen Sirenen auf, begleitet von einer englischsprachigen Durchsage: “Active shooter. Lockdown now” (Bewaffneter Angreifer aktiv. Sofortiger Lockdown). Wie die Stadtverwaltung mitteilte, handelt es sich bei der Ursache nach aktuellen Kenntnissen höchstwahrscheinlich um einen Cyberangriff.
Wie Oberbürgermeister Alexander Vogt und Tobias Teschner, Leiter des Fachbereichs Sicherheit, erklären, wurde der Alarm durch einen externen Zugriff auf das Sirenensystem ausgelöst – also weder von der Stadt selbst noch vom Land Sachsen-Anhalt oder vom Bund.
Alarmsystem weiterhin funktionsfähig
Weitere Details zu dem Angriff sind derzeit nicht bekannt. Man habe alle notwendigen Maßnahmen zur Sicherung des Sirenensystems ergriffen und Anzeige bei der Polizei erstattet, versichert die Stadt. „Dort laufen die Ermittlungen inzwischen auf Hochtouren. Alle Sirenen im Stadtgebiet sind vor äußeren Zugriffen geschützt und alarmfähig.“
Am Samstag war zudem die städtische Webseite www.halle.de  kurzzeitig nicht erreichbar. Die Stadt schließt jedoch einen gezielten DDoS-Angriff aus. Stattdessen geht man davon aus, dass die hohen Zugriffszahlen aufgrund des Alarms zu der Unterbrechung geführt haben. Inzwischen seien Maßnahmen ergriffen worden, um die Webseite auch bei starkem Nutzeraufkommen stabil zu halten, heißt es in der Mitteilung.
View the full article
CSOonline

Hackerangriff löst Fehlalarm in Halle aus

rame435 – shutterstock.com
In der Stadt Halle (Saale) ist es am Samstag (10. Januar) zu einem Fehlalarm gekommen. Gegen 22 Uhr heulten alle betriebsfähigen Sirenen auf, begleitet von einer englischsprachigen Durchsage: “Active shooter. Lockdown now” (Bewaffneter Angreifer aktiv. Sofortiger Lockdown). Wie die Stadtverwaltung mitteilte, handelt es sich bei der Ursache nach aktuellen Kenntnissen höchstwahrscheinlich um einen Cyberangriff.
Wie Oberbürgermeister Alexander Vogt und Tobias Teschner, Leiter des Fachbereichs Sicherheit, erklären, wurde der Alarm durch einen externen Zugriff auf das Sirenensystem ausgelöst – also weder von der Stadt selbst noch vom Land Sachsen-Anhalt oder vom Bund.
Alarmsystem weiterhin funktionsfähig
Weitere Details zu dem Angriff sind derzeit nicht bekannt. Man habe alle notwendigen Maßnahmen zur Sicherung des Sirenensystems ergriffen und Anzeige bei der Polizei erstattet, versichert die Stadt. „Dort laufen die Ermittlungen inzwischen auf Hochtouren. Alle Sirenen im Stadtgebiet sind vor äußeren Zugriffen geschützt und alarmfähig.“
Am Samstag war zudem die städtische Webseite www.halle.de  kurzzeitig nicht erreichbar. Die Stadt schließt jedoch einen gezielten DDoS-Angriff aus. Stattdessen geht man davon aus, dass die hohen Zugriffszahlen aufgrund des Alarms zu der Unterbrechung geführt haben. Inzwischen seien Maßnahmen ergriffen worden, um die Webseite auch bei starkem Nutzeraufkommen stabil zu halten, heißt es in der Mitteilung.
View the full article
CSOonline

Chef for DevOps Engineers: Become Industry Ready —Pune

Introduction: Problem, Context & Outcome
Engineering and DevOps teams in Pune operate in complex environments where infrastructure changes happen daily. Yet, many engineers still manage servers manually or rely on scattered scripts that fail to scale. As systems grow, configuration drift increases, deployments break, and recovery takes longer than expected. Meanwhile, businesses demand faster releases, predictable systems, and strong audit readiness. This growing pressure makes configuration management a core DevOps skill today. As a result, Chef Trainers in Pune play a crucial role in helping engineers adopt infrastructure automation the right way. Chef enables teams to define, enforce, and maintain infrastructure as code, but only when used correctly. In this blog, you will gain a clear understanding of what Chef trainers in Pune offer, how Chef fits into modern DevOps delivery, and how structured training prepares teams to manage infrastructure with confidence. Why this matters: reliable automation reduces outages, speeds delivery, and improves operational control.
What Is Chef Trainers in Pune?
Chef Trainers in Pune refers to experienced professionals and formal training programs that teach Chef as an enterprise-grade configuration management platform. These trainers focus on real operational challenges rather than abstract automation theory. They explain Chef fundamentals such as cookbooks, recipes, resources, roles, and environments in a way that directly maps to production systems. Moreover, they demonstrate how Chef integrates into DevOps workflows that use Git, CI/CD pipelines, and infrastructure as code practices. Developers, DevOps engineers, and system administrators use this training to create consistent environments across development, testing, staging, and production. Pune’s strong enterprise and SaaS ecosystem increases the demand for Chef skills in regulated and large-scale environments. Learners gain hands-on experience managing real nodes and infrastructure safely. Why this matters: practical Chef training prevents configuration drift and eliminates repeated production failures.
Why Chef Trainers in Pune Is Important in Modern DevOps & Software Delivery
Modern DevOps emphasizes speed, stability, and repeatability across the delivery lifecycle. Chef directly supports these goals by automating infrastructure configuration at scale. Therefore, Chef trainers in Pune remain essential for teams adopting infrastructure as code. They help engineers understand how Chef integrates with CI/CD pipelines, cloud platforms, and Agile delivery models. Without proper guidance, teams often write unstructured cookbooks, misuse environments, and struggle with maintenance. Trainers address these issues by teaching modular design, reuse patterns, and testing practices. As a result, organizations achieve faster deployments, consistent systems, and better collaboration between development and operations. Chef also helps organizations meet audit and compliance requirements, which many Pune-based enterprises require. Why this matters: DevOps pipelines succeed only when infrastructure remains predictable and repeatable.
Core Concepts & Key Components
Chef Architecture
The purpose of Chef architecture is to manage infrastructure centrally while enforcing a desired system state on all nodes. Chef Server stores configuration data, Chef Workstations manage cookbook code, and Chef Clients apply configurations on target systems. Teams use this architecture across on-premise, cloud, and hybrid environments.
Cookbooks and Recipes
Cookbooks organize configuration logic into reusable units. Recipes define how systems install packages, configure services, manage users, and maintain files. Trainers explain how recipes converge systems consistently, regardless of their current state.
Resources and Idempotency
Resources describe infrastructure components in a declarative format. Chef enforces idempotency, which ensures repeated runs produce the same result. Trainers show how this behavior prevents unexpected configuration changes.
Roles and Environments
Roles define a server’s function, such as web or database. Environments control configuration differences across development, QA, staging, and production. Enterprises rely on these constructs to manage change safely.
Chef with CI/CD Automation
Chef integrates with CI/CD pipelines to enforce infrastructure configuration during deployments. Trainers demonstrate how this approach ensures every release runs on a consistent foundation.
Why this matters: mastering Chef concepts allows teams to automate complex environments without losing control or visibility.
How Chef Trainers in Pune Works (Step-by-Step Workflow)
Training begins with an assessment of infrastructure knowledge and DevOps maturity. Trainers introduce Chef fundamentals using realistic server scenarios instead of simplified demos. Learners then set up Chef workstations, create cookbooks, and register nodes step by step. Next, trainers integrate Chef workflows with version control systems and CI/CD pipelines. They also introduce real-world challenges such as configuration drift, failed convergence, and environment misalignment. Learners diagnose issues, refactor cookbooks, and optimize processes. This workflow closely follows the real DevOps lifecycle from build to deploy to operate. Why this matters: step-by-step learning builds confidence for real production environments.
Real-World Use Cases & Scenarios
Enterprises in Pune use Chef to manage thousands of servers across data centers and cloud platforms. DevOps engineers automate operating system configuration and application dependencies. Developers rely on consistent environments to eliminate deployment surprises. QA teams create reproducible test setups using Chef-managed nodes. SRE teams enforce configuration standards to improve uptime and reduce incident frequency. Banking and regulated industries depend on Chef to meet audit and compliance requirements. Across these use cases, teams reduce manual effort, shorten recovery time, and maintain predictable system behavior. Why this matters: real-world adoption validates Chef’s long-term enterprise relevance.
Benefits of Using Chef Trainers in Pune
Productivity: faster onboarding through structured, hands-on learning Reliability: consistent configurations across all environments Scalability: automation that supports large infrastructure estates Collaboration: shared, version-controlled infrastructure code Why this matters: trained teams operate infrastructure efficiently while minimizing operational risk.
Challenges, Risks & Common Mistakes
Beginners often write large, monolithic cookbooks that are difficult to maintain. Some teams skip testing and documentation, which leads to fragile automation. Others misuse roles and environments, causing configuration confusion. Chef trainers in Pune help teams avoid these pitfalls by teaching modular cookbook design, testing strategies, and environment discipline. They also emphasize collaboration and continuous improvement. Why this matters: avoiding common mistakes prevents long-term technical debt and operational failure.
Comparison Table
AspectManual ConfigurationChef AutomationEnvironment ConsistencyLowHighScalabilityLimitedEnterprise-gradeError RateHighReducedAudit SupportWeakStrongDeployment SpeedSlowFastRollback ControlManualAutomatedCollaborationFragmentedCode-drivenComplianceDifficultSimplifiedDevOps IntegrationMinimalStrongLong-Term StabilityUnpredictablePredictable Why this matters: comparison clearly shows why Chef supports mature DevOps operations.
Best Practices & Expert Recommendations
Store all Chef code in version control systems. Write small, reusable cookbooks that follow clear standards. Test changes before applying them to production. Manage roles and environments carefully to avoid drift. Integrate Chef runs into CI/CD workflows. Learn from trainers with real production experience rather than theory-only exposure. Why this matters: following best practices ensures Chef automation remains reliable and scalable over time.
Who Should Learn or Use Chef Trainers in Pune?
DevOps engineers managing infrastructure automation gain immediate value from Chef skills. System administrators transitioning to DevOps strengthen their automation capabilities. Cloud engineers handling hybrid platforms improve control and consistency. QA and SRE professionals ensure stable test and production environments. Beginners gain structured learning, while experienced professionals refine enterprise-scale expertise. Why this matters: Chef knowledge supports multiple roles and long-term career growth.
FAQs – People Also Ask
What is Chef Trainers in Pune?
It refers to professionals who provide practical Chef training. Why this matters: clarity helps informed learning decisions.
Why is Chef still relevant today?
Enterprises use it to manage large-scale infrastructure. Why this matters: relevance supports career longevity.
Is Chef suitable for beginners?
Yes, with structured guidance. Why this matters: accessibility expands learning opportunities.
How does Chef help DevOps teams?
It enforces consistent infrastructure as code. Why this matters: consistency improves delivery speed.
Chef vs Ansible: which is better?
The answer depends on scale and complexity. Why this matters: informed choices avoid rework.
Can developers learn Chef?
Yes, to maintain consistent environments. Why this matters: collaboration improves outcomes.
Does Chef support cloud environments?
Yes, across cloud and on-premise systems. Why this matters: flexibility supports hybrid strategies.
Is Chef useful with Kubernetes?
Yes, for node and OS configuration. Why this matters: layered automation increases stability.
How long does Chef training usually take?
Typically a few weeks. Why this matters: planning improves commitment.
Does Chef help with compliance?
Yes, through repeatable configurations. Why this matters: compliance reduces operational risk.
Branding & Authority
DevOpsSchool is a globally trusted platform that delivers enterprise-focused training in DevOps, automation, and cloud technologies. It emphasizes hands-on labs, real production scenarios, and practical skill development instead of surface-level theory. Learners gain confidence to manage live systems and complex infrastructures using modern DevOps practices. The platform aligns learning with real industry expectations and long-term career growth. Why this matters: trusted platforms ensure credible learning and sustainable professional value.
Rajesh Kumar brings over 20 years of hands-on industry experience as a DevOps mentor and practitioner. His expertise spans DevOps & DevSecOps, Site Reliability Engineering, DataOps, AIOps & MLOps, Kubernetes, cloud platforms, CI/CD, and automation. He also mentors professionals through Chef Trainers in Pune programs with a strong focus on real-world execution and problem-solving. Why this matters: expert mentorship bridges the gap between learning and real production delivery.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

Chef for Infrastructure as Code: Become Skilled —Bangalore

Introduction: Problem, Context & Outcome
Engineering teams in Bangalore operate in highly dynamic environments where infrastructure changes frequently. However, many teams still configure servers manually or depend on inconsistent scripts. This approach causes configuration drift, environment mismatch, and repeated production issues. As systems scale, these problems multiply and directly impact release speed and reliability. Meanwhile, enterprises expect infrastructure automation that integrates cleanly with DevOps pipelines and supports audit, compliance, and recovery needs. This shift makes the role of Chef automation critical today. Guidance from experienced Chef Trainers in Bangalore helps engineers move from fragile setups to predictable, code-driven infrastructure. In this blog, you will understand what Chef trainers in Bangalore truly provide, why Chef remains important in modern DevOps ecosystems, and how structured training enables teams to manage infrastructure with confidence and control. Why this matters: strong Chef automation prevents outages and supports reliable, scalable software delivery.
What Is Chef Trainers in Bangalore?
Chef Trainers in Bangalore are experienced professionals and structured programs that teach Chef as an enterprise-grade configuration management and automation platform. They focus on practical usage rather than conceptual explanations alone. Trainers explain how Chef enforces desired system states using cookbooks, recipes, roles, and environments. They also show how Chef fits into DevOps workflows that rely on version control, CI/CD pipelines, and infrastructure as code principles. Developers and DevOps engineers use this training to maintain consistent environments across development, testing, staging, and production. Bangalore’s enterprise-heavy ecosystem further increases demand for Chef expertise in banking, telecom, SaaS, and regulated industries. Learners gain hands-on experience managing real servers and hybrid infrastructures confidently. Why this matters: practical Chef knowledge eliminates configuration inconsistencies that often cause system failures.
Why Chef Trainers in Bangalore Is Important in Modern DevOps & Software Delivery
Modern DevOps practices aim to increase deployment velocity without sacrificing stability. Chef directly supports this goal by automating infrastructure configuration at scale. Therefore, Chef trainers in Bangalore play a vital role in helping teams implement infrastructure as code correctly. They teach how Chef integrates with CI/CD tools, cloud provisioning platforms, and Agile delivery models. Without proper training, teams often create rigid cookbooks, ignore testing, or mismanage environments. Trainers correct these issues by emphasizing reusable code, modular design, and continuous validation. As a result, organizations achieve faster releases, predictable environments, and improved collaboration between development and operations teams. Why this matters: DevOps automation succeeds only when configuration management remains reliable and repeatable.
Core Concepts & Key Components
Chef Architecture
The purpose of Chef architecture is to centrally manage infrastructure while enforcing desired state on all nodes. Chef Server stores configuration data, Chef Workstations manage code, and Chef Clients apply configurations on systems. Teams use this architecture across on-premise and cloud environments.
Cookbooks and Recipes
Cookbooks structure configuration logic, while recipes define how systems converge to the desired state. Trainers explain how recipes handle packages, services, users, and files in application servers and databases.
Resources and Providers
Resources describe infrastructure components in a declarative way. Providers execute actions to enforce resource state. Trainers demonstrate how idempotency ensures consistent outcomes across repeated runs.
Roles and Environments
Roles define server responsibilities, and environments separate configurations across stages. Enterprises rely on these concepts to manage development, QA, staging, and production differences safely.
Chef in CI/CD Pipelines
Chef integrates with automation pipelines to enforce configuration during deployments. Trainers show how this integration ensures infrastructure consistency with every release.
Why this matters: understanding Chef components enables teams to automate complex infrastructure without losing control or visibility.
How Chef Trainers in Bangalore Works (Step-by-Step Workflow)
Training starts with evaluating infrastructure and DevOps familiarity. Trainers introduce Chef fundamentals using real server scenarios instead of simplified demos. Learners set up Chef workstations, write cookbooks, and manage nodes step by step. Trainers then integrate Chef workflows with version control and CI/CD pipelines. They also introduce failure scenarios such as broken convergence, misconfigured roles, or drift. Learners troubleshoot, refactor, and optimize their solutions. This workflow closely matches how DevOps teams design, deploy, and operate systems daily. Why this matters: step-by-step workflows build confidence for real production usage.
Real-World Use Cases & Scenarios
Large enterprises in Bangalore rely on Chef to manage thousands of servers across hybrid environments. DevOps engineers automate OS configuration and middleware setup. Developers depend on consistent environments to reduce deployment defects. QA teams create reproducible test platforms using Chef-managed nodes. SRE teams enforce configuration standards to improve system reliability. Financial and regulated industries use Chef to meet audit and compliance requirements. Across all scenarios, teams reduce manual intervention and improve operational predictability. Why this matters: real-world scenarios prove Chef’s long-term enterprise value.
Benefits of Using Chef Trainers in Bangalore
Productivity: faster learning through guided, hands-on automation Reliability: consistent configurations across all environments Scalability: automation that supports large infrastructure estates Collaboration: shared, version-controlled configuration code Why this matters: trained teams operate infrastructure efficiently and with fewer risks.
Challenges, Risks & Common Mistakes
Beginners often write monolithic cookbooks that become hard to maintain. Some teams skip testing and documentation. Others misuse roles and environments, which causes drift and confusion. Chef trainers address these risks by teaching modular cookbook design, testing strategies, and environment discipline. They also emphasize collaboration and continuous improvement. Why this matters: avoiding common pitfalls protects teams from long-term technical debt.
Comparison Table
AspectManual ConfigurationChef AutomationEnvironment ConsistencyLowHighScalabilityLimitedEnterprise-readyError RateHighReducedAudit SupportWeakStrongDeployment SpeedSlowFastRollback ControlManualAutomatedCollaborationTool-dependentCode-drivenComplianceDifficultSimplifiedDevOps IntegrationMinimalStrongLong-Term StabilityUnpredictablePredictable Why this matters: comparison shows why Chef-based automation supports mature DevOps practices.
Best Practices & Expert Recommendations
Store all Chef code in version control systems. Write small, reusable cookbooks. Test changes before applying them. Manage roles and environments carefully. Integrate Chef into CI/CD pipelines. Learn from trainers with real production exposure, not theory-only backgrounds. Why this matters: best practices ensure Chef automation remains stable and scalable.
Who Should Learn or Use Chef Trainers in Bangalore?
DevOps engineers managing infrastructure automation benefit immediately. System administrators transitioning to DevOps gain critical automation skills. Cloud engineers handling hybrid platforms improve consistency and control. QA and SRE professionals strengthen reliability across test and production environments. Beginners gain structured learning, while experienced professionals refine enterprise-scale expertise. Why this matters: Chef skills apply across multiple infrastructure-focused roles.
FAQs – People Also Ask
What is Chef Trainers in Bangalore?
It refers to professionals providing practical Chef automation training. Why this matters: clarity supports informed decisions.
Why is Chef still used in enterprises?
It manages large, complex infrastructures reliably. Why this matters: relevance sustains long-term careers.
Is Chef suitable for beginners?
Yes, with structured guidance. Why this matters: accessibility expands learning.
How does Chef support DevOps?
It enforces consistent infrastructure as code. Why this matters: consistency improves delivery.
Chef vs Ansible: which should teams choose?
The choice depends on scale and architecture. Why this matters: informed choices reduce rework.
Can developers learn Chef?
Yes, to maintain consistent environments. Why this matters: collaboration improves outcomes.
Does Chef work in the cloud?
Yes, across cloud and on-premise systems. Why this matters: flexibility supports hybrid strategies.
Is Chef useful with Kubernetes?
Yes, for node and OS configuration. Why this matters: layered automation increases stability.
How long does Chef training take?
Usually several weeks. Why this matters: planning improves commitment.
Does Chef help with compliance?
Yes, through repeatable configurations. Why this matters: compliance reduces risk.
Branding & Authority
DevOpsSchool is a trusted global learning platform delivering enterprise-grade DevOps and automation education. It emphasizes hands-on practice, real-world scenarios, and production-ready skills. Learners gain practical confidence managing live infrastructure rather than theoretical knowledge alone. The platform supports modern DevOps, CI/CD, cloud, and configuration management practices aligned with enterprise needs. Why this matters: trusted platforms ensure credible learning and long-term professional value.
Rajesh Kumar brings more than 20 years of hands-on industry experience as a mentor and practitioner. His expertise spans DevOps & DevSecOps, Site Reliability Engineering, DataOps, AIOps & MLOps, Kubernetes, cloud platforms, CI/CD, and automation. He also guides learners specifically through Chef Trainers in Bangalore programs with a strong focus on real-world execution. Why this matters: experienced mentorship bridges the gap between learning concepts and delivering results.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

Cybersecurity at the state and local level: Washington has the framework, it’s time to act

The White House’s March 2025 Executive Order (EO) on “Achieving Efficiency Through State and Local Preparedness” raised an issue of utmost importance for national security and our critical infrastructure.
As noted in the order, “federal policy must rightly recognize that preparedness is most effectively owned and managed at the state, local and even individual levels, supported by a competent, accessible and efficient federal government.”
Despite claims from various cybersecurity leaders that the March EO is a federal retreat on information technology security, has funding gaps and lacks implementation clarity and expertise at the local level, the president is correct: Local jurisdictions are best positioned to anticipate their electronic security needs, understand their unique weaknesses, vulnerabilities and risks, and are best suited to develop and implement an incident response, mitigation and recovery plan based on their unique circumstances. 
Congress is right, too. In 2021, it established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local or tribal governments.”
The SLCGP authorizes $1 billion over four years to help state, local, tribal and territorial governments reduce systemic cyber risks and requires a pass-through of at least 80 percent of those funds to local governments, while reserving 25 percent of those funds for rural jurisdictions. A key component of the SLCGP ties any disbursement of funds to the Cybersecurity Infrastructure and Security Agency’s (CISA) approval of a state’s cybersecurity plan. That proposal must meet the requirements set forth in the SLCGP, such as implementation of the National Institute of Standards and Technology (NIST) cybersecurity framework.
This September, the Homeland Security Committee — with bipartisan support — introduced the Protecting Information by Local Leaders for Agency Resilience Act(PILLAR Act, H.R. 5078), which seeks to not only extend SLCGP for 10 years, but also provide long‑term stability and funding, strengthen milestone‑based accountability, expand its scope to AI and operational technology, and clarify cost‑sharing between federal and state governments. 
Combined, the March 2025 EO and the SLCGP create a framework that will succeed if implemented in tandem. Unfortunately, that’s not what happened. In January 2025, the Office of Management and Budget directed all federal agencies to “temporarily pause all activities related to obligations or disbursement of all federal financial assistance.” This effectively ended all SLCGP disbursements and left it and the EO as unfunded mandates. But that’s not quite where this story ends. As part of the re-opening of the government in November, the SLCGP was potentially resurrected when its authorization was extended to January 30. This is a crucially important development. 
Now is the time to act and bring SLCGP fully back to life through the PILLAR Act. With our adversaries already embedded in our critical infrastructure (see Salt and Volt Typhoon, advanced persistent threat actors tied to China’s government), and the recent deployment of AI as a cyber-super-weapon — as demonstrated by Anthropic’s recent announcement of how its Claude AI was manipulated by Chinese state-sponsored hackers to conduct a large-scale attack executed almost entirely by AI agents — states and local jurisdictions are even more vulnerable. This is not simply a matter of funding; it’s a matter of national security.
There should not be much debate as to whether states will utilize SLCGP effectively; they already have the data. As of August 1, 2024, according to the Government Accountability Office, “the Department of Homeland Security provided approximately $172 million in grants to 33 states and territories” and “[t]he grants are funding 839 state and local cybersecurity projects that align with core cybersecurity functions as defined by [NIST],” including developing cybersecurity plans and policies, employing cybersecurity contractors, upgrading equipment and implementing multi-factor authentication. 
The passage of the PILLAR Act will also enhance CISA’s reach, even with its reduced workforce and limited resources, by making it a force multiplier because it can now focus on oversight — approving state cybersecurity tactics, setting standards and guiding and monitoring priorities — while state, local and tribal governments execute the day-to-day implementation.
Not mentioned in the PILLAR Act, but something practical and easily executed as part of the SLCGP, is local governments partnering with private and public universities to tap into a pipeline of students trained in cybersecurity strategy (e.g., law, policy, risk management, governance) and emerging technologies such as artificial intelligence, resulting in lower costs for the local governments, hands-on experience for students and community building and outreach between local governments and universities. 
The PILLAR Act has bipartisan support, and the president’s March 2025 EO reinforces everything contained within it. We now have the framework for securing our state, local and tribal governments. Let’s get this done immediately, as the stakes have never been higher and our national security depends on it. 
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
CSOonline

Amazon AWS Skills: Become a Production-Ready Engineer —Pune

Introduction: Problem, Context & Outcome
Cloud adoption continues to accelerate, yet many engineers still struggle to translate AWS concepts into real production outcomes. While online resources exist in abundance, they often lack structure, depth, and enterprise relevance. As a result, professionals face delays, architectural mistakes, and operational instability when working on live cloud environments. This challenge increases as organizations adopt DevOps, automation, and cloud-native delivery models at scale. Therefore, Amazon AWS Trainers In Pune play a vital role in helping professionals gain applied AWS knowledge aligned with business and DevOps needs. This blog explains what AWS training truly involves, why it has become essential today, and what outcomes learners can realistically expect.
Why this matters: Understanding the real problem helps professionals choose training that delivers usable skills, not just theoretical awareness.
What Is Amazon AWS Trainers In Pune?
Amazon AWS Trainers In Pune refers to experienced cloud practitioners who deliver structured AWS training focused on real-world application. Rather than teaching services in isolation, these trainers explain how AWS fits into modern software delivery and DevOps ecosystems. They guide learners through AWS fundamentals, advanced services, and operational best practices used in enterprise environments. Additionally, trainers emphasize practical usage through labs, scenarios, and production-style architectures. Pune’s technology ecosystem demands AWS professionals who can work on global projects while following industry standards. As a result, AWS trainers in Pune help bridge the gap between textbook knowledge and workplace execution.
Why this matters: Practical instruction prepares learners to perform confidently in real cloud roles.
Why Amazon AWS Trainers In Pune Is Important in Modern DevOps & Software Delivery
Modern software delivery depends heavily on cloud platforms that support speed, reliability, and automation. AWS enables teams to implement CI/CD pipelines, scalable infrastructure, and secure cloud architectures. However, many professionals fail to leverage AWS effectively due to fragmented learning approaches. Amazon AWS Trainers In Pune help engineers understand how AWS supports Agile, DevOps, and continuous delivery practices. Trainers also explain how teams use AWS to manage microservices, containers, and observability frameworks. Consequently, structured AWS training empowers professionals to meet enterprise expectations and avoid operational risks.
Why this matters: Skilled AWS usage directly improves delivery speed, stability, and system resilience.
Core Concepts & Key Components
Compute Services
Purpose: Provide flexible execution environments
How it works: Services like EC2, Lambda, and ECS allow applications to run based on demand.
Where it is used: APIs, microservices, batch processing, CI/CD jobs.
Storage Services
Purpose: Enable secure and scalable data storage
How it works: S3, EBS, and EFS store data with durability and availability.
Where it is used: Backups, application assets, data repositories.
Networking & Security
Purpose: Control access and communication
How it works: VPCs, IAM roles, and security groups enforce network and identity boundaries.
Where it is used: Secure cloud architectures and hybrid setups.
Databases & Analytics
Purpose: Support application and business data needs
How it works: RDS, DynamoDB, and Redshift manage different data workloads.
Where it is used: Transaction systems and analytics workloads.
DevOps & Automation Tools
Purpose: Support continuous deployment and reliability
How it works: CloudFormation and CI/CD tools automate provisioning and releases.
Where it is used: Delivery pipelines and infrastructure management.
Why this matters: Core concepts form the foundation for building scalable and secure AWS architectures.
How Amazon AWS Trainers In Pune Works (Step-by-Step Workflow)
Training begins with understanding learner experience and career objectives. Trainers then introduce AWS fundamentals using business-driven examples. Next, learners perform hands-on labs covering compute, storage, and networking services. Trainers gradually integrate AWS with DevOps workflows such as CI/CD pipelines and infrastructure as code. Monitoring, logging, and security practices follow as part of operational readiness. Finally, learners complete real-world projects that mirror enterprise environments. This structured flow builds both understanding and confidence.
Why this matters: A guided workflow ensures learners avoid trial-and-error learning in production.
Real-World Use Cases & Scenarios
Technology startups rely on AWS to scale products rapidly without large infrastructure costs. Enterprises migrate legacy systems to AWS to improve availability and performance. DevOps teams use AWS services to automate deployments and rollbacks. SRE teams depend on monitoring and auto-scaling to maintain reliability. QA teams provision on-demand testing environments using cloud resources. Cloud architects design secure, compliant systems for regulated industries.
Why this matters: Practical scenarios demonstrate how AWS directly supports business outcomes.
Benefits of Using Amazon AWS Trainers In Pune
Productivity: Faster learning through expert guidance Reliability: Proven design patterns reduce downtime Scalability: Elastic infrastructure supports growth Collaboration: Shared practices align cross-functional teams Why this matters: Tangible benefits make cloud investments successful.
Challenges, Risks & Common Mistakes
Many learners focus only on certifications and ignore architecture fundamentals. Teams often overlook security and cost optimization during early design stages. Manual processes increase error rates and operational stress. Experienced trainers address these risks by teaching real production lessons and mitigation strategies.
Why this matters: Awareness helps organizations avoid costly cloud mistakes.
Comparison Table
DimensionTraditional InfrastructureAWS with Expert TrainingProvisioningManual processesFully automatedScalabilityLimited capacityElastic scalingCost ModelFixed capital expensePay-as-you-useDeployment SpeedSlowCI/CD enabledSecurity ModelPerimeter-basedIdentity-basedMonitoringReactiveProactiveDisaster RecoveryManualAutomatedSkill DevelopmentUnstructuredGuidedReliabilityModerateHighBusiness AgilityLimitedFast Why this matters: Comparisons clarify why modern AWS practices outperform legacy approaches.
Best Practices & Expert Recommendations
Design systems with failure tolerance in mind. Automate infrastructure consistently using IaC tools. Apply least-privilege access controls across services. Monitor performance and costs continuously. Prioritize learning through practical projects. Seek mentorship from trainers with hands-on production experience.
Why this matters: Best practices ensure sustainable and secure cloud operations.
Who Should Learn or Use Amazon AWS Trainers In Pune?
Developers building cloud-native applications gain architectural clarity. DevOps engineers improve automation and delivery pipelines. Cloud architects enhance design and governance capabilities. QA and SRE professionals strengthen environment reliability. Beginners establish strong foundations, while experienced professionals deepen expertise.
Why this matters: Role-specific learning maximizes long-term career impact.
FAQs – People Also Ask
What is Amazon AWS Trainers In Pune?
It offers expert-led AWS training focused on real environments.
Why this matters: Practical skills improve performance.
Is AWS training suitable for beginners?
Yes, training starts with clear fundamentals.
Why this matters: Beginners learn without confusion.
How does AWS support DevOps practices?
AWS enables automation and CI/CD workflows.
Why this matters: DevOps improves delivery speed.
Do trainers include hands-on projects?
Yes, projects form a core part of learning.
Why this matters: Projects build confidence.
Is AWS relevant for SRE roles?
Yes, AWS supports reliability engineering.
Why this matters: Reliability depends on automation.
Can QA professionals benefit from AWS?
Yes, QA teams use AWS for testing environments.
Why this matters: Cloud skills add professional value.
Does training cover cloud security?
Yes, IAM and network security are included.
Why this matters: Security protects systems.
How long does AWS training usually take?
Duration depends on learning depth.
Why this matters: Planning improves learning outcomes.
Is AWS useful for enterprise systems?
Yes, enterprises widely adopt AWS.
Why this matters: Enterprise relevance ensures demand.
Do trainers teach cost optimization?
Yes, monitoring and cost control are covered.
Why this matters: Cost management prevents waste.
Branding & Authority
DevOpsSchool is a globally trusted platform delivering enterprise-grade DevOps and cloud training. The organization emphasizes structured learning, practical execution, and real-world project exposure aligned with industry demands.
Why this matters: Trusted platforms ensure consistency and credibility.
Rajesh Kumar brings more than 20 years of hands-on experience across DevOps, DevSecOps, SRE, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD, and automation. His mentorship focuses on solving real production challenges.
Why this matters: Experienced guidance accelerates skill mastery.
The Amazon AWS Trainers In Pune program integrates AWS expertise with DevOps-aligned workflows to build enterprise-ready cloud professionals.
Why this matters: Focused training leads to measurable career outcomes.
Call to Action & Contact Information
Explore AWS training aligned with enterprise DevOps practices.
Program link:
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article
reporter

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by 22 information disclosure, 21 remote codeView the full article
Hacker News

SRE SLOs and Error Budgets: A Comprehensive Guide

Introduction: Problem, Context & Outcome
Modern software systems must run continuously in environments built on cloud platforms, microservices, containers, and automated CI/CD pipelines. While organizations deliver features faster than ever, reliability often fails to keep pace. Engineering teams face frequent production incidents, alert fatigue, unclear responsibility during outages, and constant firefighting. These challenges slow delivery, increase operational stress, and weaken customer trust.
The SRE Foundation Certification was created to address this exact gap. It introduces reliability as a core engineering responsibility rather than a reactive operations task. By establishing clear principles, metrics, and workflows, it helps teams design and operate systems that remain stable while evolving rapidly. In today’s digital economy, even small outages can lead to revenue loss and reputational damage.
This blog delivers a complete, fully rewritten guide explaining the SRE Foundation Certification, how it fits into modern DevOps practices, and what professionals gain from it. Why this matters: reliability foundations protect business continuity and engineering confidence.
What Is SRE Foundation Certification?
The SRE Foundation Certification is an entry-level, industry-aligned credential designed to introduce the fundamental principles of Site Reliability Engineering. It focuses on conceptual understanding rather than deep tooling or advanced programming, making it accessible to a wide range of technical roles. The certification explains how reliability is engineered deliberately instead of fixed only after failures occur.
Within DevOps environments, the SRE Foundation Certification establishes a shared understanding of reliability across developers, DevOps engineers, QA teams, and cloud professionals. It introduces essential concepts such as Service Level Indicators (SLIs), Service Level Objectives (SLOs), error budgets, monitoring, observability, and incident management fundamentals. These concepts provide a common language for teams working together under production pressure.
This certification is especially valuable for professionals transitioning from traditional IT operations into cloud-native and DevOps-driven delivery models. Why this matters: early SRE knowledge prevents recurring production failures later.
Why SRE Foundation Certification Is Important in Modern DevOps & Software Delivery
DevOps accelerates software delivery through automation, CI/CD, and Agile practices. However, speed alone does not guarantee stability. The SRE Foundation Certification embeds reliability thinking into the DevOps lifecycle so teams understand the real impact of changes on users and systems. Many organizations adopt SRE fundamentals to balance innovation with operational stability.
The certification addresses common DevOps challenges such as undefined reliability targets, inconsistent monitoring, and reactive incident handling. By learning to define and measure reliability from a user-centric perspective, teams align engineering decisions with business expectations. CI/CD pipelines become safer when error budgets and acceptable risk are clearly understood.
As cloud adoption, microservices, and distributed systems increase operational complexity, foundational SRE knowledge becomes critical. Why this matters: sustainable DevOps success requires stability alongside speed.
Core Concepts & Key Components
Reliability as an Engineering Discipline
Purpose: Treat reliability as a design objective instead of a reaction to outages.
How it works: Teams apply software engineering principles to operational challenges.
Where it is used: System architecture, platform engineering, and capacity planning.
Service Level Indicators (SLIs)
Purpose: Measure how users actually experience a service.
How it works: Metrics such as latency, availability, and error rates are tracked.
Where it is used: APIs, applications, and customer-facing services.
Service Level Objectives (SLOs)
Purpose: Define reliability targets teams commit to meeting.
How it works: Measurable objectives like monthly uptime percentages are set.
Where it is used: Release planning, service reviews, and operational decisions.
Error Budgets
Purpose: Balance system stability with innovation speed.
How it works: Teams track how much unreliability is acceptable over time.
Where it is used: Deployment velocity control and change management.
Monitoring and Observability
Purpose: Provide visibility into system health and behavior.
How it works: Metrics, logs, and traces reveal performance trends and failures.
Where it is used: Incident detection, troubleshooting, and optimization.
Incident Management Fundamentals
Purpose: Reduce downtime and improve recovery effectiveness.
How it works: Structured response workflows and learning-focused reviews.
Where it is used: Production incidents and post-incident analysis.
Why this matters: these concepts form the technical and cultural foundation of reliable systems.
How SRE Foundation Certification Works (Step-by-Step Workflow)
The SRE Foundation workflow begins by understanding user expectations. Teams learn to identify reliability metrics that accurately reflect customer experience. These metrics become SLIs and are used to define realistic SLOs aligned with business priorities.
Once objectives are clear, monitoring enables continuous visibility into service health. Alerts focus on user-impacting issues rather than internal noise. Incident response follows structured steps emphasizing coordination, communication, and learning rather than blame.
After incidents, teams perform reviews to identify root causes and preventive improvements. Lessons learned feed back into design and operations. This workflow integrates naturally into every DevOps stage, from planning to production.
The certification emphasizes understanding concepts before advanced tools. Why this matters: beginners gain confidence managing reliability without overload.
Real-World Use Cases & Scenarios
In SaaS organizations, teams use SRE foundations to set realistic uptime expectations and avoid overpromising availability. Developers and DevOps engineers collaborate using shared reliability metrics.
In e-commerce platforms, foundational SRE practices help teams prepare for traffic spikes during sales events. Cloud engineers focus on capacity planning, while QA teams validate reliability before large releases.
In enterprise environments, SRE foundations improve alignment between engineering, operations, and business stakeholders. Clear objectives reduce firefighting and increase delivery predictability.
Why this matters: real-world adoption shows how SRE foundations directly improve stability and teamwork.
Benefits of Using SRE Foundation Certification
Productivity: Reduced firefighting and clearer operational priorities Reliability: More consistent service performance and fewer outages Scalability: Strong foundations that support system growth Collaboration: Shared reliability language across teams Why this matters: foundational SRE knowledge produces measurable technical and business value.
Challenges, Risks & Common Mistakes
Many beginners think SRE is only about monitoring tools. Others set unrealistic reliability targets without understanding trade-offs. Excessive alerting often leads to alert fatigue and slower responses.
Risks increase when SRE practices are adopted without cultural alignment. Mitigation includes starting small, focusing on user impact, and reviewing objectives regularly.
Why this matters: avoiding common mistakes ensures SRE practices deliver real benefits.
Comparison Table
AreaTraditional OperationsDevOps PracticesSRE Foundation CertificationReliability approachReactiveSpeed-focusedMeasured and intentionalMetricsInfrastructure-centricPipeline metricsUser-centric SLIsIncident responseAd hocFasterStructured fundamentalsAutomationLimitedPartialConcept-drivenCollaborationSiloedImprovedShared reliability goalsScalabilityManualElasticPlannedLearning modelMinimalIncrementalFoundationalRisk visibilityLowMediumClearly definedDecision makingIntuition-basedTool-drivenMetric-drivenBusiness alignmentWeakModerateStrong Why this matters: comparison clearly shows the value of SRE foundations.
Best Practices & Expert Recommendations
Start with a small set of reliability metrics tied directly to user experience. Avoid chasing perfect uptime and focus on realistic objectives. Review SLOs regularly as services evolve.
Introduce SRE foundations gradually into DevOps workflows. Encourage blameless incident reviews and prioritize observability before scaling systems.
Why this matters: best practices ensure reliability improvements remain sustainable.
Who Should Learn or Use SRE Foundation Certification?
The SRE Foundation Certification is ideal for Developers, DevOps Engineers, Cloud Engineers, SREs, QA professionals, and technical managers. It supports beginners entering DevOps as well as experienced professionals seeking structured reliability fundamentals.
Teams working with cloud platforms, CI/CD pipelines, and distributed systems gain immediate value from this certification.
Why this matters: learning reliability fundamentals early accelerates career growth and team maturity.
FAQs – People Also Ask
What is SRE Foundation Certification?
It introduces core SRE concepts. Why this matters: builds reliability foundations.
Why is it used?
To manage reliability proactively. Why this matters: reactive fixes are costly.
Is it beginner-friendly?
Yes. Why this matters: accessible learning path.
Is it relevant for DevOps roles?
Yes. Why this matters: DevOps depends on reliability.
Does it require coding skills?
No deep coding. Why this matters: usable across roles.
Is it tool-specific?
No. Why this matters: skills remain relevant.
Does it cover cloud systems?
Conceptually, yes. Why this matters: cloud is everywhere.
Can QA teams benefit?
Yes. Why this matters: quality includes reliability.
How does it differ from advanced SRE certifications?
It focuses on fundamentals. Why this matters: foundations come first.
Does it support career growth?
Yes. Why this matters: SRE skills are in demand.
Branding & Authority
DevOpsSchool is a globally trusted training platform delivering enterprise-ready programs in DevOps, cloud computing, automation, and reliability engineering. Its programs focus on real-world production challenges, practical clarity, and industry relevance rather than theory alone.
Why this matters: learning from a trusted platform ensures long-term credibility.
Rajesh Kumar brings more than 20 years of hands-on expertise across DevOps & DevSecOps, Site Reliability Engineering, DataOps, AIOps, MLOps, Kubernetes, cloud platforms, CI/CD, and large-scale automation. His mentoring emphasizes production realism and scalable system design.
Why this matters: expert guidance accelerates real-world competence.
Many professionals grow from foundational learning into advanced roles through the SRE Certified Professional program, which validates applied reliability engineering skills for modern DevOps and cloud-native environments.
Why this matters: structured certification paths prove operational readiness.
Call to Action & Contact Information
Build a strong reliability foundation with the SRE Foundation Certification and grow confidently in modern DevOps roles.
Email: [email protected]
Phone & WhatsApp (India): +91 7004215841
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

Allianz: KI birgt große Gefahr für Unternehmen

Nathakorn Tedsaard – shutterstock.com
Künstliche Intelligenz (KI) hat sich nach Einschätzung der Allianz zu einem der größten globalen Geschäftsrisiken für Unternehmen entwickelt. Im neuen “Risikobarometer” des Unternehmensversicherers Allianz Commercial ist die KI vom zehnten auf den zweiten Platz hinter dem langjährigen Spitzenreiter Cyberkriminalität emporgeschossen.
Beides steht in Zusammenhang: Kriminelle Hacker nutzen demnach in wachsendem Umfang KI für ihre Attacken. Doch kann die Nutzung von KI laut Risikobarometer auch ohne jede böse Absicht gefährlich für ein Unternehmen sein, etwa wenn Manager und Mitarbeiter auf Basis falscher Daten und Informationen falsche Entscheidungen treffen.
Die drei Hauptgefahren stehen in Zusammenhang
Auf Rang drei der größten globalen Geschäftsrisiken stehen in diesem Jahr Betriebsunterbrechungen. Auch dabei gibt es eine Verbindung zu Cyberangriffen: Eine häufige Ursache von Betriebsunterbrechungen ist Online-Erpressung: Die Hacker lähmen die Rechnersysteme eines Unternehmens per Verschlüsselung und fordern für die anschließende Entschlüsselung hohe Summen.
Allianz Commercial ist eine Tochter des Münchner Dax-Konzerns, das Unternehmen publiziert sein “Risikobarometer” alljährlich zu Jahresbeginn. Die Einschätzungen basieren auf der Befragung von 3.338 Fachleuten aus 97 Ländern im vergangenen Herbst. Darunter sind Führungskräfte und Manager anderer Unternehmen, Risiko- und Schadenberater, Versicherungsmakler, Experten von Branchenverbänden sowie auch Allianz-Mitarbeiter. Die Antworten der Befragten unterscheiden sich von Land zu Land, allerdings nicht grundlegend: So landeten die KI-Risiken in Deutschland auf Platz vier, in der Schweiz auf dem zweiten Rang, in Österreich dagegen sogar auf Platz eins.
KI Fluch und Segen zugleich
Die KI ist demnach ein zweischneidiges Schwert: Eine Mehrheit der Unternehmen sieht die Technologie als Chance, nicht zuletzt für die automatisierte Abwehr bösartiger Cyberattacken. Doch gleichzeitig sehen etliche der befragten Fachleute große Gefahren: KI berge ein immer schneller voranschreitendes Risiko, sagte Michael Furtscheller, der regionale Geschäftsleiter für Deutschland und die Schweiz – “vielleicht auch Fluch und Segen”.
KI erleichtert Tätern das Werk
Demnach nutzen Cybertäter KI unter anderem für die Perfektionierung von Social Engineering, um als Führungskräfte zu posieren und deren Untergebene zu täuschen. “Durch Schreiben von sehr zugeschnittenen E-Mails, dass man dort klicken oder sonst etwas tun soll, sei es mit Clonings oder der Generierung von Sprache, oder sogar der Fälschung von Videos”, erläuterte Michael Daum, Leiter der Cyberschaden-Bearbeitung. “Die große Mehrzahl der Angriffe, die wir sehen, erfordert nach wie vor das Zutun eines Menschen – in der Regel eines Mitarbeiters – den Angriff zu ermöglichen.”
KI birgt für Unternehmen doppelte Gefahr von außen und innen
Doch Attacken von außen sind nach Worten der Allianz-Manager nur eine Seite des Problems. Risiken für Unternehmen birgt demnach auch die ganz legale Verwendung von KI-Software durch die eigenen Mitarbeiter und Führungskräfte. “Die KI per Definition arbeitet mit einem gewissen Grad an Autonomie und deswegen können die Ergebnisse falsch oder frei erfunden sein”, sagte Allianz Commercial-Managerin Alexandra Braun. “Und falsche oder auch einmal diskriminierende KI-Ergebnisse, die können natürlich auch zu Rechtsstreitigkeiten oder negativen Presseberichterstattungen und dann zu Reputations- und Imageverlust führen für Unternehmen.” Zu den KI-eigenen Risiken zählen demnach auch Urheberrechtsverletzungen, wenn die Software geschützte Informationen abschreibt oder verwendet.
Breite Palette der übrigen Risiken: von der Politik bis zur Explosion
Die übrigen Risiken unter den globalen Top Ten reichen von der Politik über die Natur bis zu den hergebrachten Unsicherheiten des Geschäftslebens. Auf Platz vier stehen Gesetzgebung und Regulierung, was sich sowohl auf die US-Zollpolitik und sonstige Handelshemmnisse als auch die in vielen Ländern beklagte Bürokratie bezieht. Auf den nächsten beiden Rängen folgen Naturkatastrophen und Klimawandel, anschließend politische Instabilität und Gewalt, negative volkswirtschaftliche Entwicklungen etwa durch Inflation, Feuer und Explosionen. Platz zehn nimmt die Ungewissheit über Marktentwicklungen ein, seien es neue Wettbewerber, Firmenübernahmen oder sonstiger Wandel. (dpa/jm)

View the full article
CSOonline

Allianz: KI birgt große Gefahr für Unternehmen

Nathakorn Tedsaard – shutterstock.com
Künstliche Intelligenz (KI) hat sich nach Einschätzung der Allianz zu einem der größten globalen Geschäftsrisiken für Unternehmen entwickelt. Im neuen “Risikobarometer” des Unternehmensversicherers Allianz Commercial ist die KI vom zehnten auf den zweiten Platz hinter dem langjährigen Spitzenreiter Cyberkriminalität emporgeschossen.
Beides steht in Zusammenhang: Kriminelle Hacker nutzen demnach in wachsendem Umfang KI für ihre Attacken. Doch kann die Nutzung von KI laut Risikobarometer auch ohne jede böse Absicht gefährlich für ein Unternehmen sein, etwa wenn Manager und Mitarbeiter auf Basis falscher Daten und Informationen falsche Entscheidungen treffen.
Die drei Hauptgefahren stehen in Zusammenhang
Auf Rang drei der größten globalen Geschäftsrisiken stehen in diesem Jahr Betriebsunterbrechungen. Auch dabei gibt es eine Verbindung zu Cyberangriffen: Eine häufige Ursache von Betriebsunterbrechungen ist Online-Erpressung: Die Hacker lähmen die Rechnersysteme eines Unternehmens per Verschlüsselung und fordern für die anschließende Entschlüsselung hohe Summen.
Allianz Commercial ist eine Tochter des Münchner Dax-Konzerns, das Unternehmen publiziert sein “Risikobarometer” alljährlich zu Jahresbeginn. Die Einschätzungen basieren auf der Befragung von 3.338 Fachleuten aus 97 Ländern im vergangenen Herbst. Darunter sind Führungskräfte und Manager anderer Unternehmen, Risiko- und Schadenberater, Versicherungsmakler, Experten von Branchenverbänden sowie auch Allianz-Mitarbeiter. Die Antworten der Befragten unterscheiden sich von Land zu Land, allerdings nicht grundlegend: So landeten die KI-Risiken in Deutschland auf Platz vier, in der Schweiz auf dem zweiten Rang, in Österreich dagegen sogar auf Platz eins.
KI Fluch und Segen zugleich
Die KI ist demnach ein zweischneidiges Schwert: Eine Mehrheit der Unternehmen sieht die Technologie als Chance, nicht zuletzt für die automatisierte Abwehr bösartiger Cyberattacken. Doch gleichzeitig sehen etliche der befragten Fachleute große Gefahren: KI berge ein immer schneller voranschreitendes Risiko, sagte Michael Furtscheller, der regionale Geschäftsleiter für Deutschland und die Schweiz – “vielleicht auch Fluch und Segen”.
KI erleichtert Tätern das Werk
Demnach nutzen Cybertäter KI unter anderem für die Perfektionierung von Social Engineering, um als Führungskräfte zu posieren und deren Untergebene zu täuschen. “Durch Schreiben von sehr zugeschnittenen E-Mails, dass man dort klicken oder sonst etwas tun soll, sei es mit Clonings oder der Generierung von Sprache, oder sogar der Fälschung von Videos”, erläuterte Michael Daum, Leiter der Cyberschaden-Bearbeitung. “Die große Mehrzahl der Angriffe, die wir sehen, erfordert nach wie vor das Zutun eines Menschen – in der Regel eines Mitarbeiters – den Angriff zu ermöglichen.”
KI birgt für Unternehmen doppelte Gefahr von außen und innen
Doch Attacken von außen sind nach Worten der Allianz-Manager nur eine Seite des Problems. Risiken für Unternehmen birgt demnach auch die ganz legale Verwendung von KI-Software durch die eigenen Mitarbeiter und Führungskräfte. “Die KI per Definition arbeitet mit einem gewissen Grad an Autonomie und deswegen können die Ergebnisse falsch oder frei erfunden sein”, sagte Allianz Commercial-Managerin Alexandra Braun. “Und falsche oder auch einmal diskriminierende KI-Ergebnisse, die können natürlich auch zu Rechtsstreitigkeiten oder negativen Presseberichterstattungen und dann zu Reputations- und Imageverlust führen für Unternehmen.” Zu den KI-eigenen Risiken zählen demnach auch Urheberrechtsverletzungen, wenn die Software geschützte Informationen abschreibt oder verwendet.
Breite Palette der übrigen Risiken: von der Politik bis zur Explosion
Die übrigen Risiken unter den globalen Top Ten reichen von der Politik über die Natur bis zu den hergebrachten Unsicherheiten des Geschäftslebens. Auf Platz vier stehen Gesetzgebung und Regulierung, was sich sowohl auf die US-Zollpolitik und sonstige Handelshemmnisse als auch die in vielen Ländern beklagte Bürokratie bezieht. Auf den nächsten beiden Rängen folgen Naturkatastrophen und Klimawandel, anschließend politische Instabilität und Gewalt, negative volkswirtschaftliche Entwicklungen etwa durch Inflation, Feuer und Explosionen. Platz zehn nimmt die Ungewissheit über Marktentwicklungen ein, seien es neue Wettbewerber, Firmenübernahmen oder sonstiger Wandel. (dpa/jm)

View the full article
CSOonline

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service (DoS) condition. "Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability," Node.js'sView the full article
Hacker News

US cybersecurity weakened by congressional delays despite Plankey renomination

The White House moved to restart an urgent stalled priority by renominating well-regarded Coast Guard and Energy Department cyber veteran Sean Plankey as CISA director. Experts say the step offers some relief but does not go far enough to resolve the broader congressional inaction still straining the nation’s cyber defenses.
Some have faulted the White House for a lack of engagement in cyber issues and their advancement through Congress, while others say congressional dysfunction is the larger problem. Referring to the Trump administration’s broader approach to cyber policy, Jim Lewis, SVP and director of the technology and public policy program at the Center for Strategic and International Studies (CSIS), tells CSO, “Cyber isn’t a priority for these guys.”
But Ari Schwartz, managing director of cybersecurity services at Venable, views Congress as the greater culprit. “It is very difficult to get bills passed in Congress, and it turns out it’s very difficult to get some of these nominees through as well, even when they have bipartisan support. That signals we cannot get stuff done and is extremely problematic,” he tells CSO.
Problems stemming from inaction across these areas could begin to emerge as soon as next month and compound thereafter if no further action is taken. Some experts are hopeful Congress or the administration will step in to address the lapses, although they warn solutions will not emerge quickly.
CISA leadership: Swift confirmation needed to limit damage
The end of the year for Congress on Dec. 31 allowed the nomination of Plankey to lapse, requiring a new nomination process. Experts say the longer Plankey waits for confirmation, the more adrift CISA and US cyber policy will be.
Amid budget cuts driven by Elon Musk’s Department of Government Efficiency, which sharply reduced CISA’s staffing and institutional capacity, the ongoing lack of leadership at CISA accelerated the loss of invaluable expertise and created a three-level cybersecurity failure — internal, domestic, and international — for the US, according to Megan Stifel, chief strategy officer at the Institute for Security and Technology.
“Not having confirmed leadership undermines CISA’s ability to meet its statutory obligations,” Stifel tells CSO. She adds that the lack of confirmed leadership complicates interagency coordination and weakens US credibility on critical infrastructure security abroad.
Even with Plankey’s renomination, the damage caused by the prolonged leadership vacuum at the agency will still take time to rectify, according to CSIS’s Lewis. “They already hollowed out CISA, right? One CISA person who just left the agency told me that 40% of the career staff was gone. There’s not going to be a team to hand off to. They’ll need to do a lot of rebuilding.”
For the chairman of the House Homeland Security Committee, Andrew Garbarino (R-NY), Plankey’s renomination came none too soon. Speaking at an event hosted by the McCrary Institute on Dec. 16, Garbarino said he was disappointed that Plankey’s nomination had languished but that he would be confirmed “hopefully soon.”
Confirmation holds on both sides of the aisle in the Senate played a significant part in the failure to confirm Plankey. Sen. Rick Scott (R-FL) blocked Plankey’s nomination due to a Coast Guard issue. At the same time, Sen. Ron Wyden (D-OR) held up Plankey’s nomination to force CISA to release an unclassified report on telephone network security.
CISA promised in July that it would release the report, but has yet to do so. Keith Chu, a spokesperson for Wyden, tells CSO the senator will continue to object to confirming any CISA director until the telecommunications security report is released.
CISA 2015 reauthorization: Likely, but late and suboptimal
A major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which expired on Sept. 30, was temporarily revived on Nov. 13 and given a two-month lease on life through Jan. 30, 2026. The law provides critical legal liability protections that enable cyber threat information sharing among organizations and the federal government.
The short-term extension seemed to ensure a longer-term renewal of the legislation, as lawmakers, the administration, and industry broadly agree that failure to extend the legal liability protection under CISA 2015 is unacceptable.
“It’s very important,” US Representative Garbarino said at the McCrary event. “It is imperative that it gets passed, and it gets extended. I don’t know how it gets done on its own. I feel like we have to attach it to another must-pass piece as legislation, whether that’s government funding, but we need it passed.”
In an emailed statement, CISA Director of Public Affairs Marci McCarthy tells CSO, “Reauthorizing the Cybersecurity Information Sharing Act of 2015 is vital to sustaining this progress — enabling industry and government to share information, respond to incidents, and mitigate cyber risks with speed and precision.”
White House National Cyber Director Sean Cairncross has said, “I just want to be abundantly clear that we are for, and the White House is for, a 10-year clean reauthorization of CISA 2015.”
With this tight level of agreement and support, odds are good that Congress will eventually reauthorize the legislation, although it is likely to be less than the 10-year renewal period advocates of the bill’s reauthorization seek.
“Our colleagues in the Senate have different ideas,” Garbarino said. “Some of them want to do a 10-year clean reauthorization. I don’t know if I can get that passed in the House with concerns from the Freedom Caucus chairman,” Andy Harris (R-MD), who has urged a go-slow approach to CISA 2015.
Even if Garbarino gets CISA 2015 through the House, some experts say a clean reauthorization would likely still be opposed by Senate Homeland Security Committee Chair Rand Paul (R-KY), who blocked the Senate from passing a bill to extend the law.
State and local cyber grants: Effectively dead for now
A murky picture emerges for another piece of unfinished business in Congress: a state and local cybersecurity grant program (SLCGP) administered by CISA. Most of the remaining funds in the $1 billion program were hollowed out via Elon Musk’s Department of Government Efficiency in early 2025.
In November, the House of Representatives passed the PILLAR Act, which extended the program until 2033, but did not specifically allocate a dollar amount for future grants. Chairman Garbarino thinks there’s a good chance that the SLCGP could get funded.
“I have a great partner on appropriations, Chairman Amodei,” he said at the McCrary event, referring to Mark Amodei (R-NV), who is Chairman of the House Appropriations Homeland Security Subcommittee. “We’re trying to find a vehicle to attach it to and get it done.”
Some experienced Washington hands, such as CSIS’s Lewis, are skeptical. “I don’t think they’re [the state and local grants] ever coming back,” he tells CSO.
When will Washington move forward?
It’s unclear whether or when the remaining unresolved issues might move forward.
“I think the Congress is probably going to do the right thing, but it will take longer because you don’t have executive branch leadership,” Lewis says. “Then they still have to [understand where] the White House is coming from, which is no money, no new authorities, and smaller agencies, before they can get anything in place. If we’re lucky, we’ll see it before the summer break, but it’s going to be a slow process.”
It is also possible that an upcoming White House cybersecurity strategy might touch on some of these programs.
Some experts say the bipartisan nature of cybersecurity gives them hope. “Cybersecurity and, particularly, protecting critical infrastructure and defending US networks, remain a bipartisan issue,” Schwartz says. “That makes me feel better about the possibility of getting to a point where we are moving forward again.”
View the full article
CSOonline

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at leastView the full article
Hacker News

Security-KPIs und -KRIs: So messen Sie Cybersicherheit

Cybersicherheit zu messen, ist kein Kinderspiel.
Foto: Ultraskrip – shutterstock.com
Eine wichtige Säule jedes ausgereiften Cyberrisk-Programms ist die Fähigkeit, die Performance der IT-Security und registrierte Bedrohungen zu messen, zu analysieren und zu melden. Die Cybersecurity zu messen, ist allerdings kein leichtes Unterfangen: Einerseits, weil sich viele Führungskräfte ohne entsprechenden Background schwer tun, IT-Risiken zu verstehen. Andererseits verstricken sich Sicherheitsprofis auch zu oft in technische Details, die die Stakeholder verwirren und auf den falschen Weg führen.
Das ideale Szenario: Security-Experten messen und reporten die Cybersicherheit auf eine Art und Weise, die für Führungskräfte leicht verständlich und nützlich ist – was zu umsetzbaren Ergebnissen führt. Klingt gut? Dieser Artikel vermittelt Ihnen, wie Sie das anstellen.
Messkategorien der IT-Sicherheit
Die meisten Stakeholder beschäftigen Fragen zu Risiken, Compliance oder Sicherheit. Diese lassen sich jedoch in der Regel nicht mit einem einzigen Datenpunkt beantworten. Doch es gibt eine Reihe von Dingen, die Security-Profis messen können, um auf die Fragen und Bedenken der Stakeholder einzugehen. Diese lassen sich (grob) in folgende Kategorien einordnen:
Kontrollen: Maßnahmen, die ergriffen werden, um Bedrohungen abzuwehren und Risiken zu reduzieren.
Assets: Jeder Gegenstand, der für die Organisation einen Wert besitzt, beziehungsweise sich in ihrem Besitz befindet.
Vulnerabilities: Schwachstellen in einem System, die ausgenutzt werden können.
Threat Events: Von einer Bedrohung ausgelöste Ereignisse, die Assets potenziell Schaden zufügen können.
Sicherheitsvorfälle: Ereignisse, die “erfolgreich” Wirkung auf das Unternehmen entfaltet haben, etwa in Form von (System-)Ausfällen, Datenschutzverletzungen oder Cyberangriffen.
Diese Kategorien lassen sich weiter nach verschiedenen Faktoren aufschlüsseln: Zahlen, Zeit oder Kosten.
Zahlen könnten beispielsweise in Form des Prozentsatzes der ungepatchten Server gemessen werden. Eine weitere Möglichkeit: Sie messen die Zeit, die benötigt wurde, um einen Sicherheitsvorfall zu identifizieren. Schließlich könnten Kosten – zum Beispiel in Form von Wiederherstellungs- oder Ausfallkosten – Aufschluss über die finanziellen Auswirkungen von Security-Ereignissen geben.
Cybersicherheits-Metriken, -KPIs und -KRIs
Wenn Security-Profis oder -Entscheider an Business Teams berichten, sollten sie dazu möglichst relevante Messerwerte wählen. Dabei konzentrieren sich die meisten Sicherheitsteams auf Metriken, die Low-Level-Messungen bezüglich Assets, Schwachstellen und Threat Events abbilden. Auf Führungs- und Vorstandsebene sind hingegen vor allem KPIs (Key Performance Indicators) und KRIs (Key Risk Indicators) entscheidend, weil diese dazu beitragen können, spezifische Fragen in Bezug auf IT-Risiko, -Status und -Vorbereitung zu beantworten. Beispielsweise:
Sind wir sicher?
Liefern die Sicherheitsinvestitionen dem Unternehmen Mehrwert?
Erfüllen wir aus Sicherheitsperspektive alle regulatorischen Anforderungen?
Wie gut sind wir auf Ransomware- oder Supply-Chain-Angriffe vorbereitet?
Deshalb sollten sich Security-Praktiker auch auf KPIs und KRIs konzentrieren.


Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.
Jetzt CSO-Newsletter sichern
Cybersecurity messen in 5 Schritten
Der Aufbau des richtigen Messrahmens ist ein schrittweiser, iterativer Prozess. Im Folgenden die fünf wichtigsten Schritte, um einen Security Measurement Cycle aufzubauen.
1. Anforderungen definieren
Sprechen Sie mit relevanten Stakeholdern, um deren Bedürfnisse zu definieren und zu verstehen. Diese haben zu diesem Zeitpunkt möglicherweise noch kein umfassendes Verständnis über IT-Risiken – oder ihre eigenen Anforderungen. Deshalb ist für Security-Praktiker ein Bottom-Up-Ansatz empfehlenswert, bei dem sie selbst die Initiative ergreifen und Fragen zu stellen, um die Anforderungen definieren zu können.
2. Key Indicators auswählen
Sobald die Anforderungen der Stakeholder definiert sind, sollten Sicherheitsexperten diejenigen Key Indicators auswählen, die auf diese einzahlen. Dabei sollten die Stakeholder konsultiert und über die beabsichtigten, späteren Messungen informiert werden.
Wenn die Stakeholder die Key Indicators kennen, können sie Maßnahmen ergreifen oder Entscheidungen treffen. Die Schlüsselindikatoren sollten auf hoher Ebene angesiedelt sein – und ihre Anzahl überschaubar bleiben. Das Ziel besteht schließlich darin, die Entscheidungsfindung zu erleichtern.
3. Metriken identifizieren
Nachdem Ziele und Key Indicators festgelegt sind, gilt es für die Sicherheitsteams, die Low-Level-Messgrößen zu fokussieren, die dabei unterstützen, die Indikatoren zu reporten. Das kann – je nach Art des Indikators – bedeuten, dass Dutzende von Metriken aus den verschiedenen oben beschriebenen Messkategorien erforderlich sind.
4. Metriken sammeln und analysieren
Da die Anforderungen nun feststehen, die Schlüsselindikatoren ausgewählt und die Messgrößen festgelegt sind, können die Praktiker nun damit beginnen, Daten auf dieser Grundlage zu sammeln und zu analysieren. Metriken dürfen dabei nur aus Daten abgeleitet werden, die akkurat, aktuell, relevant und vertrauenswürdig sind. Anderenfalls kann es zu Entscheidungen kommen, die schwerwiegende Folgen für die Sicherheitslage des Unternehmens nach sich ziehen.
Es ist die Aufgabe der Security-Teams, Wege zu finden, Daten kontinuierlich zu sammeln (die meisten Messungen erfordern einen Überblick über Trends im Zeitverlauf) und den Prozess vorzugsweise so weit wie möglich zu automatisieren (ein manueller Prozess kann ermüdend und zeitaufwändig sein).
5. Key Indicators reporten
Key Indicators müssen zeitnah an die Entscheidungsträger reported werden. Dabei sollten sich Security-Profis und Stakeholder auf einen zeitlichen Rhythmus einigen – ebenso wie über die Art der Berichterstattung: Sind Dashboards erforderlich oder reichen Powerpoint-Präsentationen aus? Die Schlüsselindikatoren sollten deutlich sichtbar und leicht verständlich sein, um zu Entscheidungen oder Maßnahmen zu führen.
Darüber hinaus ist es wichtig, nach jedem Berichtszyklus die Key Indicators zu überprüfen und sie (unter Einbeziehung der Stakeholder) neu zu bewerten. Haben sich die geschäftlichen Anforderungen tatsächlich geändert, müssen die Anforderungen erneut definiert und ein anderer Satz von Indikatoren und Messgrößen erarbeitet werden.
Unternehmen, Stakeholder und Sicherheitsexperten sollten keine Angst vor Rückwärts- oder Vorwärtsschritten haben: Die Fähigkeit, nach einem schnellen Fail direkt weiterzumachen, zu improvisieren oder sich neu auszurichten sind entscheidende Fähigkeiten, wenn es darum geht, Cybersicherheit erfolgreich zu messen. (fm)


Dieser Beitrag basiert auf einem Artikel unserer US-Schwesterpublikation CSO Online.
View the full article
CSOonline

Google Gemini-Powered Siri Will Reportedly Have These 7 New Features

Apple and Google this week announced that Gemini will help power a more personalized Siri, and The Information has provided more details.


As soon as this spring, the report said the revamped version of Siri will be able to…

Answer more factual/world knowledge questions in a conversational manner
Tell more stories
Provide emotional support
Assist with more tasks, such as booking travel
Create a document in the Notes app with information, such as a cooking recipeThe report said Apple plans to announce additional Siri capabilities at WWDC in June, including… Knowledge of past conversations
Proactive suggestions based on information from apps, such as CalendarApple already announced that the personalized Siri would have better understanding of a user's personal context, on-screen awareness, and deeper per-app controls, so a lot of the specific capabilities that the report said are coming would align with that.

For example, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info from the Mail and Messages apps.

The report said that the latest prototype of the more personalized Siri does not have any Google or Gemini branding, and Apple will be able to fine-tune Gemini's model to ensure that Siri responds to queries in a way that the iPhone maker prefers.

More details are available in The Information's paywalled report.

Apple first previewed the more personalized Siri at WWDC 2024, and the revamped assistant is finally expected to launch as part of iOS 26.4 in March or April. However, according to the report, some capabilities will not arrive until iOS 27.Tags: Apple Intelligence, Gemini, Google, Siri, The Information
This article, "Google Gemini-Powered Siri Will Reportedly Have These 7 New Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention

Eight critical vulnerabilities and an actively exploited zero day highlight Microsoft’s first Patch Tuesday announcements for 2026.
Most of the higher scoring vulnerabilities impact Office products, with two holes in SharePoint scoring an 8.8 on the CVSS scale.
“Last year’s abuse of SharePoint by Chinese APTs to deploy ToolShell against organizations should serve as a warning that SharePoint- and Office-related vulnerabilities can quickly become popular with threat actors,” noted Nick Carroll, cyber incident response manager at Nightwing. 
The other vulnerability that scored a CVSS rating of 8.8 is CVE-2026-20868 for the Windows Routing and Remote Access Service. This is a heap-based buffer overflow that allows an unauthorized attacker to execute code over a network. There’s also a patch for a lower-scoring hole in this service (CVE-2026-20843) that allows an elevation of privilege.
Desktop Windows Manager
Arguably, the vulnerability that should draw the attention of CSOs is CVE-2026-20805, because it’s already being exploited. No public proof-of-concept code has been disclosed. It is a hole in Desktop Windows Manager (DWM) that allows a locally authenticated attacker to view information in memory to help them weaken system protections, and from that go deeper into IT systems that rely on DWM.
Exploitation requires local access with low privileges and no user interaction, note researchers at Action1, making it feasible for attackers already present on a system.
For organizations, this vulnerability increases the risk of successful multi-stage attacks, said Jack Bicer, director of vulnerability research at Action1. Leaked memory details can be combined with other vulnerabilities to achieve privilege escalation or allow data theft, potentially leading to broader system compromise, regulatory exposure, and loss of trust.
If the patch can’t be applied immediately, he said, admins should limit local access, enforce least-privilege policies, and closely monitor systems for suspicious local activity.
“From a risk perspective, this issue materially increases the success rate of follow on exploits,” warned Bicer, “and should be viewed as an attack enabler rather than a standalone flaw.”
Satnam Narang, senior staff research engineer at Tenable, called DWM a “frequent flyer” on Patch Tuesday, with 20 CVEs patched in this library since 2022. But, he added, this is the first time researchers have seen an information disclosure bug in this component exploited in the wild.
More priorities
Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.
Strategic focus should include accelerating patch deployment for critical and important flaws, reducing unnecessary local access, hardening authentication paths, and closely monitoring for abnormal privilege escalation behavior, Bicer said.
“The Desktop Window Manager Information Disclosure should be addressed in parallel due to confirmed exploitation and its role in enabling chained attacks,” he added.
Secure Boot certificates
Security experts also drew attention to Microsoft’s warning that certain Secure Boot certificates issued in 2011 will expire in June or October unless updates included in the January patches are installed. Details are included in CVE-2026-21265. Secure Boot prevents malicious code from loading during the Windows startup process; systems not updated in time may become vulnerable to Secure Boot bypasses.
Chris Goettl, vice-president of product management at Ivanti, called this “a ticking time bomb for enterprise security that IT teams need to act on now before facing serious operational issues.”
Additionally, Tyler Reguly, associate director of security R&D at Fortra, noted that the Microsoft documentation of fixes for the expiring certificates isn’t a single page, but contains a multitude of links – including an entire deployment playbook for IT professionals. “With less than half a year to prepare, it is time to ensure that environments and teams are prepared for this update,” he said.
More likely for exploit
Reguly also said one of the more interesting updates this month is a fix for a Windows Agere Soft Modem Driver elevation of privilege (CVE-2023-31096) issue. “It is not often that you see a CVE from three years ago show up, but Microsoft is finally cleaning up a problem that has been around for a while,” he said. This driver ships with Microsoft Windows, but according to a post about this vulnerability, the driver has been end of life since 2016. The solution to this vulnerability is simply to remove the impacted drivers, agrsm64.sys and agrsm.sys, from systems.
Nick Carroll of Nightwing says security leaders should pay attention to patching vulnerabilities that Microsoft says are more likely to be exploited. These are:
an improper handling of permissions in Windows Error Reporting (CVE-2026-20817) that could allow an authorized attacker to elevate privileges locally;  a buffer overflow in Windows Common Log File System Driver (CVE-2026-20820) that could lead to an authorized attacker to elevate privileges locally;  a buffer overflow that could lead to remote code attacks in Windows NTFS (CVE-2026-20840).
This is one of two NTFS issues flagged this month, noted Kev Breen, senior director of cyber threat research at Immersive. If technical details are made public, this could become an n-day vulnerability, he warned, creating a narrow window in which IT can apply patches before exploitation becomes widespread;  an issue with Windows Ancillary Function Driver for WinSock that can let an authorized attacker elevate privileges locally (CVE-2026-20860);  an elevation of privilege issue in Desktop Windows Manager (CVE-2026-20871);  a remote code execution vulnerability in Windows NTFS (CVE-2026-20922). SAP updates
Separately, SAP  released 19 new or updated security patches, including six HotNews Notes and four High Priority Notes. One of the most important is a critical SQL injection vulnerability in S/4HANA Private Cloud and On-Premise (Financials – General Ledger), tagged with a CVSS score of 9.9. Exploitation can lead to full system compromise by low-privileged users. In addition, a code injection vulnerability, with a CVSS score of 9.1, was patched in S/4HANA Private Cloud and On-Premise.
Oracle and Mozilla
Researchers at Ivanti note that Mozilla released a trio of updates for Firefox and Firefox ESR resolving a total of 34 CVEs. All three updates have an Impact rating of High. Two of the CVEs are suspected to have been exploited (CVE-2026-0891 and CVE-2026-0892). Both are resolved in Firefox 147 (MFSA2026-01) and CVE-2026-0891 is resolved in Firefox ESR 140.7 (MFSA2026-03). 
Finally, researchers at Nightwing note that Oracle admins should be ready for the first of the company’s four major patch days a year, which this year falls on Tuesday January 20. There should be a pre-release announcement on January 15 that will help organizations prepare for what’s coming.

View the full article
CSOonline

Shazam's Fast Forward Playlist Reveals Music Artists Set to Rise in 2026

Shazam has published its annual Fast Forward list, and an accompanying Apple Music playlist. The list takes a look ahead at some of the most exciting music artists who are being discovered through the song identification tool. 2026's list features more than 60 music artists who are poised to have a breakthrough year.


Here is how Apple describes this year's playlist:Some well-known music artists, including Benson Boone, Ice Spice, and Ayra Starr, were featured in Shazam's previous Fast Forward lists.

Tags: Apple Music, Shazam
This article, "Shazam's Fast Forward Playlist Reveals Music Artists Set to Rise in 2026" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum

Cybersecurity risk will accelerate this year, fueled by advances in AI, deepening geopolitical fragmentation and the complexity of supply chains, the World Economic Forum (WEF) says in its annual Global Cybersecurity Outlook.
The way to combat it, however, isn’t new, the report adds. “Ultimately, strengthening collective cyber resilience has become both an economic and a societal imperative. Cybersecurity is a frontier where collaboration remains not only possible, but powerful — a reminder that, even amid fragmentation, economic strain and uncertainty, collective action can drive progress for all.”
The coming year will test not only global technological preparedness but also the capacity to align policy, ethics, and collaboration in defending an increasingly digital world, the report says.
Issued Monday, the 64 page report is based partly on answers to 19 questions from a survey last fall responded to by 804 C-suite executives, academics, civil society and public-sector cybersecurity leaders in 92 countries. That included 316 CISOs. Additional material was gathered from workshops, including a session with 21 executives from the forum’s Centre for Cybersecurity’s CISO community.
This is the fifth annual cybersecurity report from the WEF. Last year’s edition found that a series of compounding factors — geopolitical tension, intricate supply chains, regulatory proliferation and rapid technological adoption — were creating an era of escalating complexity and unpredictability, and this year’s continues the theme.
Among the latest report’s main findings:
AI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents; 87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities; confidence in national cyber preparedness continues to erode, with 31% of survey respondents reporting low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year. Confidence levels vary greatly across regions, with 84% of respondents from the Middle East and North Africa being confident in their country’s ability to protect critical infrastructure, and only 38% of North American respondents confident their countries were prepared; asked to rate their own organization’s cyber resilience, 23% of representatives from public sector and international organizations thought their readiness was insufficient. By contrast, only 11% of private sector respondents thought negatively about their firms; 91% of organizations with more than 100,000 employees have changed their cybersecurity strategies due to geopolitical volatility. Interestingly, CEOs and CISOs weren’t always on the same page when it came to rating cyber risks for their organizations. In the 2025 survey, most CEOs said ransomware, cyber-enabled fraud and phishing, and supply chain disruption were their biggest cyber concerns. This year, cyber-enabled fraud and phishing shifted to number one, followed by AI vulnerabilities and exploitation of software vulnerabilities.
On the other hand, while most CISOs also said ransomware was their top concern in the 2025 survey, they reversed the CEO’s order to list supply chain disruption second, then cyber-enabled fraud and phishing. And in the latest survey, ransomware and supply chain disruption were still the top two, but the third worry is now exploitation of software vulnerabilities.
This suggests that CEOs tend to be more concerned about the broader business impacts of frauds, the report says, while for CISOs, the concern over ransomware reflects the significant operational disruption a successful ransomware attack can inflict on the availability of critical information technology (IT) and operational technology (OT) systems.
Related content: 8 things CISOs can’t afford to get wrong in 2026
The WEF report focuses on AI because leaders believe it will be the most significant driver of change in cybersecurity this year. The widespread integration of AI systems adds an expanded attack surface that creates novel vulnerabilities that traditional security controls were not designed to address, the report says. In addition, threat actors are leveraging AI to enhance the scale, speed, sophistication, and precision of their attacks.
However, defenders can also use AI, to strengthen their cyber capabilities. But, the report stresses, “AI’s benefits are contingent on disciplined execution. Poorly implemented solutions can introduce new risks — misconfiguration, biased decision‑making, over‑reliance on automation, and susceptibility to adversarial manipulation — unless organizations embed robust guardrails, security‑by‑design practices and continuous monitoring.”
“The implication is clear,” says the report. “AI can improve cybersecurity, but only when deployed within sound governance frameworks that keep human judgement at the center. At the same time, too many controls can create friction, so it is essential to strike a careful balance.”
One sign this may already be happening: 64% of respondents said their organization has a process in place for assessing the security of AI tools before deploying them, up from 37% in the previous survey in the fall of 2024.
The survey data shows 77% of respondents said their organizations have adopted AI for cybersecurity, primarily to enhance phishing detection (52%), intrusion and anomaly response (46%), and user behavior analytics (40%).
But when asked about the practical challenges of adopting AI for cybersecurity, respondents listed insufficient knowledge and/or skills (54%), the need for human oversight (41%), and uncertainty about risk (39%) as the main hurdles. These findings indicate that trust is still a barrier to widespread AI adoption, the report concludes.
“As organizations navigate the integration of AI into their security operations, the balance between automation and human judgement becomes increasingly critical,” says the report. “While AI excels at automating repetitive, high-volume tasks, its current limitations in contextual judgement and strategic decision making remain clear. Over-reliance on ungoverned automation risks creating blind spots that adversaries may exploit.”
Related content: Cybercrime is moving beyond financial gains
While AI continues to dominate the cybersecurity landscape, several other technologies and threat vectors are quietly gaining traction in the background and are expected to affect cybersecurity by 2030, says the report.
These include autonomous systems and robotics, quantum technologies, digital currencies, space technologies and undersea cables, and natural disasters and climate change. By the end of the decade, autonomous systems will be a near-term factor, from AI assisting in analysis to its directing of physical actions in factories, logistics, healthcare and public spaces. This evolution could create a new cyber‑physical risk profile, where machine‑executed decisions can alter safety and service quality within seconds, compressing detection and response windows.
By 2030, quantum technology will have evolved from a theoretical disruptor into a selective but material threat to cryptography, the report predicts. State-level or well-resourced actors may be capable of quantum-accelerated attacks on high-value targets, even as full-scale code breaking remains rare. At the same time, defenders will harness quantum-enhanced analytics and sensing for anomaly detection, creating a dynamic attacker-defender race.
Ultimately, the report concludes, building a secure digital future requires more than technical solutions. “It calls for decisive leadership, shared accountability, and a commitment to lifting the collective baseline — ensuring that resilience is accessible to all, not just the most well-resourced. As the boundaries between digital and physical worlds continue to blur, the organizations that thrive will be those that recognize cyber resilience as a shared, strategic responsibility — one that underpins trust, enables innovation and safeguards the interconnected foundations of global society.”  
View the full article
CSOonline

Apple Says 'Pixelmator' App on iOS Will No Longer Receive Updates

Alongside the news that Pixelmator Pro is coming to the iPad, Apple has confirmed that the more basic Pixelmator app for the iPhone and iPad will no longer be updated.


From the Pixelmator Pro page on Apple's website:The classic Pixelmator app offers more basic image editing tools, whereas Pixelmator Pro for iPad will be a fully-featured, professional image editing app.

Pixelmator Pro for iPad features a new touch-optimized workspace, full Apple Pencil support for pressure-sensitive brushing, the ability to work between iPad and Mac, and all of the powerful editing tools from the Mac version of the app.

Read our earlier coverage of the Pixelmator Pro for iPad announcement to learn more.

There is also a free Photomator photo editing app for the iPhone and iPad in the App Store, and Apple did not mention updates ending for that app.Tag: Pixelmator
This article, "Apple Says 'Pixelmator' App on iOS Will No Longer Receive Updates" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases New AirPods Pro 3 Firmware Update

Apple today released a firmware update for the AirPods Pro 3. The latest firmware has a version number of 8B34, up from the previous version 8B30.


Apple has a support document for AirPods firmware updates, but it has yet to be updated to reflect the 8B34 update. There can sometimes be new features, but most often the release notes simply mention unspecified bug fixes and improvements.

How to install AirPods Pro firmware updates, according to Apple:
Make sure that your iPhone, iPad, or Mac is updated to the latest version of iOS, iPadOS, or macOS, and that Bluetooth is on.
Make sure that your AirPods are connected via Bluetooth to your iPhone, iPad, or Mac.
Connect your iPhone, iPad, or Mac to Wi-Fi.
Connect your charging case to power.
Put your AirPods in their charging case and close the lid. Keep the lid of the charging case closed, and keep your AirPods in Bluetooth range of your iPhone, iPad, or Mac.
Wait at least 30 minutes for the firmware to update.
Open the lid of the charging case to reconnect your AirPods to your iPhone, iPad, or Mac.
Check the firmware version again.
We will update this story once Apple provides releases notes for the 8B34 update.

AirPods Pro 3 were released in September, with key features including increased active noise cancellation, improved sound quality, longer battery life per charge, heart rate monitoring during workouts, and more.Related Roundup: AirPods Pro 3Buyer's Guide: AirPods Pro (Buy Now)Related Forum: AirPods
This article, "Apple Releases New AirPods Pro 3 Firmware Update" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

These Apple Apps Will No Longer Receive All New Features Without a Subscription

If you are not interested in subscribing to the new Apple Creator Studio bundle introduced today, you will officially start to miss out on some new features.


Apple said some "exciting new intelligent features and premium content" in Final Cut Pro, Pixelmator Pro, Keynote, Numbers, Pages, and Freeform will only be accessible with a Creator Studio subscription. In the U.S., a subscription costs $12.99 per month, or $129 per year, while college students can pay a lower $2.99 per month or $29 per year.

This means that if you bought Final Cut Pro or Pixelmator Pro via one-time purchase, which will still be an option going forward, you will no longer have access to all new features. However, Apple promises the apps will continue to receive updates.

From the Final Cut Pro page on Apple's website, for instance:There are some exceptions, as Apple says Logic Pro and MainStage will have all the same features whether they are subscription or one-time-purchase versions.

It looks like most if not all of the new features that will be limited to Creator Studio subscribers will be powered by AI, as Apple repeatedly describes them as "intelligent" features. The apps are continuing to receive other new features that do not require a subscription over time, so one-time purchasers are not completely left out.

As for Keynote, Numbers, Pages, and Freeform, those apps will remain free, but some new intelligent features and content will likewise require a Creator Studio subscription. This means these apps are now effectively "freemium."

Here are a few of the first new features coming to Creator Studio subscribers:

Pixelmator Pro: A new Warp tool lets you twist and shape image layers.
Keynote, Pages, and Numbers: A new Content Hub provides access to high-quality photos and graphics, and there are new premium templates and themes.In summary, existing users of Final Cut Pro and Pixelmator Pro never had to worry about paying extra to have every new feature, but that is no longer the case going forward. And while the Keynote, Numbers, Pages, and Freeform apps never cost money, some new features will now be locked behind a subscription. These changes will undoubtedly disappoint some Apple customers, while helping to boost the company's services revenue.Tags: Apple Creator Studio, Final Cut Pro, Pixelmator
This article, "These Apple Apps Will No Longer Receive All New Features Without a Subscription" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Get $300 Off Samsung's Smart Monitor M9, Plus More Monitor and TV Deals

Samsung has introduced a new batch of discounts across its most popular monitors and TVs this week, with notable markdowns on products like The Frame and the Smart Monitor series. These deals have all been applied automatically on Samsung's website, and many match all-time low prices on these products.

Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Starting with monitors, you can get the 32-inch Smart Monitor M9 4K OLED for $1,299.99, down from $1,599.99. This version of the Smart Monitor line launched last summer, and Samsung's discount today is a match of the record low price on the display.

$300 OFF32-inch Smart Monitor M9 for $1,299.99

Other monitors on sale include the 32-inch Smart Monitor M7 4K for $229.99 ($170 off) and the 43-inch Smart Monitor M7 4K for $359.99 ($140 off). You can find even more monitor deals in the list below.


Regarding TVs, there are quite a few models of The Frame TV on sale, including all-time low prices on The Frame models from 2025. You can get the 2025 65-inch The Frame TV for $1,199.99 ($600 off), as well as The Frame Pro for $2,499.99 ($700 off).

$600 OFF65-inch The Frame for $1,199.99

For even more potential savings, eligible shoppers have the chance to get additional discounts through Samsung offer programs. These programs provide extra discounts for students, military, and employees of select businesses, and they provide up to 30 percent extra savings on Samsung's website, so be sure to check whether you're eligible for any of these programs.

TVs

55-inch QLED QEF1 Smart TV - $379.99, down from $599.99
55-inch QLED Q7F Smart TV - $399.99, down from $529.99
55-inch QLED Q8F Smart TV - $699.99, down from $749.99
75-inch Vision AI Smart TV - $679.99, down from $1,199.99
50-inch The Frame - $799.99, down from $1,099.99
75-inch Neo QLED QN70F Smart TV - $1,199.99, down from $1,599.99
65-inch The Frame - $1,199.99, down from $1,799.99
55-inch OLED S95F Smart TV - $1,999.99, down from $2,299.99
75-inch The Frame Pro - $2,499.99, down from $3,199.99
85-inch The Frame Pro - $3,499.99, down from $4,299.99
85-inch Neo QLED QN90F Smart TV - $2,699.99, down from $4,499.99
Monitors

32-inch Smart Monitor M7 4K - $229.99, down from $399.99
32-inch ViewFinity S70A UHD Monitor - $299.99, down from $459.99
34-inch ViewFinity S6 Monitor - $399.99, down from $799.99
43-inch Odyssey Neo G7 Smart Gaming Monitor - $599.99, down from $999.99
55-inch Odyssey Ark 2nd Gen - $1,299.99, down from $2,699.99
32-inch Smart Monitor M9 - $1,299.99, down from $1,599.99
Galaxy Products

Galaxy XR - Save up to $1,140 with the Explorer Pack
Galaxy S25 Ultra - Save up to $700 in instant trade-in credit
Galaxy Ring - Get up to $150 trade-in credit
Galaxy Watch Ultra - Save up to $250
Galaxy Watch 8 - Save up to $200

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Get $300 Off Samsung's Smart Monitor M9, Plus More Monitor and TV Deals" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Highlights Key iPhone 17 and 17 Pro Hardware Upgrade in New Ad

Apple today shared a new "Slide" ad that highlights the Ceramic Shield 2 cover glass on the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max.


The ad shows an ongoing negotiation, during which an iPhone 17 Pro with the screen facing down is slid back and forth across a long table.

Apple says the Ceramic Shield 2 above the screen offers 3× better scratch resistance compared to the iPhone 16 lineup, and it says the material is tougher than any smartphone glass or glass-ceramic mix. "Relax, it's iPhone 17," the ad concludes.Related Roundups: iPhone 17, iPhone 17 ProTags: Apple Ads, Ceramic ShieldBuyer's Guide: iPhone 17 (Neutral), iPhone 17 Pro (Neutral)Related Forum: iPhone
This article, "Apple Highlights Key iPhone 17 and 17 Pro Hardware Upgrade in New Ad" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Seeds Second Betas of iOS 26.3 and iPadOS 26.3 to Public Beta Testers

Apple today seeded the second betas of upcoming iOS 26.3, iPadOS 26.3, tvOS 26.3, and watchOS 26.3 updates to public beta testers, with the updates coming four weeks after Apple provided the first betas to testers.


Anyone can download and install public betas, and all that's required is to sign up on Apple's beta site. Once you've opted in, the software can be downloaded through the Software Update section in the Settings app on each device.

iOS 26.3 adds a new tool for transitioning from an iPhone to an Android device. Transfers can be initiated during the device setup process, and moving data from one device to another can now be done without having to download a specific app.

The update also includes changes to third-party wearables in the European Union, with more information available in our iOS 26.3 beta 2 feature list following yesterday's release to developers.

Apple is expected to release iOS 26.3 and iPadOS 26.3 to the public at the end of January.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Second Betas of iOS 26.3 and iPadOS 26.3 to Public Beta Testers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases Second macOS Tahoe 26.3 Public Beta

Apple today provided public beta testers with the second release of an upcoming macOS Tahoe 26.3 update for testing purposes. The public beta comes a day after Apple provided the second beta to developers.


After signing up for beta testing on Apple's beta site, public beta testers can download the updates using the Software Update section in the System Settings app.

We don't know about any new features in ‌macOS Tahoe‌ 26.3 as of yet, but Apple might introduce new capabilities in later beta releases.

The beta is limited to developers and public beta testers at the current time, but we are expecting Apple to release the update at the end of January. Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Apple Releases Second macOS Tahoe 26.3 Public Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Kuo: Apple's AI Deal With Google Is Temporary and Buys It Time

Apple is preparing to mass-produce its own AI-focused server chips in the second half of 2026 amid reliance on a short-term partnership with Google to meet immediate AI expectations, according to analyst Ming-Chi Kuo.


In a new post on X, Kuo said that Apple is facing mounting short-term pressure in artificial intelligence that is shaping its current strategy, even as it continues to pursue long-term control over core AI technologies.

Kuo explained that Apple has encountered two immediate challenges in its in-house AI development that have effectively pushed it toward partnering with Google. The first is the need for a credible AI showing at WWDC later this year after previously announcing Apple Intelligence and significant Siri upgrades that have yet to materialize. The second is the rapid pace of improvement in cloud-based AI systems, which has raised expectations to a level where simply delivering on earlier promises may no longer be enough.

Kuo argues that as AI capabilities have advanced, user perceptions of what constitutes a competitive assistant or system-level AI have shifted. In that context, even a fully delivered version of ‌Apple Intelligence‌ as it was originally presented could struggle to stand out, particularly without access to more powerful large-scale models. This has apparently driven an urgent need for Apple to supplement its current approach with more capable AI models from other companies.

Kuo described Apple's AI deal with Google as a way to ease short-term pressure rather than a long-term strategic shift. He said on-device AI is unlikely to drive hardware sales in the near term, but the partnership gives Apple time to manage expectations across its platforms while continuing its own AI development. Over the longer term, Kuo said AI is expected to become central to hardware differentiation, operating system design, and the overall user experience, making ownership of core AI technologies increasingly important.

He added that Apple's in-house AI server chips are expected to enter mass production in the second half of 2026, with Apple-operated data centers coming online in 2027. Kuo said this timing suggests Apple expects demand for on-device and hybrid AI workloads to grow more meaningfully from 2027, as it gains greater control over its server-side computing and infrastructure.Tags: Apple Intelligence, Google, Ming-Chi Kuo
This article, "Kuo: Apple's AI Deal With Google Is Temporary and Buys It Time" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today.View the full article
Hacker News

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is stillView the full article
Hacker News

iOS 26.3 Hints at Improved iPhone-to-Android Texting Coming Soon

Starting with the iOS 26.3 beta, Apple appears to be laying the groundwork for carriers to be able to support end-to-end encryption (E2EE) for RCS messages, and that news could actually have even bigger implications for the Messages app on the iPhone.


In order to offer E2EE for RCS, iOS 26.3 or later would need to support RCS Universal Profile 3.0, which includes many iMessage-like enhancements for RCS:End-to-end encryption, which will prevent Apple and any other third party from being able to read messages and attachments while they are being sent between devices, as has always been the case with iMessage
In-line replies
Edit messages
Unsend messages
Full-fledged Tapback support for RCS messages, with no special workaroundsRCS support as a whole was added to the iPhone with iOS 18, which supported ‌RCS‌ Universal Profile 2.4. It is effectively a modernized version of the SMS standard, which remains available as a fallback option for text messages over a cellular network.

The enhancements listed above were actually introduced in RCS‌ Universal Profile 2.7, and iOS would finally get them by jumping to RCS Universal Profile 3.0.

iMessage conversations with blue bubbles have already supported end-to-end encryption by default since iOS 5. iMessage has also supported in-line replies since iOS 14, while the options to edit and unsend iMessages were introduced with iOS 16.

Timing

Last year, Apple said it planned to add support for end-to-end encrypted RCS messages to the Messages app in future iOS, iPadOS, macOS, and watchOS software updates. However, Apple did not provide a specific timeframe.

As mentioned above, Apple appears to finally be laying the groundwork for E2EE for RCS in the iOS 26.3 beta, but it will be up to carriers to implement support, and Apple might also work with Google to ensure there is a consistent experience across iOS and Android. Hopefully we begin to see support roll out at some point between iOS 26.3 and iOS 27.

E2EE for RCS may be limited to select countries at first, as carriers begin rolling it out.Related Roundups: iOS 26, iPadOS 26Tags: Messages, RCSRelated Forum: iOS 26
This article, "iOS 26.3 Hints at Improved iPhone-to-Android Texting Coming Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Pixelmator Pro is Coming to iPad With Apple Pencil Support and More

Apple today announced that Pixelmator Pro is coming to the iPad, complete with a new touch-optimized workspace, full Apple Pencil support, the ability to work between iPad and Mac, and all of the powerful editing tools from the Mac version.


Pixelmator Pro is a popular image editing app that was acquired by Apple last year. There is already a more basic Pixelmator app available for the iPad and iPhone, and now the full-fledged Pixelmator Pro experience is coming to the iPad.

Apple says Pixelmator Pro for iPad will be compatible with iPad models equipped with the A16, A17 Pro, or M1 chip or later on iPadOS 26 or later.


Here are some of the Pixelmator Pro for iPad features highlighted by Apple:A full-featured Layers sidebar allows creators to use images, shapes, text, and video
Smart selection tools for isolating and editing specific parts of images
Advanced bitmap and vector masks
Super Resolution for intelligently upscaling photos
Deband for removing compression artifacts
Auto Crop with automatic composition suggestions
Apple Pencil support for pressure-sensitive brushing, plus hover, squeeze, and double tapPixelmator Pro for both iPad and Mac will be available through the new Apple Creator Studio subscription bundle, which costs $12.99 per month or $129 per year. A one-time $49.99 purchase option will remain available, and this will presumably extend to the iPad app. Some new AI features and content in Pixelmator Pro for iPad will only be available with an Apple Creator Studio subscription.Tags: Apple Creator Studio, Apple Pencil, PixelmatorRelated Forum: iPad Accessories
This article, "Pixelmator Pro is Coming to iPad With Apple Pencil Support and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Amazon Takes Up to $200 Off M5 iPad Pro With New Discounts

Amazon this week is back with big discounts across the M5 iPad Pro lineup, including both 11-inch and 13-inch models. The highlight this time around is the 1TB Wi-Fi 13-inch M5 iPad Pro with Nano-Texture Glass, which is on sale for $1,799.00, down from $1,999.00.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Many of the deals in this sale match — or beat — the record low prices we tracked during Black Friday. Amazon also has the 2TB Wi-FI 13-inch M5 iPad Pro with Nano-Texture Glass for $2,199.00, down from $2,399.00, which is an all-time low price.

$200 OFF13-inch M5 iPad Pro (1TB Nano-Texture Wi-Fi) for $1,799.00
$200 OFF13-inch M5 iPad Pro (2TB Nano-Texture Wi-Fi) for $2,199.00

You'll find some of these deals matched at Best Buy, with in-store pick-up available this week for many locations. The latest iPad Pro models are equipped with the current-generation M5 chip, and feature a super-slim design, Thunderbolt support, up to 2TB storage, and OLED display technology.

11-Inch M5 iPad Pro

512GB Wi-Fi - $1,099.00 ($100 off)
1TB Wi-Fi - $1,499.00 ($100 off)
1TB Nano-Texture Glass Wi-Fi - $1,599.00 ($100 off)
2TB Nano-Texture Glass Wi-Fi - $1,999.00 ($100 off)
13-Inch M5 iPad Pro

256GB Wi-Fi - $1,149.00 ($150 off)
512GB Wi-Fi - $1,399.00 ($100 off)
1TB Wi-Fi - $1,759.00 ($140 off)
1TB Wi-Fi Nano-Texture Glass - $1,799.00 ($200 off)
2TB Wi-Fi Nano-Texture Glass - $2,199.00 ($200 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Takes Up to $200 Off M5 iPad Pro With New Discounts" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Ransomware-Banden erpressen Opfer mit Compliance-Verstößen

Digitala World – shutterstock.com
Ransomware-Attacken zählen nach wie vor zu den häufigsten Angriffsmethoden. Wie aktuelle Analysen zeigen, drohen Cyberbanden ihren Opfern nun vermehrt damit, Verstöße gegen Vorschriften wie die DSGVO an die Aufsichtsbehörden zu melden.
So haben Forscher des Security-Anbieters Akamai bereits in den vergangenen zwei Jahren einen zunehmenden Trend bei dieser Taktik beobachtet. Als Beispiel verweisen die Sicherheitsspezialisten auf die Ransomware-Gruppe Anubis. Die Mitglieder würden sich hauptsächlich auf Branchen mit hohen Compliance-Risiken wie das Gesundheitswesen konzentrieren. Auch die berüchtigte Ransomhub-Bande setzt demnach auf diese Methode. So soll sie ihre Partner ausdrücklich dazu ermutigt haben, gehackten Unternehmen regulatorische Strafen anzudrohen.
Folgen für Unternehmen
„Das setzt Unternehmen unter einen doppelten Druck, der kaum zu bewältigen ist“, erklärt Klaus Hild, Manager Solution Engineering Enterprise bei SailPoint, gegenüber CSO. Sie müssten zwischen Lösegeldzahlung und potenziell ruinösen Strafen sowie Reputationsverlust abwägen. „Diese ‘Compliance-Erpressung’ ist keine theoretische Bedrohung mehr – sie ist zum Standardverfahren von Ransomware-Kartellen geworden“, so der Experte.
Tim Berghof, Security Evangelist bei G DATA, bestätigt auf Nachfrage von CSO, dass es sich bei dieser Vorgehensweise technisch gesehen zwar nur um eine Erweiterung der „branchenüblichen” Double Extortion handelt, aber massive Folgen mit sich bringen kann. „Selbst, wenn eine erfolgte Anzeige sich als gegenstandslos erweist. Behördliche Ermittlungsverfahren erzeugen Aufsehen, binden Ressourcen und werden potenziell publik.“
KI verstärkt Angriffe
Hild verweist auf ein weiteres Problem: „KI-gestützte Tools beschleunigen diese Angriffe dramatisch. Kriminelle können heute innerhalb weniger Stunden nach einem Datendiebstahl gestohlene Dokumente auf ‘materielle’ Compliance-Verstöße screenen – schneller und präziser, als viele Unternehmen ihre eigenen Systeme auditieren können.“
Der SailPoint-Spezialist führt aus: „Sie erstellen detaillierte, rechtlich fundierte Beschwerden für Behörden und setzen enge Fristen. Mit neuen Regulierungen wie DORA in der EU und verschärften SEC-Meldepflichten wächst das Arsenal dieser Erpresser stetig.“
Berghoff fasst zusammen: „Die Frage bleibt, was für Unternehmen die glimpflicheren Folgen hat: Eine Selbstanzeige oder die anonyme Meldung bei der zuständigen Behörde durch eine Gruppe Krimineller. Da es auch in einigen Bereichen noch viel Unsicherheit um das Thema Compliance gibt, fallen Drohungen mit Behörden hier auf potenziell fruchtbaren Boden.“
View the full article
CSOonline

Ransomware-Banden erpressen Opfer mit Compliance-Verstößen

Digitala World – shutterstock.com
Ransomware-Attacken zählen nach wie vor zu den häufigsten Angriffsmethoden. Wie aktuelle Analysen zeigen, drohen Cyberbanden ihren Opfern nun vermehrt damit, Verstöße gegen Vorschriften wie die DSGVO an die Aufsichtsbehörden zu melden.
So haben Forscher des Security-Anbieters Akamai bereits in den vergangenen zwei Jahren einen zunehmenden Trend bei dieser Taktik beobachtet. Als Beispiel verweisen die Sicherheitsspezialisten auf die Ransomware-Gruppe Anubis. Die Mitglieder würden sich hauptsächlich auf Branchen mit hohen Compliance-Risiken wie das Gesundheitswesen konzentrieren. Auch die berüchtigte Ransomhub-Bande setzt demnach auf diese Methode. So soll sie ihre Partner ausdrücklich dazu ermutigt haben, gehackten Unternehmen regulatorische Strafen anzudrohen.
Folgen für Unternehmen
„Das setzt Unternehmen unter einen doppelten Druck, der kaum zu bewältigen ist“, erklärt Klaus Hild, Manager Solution Engineering Enterprise bei SailPoint, gegenüber CSO. Sie müssten zwischen Lösegeldzahlung und potenziell ruinösen Strafen sowie Reputationsverlust abwägen. „Diese ‘Compliance-Erpressung’ ist keine theoretische Bedrohung mehr – sie ist zum Standardverfahren von Ransomware-Kartellen geworden“, so der Experte.
Tim Berghof, Security Evangelist bei G DATA, bestätigt auf Nachfrage von CSO, dass es sich bei dieser Vorgehensweise technisch gesehen zwar nur um eine Erweiterung der „branchenüblichen” Double Extortion handelt, aber massive Folgen mit sich bringen kann. „Selbst, wenn eine erfolgte Anzeige sich als gegenstandslos erweist. Behördliche Ermittlungsverfahren erzeugen Aufsehen, binden Ressourcen und werden potenziell publik.“
KI verstärkt Angriffe
Hild verweist auf ein weiteres Problem: „KI-gestützte Tools beschleunigen diese Angriffe dramatisch. Kriminelle können heute innerhalb weniger Stunden nach einem Datendiebstahl gestohlene Dokumente auf ‘materielle’ Compliance-Verstöße screenen – schneller und präziser, als viele Unternehmen ihre eigenen Systeme auditieren können.“
Der SailPoint-Spezialist führt aus: „Sie erstellen detaillierte, rechtlich fundierte Beschwerden für Behörden und setzen enge Fristen. Mit neuen Regulierungen wie DORA in der EU und verschärften SEC-Meldepflichten wächst das Arsenal dieser Erpresser stetig.“
Berghoff fasst zusammen: „Die Frage bleibt, was für Unternehmen die glimpflicheren Folgen hat: Eine Selbstanzeige oder die anonyme Meldung bei der zuständigen Behörde durch eine Gruppe Krimineller. Da es auch in einigen Bereichen noch viel Unsicherheit um das Thema Compliance gibt, fallen Drohungen mit Behörden hier auf potenziell fruchtbaren Boden.“
View the full article
CSOonline

Apple Introduces New 'Creator Studio' Bundle of Apps for $129 Per Year

Apple today introduced a new Creator Studio bundle that offers access to six creative apps, and premium features in iWork apps, for $12.99 per month or $129 per year.


Apple Creator Studio includes access to Final Cut Pro, Logic Pro, and Pixelmator Pro on the Mac and iPad, as well as Motion, Compressor, and MainStage on the Mac. Plus, it unlocks premium AI features and content across the iWork apps Keynote, Pages, and Numbers across the iPhone, iPad, and Mac, and later in the Freeform app.

Apple Creator Studio will be available through the App Store starting Wednesday, January 28. All new subscribers can receive a one-month free trial.

More details to follow.
This article, "Apple Introduces New 'Creator Studio' Bundle of Apps for $129 Per Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Detection Engineering in an AI-Enabled SOC

Detection engineering has never been about writing perfect rules. It has always been about managing tradeoffs coverage versus noise, speed versus accuracy, flexibility versus maintainability.

As AI becomes embedded in SOC workflows, those tradeoffs don’t disappear. They change.

In an AI-enabled SOC, detection engineering is no longer about forcing logic to answer a single question - is this malicious or not? Instead, it’s about designing detections that produce clean, meaningful signals that AI and analysts can evaluate together.
View the full article
compuquip

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks. Behind every agentic workflow sits a layer few organizations are actively securing: Machine ControlView the full article
Hacker News

End-to-End Encrypted RCS Messages Referenced in Latest iOS 26.3 Beta

Apple appears close to supporting end-to-end encryption (E2EE) for RCS messages, almost a year after the GSM Association said it was working to implement the privacy feature for messages sent between Android and iPhone devices.


As shared by Tiino-X83 on X (Twitter), the latest iOS 26.3 beta includes references to a new carrier bundle setting that will let carriers enable and disable E2EE for RCS messages.

It's possible that the setting relates to making the encryption status of messages visible to the user, as per the GSMA standard's requirements. The requirement is stupulated because local regulations can prohibit E2EE for all users, and users must be notified of encryption status.

End-to-end encryption for RCS was announced in March 2025, as part of version 3.0 of the RCS Universal Profile. Apple said it planned to add support to the Messages app in future iOS, iPadOS, macOS, and watchOS software updates, but the company has since been silent on the subject.


The carrier bundle references in the latest iOS 26.3 beta could be Apple laying the groundwork for future support, and are no guarantee that E2EE for RCS messages are coming with the software release. But they at least indicate that Apple is working to bring support at some point in the future.

RCS support as a whole was added to the iPhone with iOS 18, which supports ‌RCS‌ Universal Profile 2.4. It is effectively a modernized version of the SMS standard, which remains available as a fallback option for text messages over a cellular network.Tags: Encryption, RCS
This article, "End-to-End Encrypted RCS Messages Referenced in Latest iOS 26.3 Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

High-severity bug in Broadcom software enables easy WiFi denial-of-service

A high-severity flaw in Broadcom WiFi chipset software can allow an attacker within radio range to completely knock wireless networks offline by sending a single malicious frame, forcing routers to be manually rebooted before connectivity can be restored.
The flaw, uncovered by the Cybersecurity Research Center (CyRC) at Black Duck during fuzz testing of 802.11 protocol implementations, affects 5GHz wireless networks and causes all connected clients, including guest networks, to be disconnected simultaneously.
“Implementation-level flaws in protocols, such as 802.11, are often more difficult to detect than cryptographic weaknesses,” said Ben Ronallo, principal cybersecurity engineer at Black Duck. “Remediation of vulnerabilities in hardware/firmware is always slower due to the downstream effects needing to be fully tested. In the software world, the commonly cited deadline is 90 days, but for hardware or firmware, it’s closer to 180+ days.”
The issue surfaced while researchers were testing ASUS routers for protocol robustness, but further investigation traced the root cause to software used in Broadcom chipsets rather than the router firmware itself. Broadcom has since issued a patch to its customers, and ASUS has released fixed firmware for affected devices, though a complete public list of impacted products remains unavailable.
Broadcom did not immediately respond to CSO’s request for comments.
A low-effort denial-of-service attack
According to the advisory shared with CSO ahead of its publication on Tuesday, exploitation requires no authentication and works regardless of the configured wireless security settings. An attacker only needs to be within the range to transmit a specially crafted 802.11 frame, immediately rendering the access point unresponsive to all clients on the 5 GHz band.
Devices cannot reconnect until the router is manually restarted, at which point the attack can be repeated indefinitely.
James Maude, field CTO at BeyondTrust, said the findings echo early WiFi attacks that relied on de-authentication and denial-of-service (DoS) tactics. “Given the huge dependence on connectivity for personal devices and ever-increasing numbers of IoT and smart devices, the impacts could be significant,” he said. Maude warned that repeated outages could also enable “evil twin” scenarios, where a rogue access point poses as the legitimate network and tricks users into entering credentials through captive portals.
The good news, Maude added, is that the flaw appears limited to 5GHz networks, meaning many environments may fall back to 2.4 GHz connectivity automatically, reducing immediate exposure.
CyRC assigned the vulnerability a CVSS 4.0 score of 8.4 (high), driven primarily by its availability impact rather than data confidentiality or integrity loss. Testing was conducted using an ASUS RT-BE86U router running firmware versions 3.0.0.6.102_37812 and earlier, though the advisory cautioned that other devices using the same chipset software could be similarly affected.
Chipset-level bugs linger
Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack can be launched by an unauthenticated client, encryption alone offers little protection.”
Das emphasized the role of fuzz testing in uncovering such issues. “Over the years, fuzzing has uncovered a wide range of vulnerabilities, including buffer overflows in drivers, denial-of-service conditions, remote code execution, and performance instability,” he said, adding that the complexity of the WiFi stack makes subtle flaws hard to eliminate.
Broadcom’s PSIRT reportedly confirmed that a patched version of the affected software has been released to customers, with device manufacturers expected to integrate the fix into their own firmware distributions. ASUS also rolled out a fix in firmware version 3.0.0.6.102_37841 and later. CyRC said specific technical details of the vulnerability were intentionally withheld due to the risk of widespread exploitation across wireless infrastructure. Recommendations include segmenting wireless networks, auditing for end-of-life access points, prioritizing patches based on business criticality, and closely monitoring network edges.
View the full article
CSOonline

Mac Shipments Were Flat at the End of 2025 as Rival PC Brands Surged

Apple's Mac business ended 2025 with flat year-over-year shipments in the holiday quarter despite a broader rebound in the global PC market, according to the International Data Corporation (IDC).


The findings suggest that global PC shipments rose 9.6% year over year in the fourth quarter of 2025 to 76.4 million units, exceeding expectations as brands accelerated purchases ahead of anticipated supply constraints and component price increases. Within that total, Apple shipped 7.1 million Macs during the quarter, which is essentially unchanged from the same period a year earlier, resulting in a decline in quarterly market share even as the overall market expanded.

Apple ranked fourth globally behind Lenovo, HP, and Dell, all of which posted double-digit shipment growth. Lenovo shipped 19.3 million units in the fourth quarter of 2025, up 14.4% year over year, while HP shipped 15.4 million units, up 12.1%. Dell recorded the fastest growth among the top three at 18.2%, with 11.7 million units shipped.

IDC attributed the stronger-than-expected fourth quarter to factors including the end of support for Windows 10, tariff-related uncertainty earlier in the year, and growing concern over tightening memory supply. These dynamics encouraged many vendors to pull forward inventory purchases into late 2025, amplifying the usual holiday period seasonal uplift.

For the full year, Apple's performance was more robust. IDC estimates that Apple shipped 25.6 million Macs in 2025, up from 23.0 million units in 2024, representing year-over-year growth of 11.1%. That increase outpaced the overall PC market, which grew 8.1% to 284.7 million units globally. Apple's annual market share rose to 9.0% from 8.7% the year before, even as its fourth-quarter share fell to 9.3% from 10.2% in the fourth quarter of 2024 due to faster growth by major Windows brands.Tag: IDC
This article, "Mac Shipments Were Flat at the End of 2025 as Rival PC Brands Surged" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

AWS Platform Become an Enterprise-Ready Cloud Engineer—bangalore

Introduction: Problem, Context & Outcome
Engineering teams increasingly rely on cloud platforms to deliver applications faster. However, many professionals struggle with designing secure architectures, managing scalability, and controlling costs on AWS. Engineers often experiment with services without understanding best practices, which leads to outages, security misconfigurations, and unexpected billing surprises. At the same time, organizations expect teams to provision infrastructure instantly and maintain high availability.
Because cloud adoption continues to accelerate, AWS expertise has become a core requirement for DevOps and software delivery teams. Yet, unstructured self-learning rarely prepares engineers for production environments. Teams need guided, real-world exposure to build confidence.
This guide explains how Amazon AWS Trainers In Bangalore help professionals gain production-ready cloud skills, understand DevOps workflows, and deliver reliable systems. Why this matters: Strong AWS foundations directly improve reliability, scalability, and business continuity.
What Is Amazon AWS Trainers In Bangalore?
Amazon AWS Trainers In Bangalore are experienced cloud professionals who teach AWS services with a strong focus on real-world usage. Instead of explaining services in isolation, trainers show how AWS components combine to create secure, scalable architectures.
Amazon Web Services offers computing, storage, networking, databases, and managed services that power modern applications. Trainers help developers and DevOps engineers understand how to use services such as EC2, S3, RDS, VPC, IAM, and managed offerings effectively.
In addition, training connects AWS usage to CI/CD pipelines, automation, and cloud-native DevOps practices. Learners therefore develop skills that apply directly to enterprise production systems. Why this matters: Practical training prevents costly architectural mistakes and improves operational confidence.
Why Amazon AWS Trainers In Bangalore Is Important in Modern DevOps & Software Delivery
Modern DevOps relies heavily on cloud platforms. Manual infrastructure provisioning slows delivery and increases risk. As a result, organizations adopt AWS to automate infrastructure, scale dynamically, and improve resilience.
Amazon AWS Trainers In Bangalore help teams address challenges such as infrastructure sprawl, weak security controls, and unreliable deployments. Trainers explain how AWS supports CI/CD pipelines, container platforms, microservices, and Agile workflows.
As cloud environments expand, poorly designed systems drive cost overruns and instability. Structured training ensures teams use AWS services efficiently and securely. Why this matters: Skilled cloud teams deliver features faster while maintaining cost and reliability discipline.
Core Concepts & Key Components
Compute Services (EC2, Auto Scaling)
Purpose: Run applications and services
How it works: Virtual machines scale automatically based on demand
Where it is used: Application backends and processing workloads
Storage Services (S3, EBS)
Purpose: Persist application data
How it works: Object and block storage store data reliably
Where it is used: Application storage, backups, and logs
Networking (VPC, Subnets, Load Balancers)
Purpose: Control traffic and isolation
How it works: Virtual networks manage routing and access
Where it is used: Secure cloud architectures
Identity & Security (IAM)
Purpose: Manage access securely
How it works: Roles and policies define permissions
Where it is used: All AWS environments
Database Services (RDS, DynamoDB)
Purpose: Store structured and NoSQL data
How it works: Managed databases handle scaling and availability
Where it is used: Production applications
Monitoring & Logging (CloudWatch)
Purpose: Observe system health
How it works: Metrics and logs provide visibility
Where it is used: Operations and troubleshooting
Infrastructure as Code (CloudFormation)
Purpose: Automate infrastructure provisioning
How it works: Templates define AWS resources
Where it is used: DevOps automation workflows
Why this matters: Understanding these components builds stable and scalable cloud systems.
How Amazon AWS Trainers In Bangalore Works (Step-by-Step Workflow)
Training begins with AWS fundamentals and the shared responsibility model. Trainers explain regions, availability zones, and global infrastructure.
Next, learners design secure networks, configure compute resources, and attach storage services. Trainers emphasize automation instead of manual configuration.
Then, AWS integrates with CI/CD pipelines, monitoring systems, and security workflows. Learners practice scaling, backup, and recovery techniques. Why this matters: Step-by-step learning prepares engineers for real production environments.
Real-World Use Cases & Scenarios
DevOps teams deploy applications on AWS using compute and load balancers. Developers host APIs and microservices.
SRE teams monitor performance and ensure uptime. QA teams spin up temporary test environments. Cloud engineers optimize cost and scalability. Businesses benefit from faster releases and reduced infrastructure overhead. Why this matters: Cloud usage directly influences delivery speed and service quality.
Benefits of Using Amazon AWS Trainers In Bangalore
Productivity: Faster infrastructure setup and automation Reliability: Highly available cloud architectures Scalability: Elastic scaling for variable workloads Collaboration: Shared cloud practices across teams Why this matters: These benefits modernize how teams build and operate software.
Challenges, Risks & Common Mistakes
Teams often overprovision resources. Poor IAM practices create security gaps. Ignoring monitoring leads to outages and cost spikes.
Structured training mitigates these risks by teaching best practices, security-first design, and cost optimization strategies. Why this matters: Avoiding mistakes protects uptime and budgets.
Comparison Table
AreaOn-Premise SetupBasic Cloud UsageAWS Best PracticesScalabilityLimitedManualAutomatedCost ModelFixedUnpredictableOptimizedSecurityManualPartialIAM-drivenDeployment SpeedSlowMediumFastAvailabilitySingle siteLimitedMulti-AZAutomationLowMediumHighMonitoringLimitedBasicAdvancedCI/CD IntegrationWeakPartialNativeDisaster RecoverySlowModerateFastFlexibilityLowMediumHigh Why this matters: Comparison explains why AWS expertise matters for modern delivery.
Best Practices & Expert Recommendations
Design systems to expect failure. Apply least-privilege access. Automate infrastructure provisioning. Monitor continuously. Optimize costs regularly.
Trainers recommend incremental cloud adoption backed by automation and governance. Why this matters: Best practices ensure sustainable cloud success.
Who Should Learn or Use Amazon AWS Trainers In Bangalore?
Developers build cloud-native applications. DevOps engineers manage infrastructure automation. Cloud engineers design scalable systems. SRE teams ensure reliability. QA teams create dynamic test environments. Beginners learn fundamentals, while experienced professionals refine architecture skills. Why this matters: Role-focused learning delivers measurable value.
FAQs – People Also Ask
What is Amazon AWS Trainers In Bangalore?
It refers to professional AWS training offered locally. Why this matters: Structure speeds learning.
Why do companies use AWS?
They gain scalable and reliable infrastructure. Why this matters: Reliability supports growth.
Is AWS beginner-friendly?
Yes, with guided training. Why this matters: Guidance reduces confusion.
How does AWS support DevOps?
It integrates with CI/CD and automation. Why this matters: Integration speeds delivery.
Is AWS useful for developers?
Yes, developers deploy applications on AWS. Why this matters: Relevance boosts careers.
Can AWS reduce infrastructure costs?
Yes, when optimized correctly. Why this matters: Cost control protects budgets.
Do QA teams use AWS?
Yes, for test environments. Why this matters: Faster testing improves releases.
Is AWS secure?
Yes, with proper configuration. Why this matters: Security protects data.
Does AWS scale globally?
Yes, across multiple regions. Why this matters: Global reach supports expansion.
How long does it take to learn AWS?
Foundations come quickly with structured learning. Why this matters: Faster learning increases productivity.
Branding & Authority
Amazon AWS Trainers In Bangalore deliver enterprise-ready learning through DevOpsSchool, a globally trusted DevOps and cloud education platform. DevOpsSchool focuses on hands-on labs, real production use cases, and outcome-driven training aligned with modern enterprise requirements. Learners gain practical cloud skills that translate directly to job performance.
This real-world approach ensures long-term relevance and confidence. Why this matters: Trusted platforms reduce learning risk and skills gaps.
Mentorship is provided by Rajesh Kumar, who brings more than 20 years of hands-on expertise across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His experience spans Kubernetes, cloud platforms, CI/CD automation, and enterprise-scale systems.
His mentoring emphasizes scalable architectures and operational excellence. Why this matters: Expert guidance turns learning into production-ready capability.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329



View the full article
reporter

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modularView the full article
Hacker News

What Should We Learn From How Attackers Leveraged AI in 2025?

Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry points thatView the full article
Hacker News

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 "This issue [...] could enable an unauthenticated user to impersonate another user andView the full article
Hacker News

Artifactory Containers A Comprehensive Guide For Enterprises—Pune

Introduction: Problem, Context & Outcome
Modern engineering teams deliver software at high speed. However, many teams still struggle to manage build artifacts, dependencies, and binary versions across environments. As CI/CD pipelines expand, misplaced artifacts, overwritten versions, and inconsistent dependency resolution create deployment risks. Consequently, releases fail, rollbacks become complex, and confidence drops. At the same time, DevOps practices demand traceability, automation, and repeatable delivery.
Because of this growing complexity, artifact management has evolved into a critical DevOps function rather than a background task. Unfortunately, teams that learn tools without proper structure often introduce security gaps and pipeline instability. This challenge highlights the need for disciplined, real-world Artifactory training.
This guide explains how structured Artifactory learning helps teams manage artifacts effectively, improve release reliability, and maintain delivery speed at scale. Why this matters: Controlled artifacts directly protect release stability and operational trust.
What Is Artifactory Trainers In Pune?
Artifactory Trainers In Pune are seasoned professionals who teach how to manage software artifacts using JFrog Artifactory within real enterprise environments. Instead of focusing only on tool installation, trainers explain how artifacts move through the entire DevOps lifecycle.
Artifactory serves as a universal binary repository that stores, versions, and distributes build outputs and dependencies. Trainers help developers and DevOps engineers understand how Artifactory integrates with build tools, CI/CD systems, and cloud platforms.
Additionally, training connects artifact management to DevSecOps practices, release governance, and compliance requirements. Learners therefore gain hands-on skills that apply directly to production pipelines and distributed teams. Why this matters: Proper training prevents dependency conflicts and unreliable deployments.
Why Artifactory Trainers In Pune Is Important in Modern DevOps & Software Delivery
Modern DevOps teams deploy software continuously. However, frequent deployments increase dependency complexity, security exposure, and audit pressure. Because of this, organizations require centralized control over artifacts and packages. Artifactory trainers help teams adopt artifact management as a first-class DevOps capability.
Enterprises rely on Artifactory to version binaries, secure third-party dependencies, and promote builds safely across environments. Trainers demonstrate how Artifactory aligns with CI/CD pipelines, cloud-native architectures, and Agile delivery models.
As pipelines mature, unmanaged artifacts introduce compliance risks and operational bottlenecks. Structured training ensures teams apply governance without slowing innovation. Why this matters: Strong artifact control keeps pipelines fast, predictable, and secure.
Core Concepts & Key Components
Artifact Repository
Purpose: Centralize storage of build outputs
How it works: A secure repository stores binaries and packages
Where it is used: CI/CD pipelines and release management
Repository Types (Local, Remote, Virtual)
Purpose: Organize and source artifacts efficiently
How it works: Local stores internal builds, remote proxies external repositories, virtual aggregates access
Where it is used: Dependency resolution and enterprise pipelines
Build Tool Integration
Purpose: Automate artifact publishing
How it works: CI tools publish artifacts after each build
Where it is used: Continuous integration workflows
Metadata & Versioning
Purpose: Track artifact lifecycle
How it works: Captures versions, checksums, and build information
Where it is used: Auditing and traceability
Security & Access Control
Purpose: Protect sensitive binaries
How it works: Role-based permissions restrict access
Where it is used: Enterprise and regulated environments
Replication & High Availability
Purpose: Ensure uptime and global access
How it works: Replicates repositories across nodes and regions
Where it is used: Distributed teams and cloud deployments
Artifact Promotion
Purpose: Control release flow
How it works: Moves verified artifacts between environments
Where it is used: Release and deployment pipelines
Why this matters: Mastering these components prevents pipeline fragility and security gaps.
How Artifactory Trainers In Pune Works (Step-by-Step Workflow)
Training begins by mapping the complete software delivery lifecycle. Trainers explain how artifacts originate during builds and progress through environments. Teams then design repository structures aligned with development, testing, and production stages.
Next, CI pipelines publish artifacts automatically into Artifactory. Metadata records build details for traceability. Access controls and security policies regulate usage.
Finally, teams promote approved artifacts from development to staging and production. Integration with deployment tools finalizes delivery. Why this matters: A structured workflow ensures repeatable and reliable releases.
Real-World Use Cases & Scenarios
DevOps teams use Artifactory to manage artifacts across multiple projects. Developers resolve dependencies from trusted repositories. QA teams validate artifacts before promotion.
SRE teams ensure rollback readiness. Cloud engineers distribute artifacts across regions. Business stakeholders benefit from faster releases and fewer failures. Why this matters: Artifact discipline directly influences delivery speed and system stability.
Benefits of Using Artifactory Trainers In Pune
Productivity: Faster builds and fewer dependency issues Reliability: Consistent, traceable artifacts across environments Scalability: Supports enterprise pipelines and cloud growth Collaboration: Shared repositories align teams Why this matters: These benefits translate into predictable and confident software delivery.
Challenges, Risks & Common Mistakes
Teams often misuse repository types or mix environments incorrectly. Weak permission models expose artifacts to risk. Skipping cleanup leads to storage sprawl.
Structured training addresses these issues through governance models, lifecycle policies, and security best practices. Why this matters: Avoiding mistakes protects uptime, compliance, and cost.
Comparison Table
AspectManual StorageBasic RepositoryArtifactoryCentralizationNoPartialYesVersion ControlWeakLimitedStrongSecurityManualBasicEnterprise-gradeCI/CD IntegrationPoorMediumStrongScalabilityLowMediumHighMetadata TrackingNoLimitedFullPromotion ControlNoPartialYesAuditabilityLowMediumHighCollaborationLowMediumHighAutomation SupportWeakMediumStrong Why this matters: Comparison clearly explains why Artifactory fits enterprise DevOps pipelines.
Best Practices & Expert Recommendations
Define repository strategies early. Enforce least-privilege access. Remove unused artifacts regularly. Automate artifact promotion workflows.
Integrate security scanning into CI/CD pipelines. Document repository standards clearly. Why this matters: Best practices ensure sustainable and secure pipelines.
Who Should Learn or Use Artifactory Trainers In Pune?
Developers manage dependencies with confidence. DevOps engineers govern delivery pipelines. Cloud engineers scale artifact distribution. SRE teams improve rollback readiness. QA teams validate releases. Beginners build strong foundations, while experienced professionals refine enterprise practices. Why this matters: Role-aligned learning maximizes operational impact.
FAQs – People Also Ask
What is Artifactory Trainers In Pune?
It refers to structured Artifactory training for professionals. Why this matters: Structure accelerates learning.
Why do teams use Artifactory?
They centralize and secure artifacts. Why this matters: Centralization prevents failures.
Is Artifactory beginner-friendly?
Yes, with guided instruction. Why this matters: Guidance avoids misuse.
How does Artifactory compare to Nexus?
Artifactory supports more universal formats. Why this matters: Flexibility improves pipelines.
Is Artifactory relevant for DevOps roles?
Yes, it integrates with CI/CD. Why this matters: Relevance boosts career growth.
Does Artifactory support cloud environments?
Yes, across major cloud platforms. Why this matters: Cloud readiness remains essential.
Can QA teams use Artifactory?
Yes, for artifact validation. Why this matters: Validation improves release quality.
Is Artifactory secure?
Yes, with role-based controls. Why this matters: Security protects assets.
Does Artifactory scale for enterprises?
Yes, using HA and replication. Why this matters: Scalability supports growth.
How quickly can one learn Artifactory?
Foundations develop quickly with training. Why this matters: Faster learning improves productivity.
Branding & Authority
Artifactory Trainers In Pune deliver industry-aligned expertise through DevOpsSchool, a globally trusted DevOps learning organization known for enterprise-grade, hands-on programs. DevOpsSchool focuses on real delivery challenges, practical labs, and outcome-driven education aligned with modern CI/CD and cloud-native ecosystems.
This learning-first approach ensures long-term relevance across industries. Why this matters: Trusted platforms reduce risk and improve job readiness.
Mentorship is led by Rajesh Kumar, who brings more than 20 years of hands-on experience across DevOps and DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His expertise spans Kubernetes, cloud platforms, CI/CD automation, and enterprise artifact management systems.
His guidance emphasizes scalable architecture, governance, and operational excellence. Why this matters: Expert mentorship converts tools into production-ready capabilities.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article
reporter

For application security: SCA, SAST, DAST and MAST. What next?

I have stared at enough scanner dashboards to recognize the pattern. SAST flags theoretical flaws that never execute. DAST shrugs because the route to the vulnerable function is blocked. SCA floods the zone with CVEs that never touch a hot path. MAST scolds my mobile app for secrets I retired last quarter. These tools are still essential, yet they now form a baseline rather than a destination. The next chapter is not another “silver bullet” product; it is a shift toward posture, provenance and proof.
Sunil Gentyala
Over the past year the community has admitted the obvious: the battleground is the software supply chain and the running system, not only pre‑release scans. OWASP’s 2025 update elevated software supply chain failures to A03, reframing vulnerable and outdated components as a systemic ecosystem risk that spans dependencies, build systems and distribution infrastructure (Endor Labs overview here). In parallel, CISA pushed SBOM guidance forward with a 2025 draft that demands richer, machine‑readable metadata and emphasizes automation for scale.
Posture, provenance and proof: The new trinity
Application security posture management (ASPM) is the control plane that makes the old quartet useful again. Gartner’s 2025 Innovation Insight described how ASPM connects scattered signals across the SDLC, enforces policy and prioritizes based on context, such as reachability and exposure in practice, which means pulling SAST, DAST, SCA, IaC and runtime findings into a single view, then filtering for the small subset that really matters.
I prefer framing ASPM through a code to cloud lens because it mirrors how our systems actually work. The Wiz Academy guide lays out ASPM’s core capabilities, unified visibility, risk prioritization, policy enforcement and stresses continuous discovery across development, build and deployment. The goal is to cut alert fatigue while connecting code issues to runtime impact ASPM. This aligns with Gartner’s premise but adds practical detail about correlating repository signals, pipeline policies and cloud reality.
Posture is the ‘what.’ Provenance is the ‘how’. The SLSA framework gives us a shared vocabulary and verifiable controls to prove that artifacts were built by hardened, tamper‑resistant pipelines with signed attestations that downstream consumers can trust (OpenSSF overview here). When I insist on SLSA Level 2 for most services and Level 3 for critical paths, I am not chasing compliance theater; I am buying integrity that survives audit and incident.
Proof is where SBOMs finally grow up. Binding SBOM generation to the build that emits the deployable bits, signing them and validating at deploy time moves SBOMs from “ingredient lists” to enforceable controls. The CNCF TAG‑Security best practices v2 paper is my practical map, personas, VEX for exploitability, cryptographic verification to ensure tests actually ran, and prescriptive guidance for cloud‑native factories.
Advisory: if your SBOM describes developer intent rather than what executes, you will miss the next recall. Generate SBOMs from the build that produced the binary, sign them, ingest VEX and gate deployments on verification.
From dashboards to decisions: ASPM in practice
A posture program is a set of habits, not just a platform. I start by unifying scanner outputs into a single risk register, but I refuse to triage in a vacuum. Findings must carry reachability evidence, data sensitivity tags and exposure context. That is where ASPM earns its keep. The Wiz Academy material underscores this code to cloud connection and shows how to reduce noise so developers see the few issues that block business rather than a wall of theoretical risk. Gartner’s framing makes the case for adoption in regulated environments where fragmented signals undermine remediation velocity.
Two implementation notes from my own programs. First, wire ASPM to owners. Every finding needs a resolver and an SLA, or it is just a report. Second, gate risky builds. Policy enforcement is not a dashboard; it is a decision. If an artifact lacks provenance or a VEX shows exploitability in a reachable path, it does not ship.
Advisory: Keep one policy source of truth. If security policy lives in three tools, developers will ignore all three.
Supply chain rigor without theater
Supply chain work can degrade into paperwork if we forget what matters. Integrity is the point. I keep SLSA simple. Level 2 quickly, Level 3 for critical paths. That means a hardened build service, isolated builds, signed provenance and a verified chain from source to artifact.  SBOMs become operational once they are machine-readable, signed and validated on deploy. CISA’s 2025 draft tightened expectations for fields, formats and automation, which I welcome because it makes procurement and incident response faster and cleaner.
The CNCF paper fills in the gaps. It explains how to couple SBOMs with VEX, add cryptographic checks for pipeline steps, and treat developer infrastructure as part of the supply chain. That last point matters because attackers increasingly target repositories, CI settings and artifact registries, not just code dependencies. Public sector guidance from CNCF echoes the same priorities for government workloads, with concrete lessons from SolarWinds, Log4Shell and xz.
Advisory: never accept a vendor SBOM without a signature and a provenance attestation. If they cannot prove how the software was built, your risk calculus is guesswork.
Runtime reality: Instruments, not illusions
Prerelease testing is necessary but not sufficient. IAST instrumentation gives me runtime truth during QA, observing actual execution paths to reduce false positives and preserve developer context. In production, the mental model shifts to RASP, which blocks exploitation inside the application at the exact moment risky operations occur: SQL construction, OS exec, serialization, where WAFs cannot see. This is not a knock on WAFs; it is a recognition that network layer inspection and application layer introspection solve different problems.
If you think perimeter controls are enough, two weeks in November 2025 should dispel that. CISA issued emergency guidance for Cisco ASA and FTD vulnerabilities (CVE‑2025‑20333, CVE‑2025‑20362) because agencies reported devices as “patched” that were still on vulnerable trains. The directive prescribed minimum versions, forensic checks and timelines, and reminded everyone that all devices must be updated, not only Internet‑facing ones (CISA press release).
The lesson is portable: treat “patched” as a state with proofs. Validate minimum release trains, verify fleet‑wide and decommission end‑of‑support gear. Pair perimeter controls with application‑layer sensors and container runtime protection because your workloads increasingly live in Kubernetes and managed platforms. Market analyses confirm the shift toward orchestrated, cloud‑native estates where consistent runtime policy is possible (CNCF trend post here).
Advisory: wire runtime telemetry to your TDIR practice. When RASP blocks an injection in production, that event should spawn code fixes, not just a closed alert.
Securing AI and the supply chain ecosystems
Among the nexts, AI is the most mercurial. NIST’s final 2025 guidance on adversarial ML split threats across PredAI and GenAI and called out prompt injection in direct and indirect form as the dominant exploit in agentic systems where trusted instructions co mingle with untrusted data (Meritak Overview; IBM explainer). The U.S. AI Safety Institute published work on agent hijacking evaluations, which I treat as required red‑team reading for anyone delegating actions to tools (NIST AISI blog).
For builders, the July 2024 NIST SP 800‑218A community profile extends SSDF into generative AI and dual-use foundation models. It covers threat modeling prompts, securing training data pipelines, isolating model operations and binding model documentation to secure development practices.
At the language layer an unfashionable recommendation turned mainstream. In June 2025 NSA and CISA urged adoption of memory‑safe languages with pragmatic migration guidance for legacy estates—start where it matters most, integrate incrementally and shield old modules behind hardened FFI (NSA/CISA CSI).
Language choices that erase entire bug classes
If you want to delete vulnerability classes, stop writing them. In June 2025, NSA and CISA published a joint CSI urging adoption of memory-safe languages with pragmatic migration guidance for legacy estates. Start where it matters, integrate incrementally and shield old modules behind hardened FFI. This is not academic posturing. Buffer overflows, use after free and data races erode resilience and cost real money. Memory-safe languages reduce those risks by design.
Advisory: mandate memory-safe languages for net new development, plan migrations for high-risk modules and publish a runway with dates and metrics. Explain the why using NSA and CISA guidance, then measure the results.
Where SCA, SAST, DAST and MAST fit now
They remain foundational when docked into a posture‑centric program.
SAST still catches design and implementation flaws, but I insist on reachability analysis and developer‑first remediation inside the IDE; feed SAST into ASPM for context so theoretical issues do not overwhelm real ones. DAST is indispensable for pre‑release exposure, yet I pair it with IAST to observe live code paths and reduce false positives. SCA moves beyond CVE lists when SBOM generation binds to builds and VEX cuts noise; CNCF best practices and CISA’s 2025 SBOM draft describe how to do this well. MAST keeps mobile hardening honest, but I roll secret hygiene and secure storage checks into the same lifecycle controls used for server apps. Leadership advisory: what I implement next
This is the operating model I have shipped in regulated environments that cannot afford to be wrong.
ASPM as control plane. Unify signals, deduplicate and rank by exploitability—reachability, exposure, data sensitivity. Route ownership automatically and use policy gates on risky builds. Supply chain rigor. Adopt SLSA levels, require signed SBOMs and attestations, and validate at deploy. No artifact without provenance, no deploy without verification. Runtime protection. Embed RASP in application stacks, enforce container runtime controls and keep WAF at the edge. Wire events to your TDIR pipeline so blocking in production triggers fixes in code. Secrets lifecycle and machine identities. Central vaulting, automated rotation, least privilege everywhere, mutual TLS for service‑to‑service authentication. AI security program. Adopt NIST SP 800‑218A, red‑team agents for hijacking, enforce privilege separation and monitor outputs. Language policy. Mandate memory‑safe languages for net‑new development, plan migrations for high‑risk modules and use NSA/CISA’s guidance to educate stakeholders. Conclusion
SCA, SAST, DAST and MAST remain the bedrock, but they are most effective when orchestrated by ASPM, proven by SLSA and SBOMs, and defended by runtime controls. Add AI-specific safeguards and memory‑safe languages, and you move from chasing findings to making decisions with confidence. That is my “what next.”
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
CSOonline

Artifactory Containers: A Comprehensive Guide For Modern Enterprises—Bangalore

Introduction: Problem, Context & Outcome
Engineering teams today move fast, but software artifacts often move slowly and inconsistently. Many teams still store binaries in scattered locations, rely on manual dependency handling, or lose track of artifact versions across environments. As delivery pipelines scale, these gaps cause broken builds, failed deployments, and risky rollbacks. Meanwhile, DevOps practices demand speed, traceability, and reliability across every release.
Because of this shift, artifact management has become a foundational capability rather than a background task. However, teams that learn Artifactory without structure often misuse repositories and weaken pipeline governance. That confusion creates operational risk instead of control.
This guide explains how Artifactory training closes these gaps, what learners gain from expert guidance, and how structured artifact management improves delivery confidence. Why this matters: Reliable artifact handling directly protects release stability and business continuity.
What Is Artifactory Trainers In Bangalore?
Artifactory Trainers In Bangalore are specialists who teach professionals how to manage software artifacts using JFrog Artifactory in real enterprise environments. Instead of focusing only on installation steps, trainers explain how artifact repositories support secure, scalable DevOps delivery.
Artifactory works as a universal binary repository that stores, versions, and distributes build outputs across teams and tools. Trainers help developers and DevOps engineers understand how Artifactory integrates with build tools, CI/CD pipelines, and cloud platforms.
In addition, training connects artifact management with DevSecOps practices, compliance needs, and release governance. Learners therefore gain hands-on skills that directly apply to production pipelines. Why this matters: Strong artifact discipline prevents dependency chaos and unstable releases.
Why Artifactory Trainers In Bangalore Is Important in Modern DevOps & Software Delivery
Modern DevOps teams deploy software continuously. However, frequent releases increase dependency complexity and security exposure. Because of this, teams need centralized control over binaries and packages. Artifactory trainers help teams adopt artifact management as a first-class DevOps discipline.
Organizations use Artifactory to version artifacts, secure dependencies, and integrate vulnerability scanning into pipelines. Trainers demonstrate how Artifactory fits naturally into CI/CD workflows, cloud-native environments, and Agile delivery cycles.
As pipelines mature, unmanaged artifacts create compliance risks and delivery bottlenecks. Structured training ensures teams apply governance without slowing innovation. Why this matters: Controlled artifacts keep pipelines fast, predictable, and secure.
Core Concepts & Key Components
Artifact Repository
Purpose: Store and manage build outputs centrally
How it works: A secure repository holds binaries and packages
Where it is used: CI/CD pipelines and release workflows
Repository Types (Local, Remote, Virtual)
Purpose: Organize and source artifacts efficiently
How it works: Local stores builds, remote proxies external sources
Where it is used: Dependency and package management
Build Tool Integration
Purpose: Automate artifact publishing
How it works: CI tools push artifacts after builds
Where it is used: Continuous integration stages
Metadata & Versioning
Purpose: Track artifact lifecycle
How it works: Stores build info, checksums, and versions
Where it is used: Auditing and traceability
Security & Access Control
Purpose: Protect sensitive binaries
How it works: Role-based permissions manage access
Where it is used: Enterprise environments
Replication & High Availability
Purpose: Ensure uptime and performance
How it works: Replicates repositories across nodes
Where it is used: Distributed teams and regions
Artifact Promotion
Purpose: Control release flow
How it works: Moves validated artifacts across stages
Where it is used: Release and deployment pipelines
Why this matters: Mastering these components prevents pipeline fragility and security gaps.
How Artifactory Trainers In Bangalore Works (Step-by-Step Workflow)
Training begins with mapping the software delivery lifecycle. Trainers explain how artifacts originate during builds and flow through environments. Teams then design repository structures aligned with environments and toolchains.
Next, CI systems publish artifacts automatically into Artifactory. Metadata captures build details for traceability. Access controls and security policies protect repositories.
Finally, teams promote approved artifacts from development to staging and production. Integration with deployment tools completes the workflow. Why this matters: A clear lifecycle ensures repeatable and reliable releases.
Real-World Use Cases & Scenarios
DevOps teams use Artifactory to manage artifacts across multiple projects. Developers resolve dependencies consistently from trusted repositories. QA teams validate build artifacts before promotion.
SRE teams ensure rollback readiness. Cloud engineers distribute artifacts across regions. Business stakeholders benefit from faster releases and fewer failures. Why this matters: Artifact discipline directly affects delivery speed and system stability.
Benefits of Using Artifactory Trainers In Bangalore
Productivity: Faster builds and fewer dependency issues Reliability: Consistent, traceable artifacts across environments Scalability: Supports enterprise pipelines and cloud growth Collaboration: Shared repositories align teams Why this matters: These benefits lead to predictable and confident software delivery.
Challenges, Risks & Common Mistakes
Teams often misuse repository types. Weak permission models expose artifacts to risk. Skipping cleanup creates storage sprawl.
Structured training addresses these issues through governance models, lifecycle policies, and security best practices. Why this matters: Avoiding mistakes protects compliance, cost, and uptime.
Comparison Table
AspectManual StorageBasic RepositoryArtifactoryCentralizationNoPartialYesVersion ControlWeakLimitedStrongSecurityManualBasicEnterprise-gradeCI/CD IntegrationPoorMediumStrongScalabilityLowMediumHighMetadata TrackingNoLimitedFullPromotion ControlNoPartialYesAuditabilityLowMediumHighCollaborationLowMediumHighAutomation SupportWeakMediumStrong Why this matters: Comparison shows why Artifactory fits enterprise DevOps pipelines.
Best Practices & Expert Recommendations
Define repository strategies early. Enforce least-privilege access. Clean unused artifacts regularly. Automate promotion workflows.
Integrate security scanning into CI/CD pipelines. Document repository usage clearly. Why this matters: Best practices ensure long-term pipeline health.
Who Should Learn or Use Artifactory Trainers In Bangalore?
Developers manage dependencies reliably. DevOps engineers govern pipelines. Cloud engineers scale artifact distribution. SRE teams improve rollback readiness. QA teams validate releases. Beginners gain foundations, while experienced professionals refine enterprise delivery practices. Why this matters: Role-aligned learning maximizes operational impact.
FAQs – People Also Ask
What is Artifactory Trainers In Bangalore?
It refers to structured Artifactory training for professionals. Why this matters: Structure accelerates mastery.
Why do teams use Artifactory?
They centralize and secure artifacts. Why this matters: Centralization prevents failures.
Is Artifactory suitable for beginners?
Yes, with guided learning. Why this matters: Guidance avoids misuse.
How does Artifactory compare to Nexus?
Artifactory supports more universal formats. Why this matters: Flexibility improves pipelines.
Is Artifactory relevant for DevOps roles?
Yes, it integrates with CI/CD. Why this matters: Relevance increases career value.
Does Artifactory support cloud environments?
Yes, across major providers. Why this matters: Cloud readiness stays essential.
Can QA teams use Artifactory?
Yes, for artifact validation. Why this matters: Validation improves release quality.
Is Artifactory secure?
Yes, with role-based access control. Why this matters: Security protects assets.
Does Artifactory scale for enterprises?
Yes, using HA and replication. Why this matters: Scalability supports growth.
How quickly can teams learn Artifactory?
Basics come quickly with expert guidance. Why this matters: Faster learning boosts productivity.
Branding & Authority
Artifactory Trainers In Bangalore build credibility through DevOpsSchool, a globally trusted platform known for enterprise-grade DevOps education. DevOpsSchool focuses on real delivery challenges, hands-on labs, and outcome-driven learning. Learners gain artifact management expertise aligned with modern CI/CD pipelines and cloud-native systems.
This practical, industry-aligned approach ensures long-term relevance and confidence. Why this matters: Trusted education reduces learning risk and improves real-world readiness.
Mentorship is led by Rajesh Kumar, who brings over 20 years of hands-on experience across DevOps and DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His expertise spans Kubernetes, cloud platforms, CI/CD automation, and enterprise artifact management systems.
His guidance emphasizes scalable architecture and operational excellence. Why this matters: Expert mentorship converts tools into production-ready skills.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article
reporter

AppDynamics Observability: A Comprehensive Guide For Cloud Systems

Introduction: Problem, Context & Outcome
Engineering teams today manage applications that span microservices, APIs, cloud platforms, and legacy systems. However, performance issues often surface without warning. Logs and metrics exist, yet teams struggle to connect them to real user impact. As a result, troubleshooting becomes reactive, slow, and stressful. Meanwhile, user expectations continue to rise across digital products.
Because of this pressure, organizations now require deep application visibility at every stage of delivery. Performance monitoring can no longer stay optional or reactive. However, without proper guidance, teams misconfigure tools and overlook critical signals. This situation creates blind spots that directly affect business outcomes.
This guide explains how structured AppDynamics training solves visibility challenges, strengthens DevOps workflows, and improves system reliability. You will understand what AppDynamics trainers deliver and why their expertise matters today. Why this matters: Clear visibility enables faster decisions and protects user experience.
What Is AppDynamics Trainers?
AppDynamics Trainers are professionals who teach engineers how to use AppDynamics effectively within real-world enterprise environments. Instead of focusing only on charts and dashboards, trainers explain how performance data connects to application behavior, infrastructure health, and business transactions.
AppDynamics is an application performance monitoring platform that provides end-to-end visibility across distributed systems. Trainers help developers and DevOps engineers understand how AppDynamics traces transactions across services, databases, APIs, and third-party dependencies.
Additionally, training links AppDynamics usage with CI/CD pipelines, cloud deployments, and operational monitoring practices. Learners therefore gain practical insight into using monitoring data to support reliable software delivery. Why this matters: Practical training transforms monitoring data into actionable operational intelligence.
Why AppDynamics Trainers Is Important in Modern DevOps & Software Delivery
Modern DevOps teams deploy code frequently. However, frequent releases increase the risk of performance regression. Because of this, continuous monitoring has become essential throughout the delivery lifecycle. AppDynamics trainers help teams embed performance monitoring into everyday DevOps practices.
Organizations rely on AppDynamics to detect anomalies early, understand root causes quickly, and correlate performance with business outcomes. Trainers demonstrate how AppDynamics integrates with CI/CD pipelines, cloud infrastructure, and Agile delivery models.
As systems become more distributed, manual troubleshooting fails to scale. Structured training ensures engineers interpret metrics correctly and respond confidently. Why this matters: Proactive monitoring protects uptime, revenue, and customer trust.
Core Concepts & Key Components
Application Performance Monitoring (APM)
Purpose: Track application performance end to end
How it works: Captures transaction flow across application tiers
Where it is used: Staging and production environments
Business Transactions
Purpose: Monitor critical user journeys
How it works: Groups similar requests into logical units
Where it is used: SLA and performance analysis
Flow Maps
Purpose: Visualize service dependencies
How it works: Displays real-time interaction maps
Where it is used: Root cause investigation
Metrics & Snapshots
Purpose: Collect performance data
How it works: Records response times, errors, and calls
Where it is used: Diagnostics and optimization
Health Rules & Alerts
Purpose: Detect performance issues early
How it works: Triggers alerts based on thresholds
Where it is used: Incident prevention
Browser & Mobile Monitoring
Purpose: Monitor user experience
How it works: Tracks front-end performance data
Where it is used: Customer experience analysis
Analytics & Business iQ
Purpose: Correlate performance with business metrics
How it works: Analyzes transaction and event data
Where it is used: Business impact monitoring
Why this matters: Mastering these components enables accurate diagnosis and rapid resolution.
How AppDynamics Trainers Works (Step-by-Step Workflow)
Training starts by mapping application architecture and identifying critical business services. Trainers explain how AppDynamics agents collect telemetry from applications. Teams then define business transactions that reflect real user journeys.
Next, flow maps expose service dependencies and performance bottlenecks. Health rules establish acceptable thresholds. Alerts notify teams when behavior changes.
Finally, AppDynamics integrates into CI/CD pipelines and cloud monitoring workflows. Teams review performance after each deployment and act proactively. Why this matters: A structured workflow reduces blind spots and firefighting.
Real-World Use Cases & Scenarios
Enterprises use AppDynamics to monitor microservices at scale. DevOps teams detect performance degradation after deployments. SRE teams reduce mean time to resolution by using flow-based diagnostics.
Cloud engineers monitor distributed applications across regions. QA teams validate performance before release. Business leaders track transactions tied to revenue and customer experience. Why this matters: Visibility connects technical performance with business outcomes.
Benefits of Using AppDynamics Trainers
Productivity: Faster analysis and troubleshooting Reliability: Early detection of performance problems Scalability: Visibility across complex architectures Collaboration: Shared insights across teams Why this matters: These benefits directly improve delivery confidence and user satisfaction.
Challenges, Risks & Common Mistakes
Teams often create too many alerts, which causes noise. Poor transaction modeling reduces insight quality. Ignoring business metrics limits monitoring value.
Structured training addresses these risks by teaching focused monitoring strategies, clear baselines, and proper data interpretation. Why this matters: Correct usage maximizes return on monitoring investment.
Comparison Table
AreaLogs OnlyBasic MonitoringAppDynamicsReal-Time VisibilityLowMediumHighRoot Cause AnalysisManualPartialAutomatedBusiness ContextNoneLimitedStrongMicroservices SupportWeakMediumNativeAlert AccuracyLowMediumHighUser Experience TrackingNoPartialYesCI/CD IntegrationWeakMediumStrongScalabilityLimitedMediumHighCollaborationLowMediumHighProactive DetectionNoLimitedYes Why this matters: Clear comparison shows why AppDynamics suits modern DevOps observability.
Best Practices & Expert Recommendations
Define business transactions carefully. Set realistic health rules. Avoid alert fatigue. Review dashboards regularly.
Integrate monitoring early in the CI/CD pipeline. Align metrics with business objectives. Why this matters: Best practices ensure sustained monitoring effectiveness.
Who Should Learn or Use AppDynamics Trainers?
Developers troubleshoot performance issues faster. DevOps engineers monitor release impact. SRE teams improve reliability. Cloud engineers manage distributed systems. QA teams validate performance. Beginners learn core concepts, while experienced engineers deepen observability expertise. Why this matters: Role-based learning maximizes monitoring value.
FAQs – People Also Ask
What is AppDynamics Trainers?
They provide structured AppDynamics training. Why this matters: Structure accelerates learning.
Why do companies use AppDynamics?
They gain deep application visibility. Why this matters: Visibility reduces downtime.
Is AppDynamics suitable for beginners?
Yes, with guided training. Why this matters: Guidance prevents misconfiguration.
How does AppDynamics compare to New Relic?
It offers strong transaction visibility. Why this matters: Tool choice affects insights.
Is AppDynamics relevant for DevOps roles?
Yes, it integrates with CI/CD workflows. Why this matters: Relevance supports DevOps success.
Does AppDynamics support cloud platforms?
Yes, across major providers. Why this matters: Cloud observability remains critical.
Can QA teams use AppDynamics?
Yes, for performance validation. Why this matters: Early validation avoids production issues.
Is AppDynamics secure?
Yes, when configured properly. Why this matters: Security protects monitoring data.
Does AppDynamics scale for enterprises?
Yes, for large distributed systems. Why this matters: Scalability enables growth.
How quickly can teams learn AppDynamics?
They gain fundamentals quickly with training. Why this matters: Faster learning improves outcomes.
Branding & Authority
AppDynamics Trainers build credibility through DevOpsSchool, a globally trusted platform delivering enterprise-grade DevOps and observability education. DevOpsSchool focuses on hands-on learning, real production challenges, and outcome-driven skill development. Learners gain practical monitoring expertise aligned with modern application architectures.
This real-world emphasis ensures lasting relevance across industries. Why this matters: Trusted education reduces risk and increases confidence.
Mentorship comes from Rajesh Kumar, who brings more than 20 years of hands-on experience across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His background spans Kubernetes, cloud platforms, CI/CD automation, and enterprise observability systems.
His mentorship emphasizes architectural thinking, scalability, and operational excellence. Why this matters: Expert guidance converts tools into measurable business value.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329
View the full article
reporter

Configuration Management Using Ansible: A Comprehensive Guide Explained

Introduction: Problem, Context & Outcome
Engineering teams today manage complex infrastructure spread across cloud, hybrid, and on-premise environments. However, many still depend on manual steps, scattered scripts, and undocumented processes. As systems scale, these practices increase failure rates, slow down releases, and create operational stress. At the same time, organizations expect DevOps teams to deliver faster with higher reliability.
Because of these pressures, automation is no longer optional. Teams need structured approaches, not trial-and-error learning. Without proper guidance, automation often introduces more risk instead of reducing it. That gap highlights the need for professional training that connects tools with real operational outcomes.
This guide explains how Ansible training addresses real infrastructure challenges, what learners gain, and why structured automation skills remain critical today. Why this matters: Correct automation improves delivery speed, stability, and long-term operational confidence.
What Is Ansible Trainers?
Ansible Trainers are professionals who guide learners in using Ansible effectively within real DevOps and infrastructure environments. Rather than focusing only on commands, trainers emphasize automation design, maintainability, and operational impact.
Ansible is an agentless automation platform that uses simple YAML files to define system configuration, application deployment, and orchestration. Trainers explain how Ansible manages Linux servers, cloud resources, containers, and hybrid infrastructure consistently.
Additionally, training aligns Ansible with CI/CD pipelines, infrastructure-as-code workflows, and enterprise delivery practices. Learners therefore understand when to automate, how to structure automation, and how to avoid common failures. Why this matters: Practical understanding ensures automation works reliably beyond test environments.
Why Ansible Trainers Is Important in Modern DevOps & Software Delivery
Modern DevOps relies on rapid, repeatable, and auditable delivery. Manual configuration cannot support continuous deployment or distributed systems. Because of this limitation, organizations adopt Ansible to standardize infrastructure operations.
Ansible training helps teams eliminate configuration drift, improve release consistency, and support automated CI/CD pipelines. Trainers demonstrate how automation supports Agile workflows, cloud adoption, and DevOps culture.
As infrastructure complexity grows, weak automation quickly becomes a source of outages. Structured training ensures engineers understand testing, version control, and governance. Why this matters: Skilled automation reduces risk while enabling faster software delivery.
Core Concepts & Key Components
Playbooks
Purpose: Define automation intent
How it works: YAML files describe desired state
Where it is used: Configuration and deployment automation
Inventory
Purpose: Organize systems
How it works: Hosts and groups control execution scope
Where it is used: Multi-environment automation
Modules
Purpose: Execute defined tasks
How it works: Prebuilt modules perform idempotent actions
Where it is used: Operational automation
Roles
Purpose: Structure automation cleanly
How it works: Standard directories separate logic
Where it is used: Enterprise automation projects
Variables
Purpose: Add flexibility
How it works: Parameters adjust behavior dynamically
Where it is used: Dev, staging, production workflows
Handlers
Purpose: React to configuration changes
How it works: Trigger actions when notified
Where it is used: Service management
Ansible Tower / AWX
Purpose: Centralize automation management
How it works: UI, RBAC, scheduling, auditing
Where it is used: Large DevOps teams
Why this matters: Mastering these elements prevents fragile and unscalable automation.
How Ansible Trainers Works (Step-by-Step Workflow)
Training begins by identifying real operational challenges. Trainers explain how Ansible communicates over SSH without agents. Learners build inventories that mirror production environments.
Next, playbooks define desired outcomes instead of manual procedures. Variables separate configuration logic from data. Roles organize automation for reuse and governance.
Finally, learners integrate Ansible into CI/CD pipelines and cloud workflows. Testing and validation remain mandatory before production rollout. Why this matters: Clear workflows reduce failures and increase trust in automation.
Real-World Use Cases & Scenarios
DevOps teams automate application deployments across environments. SRE teams use playbooks for recovery and routine operations.
Cloud engineers enforce security baselines automatically. QA teams provision test environments rapidly. Business leaders benefit from faster releases and reduced downtime. Why this matters: Automation affects reliability, costs, and customer satisfaction.
Benefits of Using Ansible Trainers
Productivity: Faster execution with fewer manual tasks Reliability: Consistent configuration across systems Scalability: Supports cloud and hybrid growth Collaboration: Shared automation improves alignment Why this matters: These benefits translate directly into operational efficiency.
Challenges, Risks & Common Mistakes
Teams often overcomplicate playbooks. Poor variable design creates hidden issues. Skipping testing increases outage risk.
Structured training mitigates these problems through modular design, validation practices, and security awareness. Why this matters: Preventing mistakes protects uptime and trust.
Comparison Table
AreaManual WorkScriptsAnsibleAgentlessNoNoYesReadabilityLowMediumHighScalabilityPoorLimitedHighError HandlingManualWeakBuilt-inCloud SupportWeakLimitedStrongCI/CD FitPoorMediumStrongSecurityManualScript-basedRole-basedAuditabilityLowMediumHighCollaborationLowMediumHighMaintenanceDifficultModerateEasy Why this matters: Comparison clarifies why Ansible suits modern DevOps.
Best Practices & Expert Recommendations
Use roles for clarity. Store playbooks in version control. Test in staging environments. Apply least-privilege access. Document automation clearly.
Begin with simple use cases and scale gradually. Review automation frequently. Why this matters: Best practices keep automation reliable long-term.
Who Should Learn or Use Ansible Trainers?
Developers automate deployments. DevOps engineers manage infrastructure. Cloud engineers scale platforms. SRE teams improve reliability. QA professionals streamline test environments. Beginners gain structured foundations, while experienced engineers refine enterprise automation. Why this matters: Role-based learning maximizes impact.
FAQs – People Also Ask
What are Ansible Trainers?
They provide structured Ansible automation guidance. Why this matters: Structure accelerates learning.
Why do organizations use Ansible?
They automate infrastructure reliably. Why this matters: Reliability reduces failures.
Is Ansible beginner-friendly?
Yes, YAML syntax is simple. Why this matters: Easy learning improves adoption.
How does Ansible compare to Puppet?
Ansible is agentless and simpler. Why this matters: Simplicity improves operations.
Is Ansible relevant for DevOps roles?
Yes, it integrates with CI/CD. Why this matters: Relevance boosts careers.
Does Ansible support cloud platforms?
Yes, major providers. Why this matters: Cloud skills remain critical.
Can QA teams use Ansible?
Yes, for environment automation. Why this matters: Faster testing improves delivery.
Is Ansible secure?
Yes, when configured correctly. Why this matters: Security protects systems.
Does Ansible scale for enterprises?
Yes, with Tower/AWX. Why this matters: Scalability enables growth.
How fast can one learn Ansible?
Foundations develop quickly with guidance. Why this matters: Faster learning increases productivity.
Branding & Authority
Ansible Trainers establish authority through DevOpsSchool, a globally trusted platform delivering enterprise-grade DevOps education. DevOpsSchool emphasizes hands-on learning aligned with real infrastructure challenges and modern automation needs. Learners gain production-ready skills that apply across industries and organization sizes.
This focus on real-world relevance ensures long-term value. Why this matters: Trusted education reduces learning risk and improves outcomes.
Mentorship is led by Rajesh Kumar, who brings over 20 years of hands-on experience across DevOps and DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His work spans Kubernetes, cloud platforms, CI/CD pipelines, and enterprise-scale automation.
His guidance emphasizes architectural thinking, scalability, and operational excellence. Why this matters: Expert mentorship turns knowledge into production readiness.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article
reporter

Apple's Patent Grants Declined in 2025 as Innovation Slows

Apple's U.S. patent activity declined sharply in 2025 amid a broader slowdown in patent filings, according to newly released data from IFI CLAIMS Patent Services.


The data shows that Apple was granted 2,722 U.S. patents in 2025, down from 3,082 in 2024, a year-over-year decline of roughly 12% that pushed the company down two positions to sixth place in IFI's annual ranking of the top 50 recipients of U.S. patent grants. The shift marks a notable change for Apple at a time when its spending on artificial intelligence, silicon design, and software continues to expand, but it also reflects a wider contraction in patent activity across the United States.

Total U.S. patent grants in 2025 fell to 323,272, a decline of less than 1% from the previous year, while U.S. patent applications dropped more steeply, falling 9% to 393,344. IFI noted that the decline in applications represents the lowest level since 2019, following a record high in 2024. The data is compiled directly from the U.S. Patent and Trademark Office and forms the basis of IFI's annual Top 50 and Top 10 Fastest Growing Technologies reports.

The slowdown was visible across core technology areas that typically account for a large share of U.S. patents, with filings and grants falling in key categories such as digital data processing and data transmission. The slowdown was not limited to Apple, with other major U.S. technology companies such as Google also falling in the patent rankings in 2025, while Nvidia did not receive enough U.S. patent grants to place in the Top 50 despite its central role in the AI boom.

It also came as the U.S. Patent and Trademark Office continued to work through a backlog of more than 1.2 million applications, which has delayed the pace at which patents are issued. While U.S.-based companies still received the largest number of patents overall, their total fell by more than 5% in 2025, even as companies in several Asian countries increased their patent counts.

Apple's decline occurred as several competitors either held steady or increased their patent output. Samsung retained the top position for the fourth consecutive year with 7,054 U.S. patent grants, accounting for more than 2% of all patents issued in the United States in 2025. Apple chip supplier Taiwan Semiconductor Manufacturing Company (TSMC) ranked second with 4,194 grants, followed by Qualcomm in third place with 3,749.

Apple's drop contrasted with gains by companies such as Dell and Toyota, which moved up eight and six places respectively, driven largely by patents related to computing infrastructure, energy storage, and vehicle systems. Key areas of research in 2025 included AI and battery technologies.Tag: Patent
This article, "Apple's Patent Grants Declined in 2025 as Innovation Slows" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Ansible Configuration Management: A Comprehensive Guide

Introduction: Problem, Context & Outcome
Infrastructure teams today face constant pressure to deliver faster while maintaining stability. However, many engineers still depend on manual configurations, brittle shell scripts, and undocumented fixes. As environments grow across cloud, hybrid, and on-prem systems, these gaps quickly become operational risks. Deployment failures, configuration drift, and delayed releases affect both engineering teams and business outcomes.
At the same time, organizations expect DevOps teams to automate infrastructure reliably and repeatedly. That expectation makes automation expertise a core requirement rather than an optional skill. Learning Ansible in an unstructured way often leads to partial understanding and poor production results.
This is where Ansible Trainers In Pune play a critical role. This guide explains what structured training delivers, how it fits modern DevOps practices, and what learners gain in real enterprise environments. Why this matters: The right automation skills directly improve reliability, speed, and operational confidence.
What Is Ansible Trainers In Pune?
Ansible Trainers In Pune represent experienced professionals who teach Ansible with a strong emphasis on real DevOps and infrastructure automation use cases. Rather than focusing only on commands or syntax, trainers explain how automation supports system stability, repeatability, and compliance in production environments.
Ansible itself is an agentless automation tool that uses simple YAML-based playbooks to manage configuration, deployments, and orchestration. Trainers help learners understand how Ansible works across Linux servers, cloud platforms, containers, and hybrid infrastructure.
Training connects Ansible with CI/CD pipelines, infrastructure-as-code practices, and cloud provisioning workflows. As a result, learners understand both the technical and operational impact of automation decisions. Why this matters: Context-driven training ensures automation works reliably in real systems.
Why Ansible Trainers In Pune Is Important in Modern DevOps & Software Delivery
Modern software delivery depends on speed and predictability. Manual operations slow teams down and increase errors. Ansible trainers help engineers replace ad hoc processes with consistent automation practices.
Organizations adopt Ansible to reduce configuration drift, standardize environments, and support frequent releases. Trainers show how Ansible integrates naturally with CI/CD pipelines, Agile workflows, and cloud-native deployments.
As infrastructure scales, unmanaged automation becomes risky. Structured training ensures teams understand design principles, version control, and governance. Why this matters: Well-trained automation prevents outages and supports continuous delivery at scale.
Core Concepts & Key Components
Playbooks
Purpose: Define automation intent clearly
How it works: YAML files describe desired system state
Where it is used: Configuration management and deployments
Inventory
Purpose: Organize infrastructure targets
How it works: Hosts and groups define execution scope
Where it is used: Multi-cloud and hybrid setups
Modules
Purpose: Perform individual tasks reliably
How it works: Prebuilt modules execute actions idempotently
Where it is used: Daily operational automation
Roles
Purpose: Improve structure and reuse
How it works: Standard folders organize tasks and variables
Where it is used: Enterprise-scale automation
Variables
Purpose: Enable flexibility
How it works: Parameters adapt automation per environment
Where it is used: Dev, staging, production
Handlers
Purpose: Respond to changes
How it works: Trigger actions only when notified
Where it is used: Service management
Ansible Tower / AWX
Purpose: Centralize automation
How it works: UI, RBAC, auditing, and scheduling
Where it is used: Large DevOps teams
Why this matters: Strong foundational knowledge prevents fragile and unmaintainable automation.
How Ansible Trainers In Pune Works (Step-by-Step Workflow)
Training begins with understanding real infrastructure challenges. Trainers explain how Ansible connects to systems using SSH without agents. Learners then build inventories that reflect real environments.
Next, playbooks define desired system states. Trainers demonstrate how variables manage differences across environments. Roles help structure automation for reuse and governance.
Finally, learners integrate Ansible with CI/CD pipelines and cloud workflows. Testing and validation become mandatory steps before production execution. Why this matters: A disciplined workflow reduces errors and increases automation trust.
Real-World Use Cases & Scenarios
DevOps teams use Ansible to automate application deployments. SRE teams rely on playbooks for recovery and standard operations. Cloud teams enforce security and configuration baselines.
QA teams provision test environments quickly. Business leaders benefit from faster releases and reduced downtime. Why this matters: Automation influences both technical stability and business continuity.
Benefits of Using Ansible Trainers In Pune
Productivity: Faster execution and fewer manual steps Reliability: Consistent configurations everywhere Scalability: Supports cloud and hybrid growth Collaboration: Shared automation improves teamwork Why this matters: These benefits directly impact operational efficiency.
Challenges, Risks & Common Mistakes
Teams often write overly complex playbooks. Poor variable handling introduces hidden failures. Skipping testing leads to outages.
Trainers mitigate these risks by teaching modular design, validation practices, and security awareness. Why this matters: Preventing mistakes protects uptime and reputation.
Comparison Table
AspectManual OpsScriptsAnsibleAgentlessNoNoYesReadabilityLowMediumHighScalabilityPoorLimitedHighError HandlingManualWeakBuilt-inCloud SupportWeakLimitedStrongCI/CD IntegrationPoorMediumStrongSecurityManualScript-basedRole-basedAuditabilityLowMediumHighCollaborationLowMediumHighMaintenanceDifficultModerateEasy Why this matters: Clear comparison highlights Ansible’s operational advantage.
Best Practices & Expert Recommendations
Use roles for structure. Maintain playbooks in version control. Test automation before production. Apply least-privilege access. Document clearly.
Start with small use cases and scale gradually. Review automation regularly. Why this matters: Best practices ensure long-term sustainability.
Who Should Learn or Use Ansible Trainers In Pune?
Developers automate deployments. DevOps engineers manage infrastructure. Cloud engineers scale platforms. SREs improve reliability. Beginners gain structured foundations. Experienced engineers refine enterprise automation. Why this matters: Role-focused learning maximizes outcomes.
FAQs – People Also Ask
What is Ansible Trainers In Pune?
It refers to structured Ansible automation training. Why this matters: Structure speeds mastery.
Why do companies use Ansible?
They automate infrastructure reliably. Why this matters: Reliability reduces failures.
Is Ansible beginner-friendly?
Yes, YAML syntax is simple. Why this matters: Easy learning encourages adoption.
How does Ansible compare to Puppet?
Ansible is agentless and simpler. Why this matters: Simplicity improves operations.
Is Ansible relevant for DevOps roles?
Yes, it fits CI/CD pipelines. Why this matters: Relevance supports careers.
Does Ansible support cloud platforms?
Yes, all major providers. Why this matters: Cloud skills remain essential.
Can QA teams use Ansible?
Yes, for environment setup. Why this matters: Faster testing cycles.
Is Ansible secure?
Yes, with proper controls. Why this matters: Security protects systems.
Does Ansible scale for enterprises?
Yes, using Tower/AWX. Why this matters: Scalability enables growth.
How quickly can one learn Ansible?
Foundations come quickly with guidance. Why this matters: Faster learning boosts productivity.
Branding & Authority
Ansible Trainers In Pune establish authority through DevOpsSchool, a globally trusted platform delivering enterprise-grade DevOps education. DevOpsSchool focuses on practical learning that aligns with real operational challenges. Learners gain exposure to modern infrastructure, automation workflows, and production realities rather than isolated tool knowledge.
This approach ensures skills remain relevant across industries and organization sizes. Why this matters: Trusted platforms reduce risk and improve learning outcomes.
Mentorship is led by Rajesh Kumar, who brings more than 20 years of hands-on expertise across DevOps, DevSecOps, Site Reliability Engineering, DataOps, AIOps, and MLOps. His experience spans Kubernetes, cloud platforms, CI/CD systems, and large-scale automation.
His guidance emphasizes architecture decisions, scalability, and operational excellence. Why this matters: Expert mentorship transforms knowledge into production readiness.
Call to Action & Contact Information
Email: [email protected]
Phone & WhatsApp (India): +91 84094 92687
Phone & WhatsApp (USA): +1 (469) 756-6329




View the full article
reporter

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes aView the full article
Hacker News

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution. "Gogs PathView the full article
Hacker News

Top 10 vendors for AI-enabled security — according to CISOs

Venture capital may be flowing to trendy AI security startups, but battle-tested CISOs seem to be sticking with tried-and-true, name-brand technology partners for their AI-enabled security needs.
That’s the key takeaway from CSO’s 2025 Security Priorities Study, which collected responses from more than 640 senior security executives from across the globe. When asked to rank leaders in AI-powered security, the largest and most well-known security vendors topped CISOs’ lists.
The criteria CISOs used to rank industry leaders starts with product innovation. But CISOs also leaned heavily into practical matters, rather than flash and sizzle. The vendor’s reputation and whether they had been victimized by a high-profile breach was the second most important factor. Then came business value of the solution, cost/pricing, name recognition, vendor age, time to integrate the solution, and whether peers also use the technology.
As Grandview Research points out, “The AI in cybersecurity industry is expanding due to the seamless integration of AI technologies with existing cybersecurity frameworks. Organizations prefer solutions that complement their current systems, ensuring minimal disruption and maximum efficiency.”
Also making a strong showing on the list were service providers, either full-on managed security service providers (MSSPs), cloud-based proxy services, or content delivery network providers that have expanded into cybersecurity. Clearly, CISOs are looking for ways to lift the burden of incident response off short-staffed and harried security teams.  
Here are the top 10 leaders in AI-enabled security in order of their ranking in our survey.
1. Cisco
Why they’re here: With its strong roots in networking, Cisco has an established foothold in the enterprise — and a stranglehold on the data that networking gear generates. The acquisitions of Duo Security (multifactor authentication and zero trust), Thousand Eyes (visibility), and Splunk (AI-powered SIEM), have enabled Cisco to integrate networking and security capabilities. Cisco recently launched AI Assistant for Security, an interface trained on massive security datasets to help analysts with event triage, root cause analysis, policy design, and simplifying firewall management.
Power moves: Introduced “Foundation-sec-8b-reasoning,” an AI foundational model designed to apply AI-powered reasoning to security tasks such as threat modeling, attack vector analysis, risk assessment, and security architecture evaluation.
Outlook: John Grady, principal analyst at Enterprise Strategy Group, says, “The AI era demands a transformative approach to security. Organizations need distributed, identity-based, zero trust protection for applications, users, AI models, and agents, supported by a unified policy framework. Cisco is in a very unique position to support this with its ability to embed advanced protections directly into the network.”
2. Microsoft
Why they’re here: Similar to Cisco, Microsoft is embedded in virtually every enterprise, and is also a vendor that has marshalled its considerable resources to build an AI-powered security ecosystem. The platform includes Microsoft Defender for securing cloud environments, Microsoft Sentinel for cloud-native SIEM, Microsoft Purview for data governance, Microsoft Intune for endpoint management, Microsoft Entra for identity and access management, and Microsoft Defender XDR for threat detection and response.
Power moves: Introduced Microsoft Security Copilot, a generative AI-powered security tool that helps increase the efficiency and capabilities of security teams.
Outlook: Microsoft visionary investment in OpenAI has paid off in catapulting Microsoft to a leadership position in the AI era. A new agreement inked in October cements Microsoft’s position as the key beneficiary of OpenAI Foundation’s research. The agreement gives Microsoft a 27% stake in OpenAI (valued at $135B), but more importantly it preserves Microsoft’s relationship with OpenAI as its “frontier model partner.” Microsoft said its IP rights for both OpenAI’s models and products have been extended through 2032.
3. Google
Why they’re here: Google has a well-deserved reputation as an innovator in cloud-based security services. Google is a leader in Gartner’s Magic Quadrant for SIEM. Gartner says, “Use of AI is a core competency for Google and its SecOps platform offers strong AI functionality throughout many of the common activities and functions associated with SIEM operations.” IDC names Google a leader in its 2025 MarketScape for Worldwide Incident Response.
Power moves: Announced plans to buy cloud security platform vendor Wiz for $32B. The deal is expected to close in 2026.
Outlook: Google offers a broad range of AI-powered security solutions, many based on its purchase of Mandiant in 2022. These include Google Threat Intelligence, Google Security Operations, Google Unified Security, Google AI protection, and Google Agentic SOC, which combines AI-driven automation with human expertise. Once the Wiz acquisition is finalized, Google will have expanded capabilities across multicloud environments.
4. Akamai Technologies
Why they’re here: Akamai has successfully pivoted from being a content delivery network (CDN) provider to offering a platform for developing and running applications in the cloud, as well as providing a broad range of complementary cybersecurity services. These include web application and API protection (WaaP), Akamai firewall for AI, and zero trust security. In a recent evaluation conducted by SecureIQ Lab, Akamai outperformed competing vendors in a test of WaaP capabilities.
Power moves: Akamai continues to aggressively build out its platform; key acquisitions include Linode, Neosec, and Noname Security.
Outlook: IDC analyst Dave McCarthy says, “By extending compute capabilities to its vast network of over 4,400 locations across 134 countries, Akamai provides a differentiated value proposition in the crowded cloud market. This focus on low-latency, high-performance, and secure edge-native applications enables Akamai to avoid a direct, head-on confrontation with hyperscalers. Instead, it positions Akamai to cater to the growing demand for applications that require processing and data storage closer to the end user, thereby enhancing performance and security for distributed workloads.” The company recently launched Akamai Inference Cloud, a platform for securely distributing AI workloads across cloud and edge environments.
5. IBM
Why they’re here: Another gold standard name in the industry, IBM offers a broad range of managed security services that leverage the power of AI. The IBM portfolio includes IBM Guardium for AI-driven data security; Trusteer, which uses AI and machine learning for digital identity management; MaaS360 for AI-powered device security; and watsonx.governance for AI governance. IDC places IBM in the leader category of its MarketScape for worldwide managed detection and response (MDR). The crown jewel is IBM’s X-Force team of incident response experts. IDC says that IBM’s MDR leverages the X-Force protection platform, AI, contextual threat intelligence, and a global team operating in over 110 countries.
Power moves: IBM inked a complex strategic partnership with Palo Alto Networks designed to enhance AI-powered security offerings for enterprise customers.
Outlook: The deal with Palo Alto Networks gives IBM the inside track on providing consulting services for Palo Alto customers. According to IDC’s MarketScape, IBM’s consulting services, which include incident readiness planning, risk assessments, security testing, and vulnerability assessments, are a key differentiator for enterprise customers.


6. Abnormal AI
Why they’re here: Despite all the time, money, and effort poured into security, the one persistent vulnerability that seems most difficult to solve is social engineering attacks targeting email recipients. Enter Abnormal AI, which uses the power of AI, machine learning, and anomaly detection to analyze human behavior and protect end users from phishing and related email-centric attacks. Abnormal is a leader in the latest Forrester Wave for email, messaging, and collaboration security. And it is a leader in Gartner’s Magic Quadrant for email security.The company also offers phishing simulation training.
Power moves: The company was originally named Abnormal AI when it launched in 2018, but the market wasn’t ready for AI, so the company switched to Abnormal Security. Now, it has rebranded back to its original name, a reflection of market acceptance of AI-powered security solutions.
Outlook: Abnormal AI is expanding beyond just email to a broader AI-driven platform. Says CEO Evan Reiser,“We started with email security because it was the biggest problem to solve at the time, and because it provides the richest data set of human behavior. Our goal is to become the most trusted and dependable AI in cybersecurity — one that protects people from the full spectrum of modern threats, utilizing AI to make decisions at superhuman speed.”
7. CrowdStrike
Why they’re here: An innovator in cloud-native, AI-driven cybersecurity, CrowdStrike’s Falcon platform encompasses endpoint security, threat intelligence, and incident response, offered as a fully managed service. GigaOm rates CrowdStrike as a leader in its evaluation of autonomous SOC solutions. GigaOm cites CrowdStrike’s strength in AI-powered detection, unified EDR, next-generation SIEM, and SOAR, as well as agentic innovation with Charlotte AI. CrowdStrike is also a leader in Gartner’s analysis of endpoint protection platforms, and a leader in IDC’s MarketScape for cloud-native application protection platforms (CNAPP).
Power moves: Acquired AI security vendor Pangea. The deal will enable CrowdStrike to extend its Falcon platform into AI detection and response.
Outlook: IDC points out that there is a push toward platformization in cybersecurity. “This is worthy of mention as CrowdStrike has a wide depth and breadth of capabilities built into its Falcon platform that provides the technology muscle for its MDR offering. The added capabilities, such as its managed cloud workload protection (CWP) for continuous runtime protection across hybrid and multicloud environments, workloads, and containers, and its fully managed identity threat protection service called Falcon Complete Identity Threat Protection provide expert management, monitoring, protection, and optimization of identities and identity stores.” IDC adds, “Organizations that are looking to consolidate their disparate technology point products into a unified managed platform should consider CrowdStrike.”
8. Arctic Wolf
Why they’re here: Arctic Wolf provides cloud-based MDR services with an open, flexible, vendor-neutral approach. The Arctic Wolf Platform ingests telemetry from the customer’s existing stack of security tools across endpoint, network, cloud, and identity. There’s no vendor lock-in when it comes to the organization’s choice of security tools. Arctic Wolf is a leader in the IDC MarketScape for MDR. IDC points out that Arctic Wolf addresses the problem of SOC analysts being overwhelmed by too many alerts with its ability to distill telemetry to a manageable number of tickets per day through the use of AI and machine learning.
Power moves: Bought UpSight Security to accelerate the development of AI-powered ransomware protection and rollback capabilities.
Outlook: Arctic Wolf continues to evolve its platform to incorporate use of AI. Arctic Wolf recently introduced its AI Security Assistant, which allows for natural language interaction, enabling customers to ask questions and gain more context about their security environment. At the same time, the human element remains a key part of the Arctic Wolf service: The Arctic Wolf Concierge Security Team consists of security experts who analyze each customer’s security environment and business context and then provide advice on how to shore up security defenses.
9. Cloudflare
Why they’re here: Cloudflare started out as a reverse-proxy CDN with a clear mission: securing the Internet. Over time, Cloudflare has leveraged its global footprint to deliver a broad range of cybersecurity services. The Cloudflare AI Security Suite offers a unified platform to secure workforce AI tools and public-facing applications, discover shadow AI, protect models from abuse, secure agent access, and prevent data exposure in prompts. Cloudflare is a leader in the 2025 Forrester Wave for Web application firewall services.
Power moves: Cloudflare has acquired Replicate, a startup with software that makes it easier to deploy AI models in production.
Outlook: The company’s lineup of AI-enhanced cybersecurity services includes AI-powered threat detection, bot management, encryption, email security, firewall, data loss protection, AI security posture management, and secure AI application development. In its latest quarter, revenue climbed 31% year over year, and analysts are predicting that Cloudflare will reach a $3B annual revenue run rate in 2026.
10. Broadcom
Why they’re here: Known primarily as a chipmaker that shook up the industry with its purchase of VMware, Broadcom is also a vendor with deep connections to the enterprise through its acquisitions of management software leader CA Technologies and security vendor Symantec. Broadcom has combined the Carbon Black EDR technology that was part of the VMware deal with Symantec to create a new division — Enterprise Security Group. Broadcom also offers capabilities that cloud-based security vendors don’t, such as mainframe security.
Power moves: Announced Symantec AI, a fully agentic assistant that leverages Symantec and Carbon Black capabilities to automatically respond to threats.
Outlook: Broadcom does a good job leveraging its alliances, particularly with Google Cloud. Broadcom supplies data center chips to Google, moves enterprise VMware workloads to Google cloud, incorporated Google’s Vertex AI development platform with Symantec AI, and uses Google Gemini models as the basis for its AI agents. Broadcom has also beefed up VMware security with AI enhancements to VMware vDefend lateral security and VMware AVI load balancer. Broadcom’s approach is to provide integrated security from silicon to software, using AI-driven analytics and automation to reduce the burden on security teams and stay ahead of evolving threats. 
AI security vendors: Leadership vs. current use
One key point to note: This list represents the vendors that CISOs perceive as leaders, not necessarily the ones that they currently use for AI-enabled security. That top 10 list consists of Cisco and Microsoft in the top two spots, cited by 27% and 24% of respondents respectively. The next batch of vendors came in between 19% and 15%, so not necessarily a statistically significant difference. That group included Akamai, Abnormal, Broadcom, Google, Carbon Black, and Cloudflare. CrowdStrike (12%) and Check Point (11%) rounded out the top 10. So, basically the order is shaken up a bit, but the core list of vendors remains pretty much the same.
View the full article
CSOonline

Apple Store in Santa Rosa is Moving Later This Month

Apple's retail store in Santa Rosa, California will be moving from the Santa Rosa Plaza shopping mall to the open-air Montgomery Village shopping plaza later this month.

Apple Santa Rosa Plaza
The new store at Montgomery Village will be holding its grand opening on Friday, January 23, at 12 p.m. local time, according to Apple's website.

Apple's existing store at the Santa Rosa Plaza opened in 2004.

Elsewhere in California, Apple continues to renovate its store in Carlsbad, north of San Diego. Apple has a temporary location there, at 1925 Calle Barcelona. Apple is also operating out of a temporary store at the South Coast Plaza shopping mall in Costa Mesa, south of Los Angeles, while it renovates its original location there.

Thanks, Filip Chudzinski!Tag: Apple Store
This article, "Apple Store in Santa Rosa is Moving Later This Month" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Notorious BreachForums hacking site hit by ‘doomsday’ leak of 324,000 criminal users

Prominent crime forum BreachForums has suffered a new and possibly fatal blow to its reputation after the revelation that a database of thousands of criminals using it was stolen months ago.
News of the breach emerged publicly on January 9 when a zip archive containing a MySQL database of 323,986 BreachForums users appeared on shinyhunte[.]rs, a domain reportedly unconnected to the infamous extortion group of the same name.
According to Have I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.
This tallies with the August 11 date on the database leaked last week; that was the day its admins reportedly announced that the site was being shut down for fear that it had been compromised by law enforcement. 
Have I been Pwned said that the stolen data also included hashed passwords, private messages, and forum posts.
However,  according to security intelligence firm Resecurity, the January leak contains two new elements: a password-protected PGP private key file and a grandiloquent, bizarre 4,400 word manifesto entitled ‘Doomsday’ by an author using the name “James,” who claims to be behind the leak.
The PGP key, leaked a day later on January 10, was most likely used to sign messages from BreachForums’ admins, Resecurity said.
One takedown after another
This leak is only the latest in a series of problems, arrests, and takedowns to affect what was once one of the biggest English-speaking crime forums.
The successor to the RaidForums site seized by US authorities in 2022, BreachForums styled itself as a discussion site for topics such as data breaches, illegal sexual content, ransomware, and hacking tools.
In 2023, the site’s alleged founder and admin, Conor Brian Fitzpatrick, was arrested, and its clearnet domains were seized three months later. Fitzpatrick was later sentenced to three years in jail by a US court.
In 2024, a replacement admin, Baphomet, was also reportedly arrested, and in 2025, five more individuals accused of being connected to the site were taken into custody. Finally, last October came the takedown of the BreachForums dark web extortion site.
The immediate question is whether the leaked database will be of any use to police, assuming they don’t already have access to it. It contains email addresses and IP data which will most likely point to proxies or anonymizing services. One analysis found that many of the IP addresses are simply loopbacks. However, the most popular email service used to register with BreachForums is Gmail, which might provide a forensic link to anyone who’s been careless and not covered their tracks.  
A question of data integrity
Experts had mixed responses to the news of the database leak. “The breach significantly undermines trust in the platform itself, which is critical for any cybercrime forum,” said Michael Jepson, penetration testing manager at consultancy CybaVerse.
“The exposure damages confidence in BreachForums as a secure environment. As a result, more sophisticated cyber criminals are likely to migrate away from large and well known forums toward smaller, invite-only communities,” he added.
However, Michael Tigges, a senior security operations analyst at security company Huntress, was less sanguine. “While potentially useful for authorities and security professionals researching adversarial activities, the database is ultimately of limited forensics use. While the leak may be legitimate, the integrity is called in question if it was derived from another cybercrime group,” he pointed out.
The biggest risk was that data leaks could be a cover for the distribution of disinformation. “Data leaks like these may be used to draw lines between nuclei of activity, but the reliability of the information must be highly scrutinized,” said Tigges.
View the full article
CSOonline

Apple's Regent Street Store in UK is Temporarily Closed, Here's Why

Apple's flagship Regent Street store in London, England is temporarily closed starting today for "refurbishment," the company said on its website.


Apple has not indicated when the store will reopen, but a source familiar with the matter indicated that the location will likely be closed for at least a few weeks. It is unclear if Apple is planning any changes that will be visible to customers, but the company has been removing the Video Wall from some of it stores in recent months. Many newer and renovated stores also feature a dedicated Apple Pickup station for online orders.

In some cases, Apple only updates a store's fixtures or back-of-house area, resulting in no visible differences to customers when business resumes.

Regent Street is a world-famous shopping street in the heart of London, making it one of the busiest locations where Apple has a retail presence. At a minimum, hopefully the store will receive a deep clean before it reopens.

Apple first opened its Regent Street store in 2004.Tag: Apple Store
This article, "Apple's Regent Street Store in UK is Temporarily Closed, Here's Why" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Elon Musk Reacts to Apple and Google Teaming on Gemini-Powered Siri

Elon Musk today expressed concern about Apple and Google partnering on a more personalized version of Siri powered by Google's generative AI platform Gemini.


"This seems like an unreasonable concentration of power for Google, given that [they] also have Android and Chrome," wrote Musk, in a post on X.

Musk serves as CEO of xAI, the company behind Gemini competitor Grok.

It is unlikely that Apple or Google will publicly respond to Musk's comment, but we will update this story if the companies have anything to say.

In case you missed it, Apple and Google today jointly announced that Gemini will help power future Apple Intelligence features, including a more personalized version of Siri that is set to launch this year. Apple has yet to announce exactly when the revamped Siri will launch, but it is reportedly set to arrive as part of iOS 26.4 in March or April.

Tags: Apple Intelligence, Elon Musk, Gemini, Google, Siri
This article, "Elon Musk Reacts to Apple and Google Teaming on Gemini-Powered Siri" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

These 36 Airlines Offer iPhone Feature That Helps Find Your Lost Bags

On iOS 18.2 and later, there is a Share Item Location feature in the Find My app that allows you to temporarily share the location of an AirTag-equipped item with others, including employees at participating airlines. This way, if you put an AirTag inside your bags, the airline can better help you find them in the event they are lost or delayed at the airport.


The feature also works with other item trackers that support Apple's Find My network, such as those sold by Chipolo and Pebblebee.

iPhone, iPad, and Mac users running iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 or later can generate a "Share Item Location" link in the Find My app. Anyone they share the link with can then view a web page with a location of the item on a map. The page will automatically update with the item's latest known location.


The item's location stops being shared "as soon as a user is reunited with their item," or automatically expires after seven days.

Apple today announced that the Share Item Location feature is now supported by 36 airlines around the world, and we expect more to follow in the future.

Below, we have listed all of the airlines that support the feature:
AJet
Aer Lingus
Air Canada
Air France
Air India
Air New Zealand
American Airlines
Austrian Airlines
Breeze Airways
British Airways
Brussels Airlines
Cathay Pacific
Condor
Copa Airlines
China Airlines
Delta
Eurowings
Finnair
Flair Airlines
Iberia
JetBlue
KLM
LATAM Airlines
Lufthansa
Pegasus Airlines
Porter Airlines
Qantas
Saudia
Singapore Airlines
SunExpress
SWISS
Turkish Airlines
United
Virgin Atlantic
Vueling
WestJetTags: AirTag, Find My
This article, "These 36 Airlines Offer iPhone Feature That Helps Find Your Lost Bags" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Here's How 2025 Was a 'Record-Breaking Year' Across Apple's Services

Apple today announced that 2025 was a "record-breaking year" for many of its services, including the App Store, Apple Music, Apple TV, and Apple Podcasts.


"Apple services had a banner year, rolling out game-changing features for customers while shattering records," said Apple's services chief Eddy Cue, in a press release. "The numbers reflect the incredible enthusiasm of our customers, whether it's downloading an exciting new app or game, watching the hottest new show with family and friends, listening to their favorite songs, or shopping with peace of mind."

Here are some of the 2025 statistics shared in Apple's announcement:App Store had over 850 million average weekly users across 175 countries and regions, and it set a new annual record for U.S. visitors.
App Store had a record number of visitors between Christmas Eve and New Year's Day.
Apple TV set a new record for monthly engagement in December, with total hours of content viewed on the streaming service up 36% on a year-over-year basis. This increase was driven by hits such as F1: The Movie and Pluribus.
Apple Music had its best year ever, breaking records for listenership and new subscribers.
Shazam generated over 1 billion recognitions per month.
Apple Pay is now available in 89 markets, and Apple says the payment service eliminated well over $1 billion in fraud globally.
Tap to Pay on iPhone is now available in 50 markets.
Apple Maps expanded its Detailed City Experience with 3D landmarks to new locations, like New Orleans, Singapore, and Monaco.
Apple's Share Item Location feature in the Find My app is now offered by 36 airlines.
Apple Arcade added more than 50 new games.
Apple Fitness+ expanded to 28 more countries and regions, and it is launching in Japan early this year.
Apple Podcasts set annual records for listeners, episode plays, and new subscribers.
Apple News is the most popular news app in the U.S., Canada, and Australia, and the second most popular news app in the U.K.For more details about new features added to Apple's services in 2025, as well as various other records set, head to the Apple Newsroom website.Related Roundup: Apple PayTags: App Store, Apple MusicRelated Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+
This article, "Here's How 2025 Was a 'Record-Breaking Year' Across Apple's Services" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Second macOS Tahoe 26.3 Beta Now Available for Developers

Apple today provided the second beta of an upcoming macOS Tahoe 26.3 update to developers for testing purposes, with the update coming four weeks after the launch of the first beta.


Developers can download the ‌macOS Tahoe‌ 26.3 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.

There's no word yet on what's included in ‌macOS Tahoe‌ 26.3, and no new features were found in the first beta.

We'll likely see Apple release ‌macOS Tahoe‌ 26.3 at the end of January given past launch timelines.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Second macOS Tahoe 26.3 Beta Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Seeds Second Betas of iOS 26.3 and iPadOS 26.3 to Developers

Apple today seeded the second betas of upcoming iOS 26.3 and iPadOS 26.3 updates to developers for testing purposes, with the software coming four weeks after the release of the first betas.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update, although it appears over-the-air updates may still be rolling out. The downloads are already available from Apple's Developer site.

iOS 26.3 adds a new tool for transitioning from an ‌iPhone‌ to an Android device. Transfers can be initiated during the device setup process, and moving data from one device to another can now be done without having to download a specific app.

Apple's transfer process supports moving photos, messages, notes, apps, passwords, phone number, and more.

The update also includes a Notification Forwarding setting for third-party wearables in the European Union, and there are some minor changes to the Weather wallpaper. More information on what's changed can be found in our iOS 26.3 beta 1 feature list.

Apple is expected to release the iOS 26.3 and iPadOS 26.3 to the public at the end of January.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Second Betas of iOS 26.3 and iPadOS 26.3 to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Releases Second watchOS 26.3, tvOS 26.3 and visionOS 26.3 Betas

Apple today provided developers with the second betas of upcoming watchOS 26.3, tvOS 26.3, and visionOS 26.3 betas for testing purposes. The software comes four weeks after Apple provided the first betas.


The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.

We don't know what new features might be added in watchOS 26.3, visionOS 26.3, and tvOS 26.3, and nothing new has been discovered so far. Apple doesn't typically provide release notes for betas, so we might not know what's new until the software updates see a public launch unless there are outward-facing changes.

The software updates will probably launch right around the end of January based on past release timelines.
This article, "Apple Releases Second watchOS 26.3, tvOS 26.3 and visionOS 26.3 Betas" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Google Says Gemini Partnership With Apple Will Go Beyond Siri Revamp

Google today announced that its AI platform Gemini will help power not only a more personalized version of Siri, but a range of future Apple Intelligence features.


"Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google's Gemini models and cloud technology," said Google, in a statement. "These models will help power future Apple Intelligence features, including a more personalized Siri coming this year."

Apple is "excited about the innovative new experiences" that the partnership will unlock, but the statement did not provide any details about specific features.

It is unclear if Gemini will help power any existing Apple Intelligence features, such as Writing Tools, Image Playground, and Notification Summaries.

Apple Intelligence will continue to run on Apple devices and on Apple's Private Cloud Compute servers, with Apple promising industry-leading privacy standards.

The more personalized version of Siri is expected to be introduced with iOS 26.4 in March or April, following a lengthy delay. The new capabilities will include better understanding of a user's personal context, on-screen awareness, and deeper per-app controls. For example, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info from the Mail and Messages apps.

Related Roundups: iOS 26, iPadOS 26Tags: Apple Intelligence, Gemini, Google, SiriRelated Forum: iOS 26
This article, "Google Says Gemini Partnership With Apple Will Go Beyond Siri Revamp" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and thenView the full article
Hacker News

iOS 26.2.1 Update Coming Soon for iPhones

iOS 26.3 will likely be released to the public later this month, but it appears that Apple is preparing to push out another software update in the interim.


Apple's software engineers have started testing iOS 26.2.1, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. The update will likely be released at some point this week or next week.

iOS 26.2.1 should be a minor update with bug fixes and/or security patches.

iOS 26.3 is expected to follow in late January, with key new features in that update so far including a new iPhone-to-Android transfer tool, Notification Forwarding for third-party smartwatches in the EU, and more.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "iOS 26.2.1 Update Coming Soon for iPhones" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Satechi Introduces 20% Discount on Brand-New CES 2026 Accessories

Satechi announced a few products at CES last week, and to mark the launch it's providing a 20 percent discount on these devices for early adopters. You can use the code CES2026 at checkout to get 20 percent off all five of Satechi's newest products.

Note: MacRumors is an affiliate partner with Satechi. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Satechi's new CES 2026 products include two wireless keyboards, a wireless mouse, Thunderbolt 5 cable, and Thunderbolt 5 CubeDock with SSD Enclosure. All items in this sale are available to purchase and ship now, with the exception of the Thunderbolt 5 CubeDock, which is up for pre-order with an estimated shipping date of late March.

Note: Use code CES2026 to see this discount.
UP TO 20% OFFSatechi's CES 2026 Sale

Additionally, Satechi is hosting a "last chance" sale this week, with up to 30 percent off accessories with a limited supply remaining. In this sale you'll find discounts on MagSafe-compatible wireless charging pads, Thunderbolt docks, and more.

CES 2026 Sale

Use Code CES 2026 to see the below deals applied at checkout.
Slim EX Wireless Mouse - $24.00, down from $29.99
Thunderbolt 5 Pro Cable - $32.00, down from $39.99
Slim EX1 Wireless Keyboard - $40.00, down from $49.99
Slim EX3 Wireless Keyboard - $56.00, down from $69.99
Thunderbolt 5 CubeDock - $320.00 (pre-order), down from $399.99

Last Chance Sale

All deals have been applied automatically and do not require a coupon code.

30W Dual-Port Wall Charger - $45.99, down from $64.99
100W USB-C Wall Charger - $48.99, down from $69.99
2-in-1 Headphone Stand with Wireless Charger - $55.99, down from $79.99
USB-C Monitor Stand Hub XL - $69.99, down from $149.99
Pro Hub Max - $69.99, down from $99.99
Duo Wireless Charger Power Stand - $69.99, down from $99.99
Trio Wireless Charger with Magnetic Pad - $83.99, down from $119.99
Thunderbolt 4 Slim Hub - $139.99, down from $199.99
Thunderbolt 4 Dock - $199.99, down from $299.99



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Satechi Introduces 20% Discount on Brand-New CES 2026 Accessories" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Confirms Google Gemini Will Power Next-Generation Siri This Year

In a statement shared with CNBC today, Apple confirmed that Google Gemini will power the next-generation version of Siri that is slated to launch later this year.


"After careful evaluation, we determined that Google's technology provides the most capable foundation for Apple Foundation Models and we're excited about the innovative new experiences it will unlock for our users," the statement said.

The report explicitly mentioned that Google Gemini will power Siri, as was expected. Apple's decision to lean on Google's artificial intelligence technology should result in the revamped Siri being more capable and advanced than it otherwise would have been, as Gemini's large language model is significantly larger than Apple's own model.

The next-generation version of Siri is expected to be introduced with iOS 26.4, which will likely be released to the general public in March or April.

Apple first announced the personalized Siri features during its WWDC 2024 keynote, but last year it announced that they were delayed. The new capabilities will include better understanding of a user's personal context, on-screen awareness, and deeper per-app controls. For example, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info from the Mail and Messages apps.Related Roundups: iOS 26, iPadOS 26Tag: SiriRelated Forum: iOS 26
This article, "Apple Confirms Google Gemini Will Power Next-Generation Siri This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Amazon Takes Up to $129 Off M4 Mac Mini, Starting at $499.99

Amazon today has a few models of Apple's M4 Mac mini on sale at low prices, starting at $499.99 for the model with 16GB RAM/256GB SSD, down from $599.00. Discounts reach up to $129 off in these sales, and this time around there is also a discount on the M4 Pro model.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In terms of the 16GB/256GB SSD model, this is a solid second-best price. You can also get the M4 Mac mini with 16GB RAM/512GB SSD for $689.99, down from $799.00, and the model with 24GB RAM/512GB SSD for $889.99, down from $999.00.

$99 OFFM4 Mac mini (256GB) for $499.99
$109 OFFM4 Mac mini (16GB/512GB) for $689.99
$109 OFFM4 Mac mini (24GB/512GB) for $889.99
$129 OFFM4 Pro Mac mini (24GB/512GB) for $1,269.99

Apple last updated the Mac mini in late 2024, introducing a redesigned computer that's smaller than the previous generation and featuring the M4 and M4 Pro chips. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Takes Up to $129 Off M4 Mac Mini, Starting at $499.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Report: Rise of AI Is Corroding Apple's Influence Over TSMC

A detailed new report from SemiAnalysis argues that while Apple's partnership with TSMC created the modern leading-edge foundry model, the rapid rise of AI computing is changing who pays for new chip technologies and how much influence Apple holds over each new manufacturing node.


The report traces how Apple became the single most important customer in the global semiconductor industry by committing early and at scale to new manufacturing processes at TSMC, beginning with the A8 chip in 2014. It argues that Apple's willingness to absorb early costs, fund yield improvements, and align its annual product cycle with TSMC's roadmap allowed the foundry to outpace rivals and cement its dominance at the leading edge.

Apple's annual spending at TSMC grew from roughly $2 billion in 2014 to about $24 billion in 2025, while Apple's share of TSMC revenue rose from single digits to as much as 25% at its peak. For much of the past decade, Apple accounted for more than half of initial production at each new node, and in some cases nearly all of it, effectively underwriting the financing of advanced manufacturing when no other customer could do so at scale.

However, the rise of AI accelerators has created a second class of customers, such as NVIDIA, who are capable of consuming large amounts of advanced manufacturing capacity. TSMC's revenue mix has shifted significantly as a result.

Smartphones once represented nearly half of TSMC's revenue, but that share has fallen as high-performance computing demands, including AI, have grown to become the largest segment. This means Apple is no longer the only customer capable of funding new capacity, even though it remains the largest single customer by revenue.

This change is said to already be visible with upcoming manufacturing nodes. Apple's share of early production for TSMC's N2 and A16 nodes is expected to be lower than previous generations, the latter of which is designed for high-performance computing workloads rather than mobile devices.

Under SemiAnalysis's modeling, Apple's position strengthens again at later nodes such as A14, which are being designed from the start to support both mobile and high-performance products. In that scenario, Apple's share of early capacity rises again as its iPhone and Mac chips return to being the primary drivers of volume.

While Apple continues to rely on TSMC for its most advanced chips, SemiAnalysis says the company is exploring alternatives for lower-risk components and certain categories to diversify its supply chain. Intel's upcoming 18A-P process is a potential option for some Apple silicon without disrupting flagship products.

See SemiAnalysis's full report for more information.Tag: TSMC
This article, "Report: Rise of AI Is Corroding Apple's Influence Over TSMC" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Here's What's New in iOS 26.3 So Far

In mid-December, Apple seeded the first beta of iOS 26.3. So far, the upcoming software update includes a couple of new features for iPhones.


iOS 15.3 through iOS 18.3 were all released in late January over the years, so thereby it is likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer.

Below, we recap what is new in the iOS 26.3 beta so far.

iPhone to Android Transfer Tool


iOS 26.3 makes it easier for iPhone users to switch to an Android device. A new tool allows you to place your iPhone next to an Android device to wirelessly transfer photos, messages, notes, apps, and more. You can also transfer your phone number.

In the iOS 26.3 beta, the new tool can be found in the Settings app, under General → Transfer or Reset ‌iPhone‌ → Transfer to Android. It is available worldwide.

Notification Forwarding in EU


In the EU, iOS 26.3 introduces both a Notification Forwarding feature and AirPods-like proximity pairing for third-party accessories like earbuds and smartwatches.

Apple was required to make these changes to comply with the EU's Digital Markets Act.

More


Starting with iOS 26.3, there is a dedicated section for Weather wallpapers, with three preset options available to choose from. To access them, tap and hold on the Lock Screen and tap on the plus sign in the bottom-right corner of the screen.

February is Black History Month, and iOS 26.3 will likely include the 2026 version of Apple's annual Black Unity wallpaper. Apple also typically releases a new Black Unity Sport Loop for the Apple Watch, and a matching Unity Rhythm watch face.

iOS 26.1 introduced a Background Security Improvement feature that is designed to provide security updates for Safari, WebKit, and some other system items between iOS software updates. Apple has been testing the feature with updates such as "iOS 26.3 (a)" and "iOS 26.3 (b)," but they do not actually contain any security fixes.

Additional new features and bug fixes may be added in later beta versions of iOS 26.3. Overall, though, it will likely be a relatively minor update.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Here's What's New in iOS 26.3 So Far" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Shai-Hulud & Co.: Die Supply Chain als Achillesferse

FAMArtPhotography – shutterstock.com
Heutige Anwendungen basieren auf zahlreichen Komponenten, von denen jede zusammen mit den Entwicklungsumgebungen selbst eine Angriffsfläche darstellt. Unabhängig davon, ob Unternehmen Code intern entwickeln oder sich auf Drittanbieter verlassen, sollten CISOs, Sicherheitsexperten und Entwickler der Software-Supply-Chain besondere Aufmerksamkeit schenken.
Zu den Risiken zählen zum Beispiel React2Shell, Shai-Hulud oder XZ Utils, alles Schwachstellen in der Software-Lieferkette, die im Kleinen angefangen haben und später massive Auswirkungen hatten. Shai-Hulud sticht dabei besonders heraus, es signalisiert das Ende der „passiven Ära” der Angriffe auf Lieferketten und den Beginn der „aktiven Wurm”-Ära. Diese Veränderung verspricht verheerende Folgen für Software-Pipelines.
Traditionell waren Angriffe auf die Lieferkette passive Fallen. Ein Angreifer lud ein falsch geschriebenes Paket (Typosquatting) wie „reqeusts“ anstelle von „requests“ hoch, lehnte sich zurück und wartete darauf, dass ein müder Entwickler einen Fehler machte. Der Explosionsradius war linear und eher langsam.
Mit Shai-Hulud wurden die Spielregeln verändert, indem es eine wurmähnliche Verbreitung einführte. Sobald es auf dem Rechner eines Entwicklers landet, sammelt es aktiv Anmeldedaten (NPM-Token, GitHub-Geheimnisse). Es nutzt diese gestohlenen Anmeldedaten, um infizierte Versionen anderer legitimer Pakete, die das Opfer verwaltet, automatisch zu veröffentlichen. Im Gegensatz zu Spyware, die verborgen bleiben will, enthalten Varianten von Shai-Hulud einen „Dead Man Switch“. Wenn er feststellt, dass er blockiert oder analysiert wird, versucht er, das System des Opfers zu löschen und dabei alle Spuren von sich selbst vollständig zu entfernen.
Das Ziel ist nicht mehr nur die Anwendung, sondern die Identität des Entwicklers und die automatisierten CI/CD-Pipelines, die ihm implizit vertrauen. Was wäre nun, wenn die nächste Variante des Shai-Hulud andere Code-Sprachen betrifft?
Code-Sprachen als tickende Zeitbomben
Ein Beispiel dafür wäre Python, sie ist die Sprache der KI und der Data Science. Die nächste Evolutionsstufe des Supply-Chain-Wurms wird wahrscheinlich nicht nur AWS-Schlüssel stehlen, sondern auch den Aufstieg von KI-Codierungsassistenten nutzen.
Sicherheitsforscher beobachten bereits „Halluzinations-Hijacking“, bei dem Angreifer Pakete registrieren, deren Existenz KI-Tools fälschlicherweise vorhersagen. Ein Wurm im Stil von Shai-Hulud könnte den Laptop eines Data Scientists infizieren, dessen lokalen LLM-Chatverlauf nach privaten Paketnamen durchsuchen und automatisch bösartige Versionen öffentlich registrieren. Ein Wurm in diesem Ökosystem würde nicht nur eine Website zum Absturz bringen, sondern könnte auch Finanzmodelle subtil vergiften, medizinische Forschungsdaten verändern oder Backdoors in KI-Trainingssets von Unternehmen einbauen – Schäden, die möglicherweise jahrelang unentdeckt bleiben.
Weitere Beispiele könnten die Code-Sprachen Java/JVM oder Rust/Go betreffen, auch hier wären die Auswirkungen katastrophal.
Die Polyglot Supply-Chain-Attacke
Die erschreckendste Aussicht ist jedoch das Zusammentreffen dieser Bedrohungen in einer Polyglot-Supply-Chain-Attacke. Derzeit arbeiten Sicherheitsteams isoliert voneinander. AppSec überwacht den Code, CloudSec überwacht AWS, NetworkSec überwacht den Perimeter. Ein Polyglot-Angriff ist darauf ausgelegt, diese Silos nahtlos zu durchbrechen.
Dies geschieht folgendermaßen: Ein Wurm dringt über eine Low-Level-JavaScript-Abhängigkeit in den Laptop eines Frontend-Entwicklers ein. Er erkennt, dass der Entwickler auch Zugriff auf das Backend-Rust-Repository des Unternehmens hat, stiehlt diese Anmeldedaten und injiziert bösartige Build-Skripte in die Rust-CI-Pipeline. Die Rust-Pipeline stellt eine kompromittierte Binärdatei in einem Kubernetes-Cluster bereit.
Der Angriff könnte in NPM beginnen, jedoch als kompilierte Binär-Backdoor in der produktiven Cloud-Infrastruktur enden. Das JavaScript-Sicherheitsteam wird ihn nicht entdecken, da er ihren Bereich sofort verlassen hat. Dem Cloud-Sicherheitsteam würde die Bedrohung ebenfalls nicht auffallen, da sie von einer vertrauenswürdigen CI-Pipeline unter Verwendung gültiger Anmeldedaten bereitgestellt wurde. Darauf müssen sich CISOs einstellen und entsprechende Vorkehrungen treffen.
Lesetipp: Wie Sie Ihre Software-Supply-Chain schützen
Handlungsempfehlungen für CISOs
Handlungsempfehlungen für CISOs birgt der EU Cyber Resilience Act (CRA). Er schreibt die Absicherung digitaler Produkte für Hersteller, Importeure und Händler vor, damit diese in sicheres Design bereits bei der Entwicklung, aber auch bei der Wartung investieren. Die dort formulierten Anforderungen müssen schrittweise bis Ende 2027 umgesetzt werden und umfassen auch die Sicherheit vernetzter Hardware und Software durch die Behandlung von Schwachstellen und deren Veröffentlichung, beziehungsweise Meldung an die zuständigen Behörden. Darüber hinaus müssen die drei genannten Akteure in SBOMs auch die Bestandteile der Software dokumentieren.
Die nun in Kraft getretene NIS2-Richtlinie enthält ähnliche Anforderungen für KRITIS-Betreiber, die im NIS2-Umsetzungsgesetz (NIS2UmsuCG) und im KRITIS-Dachgesetz in Bezug auf Produkte und Lieferanten festgehalten werden. Einen lesenswerten Überblick gibt OpenKRITIS.
Um sich vor Shai-Hulud und Co. zu schützen, sollten CISOs mit ihren Teams gemeinsam folgende Schritte umsetzen:
Sie müssen das „implizite Vertrauen“ in Identitäten beenden. Bei den eingangs beschriebenen Szenarien um Shai-Hulud bestand das Problem darin, dass CI/CD-Systemen zu oft blind vertraut wird. Deshalb sollten CISOs dafür sorgen, dass ihre Teams einen kritischen Blick auf ihre Pipeline-Security werfen. CI/CD-Systeme dürfen nicht automatisch davon ausgehen, dass eine Aktivität legitim ist, nur weil sie mit einem gültigen Entwickler-Token signiert wurde. Sie müssen stattdessen den Identitätsschutz priorisieren. Es wurde bereits beobachtet, dass Angreifer gezielt Anmeldedaten wie NPM-Token und GitHub-Geheimnisse stehlen, um infizierte Pakete automatisch zu veröffentlichen. Maßnahmen zum Schutz dieser Identitäten muss daher oberste Priorität eingeräumt werden. Sicherheits-Silos sollten aufgelöst werden. Viele Security-Aspekte laufen immer noch nicht in einem übergeordneten Management zusammen. Tools sowie Abteilungen der Application Security, Infrastructure Security, Cloud Security, Network Security und viele andere sorgen für zahlreiche Inseln im Meer der Security-Strategie. Sie alle müssen noch enger zusammenarbeiten und vom CISO koordiniert werden. Ein zentrales Risiko stellt die bereits beschriebene Polyglot-Supply Chain-Attacke dar, die diese Silos nahtlos durchbricht. Für CISOs gilt daher, ein abteilungs- und bereichsübergreifendes Monitoring einzuführen. Um die Gefahr nochmals zu verdeutlichen: Ein Angriff könnte bei einem JavaScript beginnen, sich über Build-Skripte fortsetzen und als Backdoor in der Cloud enden. Oftmals herrscht keine integrierte Sichtbarkeit, um all das nachzuvollziehen. Das JavaScript-Team sieht den Angriff nicht mehr, sobald er seinen Bereich verlässt, während das Cloud-Team der CI-Pipeline vertraut. CISOs müssen deshalb Systeme etablieren, die den gesamten Pfad über das Software Development zum Build bis zur Runtime hinweg überwachen. Abhilfe schaffen SBOMs, in denen die gesamte verwendete Software dokumentiert wird. Auf aktive Würmer vorbereiten und den Schutz von KI-Tools gewährleisten. Für die Absicherung von KI-gestützten Risiken, gilt es, das Highjacking von KI-Tools und deren Manipulation zu verhindern. Zahlreiche Softwareentwickler arbeiten mit diesen Werkzeugen, um ihre Software zu schreiben. Sicherheitsforscher beobachten bereits, dass Angreifer Pakete einsetzen, die KI-Tools halluzinieren lassen. Aktive Würmer sind die nächste Stufe von Bedrohungen. Die Security-Strategie sollte deshalb über den Schutz vor Tippfehlern hinausgehen. Gefährdungen wie Shai-Hulud verbreiten sich wurmähnlich und exponentiell. Manuelle Prozesse zur Überprüfung von Paketen reichen bei dieser Geschwindigkeit nicht mehr aus. Diese Art von Supply-Chain-Würmern verfügt darüber hinaus über einen „Dead Man Switch“, der das System des Opfers löscht, wenn eine Analyse detektiert wird. CISOs sollten sicherstellen, dass Protokolle also auch außerhalb des Entwicklerrechners abgesichert werden, um bei einer forensischen Untersuchung die Spuren des Angriffs zu bewahren. (jm) View the full article
CSOonline

Shai-Hulud & Co.: Die Supply Chain als Achillesferse

FAMArtPhotography – shutterstock.com
Heutige Anwendungen basieren auf zahlreichen Komponenten, von denen jede zusammen mit den Entwicklungsumgebungen selbst eine Angriffsfläche darstellt. Unabhängig davon, ob Unternehmen Code intern entwickeln oder sich auf Drittanbieter verlassen, sollten CISOs, Sicherheitsexperten und Entwickler der Software-Supply-Chain besondere Aufmerksamkeit schenken.
Zu den Risiken zählen zum Beispiel React2Shell, Shai-Hulud oder XZ Utils, alles Schwachstellen in der Software-Lieferkette, die im Kleinen angefangen haben und später massive Auswirkungen hatten. Shai-Hulud sticht dabei besonders heraus, es signalisiert das Ende der „passiven Ära” der Angriffe auf Lieferketten und den Beginn der „aktiven Wurm”-Ära. Diese Veränderung verspricht verheerende Folgen für Software-Pipelines.
Traditionell waren Angriffe auf die Lieferkette passive Fallen. Ein Angreifer lud ein falsch geschriebenes Paket (Typosquatting) wie „reqeusts“ anstelle von „requests“ hoch, lehnte sich zurück und wartete darauf, dass ein müder Entwickler einen Fehler machte. Der Explosionsradius war linear und eher langsam.
Mit Shai-Hulud wurden die Spielregeln verändert, indem es eine wurmähnliche Verbreitung einführte. Sobald es auf dem Rechner eines Entwicklers landet, sammelt es aktiv Anmeldedaten (NPM-Token, GitHub-Geheimnisse). Es nutzt diese gestohlenen Anmeldedaten, um infizierte Versionen anderer legitimer Pakete, die das Opfer verwaltet, automatisch zu veröffentlichen. Im Gegensatz zu Spyware, die verborgen bleiben will, enthalten Varianten von Shai-Hulud einen „Dead Man Switch“. Wenn er feststellt, dass er blockiert oder analysiert wird, versucht er, das System des Opfers zu löschen und dabei alle Spuren von sich selbst vollständig zu entfernen.
Das Ziel ist nicht mehr nur die Anwendung, sondern die Identität des Entwicklers und die automatisierten CI/CD-Pipelines, die ihm implizit vertrauen. Was wäre nun, wenn die nächste Variante des Shai-Hulud andere Code-Sprachen betrifft?
Code-Sprachen als tickende Zeitbomben
Ein Beispiel dafür wäre Python, sie ist die Sprache der KI und der Data Science. Die nächste Evolutionsstufe des Supply-Chain-Wurms wird wahrscheinlich nicht nur AWS-Schlüssel stehlen, sondern auch den Aufstieg von KI-Codierungsassistenten nutzen.
Sicherheitsforscher beobachten bereits „Halluzinations-Hijacking“, bei dem Angreifer Pakete registrieren, deren Existenz KI-Tools fälschlicherweise vorhersagen. Ein Wurm im Stil von Shai-Hulud könnte den Laptop eines Data Scientists infizieren, dessen lokalen LLM-Chatverlauf nach privaten Paketnamen durchsuchen und automatisch bösartige Versionen öffentlich registrieren. Ein Wurm in diesem Ökosystem würde nicht nur eine Website zum Absturz bringen, sondern könnte auch Finanzmodelle subtil vergiften, medizinische Forschungsdaten verändern oder Backdoors in KI-Trainingssets von Unternehmen einbauen – Schäden, die möglicherweise jahrelang unentdeckt bleiben.
Weitere Beispiele könnten die Code-Sprachen Java/JVM oder Rust/Go betreffen, auch hier wären die Auswirkungen katastrophal.
Die Polyglot Supply-Chain-Attacke
Die erschreckendste Aussicht ist jedoch das Zusammentreffen dieser Bedrohungen in einer Polyglot-Supply-Chain-Attacke. Derzeit arbeiten Sicherheitsteams isoliert voneinander. AppSec überwacht den Code, CloudSec überwacht AWS, NetworkSec überwacht den Perimeter. Ein Polyglot-Angriff ist darauf ausgelegt, diese Silos nahtlos zu durchbrechen.
Dies geschieht folgendermaßen: Ein Wurm dringt über eine Low-Level-JavaScript-Abhängigkeit in den Laptop eines Frontend-Entwicklers ein. Er erkennt, dass der Entwickler auch Zugriff auf das Backend-Rust-Repository des Unternehmens hat, stiehlt diese Anmeldedaten und injiziert bösartige Build-Skripte in die Rust-CI-Pipeline. Die Rust-Pipeline stellt eine kompromittierte Binärdatei in einem Kubernetes-Cluster bereit.
Der Angriff könnte in NPM beginnen, jedoch als kompilierte Binär-Backdoor in der produktiven Cloud-Infrastruktur enden. Das JavaScript-Sicherheitsteam wird ihn nicht entdecken, da er ihren Bereich sofort verlassen hat. Dem Cloud-Sicherheitsteam würde die Bedrohung ebenfalls nicht auffallen, da sie von einer vertrauenswürdigen CI-Pipeline unter Verwendung gültiger Anmeldedaten bereitgestellt wurde. Darauf müssen sich CISOs einstellen und entsprechende Vorkehrungen treffen.
Lesetipp: Wie Sie Ihre Software-Supply-Chain schützen
Handlungsempfehlungen für CISOs
Handlungsempfehlungen für CISOs birgt der EU Cyber Resilience Act (CRA). Er schreibt die Absicherung digitaler Produkte für Hersteller, Importeure und Händler vor, damit diese in sicheres Design bereits bei der Entwicklung, aber auch bei der Wartung investieren. Die dort formulierten Anforderungen müssen schrittweise bis Ende 2027 umgesetzt werden und umfassen auch die Sicherheit vernetzter Hardware und Software durch die Behandlung von Schwachstellen und deren Veröffentlichung, beziehungsweise Meldung an die zuständigen Behörden. Darüber hinaus müssen die drei genannten Akteure in SBOMs auch die Bestandteile der Software dokumentieren.
Die nun in Kraft getretene NIS2-Richtlinie enthält ähnliche Anforderungen für KRITIS-Betreiber, die im NIS2-Umsetzungsgesetz (NIS2UmsuCG) und im KRITIS-Dachgesetz in Bezug auf Produkte und Lieferanten festgehalten werden. Einen lesenswerten Überblick gibt OpenKRITIS.
Um sich vor Shai-Hulud und Co. zu schützen, sollten CISOs mit ihren Teams gemeinsam folgende Schritte umsetzen:
Sie müssen das „implizite Vertrauen“ in Identitäten beenden. Bei den eingangs beschriebenen Szenarien um Shai-Hulud bestand das Problem darin, dass CI/CD-Systemen zu oft blind vertraut wird. Deshalb sollten CISOs dafür sorgen, dass ihre Teams einen kritischen Blick auf ihre Pipeline-Security werfen. CI/CD-Systeme dürfen nicht automatisch davon ausgehen, dass eine Aktivität legitim ist, nur weil sie mit einem gültigen Entwickler-Token signiert wurde. Sie müssen stattdessen den Identitätsschutz priorisieren. Es wurde bereits beobachtet, dass Angreifer gezielt Anmeldedaten wie NPM-Token und GitHub-Geheimnisse stehlen, um infizierte Pakete automatisch zu veröffentlichen. Maßnahmen zum Schutz dieser Identitäten muss daher oberste Priorität eingeräumt werden. Sicherheits-Silos sollten aufgelöst werden. Viele Security-Aspekte laufen immer noch nicht in einem übergeordneten Management zusammen. Tools sowie Abteilungen der Application Security, Infrastructure Security, Cloud Security, Network Security und viele andere sorgen für zahlreiche Inseln im Meer der Security-Strategie. Sie alle müssen noch enger zusammenarbeiten und vom CISO koordiniert werden. Ein zentrales Risiko stellt die bereits beschriebene Polyglot-Supply Chain-Attacke dar, die diese Silos nahtlos durchbricht. Für CISOs gilt daher, ein abteilungs- und bereichsübergreifendes Monitoring einzuführen. Um die Gefahr nochmals zu verdeutlichen: Ein Angriff könnte bei einem JavaScript beginnen, sich über Build-Skripte fortsetzen und als Backdoor in der Cloud enden. Oftmals herrscht keine integrierte Sichtbarkeit, um all das nachzuvollziehen. Das JavaScript-Team sieht den Angriff nicht mehr, sobald er seinen Bereich verlässt, während das Cloud-Team der CI-Pipeline vertraut. CISOs müssen deshalb Systeme etablieren, die den gesamten Pfad über das Software Development zum Build bis zur Runtime hinweg überwachen. Abhilfe schaffen SBOMs, in denen die gesamte verwendete Software dokumentiert wird. Auf aktive Würmer vorbereiten und den Schutz von KI-Tools gewährleisten. Für die Absicherung von KI-gestützten Risiken, gilt es, das Highjacking von KI-Tools und deren Manipulation zu verhindern. Zahlreiche Softwareentwickler arbeiten mit diesen Werkzeugen, um ihre Software zu schreiben. Sicherheitsforscher beobachten bereits, dass Angreifer Pakete einsetzen, die KI-Tools halluzinieren lassen. Aktive Würmer sind die nächste Stufe von Bedrohungen. Die Security-Strategie sollte deshalb über den Schutz vor Tippfehlern hinausgehen. Gefährdungen wie Shai-Hulud verbreiten sich wurmähnlich und exponentiell. Manuelle Prozesse zur Überprüfung von Paketen reichen bei dieser Geschwindigkeit nicht mehr aus. Diese Art von Supply-Chain-Würmern verfügt darüber hinaus über einen „Dead Man Switch“, der das System des Opfers löscht, wenn eine Analyse detektiert wird. CISOs sollten sicherstellen, dass Protokolle also auch außerhalb des Entwicklerrechners abgesichert werden, um bei einer forensischen Untersuchung die Spuren des Angriffs zu bewahren. (jm) View the full article
CSOonline

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again andView the full article
Hacker News

Google Chrome 150 Will Be Last Version to Support macOS Monterey

Google has confirmed that its Chrome 150 browser update coming later this year will be the last version to support macOS Monterey. Going forward, Chrome 150 and later versions will no longer support macOS 12, which Apple released in October 2021.


In a platform status update, Google says that on Macs running Monterey, Chrome 150 will continue to work, but the browser will display a warning infobar and will not update any further. For new installations of Chrome 151+, macOS 13 or newer will be required.

Google has not announced an exact release date for Chrome 150. But based on the current stable channel being at version 143 and that Google typically releases major new Chrome versions roughly every four weeks, Chrome 150 is likely to be rolled out sometime around mid-2026.

To stay up-to-date with the latest browsing standards and to maintain online security, users on Monterey should update their macOS version, or choose another third-party browser like Firefox that is still receiving updates for their version of macOS.Tag: Google Chrome
This article, "Google Chrome 150 Will Be Last Version to Support macOS Monterey" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Apple Tops 2025 Smartphone Market With 20% Share, 10% Growth

Apple emerged as the global smartphone market leader in 2025, capturing a 20% market share with 10% year-over-year shipment growth – the highest among the top five brands, according to data released today by Counterpoint Research.


Global smartphone shipments grew 2% year-over-year in 2025, marking the second consecutive year of growth. Counterpoint said the market was driven by more consumers taking advantage of financing options to upgrade to premium devices, as well as increasing adoption of 5G devices in emerging markets.

Samsung ranked second behind Apple with a 19% market share and modest 5% shipment growth, while Xiaomi retained third place with 13% share.

"Apple's growth in 2025 was driven by its expanding presence and rising demand across emerging and mid-size markets, supported by a stronger product mix," said Counterpoint senior analyst Varun Mishra.

"The iPhone 17 series gained significant traction in Q4 following its successful launch, while the iPhone 16 continued to perform exceptionally well in Japan, India and Southeast Asia."

Apple's performance was said to have been amplified by the pandemic-era upgrade cycle reaching an inflection point, with millions of users due for device replacement. In Q4 2025, Apple accounted for one-quarter of global shipments, its highest-ever quarterly share, according to the report.

While U.S. tariff concerns prompted manufacturers to front-load shipments in the first half of the year, the impact actually proved milder than anticipated, and the effects on second-half volumes were limited.


However, Counterpoint's outlook for 2026 is more conservative. "The global smartphone market is set to soften in 2026 amid DRAM/NAND shortages and rising component costs, as chipmakers prioritize AI data centers over smartphones," said Counterpoint research director Tarun Pathak. The firm has subsequently revised its 2026 forecast downward by 3%, although Apple and Samsung are expected to remain resilient thanks to their stronger supply chain capabilities.Tag: Counterpoint
This article, "Apple Tops 2025 Smartphone Market With 20% Share, 10% Growth" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Malicious npm packages target the n8n automation platform in a supply chain attack

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes.
The deceptive packages, disguised as legitimate integrations like Google Ads connectors, lured developers into connecting OAuth and API keys, enabling attackers to extract sensitive tokens and credentials through a seemingly routine workflow execution.
According to Endor Labs, which discovered the campaign, the attack represents a new escalation in supply chain threats. “To our knowledge, the n8n workflow automation platform has not been targeted before by supply chain attacks,” said Henrik Plate, lead researcher at Endor Labs. “It shows that attackers keep on targeting new ecosystems to spread malicious packages, maybe due to tightening controls in other ecosystems like npm.”
Endor Labs warned in a blog post that enterprises used to monitoring build systems for supply-chain abuse may miss this class of attack entirely, as it targets automation platforms that already sit deep inside business workflows. The activity follows a max-severity n8n vulnerability disclosure (CVE-2026-21858), though researchers have not established any connection between the incidents.
How the attack unpacks
The attack begins with the publication of a malicious npm package to the public registry. These packages pose as community nodes, the extensions that n8n users can install to expand automation capabilities. Once installed, the malicious node behaves like any other integration, presenting configuration screens and collecting credentials required for typical workflow tasks.

Behind the scenes, however, it executes code that decrypts stored OAuth tokens and API keys from n8n’s credential store and exfiltrates them to remote command-and-control (C2) servers controlled by the attackers.
The approach succeeds because n8n treats all installed nodes as trusted code. There’s no pre-publication review on npm, and installed nodes run with full access to the workflow environment. This means the nodes can read decrypted credentials, make arbitrary network requests, and interact with the host system just as legitimate nodes do.
“According to security researchers at data security company Cyera, there were more than 100,000 n8n servers vulnerable to CVE-2026-21858,” Endor researchers said in the post. “We do not know how many of those install npm packages as community nodes in their environments. Still, this number shows that the n8n ecosystem is active and thriving.”
Tips for reducing risks
Workflow automation platforms like n8n are widely adopted for their capability to let teams link disparate systems without hand-coding every integration. But the community node ecosystem depends on npm packages and, therefore, inherits associated risks.
To mitigate exposure, Endor Labs researchers recommended measures such as preferring built-in integrations over community nodes, auditing package metadata and source code before installation, monitoring outbound network activity from automation hosts, and using isolated service accounts with limited privileges wherever possible. Endor Labs published a list of indicators of compromise (IOCs), including package names, C2 infrastructure, and malicious files, to support detection efforts. “Even though the malicious packages we know have been disabled in the last few hours, the attacks may continue and evolve going forward,” Plate noted.
View the full article
CSOonline

Apple Opposes India's Plan to Access iOS Source Code

Apple and other smartphone manufacturers are resisting an Indian government proposal that would require them to hand over source code for security review, reports Reuters.


The proposal is included in a package of 83 security standards that India is considering as legal requirements, as part of Prime Minister Narendra Modi's efforts to boost security of user data following increases in online fraud and data breaches in the country.

Beyond routine measures like notifying the government of major updates and storing security audit logs, the standards would force manufacturers to hand over source code to government-designated labs to check for vulnerabilities.

Apple, Google, Samsung, Xiaomi, and industry group MAIT have all reportedly objected, citing a lack of global precedent and concerns about revealing proprietary details.

The standards were originally drafted in 2023 but are only now under government consideration. Tech company executives are expected to meet Tuesday to discuss the matter.

IT secretary S. Krishnan told Reuters the government will address legitimate concerns "with an open mind," adding it was "premature to read more" into the proposals.

The country's IT ministry also said it "refutes the statement" that it is considering seeking source code from smartphone makers, despite the requirement appearing in the government documents reviewed by Reuters.

A ministry spokesperson told the news organization it could not comment further due to ongoing consultation with tech companies on the proposals.

Apple in December resisted an Indian government directive that would require all iPhones sold in the country to ship with a preinstalled state-run security app. The government ultimately decided not to make the pre-installation mandatory for manufacturers after protests from privacy advocates, political opposition, and industry pushback.Tag: India
This article, "Apple Opposes India's Plan to Access iOS Source Code" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
reporter

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.