Final Fantasy I-VI Collection Anniversary Edition has hit its lowest price yet, now available for $49.99 at Amazonits best deal to date, even beating Black Friday, according to our records, and even price-tracking site CamelCamelCamel.Final Fantasy I - VI Collection Anniversary EditionOriginally released on October 8 for Nintendo Switch and PlayStation 4 (fully compatible with PS5), this collection brings together the first six mainline Final Fantasy games in their carefully remastered form. Square Enix has opted for refinement rather than reinvention, keeping the original pixelated aesthetic intact but sharpening it for modern displays. The result is a collection that looks fantastic, whether on a massive TV or in handheld mode. The soundtrack has also received an orchestral upgrade, with legendary composer Nobuo Uematsu overseeing the new arrangements. On top of that, the package introduces a handful of thoughtful quality-of-life improvements, including the ability to disable random encounters and boost experience and gil gainsuseful for those who want to focus on the story without the grind.As a small but nostalgic extra, this edition includes a sticker sheet featuring 12 classic character sprites, including the Black Mage, a Moogle, Terra, Kain, and a mid-cackle Kefka. Its not the most extravagant of bonuses, but its a fun little touch for fans of the series.At its original $74.99 price, the collection was a tougher sell, but at $49.99, it's a much easier recommendation for anyone interested in the series origins. Whether youre revisiting these classics or playing them for the first time, this is a well-executed remaster of six of the most influential RPGs ever made. And with physical copies being the only collectible edition available, it might be worth picking up before they become harder to find, especially at this time.Why Should You Trust IGN's Deals Team?IGN's deals team has a combined 30+ years of experience finding the best discounts in gaming, tech, and just about every other category. We don't try to trick our readers into buying things they don't need at prices that aren't worth buying something at. Our ultimate goal is to surface the best possible deals from brands we trust and our editorial team has personal experience with. You can check out our deals standards here for more information on our process, or keep up with the latest deals we find on IGN's Deals account on Twitter.PlayRobert Anderson is a deals expert and Commerce Editor for IGN. You can follow him @robertliam21 on Twitter.

New Nintendo filings have got fans excited by the prospect of a new GameCube controller potentially to be used to play GameCube classics via the Nintendo Switch Online subscription service on Switch 2.As reported by Nintendo Life, a new FCC filing by Nintendo for a "game controller" matches up with the Switch 2, and the suggestion is its a wireless Bluetooth controller.The internet (Famiboards) subsequently investigated and believes one of the images in the filing shows a label location that matches the back of a GameCube controller where the label is positioned behind the C-Stick.Barebones image of the label location on the mystery controller.The label location overlayed on the back of a GameCube controller. Image credit: Pokemaniac / Famiboards.While this could end up being a Switch 2 Pro Controller, the current speculation points to its use with Nintendos Switch Online subscription service, which already uses wireless classic controllers for retro games.Thoughts now turn to a GameCube library of games on Nintendo Switch Online. Nintendo fans have long called for GameCube classics on Switch, but Nintendo has so far stuck to re-releasing NES, SNES, N64, Sega Genesis, and Game Boy games on its subscription service. Could GameCube finally return in a big way via Nintendo Switch 2?The Switch 2 was revealed earlier in January with a brief trailer that confirmed backwards compatibility features and the addition of a second USB-C port. Most details, such as its other games and what the the mysterious new Joy-Con button does, were left out, though the Joy-Con mouse theory did gain traction.Last month, a Nintendo patent suggested Switch 2s Joy-Con controllers could be attached upside down. It seems the Switch 2 operates with gyro mechanics in a similar way to how phones work without screen lock. Unlike the original Nintendo Switch, which had rails for the Joy-Cons to attach and lock into place, the new controllers feature magnets that presumably allow them to be attached on either side.While this won't make much of a difference on the hardware front, it will allow players to essentially choose where they'd like certain buttons, the headphone port, and so on. If it makes it into the final product, the flipping ability may spark interesting gameplay mechanics, too.Top 25 Nintendo Gamecube GamesAnalysts suggest the Switch 2 will cost $400, although some predict Nintendo could go up to $500. June has been mentioned as a potential release month.Theres still a great deal we dont know about the Switch 2, but Nintendo plans a Direct for April 2 during which it will reveal more on the console.While we wait to find out, Metroid Prime Remastered offers a wonderful dose of GameCube goodness on Nintendo Switch.Image credit: Evan-amos CC BY-SA 3.0Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Horror movie fans can handle a lot. Nice people, the elderly, even sometimes children can be subjected to all manner of terror without alienating the audience. But theres one line not even the most hardened Terrifier fanatic can handle. Animals are so sacrosanct, so off-limits, that complete websites have been created to protect viewers from seeing a furry friend come to a bad end.So director Ben Leonberg and his producer Kari Fischer clearly enjoy living dangerously with their new movie Good Boy, a horror film told completely from the perspective of their dog Indy. This is a horror movie, its definitely a horror movie. But for Indy, this is a love story, Leonberg assures us upon entering the Den of Geek Studio at SXSW. He loves his person. He would do anything to protect him and hes detecting that something is wrong. And once he realizes that there is this malevolent force, hes trying to protect his owner at any cost.Of course it helps with Indys performance that Leonberg and Fischer were on-set to stand in for the movies human stars, which include indie horror legend Larry Fessenden and essayist Arielle Friedman. After all, Leonberg and Fischer are a real-life couple, and Indy is their dog.I had had this idea for a horror movie told entirely from the perspective of a dog probably after watching Poltergeist, which begins with the Golden Retriever exploring the house and clearly aware that somethings going on before the humans are, explains Leonberg. But it was the arrival of Indy that finally made the movie happen.We got Indy, started writing the script, and thinking we should test out this concept. One of those proof of concept shorts won him an acting award and that kind of forced our hand, Leonberg laughs.Not that Leonberg and Fischer didnt realize they had a born movie star living with them. Indys always had a really intense thousand-yard star, Fischer says. Ben likes to say it often happens before mealtime, but quite often even when he was just a little puppy, he would just sit there kind of expectantly staring at us and around corners. Hes always kind of given us a little bit of uncertainty.Every dog or pet owner has wondered, Why is my dog barking at nothing or staring at nothing?' adds Leonberg. Its spooky, but thats what humans bred dogs to doto be our first line of defense against unseen predators. We allude to this in the movie that there are things that dogs can pick up on that even modern science cant detect. There are bombs sniffing dogs that do a better job than any computer. There are things dogs are equipped to do that even we cant fully understand or pick up on, even now.While the focus on Indy offers interesting storytelling possibilities, it also created challenges for the production. Getting the camera down on his level was a practical challenge just because the lowest conventionally available tripods, high hats, are actually still too high, admits Leonberg. So we had to get creative with getting the camera on Indys level. For much of the movie, you would have characters off-camera just by the way they were normally framed.That focus on animal heights aligns Good Boy with another movie with Steven Spielberg connections, ET: The Extra-Terrestial. Its about the world of children in ET, and in Good Boy, its about the world of the dog. Not that he doesnt have this like intimate relationship with the human, its just that we see Indy weaving through the humans legs and like interacting with their hands and feet. Its almost like Indy becomes a silent film actor.Unlike actual silent actors, however, Indy is a dog and has different motivations. The dog does not know hes in a movie and he never will know hes in a movie, Leonberg says. So working with an actor who doesnt agree on the reality of the premise that were making a film together is definitely challenging.He continues, But there are huge advantages to that. We had to build the production, which is both a limitation and an asset. We built the production around Indys schedule, around the things he already naturally does. Theres things that he does in the movie that you cant really train a dog to do, or at least I dont know how to train a dog to do. You cant train a dog to fall asleep on command. You just have to know the dogs everyday routine and schedule, and be ready with cameras rolling when he falls asleep and wakes up. But through careful editing and shot selection and the mix of objective and subjective shots, it all feels like its still from his subjectivity.Join our mailing listGet the best of Den of Geek delivered right to your inbox!That challenge also allows Leonberg and Fischer to create a more relatable horror movie because it draws the audience in. If you film that and then film an empty corner, the audiences imagination fills in the blanks and you create the meaning cinematically, observes Leonberg.I think horror works best when its relatable, Leonberg continues. I love Lassie, I love Air Bud, but it doesnt feel real, and thats part of the appeal of those films. But with Good Boy, making it real and relatable helps people recognize these quiet, personal, domestic moments with the dog. Hes not guided by abstract thought or things that a dog couldnt realistically doesides the obvious caveat of the supernatural.Then again, as much as Leonberg and Fischer insist that Indys an every day dog, he was bred for stardom. We named the dog Indiana, laughs Fischer, quoting Sean Connery in Indiana Jones and the Last Crusade. Maybe Good Boy isnt just a movie that doesnt put the dog in danger. Maybe Good Boy is the movie that allows Indy to be the star he was always to be.

The Siri crisis is showing no sign of ending, with a blistering attack by a high-profile commenter, and even senior Apple execs admitting that the delayed features are embarrassing.At this point, there isnt anything Apple can do to completely recover from the embarrassment, but a report on an internal Siri team meeting did seem to indicate a potential way to at least mitigate the damage The Siri crisisApplerecently had to admitthat plans for three new Siri features are going to take us longer than we thought with no real explanation, and no new delivery date. As we noted at the time, these are the very features which promise to make Siri truly intelligent:Personal context (understanding things like When is my moms flight landing?)On-screen awareness (being able to do things like Add this address to her contact card)In-app actions (for example, Make this photo pop, and add it to my Miami 2025 note)The company alsoquietly deleted an iPhone 16 adin which it promoted these features, and added new disclaimers to its website.Many criticized the company for advertising non-existent features, and even John Gruber who Apple used to make a statement had had enough.With Apple not even sure whether the promised features will launch in iOS 19, the issue isnt going to go away anytime soon.But there is a way to mitigate the damageThe biggest charge leveled at Apple was that it was behaving like some AI startup showing a concept video of features that dont currently exist.But Bloombergs report did suggest that this isnt quite the case.Walker said the decision to delay the features was made because of quality issues and that the company has found the technology only works properly up to two-thirds to 80% of the time which is to say it doesnt work every one out of three times. He said the group can make more progress to get those percentages up, so that users get something they can really count on.Now, its possible that the up to in that sentence is doing some heavy lifting. But giving a range of two-thirds to four-fifths does seem to suggest that it works the majority of the time.Please dont misunderstand me: that kind of hit-rate is absolutely not acceptable for a release product, or even for a public beta. But given that the public perception now is that these features dont have any reality beyond a concept video, I think there can only be upside to Apple demonstrating that they exist, however imperfectly.Heres what I think Apple should doInvite some members of the media to private demos of the new Siri features.Show honest, real-life demonstrations that illustrate what the features deliver on the 67%-80% of the occasions they work properly. Let the press see that the new Siri exists as something much more than a concept video.But also show what happens when it doesnt work, why it cant be released now, and share the work the company is doing to address these issues.I know Apple hates to show work-in-progress. It likes to maintain secrecy until its ready to show the final result, with the magic of the reveal. But for the new Siri, that ship has sailed. The company has already done the reveal. It was a mistake, perhaps one driven by either desperation or optimism, but whats done is done.Where we are right now is even normally-sympathetic voices expressing doubt and displeasure. At this point, there is only upside to showing that the new Siri is not a conceptual fiction, but a real-life feature which works the majority of the time, but isnt yet good enough for public release.With that move, Apple could regain the credibility it has currently lost.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple has been rumored to be working on new foldable devices, which will be a first for the Cupertino-based company. A new report by analyst Jeff Pu of GF Securities not only corroborates the launch of Apples first foldable in 2026, but suggests that it will help the company recover from lower iPhone sales in 2025.Latest rumors on Apples first foldable deviceIn a note to investors seen by 9to5Mac, Pu claims that the delay of the new Siri experience until 2026 has lowered market expectations for this year when it comes to iPhone sales. Thats because some customers may no longer see a reason to upgrade their phones this year after Apple promoted the iPhone 16 as the first iPhones really built for Apple Intelligence, but ended up not delivering the features on time.But what could save the company from weak demand for iPhones? According to the analyst, Apples first foldable device will play an important role in this. Corroborating reports from other analysts such as Ming-Chi Kuo, Pu says that the market will recover in 2026 regardless of Apple Intelligences capabilities, mainly driven by Apples two foldable devices.The analyst says that at least one of Apples new foldables is targeted to enter mass production in the second half of 2026, as Apple has already been working with suppliers on the design and development of the new products (a process known as NPI). According to Pu, the foldable remains on track to enter the P1 stage next month. For those unfamiliar, this is an early stage of prototyping at Apple.Earlier this month, Ming-Chi Kuo reported that the first foldable iPhone coming in 2026 might cost more than $2,000. The device will be sold as an even more premium version of the iPhone, with a 7.8-inch main screen and a 5.5-inch external display. The device will look like an iPad mini when unfolded.Apple is also working on a foldable device with an 18-inch screen, which could end up becoming a new Mac or iPad. The company aims to create foldable devices with an invisible crease.Are you excited to see Apples first foldable devices? Let us know in the comments section below.Gadgets I recommend:Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories becoming a playground for credential theft and hidden backdoors.But it's not all bad newslaw enforcement is tightening its grip on cybercriminal networks, with key ransomware figures facing extradition and the security community making strides in uncovering and dismantling active threats. Ethical hackers continue to expose critical flaws, and new decryptors offer a fighting chance against ransomware operators.In this week's recap, we dive into the latest attack techniques, emerging vulnerabilities, and defensive strategies to keep you ahead of the curve. Stay informed, stay secure. Threat of the WeekUNC3886 Targets End-of-Life Juniper Networks MX Series Routers UNC3886, a China-nexus hacking group previously known for breaching edge devices and virtualization technologies, targeted end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy six distinct TinyShell-based backdoors. Less than 10 organizations have been targeted as part of the campaign. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device," Mandiant said. Further analysis by Juniper Networks has revealed that at least one security vulnerability (CVE-2025-21590) contributed to a successful attack that allowed the threat actors to bypass security protections and execute malicious code.Get the guide Top NewsStorm-1865 Uses ClickFix for Financial Fraud and Theft A threat actor known as Storm-1865 has been observed leveraging the increasingly popular ClickFix strategy as part of a phishing campaign that uses Booking.com lures to direct users to credential-stealing malware. The campaign, ongoing since December 2024, casts a wide geographical net, spanning North America, Oceania, South and Southeast Asia, and Northern, Southern, Eastern, and Western Europe.North Korea Targets Korean and English-Speaking Users with KoSpy The North Korea-linked ScarCruft actor uploaded bogus Android apps to the Google Play Store by passing them off as seemingly innocuous utility apps that, when installed, unleashed a malware called KoSpy. It harbors features to collect SMS messages, call logs, location, files, audio, and screenshots via dynamically loaded plugins. The apps have since been removed from the app marketplace. The exact scale of the campaign remains unclear, although the earliest versions of the malware have been found as far back as March 2022.SideWinder Goes After Maritime and Logistics Companies The advanced persistent threat (APT) group dubbed SideWinder has been linked to attacks targeting maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa using a modular post-exploitation toolkit called StealerBot to capture a wide range of sensitive information from compromised hosts. The attacks spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam.LockBit Developer Extradited to the U.S. to Face Charges Rostislav Panev, a 51-year-old dual Russian and Israeli national, was extradited to the U.S. from Israel to face charges related to his alleged involvement as a developer of the LockBit ransomware group from 2019 to February 2024. He was arrested in August 2024, a few months after the operation's online infrastructure was seized in a law enforcement exercise. Panev is said to have earned approximately $230,000 between June 2022 and February 2024.Malicious PyPI Packages Conduct Credential Theft A collection of 20 packages uncovered on the Python Package Index (PyPI) repository masqueraded as time- and cloud-related utilities but contained hidden functionality to steal sensitive data such as cloud access tokens. The packages were collectively downloaded over 14,100 times before they were removed from the PyPI repository. Three of these packages, acloud-client, enumer-iam, and tcloud-python-test, has been listed as dependencies of a relatively popular GitHub project named accesskey_tools that has been forked 42 times and starred 519 times. Trending CVEsAttackers love software vulnerabilitiesthey're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.This week's list includes CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993, CVE-2025-26633 (Microsoft Windows), CVE-2025-24201 (Apple iOS, iPadOS, macOS Sequoia, Safari, and VisionOS), CVE-2025-25291, CVE-2025-25292 (ruby-saml), CVE-2025-27363 (FreeType), CVE-2024-12297 (Moxa PT switches), CVE-2025-27816 (Arctera InfoScale product), CVE-2025-24813 (Apache Tomcat), CVE-2025-27636 (Apache Camel), CVE-2025-27017 (Apache NiFi), CVE-2024-56336 (Siemens SINAMICS S200), CVE-2024-13871, CVE-2024-13872 (Bitdefender BOX v1), CVE-2025-20115 (Cisco IOS XR), CVE-2025-27593 (SICK DL100-2xxxxxxx), CVE-2025-27407 (graphql), CVE-2024-54085 (AMI), CVE-2025-27509 (Fleet), and CVE-2024-57040 (TP-Link TL-WR845N router). Around the Cyber WorldGoogle Pays $11.8 Million in 2024 Bug Bounty Program Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security issues through the company's Vulnerability Reward Program (VRP) in 2024. It also said it awarded more than $3.3 million to researchers who uncovered critical vulnerabilities within Android and Google mobile applications. Last but not least, the company said it received 185 bug reports related to its Artificial intelligence (AI) products, netting researchers over $140,000 in rewards.Security Flaws in ICONICS Suite Disclosed Five high-severity security flaws have been disclosed in a Supervisory Control and Data Acquisition (SCADA) system named ICONICS Suite CVE-2024-1182, CVE-2024-7587, CVE-2024-8299, CVE-2024-9852, and CVE-2024-8300 that allows an authenticated attacker to execute arbitrary code, elevate privileges, and manipulate critical files. In a real world attack aimed at industrial systems, an adversary who has already gained access to the targeted organization's systems could leverage the SCADA vulnerabilities to cause disruption and in some cases to take full control of a system. "In combination, these vulnerabilities pose a risk to the confidentiality, integrity and availability of a system," Palo Alto Networks Unit 42 said.Threat Actors Intensify Abuse of Remote Access Tools Threat actors like TA583, TA2725, and UAC-0050 are increasingly using legitimate remote monitoring and management (RMM) tools such as ScreenConnect, Fleetdeck, Atera, and Bluetrait as a first-stage payload in email campaigns. They can be used for data collection, financial theft, lateral movement, and to install follow-on malware including ransomware. The development coincides with a decrease in prominent loaders and botnets typically used by initial access brokers. "It's fairly easy for threat actors to create and distribute attacker-owned remote monitoring tools, and because they are often used as legitimate pieces of software, end users might be less suspicious of installing RMMs than other remote access trojans," Proofpoint said. "Additionally, such tooling may evade anti-virus or network detection because the installers are often signed, legitimate payloads distributed maliciously."Decryptor for Linux Variant of Akira Ransomware Released A decryptor has been released for the Linux/ESXI variant of Akira ransomware released in 2024 by utilizing GPU power to retrieve the decryption key and unlock files for free. It has been made available by researcher Yohanes Nugroho on GitHub.Volt Typhoon Hackers Dwelled in a U.S. Electric Company for Over 300 Days Chinese hackers linked to the Volt Typhoon (aka Voltzite) campaign spent nearly one year inside the systems of a major utility company in Littleton, Massachusetts. According to a case study published by Dragos, Littleton Electric Light and Water Departments (LELWD) discovered its systems were breached before Thanksgiving in 2023. A subsequent investigation found evidence of lateral movement by the hackers and data exfiltration, but ultimately revealed that the "compromised information did not include any customer-sensitive data, and the utility was able to change their network architecture to remove any advantages for the adversary." The attackers are said to have gained access via a buggy Fortinet 300D firewall associated with a managed service provider (MSP). Dragos added: "The significance of the discovery of this attack is that it highlights that the adversary not only aimed to maintain persistent access to the victim's environment for a long tenure, but also were aiming to exfiltrate specific data related to OT operating procedures and spatial layout data relating to energy grid operations." The existence of Volt Typhoon came to light in May 2023. While China has denied any involvement in the Volt Typhoon attacks, U.S. government agencies have said the threat actors are "seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."Lazarus Group Drops LazarLoader Malware The North Korea-linked Lazarus Group, which was most recently implicated in the record-breaking $1.5 billion cryptocurrency theft from Bybit, has been observed targeting South Korean web servers to install web shells and a downloader malware dubbed LazarLoader, which then is responsible for fetching an unspecified backdoor.YouTube Becomes Conduit for DCRat A new wave of cyber attacks utilizing the Dark Crystal RAT (DCRat) backdoor has been targeting users since early 2025 through YouTube distribution channels. The attacks involve cybercriminals creating or compromising YouTube accounts to upload videos advertising gaming cheats, cracks, and bots that appeal to gamers looking for such tools, tricking them into clicking on booby-trapped links embedded in the video descriptions. "Besides backdoor capability, the trojan can load extra modules to boost its functionality," Kaspersky said. "Throughout the backdoor's existence [since 2018], we have obtained and analyzed 34 different plugins, the most dangerous functions of which are keystroke logging, webcam access, file grabbing and password exfiltration." Telemetry data gathered by the Russian cybersecurity company shows that a majority of the DCRat samples were downloaded to the devices of users in Russia, and to a lesser extent among users from Belarus, Kazakhstan, and China.New Social Engineering Campaigns Aimed at Microsoft 356 Account Takeover Proofpoint is warning of two ongoing, highly targeted campaigns that combine OAuth redirection mechanisms with brand impersonation techniques, malware proliferation, and Microsoft 365-themed credential phishing to facilitate account takeover (ATO) attacks. It said it discovered three malicious OAuth apps, disguised as Adobe Drive, Adobe Acrobat, and Docusign, which are used to redirect users to web pages hosting phishing and malware delivery threats. "To avoid detection solutions, the observed apps were assigned limited scopes (such as profile, email, openid," it said.Wi-Fi Jamming Technique Enables Precision DoS Attack New research has demonstrated a sophisticated Wi-Fi jamming technique that's capable of disabling individual devices with millimeter-level precision by leveraging Reconfigurable Intelligent Surface (RIS) technology. "In particular, we propose a novel approach that allows for environment-adaptive spatial control of wireless jamming signals, granting a new degree of freedom to perform jamming attacks," a group of academics from Ruhr University Bochum and Max Planck Institute for Security and Privacy said. "Using RIS-based environment-adaptive wireless channel control, allowing to maximize and minimize wireless signals on specific locations [27], the attacker gains spatial control over their wireless jamming signals. This opens the door to precise jamming signal delivery towards a target device, disrupting any legitimate signal reception, while leaving other, non-target devices, untouched."Hash DoS Flaw in QUIC Implementations Multiple Quick UDP Internet Connections (QUIC) protocol implementations have been found susceptible to a hash denial-of-service (DoS) attack. "By exploiting this vulnerability, an attacker is able to significantly slow down vulnerable servers," NCC Group said. "This vulnerability allows attackers to stall the server by forcing it to spend the majority of its computing power inserting and looking up colliding connection IDs."Exposed Jupyter Notebooks Become Cryptominer Targets A new evasive campaign is targeting misconfigured Jupyter Notebooks installed on both Windows and Linus systems to deliver a cryptocurrency miner. The payloads take the form of MSI installers and ELF binaries that are designed to drop the miner that singles out Monero, Sumokoin, ArQma, Graft, Ravencoin, Wownero, Zephyr, Townforge, and YadaCoin. Cado Security, which detected the activity against its honeypot network, said it also observed a parallel campaign targeting servers running PHP to distribute the same miner. Furthermore, some of the intermediate artifacts used in the campaign have been observed in prior attacks targeting South Korean web servers as well as Ivanti Connect Secure (ICS) instances vulnerable to CVE-2023-46805 and CVE-2024-21887.ESP32 Chip Backdoor Claims Disputed Espressif, the manufacturer of ESP32, a low-cost, low-power microcontroller with integrated Wi-Fi and dual-mode Bluetooth capabilities, has pushed back against claims of a backdoor in its products. Researchers at Tarlogic initially said they had found a "backdoor" in ESP32 that could "allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks, or medical equipment by bypassing code audit controls." The research has since been updated to make it clear that it's more of a "hidden functionality that can be used as a backdoor." It also said that the commands could facilitate supply chain attacks or other stealthy compromises. In response to the disclosure, Espressif pointed out that the 29 undocumented commands in question are not accessible remotely, but noted it will provide a software fix to remove them from the code. "The functionality found are debug commands included for testing purposes," it added. "These debug commands are part of Espressif's implementation of the HCI (Host Controller Interface) protocol used in Bluetooth technology. This protocol is used internally in a product to communicate between Bluetooth layers." ESP32-C, ESP32-S and ESP32-H series chips are not impacted by the issue, which is now tracked as CVE-2025-27840 (CVSS score: 6.8).Switzerland Makes it Mandatory to Disclose Critical Infra Attacks The National Cyber Security Centre (NCSC) of Switzerland has announced that critical infrastructure organizations will be required to report cyberattacks to the NCSC within 24 hours of discovery starting April 1, 2025. "Examples of when a cyberattack must be reported include when it threatens the functioning of critical infrastructure, has resulted in the manipulation or leakage of information, or involves blackmail, threats or coercion," the NCSC said. "Critical infrastructure operators who fail to report a cyberattack may be fined."Bugs in Microsoft's Time Travel Debugging (TTD) Framework Google-owned Mandiant has detailed its security analysis of the Time Travel Debugging (TTD) framework, a record-and-replay debugging tool for Windows user-mode applications. Given that TTD leans on CPU instruction emulation to reproduce issues, "subtle inaccuracies" in the process could have serious consequences, potentially allowing critical security flaws to slip undetected. Even worse, it could be deliberately abused by attackers to bypass analysis. The four identified issues have been addressed in TTD version 1.11.410. "The observed discrepancies, while subtle, underscore a broader security concern: even minor deviations in emulation behavior can misrepresent the true execution of code, potentially masking vulnerabilities or misleading forensic investigations," Mandiant said.NIST Chooses HQC as Fifth Post-Quantum Crypto Algorithm The U.S. National Institute of Standards and Technology (NIST) has selected HQC (short for Hamming Quasi-Cyclic) as backup algorithm as a "second line of defense" against the threat posed by a future quantum computer. "The new algorithm, called HQC, will serve as a backup defense in case quantum computers are someday able to crack ML-KEM," NIST said. "Both these algorithms are designed to protect stored information as well as data that travels across public networks." According to Dustin Moody, who heads NIST's Post-Quantum Cryptography project, HQC is not intended to replace ML-KEM.Going from BYOVD to BYOTB to BYOVE Bring Your Own Vulnerable Driver (BYOVD) is a known attack technique that involves a threat actor using a legitimate but vulnerable driver -- that's either already pre-installed on the host or introduced to a target environment -- with the goal of gaining elevated privileges and perform malicious actions, such as disabling security software. This approach has been adopted by various threat actors such as BlackByte, Kasseika, RansomHub (Water Bakunawa), and Lazarus Group. But new research published in recent weeks has shown that the technique can be exploited in conjunction with symbolic links (aka symlinks) to exploit a broader set of drivers. "With the new attack method that combines the file writing functionality of drivers and Windows Symbolic Links, attackers are relieved from the restriction of needing to find vulnerable drivers that are not yet on the blocklist to exploit," Zero Salarium researcher Nicky Thompson said. "Instead, they only need to identify any driver that has file writing capabilities, such as logging, tracing, etc. Merging with the abuse of symbolic links, BYOVD technique will evolve to a new level." The approach can be further extended to what's called a Bring Your Own Trusted Binary (BYOTB), which involves using legitimate binaries (e.g., cloudflared) in an adversarial manner, and Bring Your Own Vulnerable Enclave (BYOVE), which makes use of vulnerable versions of legitimate enclaves to run malicious code without attracting attention -- a memory evasion technique codenamed Mirage. While enclave modules have to be signed with a Microsoft-issued certificate to load, a threat actor could rely on an operating system flaw (CVE-2024-49706) to load an unsigned module into an enclave, obtain access to a Trusted Signing entity and sign their own enclaves, or even abuse debuggable and vulnerable enclaves (e.g., CVE-2023-36880) to read and write arbitrary data inside the enclave. "This could be useful in many scenarios by storing payloads out of the reach of EDRs, sealing encryption keys hidden away from analysts, or keeping sensitive malware configuration out of memory dumps," Akamai researcher Ori David said. Another technique to blind security solutions involves a new path masquerading approach that employs "whitespace" characters in Unicode to spoof the execution path of any program to resemble that of an antivirus. Cybersecurity WebinarsLearn How to Eliminate Identity-Based Threats Despite massive security investments, identity-based attacks like phishing and MFA bypass continue to thrive. Traditional methods accept breaches as inevitablebut what if you could eliminate these threats altogether? Join this webinar to discover secure-by-design access solutions featuring phishing resistance, device compliance, and adaptive authenticationshifting your strategy from breach response to proactive prevention.Discover AI-Driven Threats and Zero Trust Defense Before It's Too Late Artificial Intelligence (AI) is reshaping cybersecurity, amplifying threats, and outsmarting traditional defenses. Join Diana Shtil from Zscaler to learn practical, proactive strategiesincluding Zero Trustto protect your organization against evolving AI-driven attacks.Your AI is Outpacing Your Security: Here's How to Keep Up Hidden AI tools are quietly spreading across your environment, bypassing security controls until they become a real threat. Join Dvir Sasson, Director of Security Research at Reco, to uncover stealthy AI risks in your SaaS apps, real-world AI attack scenarios, and practical strategies to detect and respond effectively. Reserve your spot now to stay ahead of AI threats. Cybersecurity ToolsCVE Prioritizer An advanced vulnerability assessment tool designed to streamline your patch management by intelligently combining CVSS scores, EPSS predictive insights, CISA's Known Exploited Vulnerabilities (KEV), and VulnCheck's enriched community data (NVD++, KEV). Traditional CVSS scores reflect vulnerability severity, but adding EPSS helps pinpoint those most likely to be actively exploited. By integrating CISA KEV, the tool emphasizes vulnerabilities currently leveraged in real-world attacks. This combined approach categorizes CVEs into clear priority levels, enabling security teams to efficiently allocate resources, effectively manage risk, and strategically remediate the vulnerabilities that truly matter most.Fleet An open-source security and IT platform helping teams at companies like Fastly and Gusto manage thousands of devices easily. It simplifies vulnerability tracking, device health monitoring, security policies, and license management across macOS, Windows, Linux, cloud platforms, and IoT. Fleet is modular, and lightweight, integrates smoothly with popular tools, and offers a free, flexible solution tailored to your needs.ZeroProbe A specialized enumeration and exploit-development toolkit for security researchers, penetration testers, and red teamers. It provides precise detection of kernel exploits, DLL hijacking, privilege escalation opportunities, weak file permissions, and suspicious memory regions. Leveraging direct syscall execution, memory analysis, and syscall hooking detection, ZeroProbe enables stealthy, forensic-friendly security assessments on Windows 10, 11, and Server 2019, compatible across PowerShell versions. Tip of the WeekDetecting Threat Actors Early with Sysmon and Event ID 4688 Attackers rely heavily on running unusual or malicious processessuch as encoded PowerShell commands, uncommon scripts, or tools like certutil.exe or rundll32.exeto escalate privileges and evade detection. Deploying Microsoft Sysmon combined with built-in Windows Event ID 4688 (Process Creation) auditing helps capture these actions early, significantly reducing the risk of compromise. Sysmon provides detailed logs on process activities, file creation, and network connections, enabling defenders to spot anomalies quickly.For practical implementation, install Sysmon with a trusted, community-driven configuration (like SwiftOnSecurity's config), and enable Windows process auditing through group policies or the command line. Then, automate detection and alerting using free SIEM solutions like Elastic Stack (ELK) or Graylog, easily integrating Sysmon and Windows logs for real-time visibility and rapid threat response.ConclusionCyber threats aren't just evolvingthey're adapting to security controls, exploiting human behavior, and weaponizing legitimate technologies. This week's developments highlight a critical reality: outdated infrastructure isn't just a liability, it's an invitation. Trusting signed software blindly? That's a risk. Assuming major platforms are inherently secure? That's an oversight.Threat actors are shifting tactics faster than many defenses can keep up. They're embedding malware in everyday tools, leveraging phishing beyond mere credential theft, and manipulating vulnerabilities that most organizations overlook. The lesson? Security isn't about reacting to the breachit's about anticipating the next move.As defenders, our edge isn't just in patching vulnerabilities but in understanding the mindset of attackers. Every breach, every exploit, and every overlooked detail is a signal: the threat landscape doesn't wait, and neither should our response. Stay proactive, stay skeptical, and stay ahead.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings."In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and researchers alike," notes Brandon.To address cloud ransomware, SANS recommends organizations to:Understand the power and limitations of cloud security controls: Using the cloud does not automatically make your data safe. "The first cloud services most people use are file backup solutions like OneDrive, Dropbox, iCloud, and others," explains Brandon. "While these services usually have file recovery capabilities enabled by default, this is not the case for Amazon S3, Azure Storage, or Google Cloud Storage. It is critical for security professionals to understand how these services work and not assume that the cloud will save them."Block unsupported cloud encryption methods: AWS S3 SSE-C, AWS KMS external key material, and similar encryption techniques can be abused because the attacker has full control over the keys. Organizations can use Identity and Access Management (IAM) policies to mandate the encryption method used by S3, such as SSE-KMS using key material hosted in AWS.Enable backups, object versioning, and object locking: These are some of the integrity and availability controls for cloud storage. None of them are enabled by default for any of the Big 3 cloud providers. If used properly, they can increase the chances that an organization can recover its data after a ransomware attack.Balance security and cost with data lifecycle policies: These security features cost money. "The cloud providers are not going to host your data versions or backups for free. At the same time, your organization is not going to give you a blank check for data security," says Brandon. Each of the Big 3 cloud providers allows customers to define a lifecycle policy. These policies allow organizations to automatically delete objects, versions, and backups when they are no longer considered necessary. Be aware, however, that attackers can leverage lifecycle policies as well. They were used in the previously mentioned attack campaign to urge the target to pay the ransom quickly.To learn more, watch Brandon's webcast, "The Cloud Won't Save You from Ransomware: Here's What Will", by visiting https://www.sans.org/webcasts/cloud-wont-save-you-from-ransomware-heres-what-will/ Interested in additional tactics for mitigating attacks in the Big 3 cloud providers? Check out Brandon's course, SEC510: Cloud Security Controls and Mitigations at SANS 2025 in Orlando or Live Online this April. This course is also available with Brandon later in the year in Baltimore, MD in June or Washington, DC in July. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Is putting a data center under the ocean or in orbit just a novelty or a future-forward idea?

Shane Snider, Senior Writer, InformationWeekMarch 17, 20254 Min ReadInset profile photo of Red Hat CIO Marco Bill provided by company.imageBROKER.com / Alamy Stock Just one month into his new role as chief information officer, Red Hats Marco Bill is already helping the company reach for the stars -- literally. From a unique space collaboration, to helping businesses navigate their AI ambitions, to rolling with quickly emerging technologies, Bill is forging ahead in his new role.The Raleigh N.C.-based open-source software giant recently announced a new collaboration with Axiom Space to run a data center on the International Space Station. The mission will launch this spring and Red Hats Device Edge will power Data Center Unit-1, enabling hybrid cloud applications and cloud-native workloads -- in outer space.Axiom says the effort will allow data center customers to have access to satellite data closer to the source, making transmission quicker and more efficient. Bill says the collaboration was an opportunity for Red Hat to innovate in a new space.It was a mutual interest, Bill says of the space project. We dont really have a space mission at Red Hat, but its obviously a use case that fits very well with us and what we do. Its very intriguing. For us at Red Hat, its good to be exposed to these new environments. We always learn and we can improve our products.Axiom says its Orbital Space Center (OBC) will have tangible benefits, including reducing delays by utilizing cloud storage and edge processing infrastructure, allowing for faster and more secure connections in orbit. Reducing latency in space will allow quicker access to orbital data sources for terrestrial users, the company says.Related:(Editors Note: Be sure to check out this weeks DOS Wont Hunt Podcast, which features a panel discussion about data centers in exotic locations, including space).Earthly AI AmbitionsBack on Earth, Red Hat is facing more terrestrial issues, like the sudden AI arms race sparked by booming enterprise interest in generative AI (GenAI). Like any company, Red Hat is balancing increasing AI infrastructure costs.The development of AI is definitely our big mission, Bill says. We want to be a leader there and thats where the budget goes from a company perspective. I have to provide infrastructure there -- the data is important as well, so Ive got to follow that. I have to provide an environment with the right GPUs, right?CIOs struggling to balance budgets with priorities can learn from Red Hats process, Bill says. I do spend quite a bit of money on the whole transformation of data, because thats where we were lagging. So, we cleaned this up over the last two years And then theres not much budget left, right? So, you really have to work with the business and identify the priorities.Related:CIOs need to place a high priority on AI, Bill says. The biggest advice I would give to other CIOs is not to ignore AI or to find excuses why AI doesnt work in their environment. Dont ignore this. [AI] is bigger than the internet when it came around and companies who ignored the internet arent around anymore. Dont find excuses, really double down and find ways to experiment. Finding that right use case is important, but this is not hype.Securing Open SourceMany IT leaders may struggle with the option of open-source solutions as they struggle with increasing cybersecurity threats. They may see open-source software as a risky proposition, despite benefits in cost and innovation. Bill says CIOs can take advantage of the open-source value proposition and maintain a strong security stance.We have a whole cyber team engaged globally 24/7 and theyre engaged in the communities, he says. When you have a good team of people, you can mix open source. In our culture, if you have a lot of open-source engineers, they want to have some freedom. I cannot give them a Windows laptop and lock it down -- youve got to give them environments they can actually work with in the open-source community. But you still need to control it. Thats one of the biggest challenges.Related:Red Hat and the Future of TechFor Bill, the next several years of tech will bring more diversity in cloud infrastructure and placement. You will have some applications running on the ground, you will have some in the public cloud, and youll have data centers in space. Youll have to be on different footprints, and that can be for geopolitical reasons or because of cost. So being on a hybrid-cloud infrastructure is really important.And that infrastructure will usher in a new era of AI, where companies can begin reaping benefits and seeing a return on investment.There is so much we can do with AI, Bill says. With Red Hat, our infrastructure is important. Linux is still important to us. Thats our foundation with open source and having the Kubernetes platform. How do those work together? How do they work on a hybrid cloud and enable AI? There will be a lot of evolution with the large language models thats the future that we see.About the AuthorShane SniderSenior Writer, InformationWeekShane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.See more from Shane SniderWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

About PulseWere on a mission to break the health data oligarchy by empowering humanity to take control of their health data. Pulse turns vitals into value by aggregating health data and allowing users to share it with third parties in return for rewards. Were building a DePin network powered by our native wearable device The Pulse One.Our team is venture-backed by leading investors such as Collab+Currency, Lemniscap, Delphi Ventures, and Lattice Fund.Check out our mission at Pulse Website and follow us on Twitter.About the RoleWere looking for a Backend Developer to take ownership of the foundational systems powering The Pulse Hub, Pulse Mobile App, and real-time data integrations with our Pulse One wearable. This role is crucial in ensuring seamless, real-time data flows from hardware devices to users devices and the Pulse database while maintaining high scalability and security.In addition, youll design and maintain our data lake to centralize data from multiple sources, including Shopify, analytics platforms, and real-time health metrics, enabling actionable insights and supporting our data-driven decision-making processes.This is a unique opportunity to build infrastructure that underpins an entire ecosystem, making a tangible impact on how users take control of their health data. Our tech stack: Node/Typescript/PostgreSQLWhat Youll DoAs a Backend Developer at Pulse, you will:Take the lead in architecting, building and scaling the Pulse Hub web portal and mobile app, ensuring seamless functionality for tracking health metrics, rewards, and user engagement.Build robust systems to process, store, and analyze high-volume health and fitness data, ensuring data integrity and low latency.Build and maintain a centralized data lake to aggregate and unify data from multiple sources, including user actions via Mixpanel, Shopify, Google Analytics, and Stripe, enabling cross-functional insights.Collaborate with the mobile and frontend teams to provide seamless user experiences powered by your APIs.Write clean, maintainable code and implement rigorous testing to deliver a robust, scalable platform.Youll have the autonomy to select your own tools and libraries helping build the foundations of our data infrastructure.What Were Looking For5+ years of backend development experience, including building real-time, scalable systems for consumer applications.Deep understanding of real-time data processing, streaming, and synchronization between devices and cloud databases.Proven ability to write scalable, maintainable, and well-documented code.Knowledge of Bluetooth data protocols, IoT integrations, or similar device data pipelines is highly desirable.Proactive problem-solving and the ability to thrive in a fast-paced startup environment.A passion for health, fitness, or wellness technologies is a plus.What We OfferGenerous salary and a competitive equity packagebe part of our journey and share in our success.Flexible, fully remote work environment, allowing you to work from anywhere.An opportunity to make a meaningful impact at an early-stage company poised to transform health tech.A culture that values creativity, ownership, and continuous learning.Why Join Pulse? Work with a high-energy team shaping the future of wearable tech Global reach with an opportunity to impact audiences in NA & Europe A fast-paced, creative, and collaborative environmentApply NowLet's start your dream job Apply now