High Yield SavingsLast night, Apple lowered the interest rate of the Apple Card Savings Account to a new 3.75% APY. While this is down from its highest point at 4.5% APY, Apples rate still holds quite strong to the rest of the banking industry.Apple begun offering the Apple Card Savings Account in April 2023, in partnership with Goldman Sachs. It offered an industry-leading 4.15% APY at the time, and has received a number of adjustments since.Heres how Apples savings account rate compares to the rest of the industry, as of March 26th, 2025:BankInterest RateAlly3.70% APYAmerican Express3.70% APYCapital One3.70% APYDiscover3.70% APYMarcus by Goldman Sachs3.75% APYApple Card Savings3.75% APYSoFi Savings3.80% APYWealthfront4.00% APYRobinhood4.00% APYBarclays Tiered Savings4.15%-4.40% APYOf course, any of these rates will be far higher than what big banks tend to offer. Banks such as Chase, Bank of America, and Wells Fargo all offer interest rates below 0.03% APY.Apples savings account is exclusively available for Apple Card holders. You can learn more about Apple Card and its varying perks here.Are you an Apple Card user? What do you think about Apples savings account offering? Let us know in the comments.My favorite Apple accessories on Amazon:Follow Michael:X/Twitter,Bluesky,InstagramAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"The vision is space superiority."Orbital CarrierSpace startup Gravitics has been awarded a $60 million contract by the US Space Force to develop an "orbital carrier" that can deploy satellites from orbit.As Ars Technica reports, such a spacecraft could give the military a much faster way to respond to threats to national security in orbit compared to sending a satellite on a rocket into space.While many questions remain about what exactly this carrier could be capable of unsurprising, considering the sensitive nature of the plans it's yet another sign that the US military is looking to beef up its presence in orbit, highlighting a brewing "space arms race."Space SuperiorityGravitics officials told Ars that the carrier will provide unpressurized space to house one or more satellites, which can be deployed at will in orbit. The goal is to isolate them from the hostile space environment, sparing their batteries and other sensitive electronics.The carrier could also help hide the satellites from adversaries."The Orbital Carrier is a game-changer, acting as a pre-positioned launch pad in space," said CEO Colin Doughan in a statement. "It bypasses traditional launch constraints, enabling space vehicle operators to rapidly select a deployment orbit on-demand."Other than developing an orbital carrier, Gravitics has already started working with space startup Axiom Space on a pressurized space module.Given the latest development, the company is now looking to expand into the national defense sector as well."The vision is space superiority," Doughan told Ars. "We think that vision is very compatible with both a Department of Defense product line as well as a commercial one."More on satellites: Astronauts Release Wooden Satellite From Space StationShare This Article

Defense secretary Pete Hegseth appears to have lied when he said that "nobody was texting war plans."In a stunning piece for The Atlantic on Monday, the magazine's editor-in-chief Jeffrey Goldberg revealed that he had accidentally been added to a Signal group chat between key national security personnel including Hegseth,vice president JD Vance, and national security advisor Mark Waltz as they discussed an upcoming offensive in Yemen.Not only was the use of Signal a reckless departure from the norms designed to stop highly sensitive information from landing in the wrong hands,butnobody noticed that a prominent journalist had been added to the chat, itself a farcical error.In response, the White House attempted to argue that "no classified material" was shared in the chat but Goldberg has now called their bluff.Even Trump has said that "it wasn't classified information," but later argued that Waltz had "learned a lesson," seemingly contradicting himself.Regardless, in a follow-up piece published this morning, Goldberg revealed new details about what was shared in the chat, including astonishingly specific information about a mission involving an F-18 fighter jet in Yemen."1345: Trigger Based F-18 1st Strike Window Starts (Target Terrorist is @ his Known Location so SHOULD BE ON TIME also, Strike Drones Launch (MQ-9s)," the text read, as quoted by Goldberg."Weather is FAVORABLE. Just CONFIRMED w/CENTCOM we are a GO for mission launch," Hegseth reportedly wrote."We are currently clean on OPSEC," he added later. "Godspeed to our Warriors.""The first target their top missile guy we had positive ID of him walking into his girlfriends building and its now collapsed," Waltz wrote in the chat."Excellent," Vance replied.As The Atlantic reports, the Yemeni health ministry later reported that 53 people were killed in the strikes, though that number has yet to be independently verified.In short, the consequences for American pilots "could have been catastrophic," Goldberg argued, if the information "had been received by someone hostile to American interests or someone merely indiscreet, and with access to social media."Besides, in what world would such information be considered "unclassified" and safe to share on insecure messaging channels?There's also a very good chance Hegseth lied to reporters after claiming that the chat titled "Houthi PC small group" didn't include explicit war plans an enormous breach in national security.The White House also seems confused about whether it's saying the information was classified or not classified. Press Secretary Karoline Leavitt told The Atlantic in a statement that the White House does "object to the release" of the conversation despite stating that "no classified information" was transmitted."As a general rule, we do not publish information about military operations if that information could possibly jeopardize the lives of US personnel," Goldberg wrote in his piece today. "That is why we chose to characterize the nature of the information being shared, not specific details about the attacks."However, "there is a clear public interest in disclosing the sort of information that Trump advisers included in nonsecure communications channels, especially because senior administration figures are attempting to downplay the significance of the messages that were shared," he added.National security officials have yet to respond to The Atlantic's request for comment.More on the incident: Pentagon Issued Warning About Signal Messaging One Week Before Its Head Was Caught Using ItShare This Article

Mar 26, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem.The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on March 15, 2025. The second package, likely removed by the malware author themselves, did not attract any downloads."They were simple downloaders whose malicious payload was cleverly hidden," ReversingLabs researcher Lucija Valenti said in a report shared with The Hacker News."The interesting part lay in their second stage, which would 'patch' the legitimate npm package ethers, installed locally, with a new file containing the malicious payload. That patched file would ultimately serve a reverse shell."The development marks a new escalation of threat actors' tactics, as uninstalling the rogue packages won't rid compromised machines of the malicious functionality, since the changes reside in the popular library. On top of that, if an unsuspecting user removes the ethers package when ethers-provider2 remains on the system, it risks reinfection when the package is installed again at a later time.ReversingLabs' analysis of ethers-provider2 has revealed that it's nothing but a trojanized version of the widely-used ssh2 npm package that includes a malicious payload within install.js to retrieve a second-stage malware from a remote server ("5.199.166[.]1:31337/install"), write it to a temporary file, and run it.Immediately after execution, the temporary file is deleted from the system in an attempt to avoid leaving any traces. The second-stage payload, for its part, starts an infinite loop to check if the npm package ethers is installed locally. In the event the package is already present or it gets freshly installed, it springs into action by replacing one of the files named "provider-jsonrpc.js" with a counterfeit version that packs in additional code to fetch and execute a third-stage from the same server. The newly downloaded payload functions as a reverse shell to connect to the threat actor's server over SSH."That means that the connection opened with this client turns into a reverse shell once it receives a custom message from the server," Valenti said. "Even if the package ethers-provider2 is removed from a compromised system, the client will still be used under certain circumstances, providing a degree of persistence for the attackers."It's worth noting at this stage that the official ethers package on the npm registry is not compromised, since the malicious modifications are made locally post installation.The second package, ethers-providerz, also behaves in a similar manner in that it attempts to alter files associated with a locally installed npm package called "@ethersproject/providers." The exact npm package targeted by the library is not known, although source code references indicate it could have been loader.js.The findings serve to highlight the novel ways threat actors are serving and persisting malware in developer systems, making it essential that packages from open-source repositories are carefully scrutinized before downloading and using them."Despite the low download numbers, these packages are powerful and malicious," Valenti said. "If their mission is successful, they will corrupt the locally installed package ethers and maintain persistence on compromised systems even if that package is removed."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

"A boxer derives the greatest advantage from his sparring partner" Epictetus, 50135 ADHands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, andBANGlands a right hand on Blue down the center.This wasn't Blue's first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity it's nothing like his coach's simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense?His coach reassures him "If it weren't for all your practice, you wouldn't have defended those first jabs. You've got a defensenow you need to calibrate it. And that happens in the ring."Cybersecurity is no different. You can have your hands updeploying the right architecture, policies, and security measuresbut the smallest gap in your defense could let an attacker land a knockout punch. The only way to test your readiness is under pressure, sparring in the ring.The Difference Between Practice and the Real FightIn boxing, sparring partners are abundant. Every day, fighters step into the ring to hone their skills against real opponents. But in cybersecurity, sparring partners are more sparse. The equivalent is penetration testing, but a pentest happens at a typical organization only once a year, maybe twice, at best every quarter. It requires extensive preparation, contracting an expensive specialist agency, and cordoning off the environment to be tested. As a result, security teams often go months without facing true adversarial activity. They're compliant, their hands are up and their chins are tucked. But would they be resilient under attack?The Consequences of Infrequent Testing1. Drift: The Slow Erosion of DefenseWhen a boxer goes months without sparring, their intuition dulls. He falls victim to the concept known as "inches" where he has the right defensive move but he misses it by inches, getting caught by shots he knows how to defend. In cybersecurity, this is akin to configuration drift: incremental changes in the environment, whether that be new users, outdated assets, no longer attended ports, or a gradual loss in defensive calibration. Over time, gaps emerge, not because the defenses are gone, but because they've fallen out of alignment.2. Undetected Gaps: The Limits of Shadowboxing A boxer and their coach can only get so far in training. Shadowboxing and drills help, but the coach won't call out inconspicuous mistakes, that could leave the boxer vulnerable. Neither can they replicate the unpredictability of a real opponent. There are simply too many things that can go wrong. The only way for a coach to assess the state of his boxer is to see how he gets hit and then diagnose why. Similarly, in cybersecurity, the attack surface is vast and constantly evolving. No one pentesting assessment can anticipate every possible attack vector and detect every vulnerability. The only way to uncover gaps is to test repeatedly against real attack scenarios.3. Limited Testing Scope: The Danger of Partial TestingA coach needs to see their fighter tested against a variety of opponents. He may be fine against an opponent who throws primarily headshots, but what about body punchers or counterpunchers? These may be areas for improvement. If a security team only tests against a particular type of threat, and doesn't broaden their range to other exploits, be they exposed passwords or misconfigurations, they risk leaving themselves exposed to whatever weak access points an attacker finds. For example, a web application might be secure, but what about a leaked credential or a dubious API integration?Context Matters When it Comes to Prioritizing FixesNot every vulnerability is a knockout punch. Just as a boxer's unique style can compensate for technical flaws, compensating controls in cybersecurity can mitigate risks. Take Muhammad Ali, by textbook standards, his defense was flawed, but his athleticism and adaptability made him untouchable. Similarly, Floyd Mayweather's low front hand might seem like a weakness, but his shoulder roll turned it into a defensive strength.In cybersecurity, vulnerability scanners often highlight dozensif not hundredsof issues. But not all of them are critical. All IT environments are different and a high-severity CVE might be neutralized by a compensating control, such as network segmentation or strict access policies. Context is key because it provides the necessary understanding of what requires immediate attention versus what doesn't.The High Cost of Infrequent TestingThe value of testing against a real adversary is nothing new. Boxers spar to prepare for fights. Cybersecurity teams conduct penetration tests to harden their defenses. But what if boxers had to pay tens of thousands of dollars every time they sparred? Their learning would only happen in the ringduring the fightand the cost of failure would be devastating.This is the reality for many organizations. Traditional penetration testing is expensive, time-consuming, and often limited in scope. As a result, many teams only test once or twice a year, leaving their defenses unchecked for months. When an attack occurs, the gaps are exposedand the cost is high.Continuous, Proactive TestingTo truly harden their defenses, organizations must move beyond infrequent annual testing. Instead, they need continuous, automated testing that emulates real-world attacks. These tools emulate adversarial activity, uncovering gaps and providing actionable insights into where to tighten security controls, how to recalibrate defenses, and provide precise fixes for remediation. Doing it all with regular frequency and without the high cost of traditional testing.By combining automated security validation with human expertise, organizations can maintain a strong defensive posture and adapt to evolving threats.Learn more about automated pentesting by visiting Pentera.Note: This article is expertly written and contributed by William Schaffer, Senior Sales Development Representative at Pentera.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Housebuilding to exceed 300,000 homesa year by 2029/30, excluding impact of forthcoming Affordable Homes ProgrammeThe governments changes to the National Planning Policy Framework (NPPF) will result in the construction of 1.3 million homes during the course of this parliament, the Office for Budget Responsibility (OBR) has said.In a forecast published today alongside Rachel Reeves spring statement, the OBR said last years changes to the NPPF alone would add an extra 170,000 homes by 2029, pushing housebuilding to its highest level for 40 years. Completions are forecast to reach 305,000 homes a year by 2029-30.It said: This increased housebuilding over the forecast period is driven mainly by requirements for local authorities to release land to meet development needs as well as the strengthened presumption in favour of sustainable development which, if triggered, requires local authorities to release land for further development unless the adverse impacts of doing so significantly outweigh the benefits.It said most of the increase will take place from 2027/28as it takes time for developers to identify sites, local authorities to bring forward local plans, capacity constraints in the sector to be overcome, and additional houses to be built.Responding to the OBR, The Treasury pointed out new homes delivered under the next Affordable Homes Programme (AHP) and the Planning and Infrastructure Bill are not included in the forecast and will all help to reach its manifesto target of building 1.5m homes by the end of the parliament.The NPPF changes announced last year include thereturn of mandatory local housing targets and a new method to calculate them, along with measures aimed at relasing more green belt land for development.Reeves announced today the government will invest a further 13bn in capital infrastructure over the next five years.This figure includes housing expenditure along with infrastructure and defence. More information about the funding for housing, including the details of the next AHP, are expected to be announced in the spending review in June.

Chancellor spares construction from spending cuts as OBR halves 2025 growth forecastThe government will invest a further 13bn in capital infrastructure over the next five years, Rachel Reeves announced in todays Spring Statement.The chancellor committed to spending 2bn on infrastructure each year over the course of this Parliament above the 100bn promised in last years autumn Budget.An extra 2.2bn will also be handed to the Ministry of Defence next year as part of plans to bring defence spending up to 2.5% of GDP by 2027.Rachel Reeves reading out the Spring Statement in the House of Commons this afternoonSparing construction from a raft of spending cuts focused on welfare payments and the civil service, Reeves said she was boosting capital investment in public sector projects to drive forward the economy.I am not cutting capital spending as the party opposite did time and time again, because that choked off growth and it left our school roofs literally crumbling. That was the wrong choice, it was the irresponsible choice, it was the Tory choice, the chancellor said.The extra spending will support growth-enhancing investments including infrastructure, housing, and defence innovation, according to Treasury documents published this afternoon.It comes as part of a package of measures aiming to balance the books after 10bn of fiscal headroom at the time of the autumn budget was wiped out by an increase in the cost of servicing government debt.Reeves said cuts to welfare payments announced today would save 4.8bn, while a crackdown on tax avoidance and evasion would add 1bn to Treasury coffers.While the Office for Budget Responsibility (OBR) has halved its growth forecast for 2025 from 2% to 1%, it said the chancellors measures would put the government on course to restore its 10bn fiscal headroom by the end of the Parliament.Arcadis head of strategic research Simon Rawlinson said: The construction industry will take comfort that the chancellor focused on our sector in the speech rather than on health or education. Our sector benefits from the borrow to invest fiscal rule.He added: Reeves has been badly knocked off course in the first nine months of this parliament but seems to have succeeded in persuading the OBR that the medicine will work. When it comes to investment, only time will tell.McBains managing director Clive Docwra said the increase in defence spending would benefit construction firms operating in the sector, he lamented a lack of encouragement for investors and developers to commit to housing projects.The OBR forecast contained positive notes for the government in housebuilding, predicting last years changes to the National Planning Policy Framework could see 1.3 million homes built during the course of the Parliament.Combined with other planning reforms, including in the Planning and Infrastructure Bill, the OBR said this would increase GDP by 0.2% by 2029/30 and 0.4% by 2035.Reeves said this will take Labour within touching distance of its promise to build 1.5 million homes in England this Parliament.

Longing for some certainty in shaky economic times? A CD could be just the thing.

We met humans and robots from companies including Agility Robotics, 1X, Boston Dynamics and Disney to learn about the various challenges the robotics industry is looking to solve and their vision for a robotic future.

March 26, 20254 min readHow Qudits Could Boost Quantum ComputingQudits, the multi-dimensional cousins of qubits, could make quantum computers more efficient and less prone to errorBy Davide Castelvecchi & Nature magazine Part of the quantum computer at Innsbruck University, on which researchers did simulations using qutrits and ququints. C. Lackner/University of InnsbruckQuantum computing has so far nearly always involved calculating with qubitsquantum objects that can take the value 0 or 1, like ordinary computer bits, but that can also be in a range of combinations of 0 and 1. Now researchers are producing the first applications of qudits: units of information that offer combinations of three or more simultaneous states.In a paper published on 25 March in Nature Physics, physicists describe how they used qutrits and ququintsqudits with three and five states respectivelyto simulate how high-energy quantum particles interact through an electromagnetic field. The work follows a result published in Physical Review Letters (PRL) in September that reproduced the behaviour of another quantum field, that of the strong nuclear force, using qutrits.Such simulations of quantum fields are seen as one of the most promising applications of quantum computers, because these machines could predict phenomena in particle colliders or chemical reactions that are beyond the abilities of ordinary computers to calculate. Qudits are naturally suited to this task, says theoretical physicist Christine Muschik, a co-author of the Nature Physics paper who also pioneered such simulations with qubits in 2016 together with colleagues at the University of Innsbruck, Austria. If I could go back in time to my old self, I would tell her: why waste time with qubits? says Muschik, who is now at the University of Waterloo, Canada.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.This qudit approach is not a solution to everything, but it helps you when it is suitable to the problem, says Martin Ringbauer, an experimental physicist at the University of Innsbruck and the lead author of the paper.More generally, qudits can help to make calculations on a quantum computer more efficient and less error-prone, at least on paper. With qudits, each computational unit that previously encoded a qubitsuch as a trapped ion or a photoncan suddenly pack in more information, helping the machines to scale up faster. But the tactic is less mature than approaches based on qubits, and the devil could be in the detail. Qudits are also more complicated to work with, says Benjamin Brock, an experimental physicist at Yale University in New Haven, Connecticut.System tweaksIn most types of quantum computer, the qubits that researchers use are two possible states of a system that would naturally have many more states. Such a system could therefore host qudits as well. Existing qubit processors such as those of IBM and Google can already be operated as qutrits, and would require minor tweaks to operate as high-dimensional qudits, says Machiel Blok, a physicist at the University of Rochester, New York. (Blok and his team have done experiments in their laboratory in which superconductors encoded qudits of up to 12 levels.)For their quantum-field simulations, the authors of the PRL paper encoded qutrits on a superconducting quantum chip that IBM makes available to researchers, and that is normally used as a qubit machine. Ringbauer, Muschik and their colleagues used excited states of calcium ions to represent their five-level ququints. A ququint is a natural way to represent a field that can be in a lowest-energy state (with value 0) or have positive or negative values from 2 to +2 at any point in space, Muschik says.In the future, such simulations could help to explain how quarks stick together to form protons, or how neutrinos collide with one another in the intense environment of a supernova explosion, physicists say. Theres great hope that theres going to be new effects that we can identify even with modest-size quantum computers, says Martin Savage, a physicist at the University of Washington in Seattle.Error correctionIn principle, any calculation that can be done with qubits can also be done with qudits of any dimension, and vice versa: any qudit can be encoded in a set of qubits. But sharing information among multiple qubits is notoriously tricky and can introduce computational errors. Executing a quantum algorithm on qudits could require fewer steps, and therefore have a lower chance of introducing errors, says Muschik.Theorists have devised sophisticated quantum error correction schemes to catch and fix errors by spreading information across more and more qubits to lower the error rate. In principle, qudits could reduce that overhead and still yield the same level of error correction, but experimentally, there is a complicated list of trade-offs, says theorist Earl Campbell, vice-president of quantum science at Riverlane, a start-up quantum-software company in Cambridge, UK. Building a code for qudits is a bit harder.In a preprint posted last September, Brock and his collaborators encoded a qudit as the energy levels of trapped microwaves, and used some of the extra available dimensions to increase the redundancy of the information and thereby correct errors. We need quantum error correction with qudits if theyre going to be useful in the long term, Brock says. But he adds that it is less clear, at least at the moment, what a large-scale quantum computer using qudits would look like.This article is reproduced with permission and was first published on March 25, 2025.