All of the best lessons from Google’s Chromecast lineup through the years were filtered into the TV Streamer 4K, its fastest and smartest set-top box currently available. While the last-gen Chromecast 4K with Google TV nailed the software aspect, this gadget brings the hardware to make it sing. And, presumably for a limited time, you can get one for $79 at Amazon or pay an extra dollar to get it at Best Buy for $79.99 (was $99.99).The TV Streamer 4K has a bundle of features we’ve long wished for in a Chromecast, including built-in ethernet (it was in the Chromecast Ultra, but still, nice to have), smart home compatibility with Matter and Thread, more RAM, and more storage. For those who are enmeshed in Google’s ecosystem — and even those who previously weren’t — the streaming UI is among the best out there. And yet, it’s not a perfect device, and it doesn’t come with an HDMI cable. Read our review.More deals and discountsAnker’s 525 7-in-1 charging station is one of the best ways to splice one power outlet into three, while also adding two USB-C ports and two USB-A ports. It can deliver up to 65W of combined power through said ports. Normally $65.99, this power strip is $29.99 at Amazon — a price that’s exclusive to Prime members. It’s $39.99 for everyone else, which is still a pretty solid discount. If you need more power, Anker’s Nano 7-in-1 charging station bumps up to 100W and costs $49.99 at Amazon.The 4K Blu-ray version of Arcane season 1, the fabulous animated series based on League of Legends that streams on Netflix, is just $29.99 (it has previously hovered in the $40 territory) at Amazon. It’s well worth buying if you want to add the show to your collection of discs. But you’ll need a 4K Blu-ray player (either a dedicated one, like the Panasonic DP-UB420-K, or any PS5 / Xbox Series X with a disc drive). Read our review of season 1.While it’s not the latest super-thin iPad Pro with the M4 chip (that also has the front-facing camera is the right spot), the 2022 12.9-inch iPad Pro that has the M2 chip is hundreds of dollars off today only at Best Buy, costing $1,199. Notably, this version has a whopping 2TB of storage, plus a great Mini LED screen. One of the biggest features this model introduced over its predecessor was the Apple Pencil’s “hover” functionality, which lets you hold the Pencil from about 12mm off the screen to see different actions happen. Yeah, it’s nothing too exciting, but it’s a very solid tablet that remains speedy to this day. Read our review.See More:

Nintendo hosted a Mario Kart World Direct this morning, showing off all the features of the upcoming launch game for the Nintendo Switch 2. Amid all the new tricks and modes, Nintendo also confirmed a slew of new and returning tracks and racers for Mario Kart World.On the course side, there were several new courses shown off as part of the roamable world. From the streets of Crown City to the water of Salty Salty Speedway, there are plenty of places to explore and shortcuts to discover. Mechanics like wall-riding and grinding seem like they'll add quite a bit for players to uncover. Here's what we spotted in today's Direct.Mario Kart World Confirmed Courses Shown in Today's DirectMario Bros. CircuitCrown CitySalty Salty SpeedwayStarview PeakBoo CinemaToad's FactoryPeach BeachWario ShipyardWhistletop SummitDK SpaceportDesert HillsShy Guy BazaarWario StadiumAirship FortressDK PassSky-High SundaeKoopa Troopa BeachFaraway OasisCrown CityPeach StadiumDino Dino JungleGreat ? Block RuinsRainbow RoadBut what's a world full of courses without a universe's worth of racers to speed across them? Mario Kart World looks to be making some deep pulls from Mario's history. The usual suspects of Mario, Peach, Luigi, and Yoshi are joined by the likes of Spike, Conkdor, Penguin, and more. Here's everyone we spotted in a kart during today's Mario Kart World Direct.Mario Kart World Confirmed Racers From Today's DirectMarioLuigiPeachDaisyRosalinaPaulineYoshiToadKoopa TroopaBaby MarioBaby LuigiBaby PeachBaby DaisyBaby RosalinaWarioWaluigiBowserGoombaSpikeCowLakituToadetteBowser Jr.BirdoKing BooShy GuyDonkey KongNabbitPirahna PlantHammer BroMonty MoleSidestepperCheep CheepDry BonesWigglerCataquackPiantaRocky WrenchConkdorChargin' ChuckPenguinStingbySwoopDolphinPara-BiddybudPokeyCoin CofferPeepaSnowmanFish BoneIt's quite a line-up so far, and will probably only expand as we learn more about this game. Today's Mario Kart World Direct went over everything from Grand Prix and Knockout Mode to the camera-fueled social options.Mario Kart World is set to arrive on the Nintendo Switch 2's launch day, June 5, as an exclusive for the newest Switch console. There certainly seems to be quite a bit to do here, which will hopefully measure up to its $80 price tag. The newest Kart is being sold both standalone and as part of a hardware bundle though, and given Mario Kart 8 Deluxe's massive popularity, World is likely to find a home on many Switch 2 consoles.You can catch up on everything announced at today's Direct right here.Eric is a freelance writer for IGN.

This article contains major The Wheel of Time spoilers. The previous season finales of The Wheel of Time were certainly climactic, but the ending of season 3 put more characters’ fates in the balance than ever before, creating life-changing moments that will impact their journey in the most significant ways yet. Although Perrin got his own conclusion in the penultimate episode of the season, almost every other character found themselves at an important crossroads in the finale, leaving us with as many cliffhangers as triumphs. Just to make sense of it all, and to make sure we know what to watch for in season 4, let’s take a look at each of the pivotal character moments, some of which differed significantly from what played out in the books, for better and for worse. Mat and the Twisted Redstone Doorframe Mat inadvertently passed through the red gate to another dimension, one ruled by the Finn, creatures able to see the Pattern and even influence it. The Eelfinn are but one race of Finn, a fox-like people who are able to grant wishes, though not without cost. We witnessed in Elaida’s flashback that though she asked the Eelfinn to ascend to the Amyrlin Seat, she was defeated by Siuan Sanche those many years ago and is only now taking the post by force. Mat likewise may not find that his memory problems have been “fixed” in the way that he asked, nor does he perhaps realize the power of his wish to be left alone by magical forces like the One Power. The Eelfinn both praises and chastises him for using his final wish to leave their realm, but he almost loses his life for it, as foretold by Min’s visions. Keep an eye on the fox medallion around Mat’s neck in future seasons of The Wheel of Time; it may prove useful. Nynaeve’s Power Awakened Nynaeve very cleverly noticed the humble collar initially discarded by Liandrin in her frantic search, but although she had to forfeit the item, the Red Ajah darkfriend uttered a very telling phrase before taking it and propelling Nynaeve into Tanchico Bay: “I’m going to kill the strongest channeler in a thousand years.” Thanks for that reminder, Liandrin! Nynaeve apparently just needed a near-death experience to unblock her access to the One Power, and her abilities were on full display as she pushed aside the waters and walked ashore unscathed. They say that touching the True Source can be quite intoxicating, and Nynaeve’s release must have been cathartic enough to elicit a few blissful giggles of disbelief and wonder. Thom Merrilin and Lord Gaebril Elayne believes that she has known the queen’s consort Lord Gaebril since she was a child and is amazed to hear from Thom Merrilin, the bard who was once in the Andoran court himself when she was a toddler, that her mother never had a consort. In fact, his keeping tabs from a distance is what allowed him to know this for a fact. It seems that Rahvin, the Forsaken seen scheming with Lanfear elsewhere in The Wheel of Time finale, instead took on the identity of Gaebril and altered everyone’s memories to believe that he had been there the whole time as a trusted advisor. In reality, he likely escaped his prison only recently and insinuated himself into modern day politics to use his powers of influence for the Dark One’s purposes. The Fate of Siuan Sanche and Lanfear Moiraine’s defeat of Lanfear was far from complete, but the Aes Sedai held her own quite well thanks the the sa’angreal, a kind of magical amplifier, that she got from her visit to Rhuidean. Sadly, she was also greatly motivated by the death of her beloved, Siuan Sanche, which she felt from afar. Although this death did not appear in the books, it provided sufficient impetus for Moiraine to remove Lanfear’s sword and cut the Forsaken’s throat, forcing her to flee. How do readers feel about the beheading of Siuan Sanche? Although her influence in the later books was not insubstantial, it was perhaps not significant enough to warrant having her take up valuable screen real estate, and her death definitely gave Moiraine exactly what she needed to avoid one of the many deaths she saw foretold in Rhuidean. Join our mailing list Get the best of Den of Geek delivered right to your inbox! Rand and the Contest for Car’a’carn Moiraine saw that Rand was correct to recruit an army before trying to win support elsewhere, but Couladin of the Shaido clan nearly undid their hard work in bringing everyone together at Alcair Dal. He has the dragon on both forearms, the mark of the car’a’carn, thanks to Lanfear, and although he is not from the West, the Aiel might have been willing to overlook that through some sense of denial or discomfort with the unfamiliar. However, Couladin is not aware of the secret all clan chiefs carry: that the Aiel are Oathbreakers, having fallen from the Way of the Leaf in their common history with the Tuatha’an. When Rand reveals that he knows this truth, the chiefs know he is their car’a’carn. The fact that he could channel powerfully enough to bring rain to the desert probably didn’t hurt either. Except maybe it did in a different way. What makes The Wheel of Time season 3 finale so powerful is that Rand doesn’t let go of the One Power when Egwene asks him to. Is the madness he’s doomed to starting already? With Rahvin and Lanfear ready to kill him and Moghedien and Liandrin ready to collar him, Rand can’t afford any darkness in his life. And so we wait. The Wheel of Time has not yet been renewed for season 4, and leaving it here would certainly be a travesty. That being said, the journey all of the key characters took this season definitely felt both complete and satisfying in the arc that it followed. The anticipation is quite high for where things go from here.

Paebbl has opened its first demo plant in Rotterdam as it looks to ramp up its carbon capture technology.   When we visited Paebbl’s sprawling facility in June last year, it was a mishmash of prototype machines, batch samples, machinery, and equipment — some of it still in its packaging. Now, the site is purportedly the world’s biggest plant capable of continuously mineralising CO2. Paebbl said the plant was completed in “record time” with the help of Dutch engineering companies Spie and Vicoma. The project also received an undisclosed financial investment from the Netherlands Enterprise Agency (RVO).   Andreas Saari, co-CEO and co-founder of Paebbl, said the milestone brings the Dutch-Nordic startup “one step closer” to bringing high-performance materials and climate impact together “on a scale that really matters.”  The 💜 of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!Saari, the former CEO of Slush, co-founded Paebbl in 2021 alongside his former Northzone partner Marta Sjögren, early Klarna investor Jane Walerud, and Dutch scientist Pol Knops.       How does Paebbl’s technology mineralise CO2? Paebbl’s technology artificially accelerates the slow, natural process of carbon mineralisation.   Paebbl feeds crushed olivine rock and CO2 captured from heavy industry into its machine, where it undergoes enhanced mineralisation. The CO2 turns into CO3 (carbon trioxide) and binds to the olivine.  For every ton of CO2 captured, it produces about three tons of powder, the scientific name for which is “silicon-rich” magnesium carbonate.  This powder feels like a soft, fine dust and is grey with a tinge of green from the olivine it’s made from. Around half of the emissions from cement are produced when limestone is heated to produce lime. Paebbl’s powder can replace lime and other additives in substances like wall filler, turning buildings into carbon sinks.  Paebbl is one of an emerging cohort of carbon removal startups looking to capture CO2 and use it as a resource to make new, cleaner products.  Known as carbon capture, utilisation, and storage (CCUS), this approach differs from the more established carbon capture and storage (CCS) championed by the oil and gas industry, where carbon is captured at source and buried underground.  In October, Paebbl secured $25mn from the likes of Amazon and German cement industry giants Holcim and Goldbeck, bringing its total raised to $38mn, according to Dealroom data. Paebbl aims to build a commercial-scale plant in 2027. While the company hasn’t yet disclosed the location of this facility, Marta previously told TNW that they will focus on setting up factories in areas with “high demand for end products (building material), nearby feedstock supply (CO2 and olivine rock)”, and access to renewable energy. In Europe, the Nordics, Spain, and Portugal stand out in this respect.   Paebbl aims to bring 1 million tons of its product to the market by 2030. The startup plans to make money by selling the rock powder itself and through providing carbon removal credits to companies looking to offset their emissions. Sustainability will be a hot topic at TNW Conference, which takes place on June 19-20 in Amsterdam. Tickets for the event are now on sale. Use the code TNWXMEDIA2025 at the check-out to get 30% off the price tag. Story by Siôn Geschwindt Siôn is a freelance science and technology reporter, specialising in climate and energy. From nuclear fusion breakthroughs to electric vehic (show all) Siôn is a freelance science and technology reporter, specialising in climate and energy. From nuclear fusion breakthroughs to electric vehicles, he's happiest sourcing a scoop, investigating the impact of emerging technologies, and even putting them to the test. He has five years of journalism experience and holds a dual degree in media and environmental science from the University of Cape Town, South Africa. When he's not writing, you can probably find Siôn out hiking, surfing, playing the drums or catering to his moderate caffeine addiction. You can contact him at: sion.geschwindt [at] protonmail [dot] com Get the TNW newsletter Get the most important tech news in your inbox each week. Also tagged with

We’re currently seeing growing concern about the potentially harmful impact of things like social media usage by kids and teens, with many states and countries enacting laws to address this. Discord has responded by starting to use a mix of AI-powered face scans and ID checks in two specific scenarios … Child protection laws Social media apps have been accused of trying to get teenagers addicted to their apps, and also failing to take any meaningful steps to ensure that users meet their claimed age requirements. The issue is becoming increasingly contentious as a number of legislatures have sought to impose legally-binding age requirements, or to require parental permission for social media use. It’s not just US states who are doing this: both the UK and Australia recently introduced new laws imposing tougher requirements on app developers when it comes to use by kids and teens. As an aside, there’s also a battle over just who should be responsible for age verification. Currently the onus is on developers, who must carry out checks within each app, but Meta began arguing in 2023 that app stores are in a better position to do this, with Zuckerberg doubling down on this last year. That argument appears to be carrying weight, with at least nine US states considering legislation to make Apple and Google responsible. Discord using facial scans for age-verification In apparent response to the UK and Australian laws, Discord has begun asking users to verify their ages, offering a choice of scanning government-issued photo ID or submitting to a face scan. The company describes it as a trial, and says it’s currently limited to these two countries, though it seems likely to roll out to the US if it goes well. The company says users will only be asked to do this in one of two specific scenarios: 1. When you encounter content flagged by our sensitive media filter, you may need to verify your age group. 2. When you try to change your sensitive content filter settings and need to verify your age first.  For example, if you currently have suspected nude images set to Blur, you’ll be asked to verify your age if you try to switch off this setting. Discord says a verification window will ask you to choose between the two methods: Option 1: Face Scan Select Face Scan on the verification page.  Allow access to your camera when prompted. Follow the on-screen instructions to complete the scan.  Press Done to submit. Option 2: Scan ID Select Scan ID on the verification page.  Use your mobile device to scan the QR code. Take a clear photo of your ID following the guidelines. Press Done to submit. If you opt for a face-scan, Discord says the age estimation is performed on your device, so is not uploaded or stored. If you choose ID, the scan will be uploaded, but will be deleted after verification. The company warns that if the checks suggest you are below the minimum age required to use the app in your country, then you will be banned if you fail. You can appeal if you believe the decision to be wrong. Photo by Mark Farías on Unsplash Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apr 17, 2025Ravie LakshmananSocial Engineering / Malware Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater), UNK_RemoteRogue, and TA422 (aka APT28). ClickFix has been an initial access technique primarily affiliated with cybercrime groups, although the effectiveness of the approach has led to it also being adopted by nation-state groups. "The incorporation of ClickFix is not revolutionizing the campaigns carried out by TA427, TA450, UNK_RemoteRogue, and TA422 but instead is replacing the installation and execution stages in existing infection chains," enterprise security firm Proofpoint said in a report published today. ClickFix, in a nutshell, refers to a sneaky technique that urges users to infect their own machine by following a series of instructions to copy, paste, and run malicious commands under the pretext of fixing an issue, completing a CAPTCHA verification, or registering their device. Proofpoint said it first detected Kimsuky using ClickFix in January and February 2025 as part of a phishing campaign that targeted individuals in less than five organizations in the think tank sector. "TA427 made initial contact with the target through a meeting request from a spoofed sender delivered to traditional TA427 targets working on North Korean affairs," the Proofpoint research team said. TA427 ClickFix infection chain "After a brief conversation to engage the target and build trust, as is often seen in TA427 activity, the attackers directed the target to an attacker-controlled site where they convinced the target to run a PowerShell command." The attack chain, the company explained, initiated a multi-stage sequence that culminated in the deployment of an open-source remote access trojan named Quasar RAT. The email message purported to originate from a Japanese diplomat and asked the recipient to arrange a meeting with the Japanese ambassador to the United States. Over the course of the conversation, the threat actors sent a malicious PDF that contained a link to another document with a list of questions to be discussed during the meeting. TA450 ClickFix infection chain Clicking on the link directed the victim to a fake landing page mimicking the Japanese Embassy website, which then prompted them to register their device by copying and pasting a command into the Windows Run dialog in order to download the questionnaire. "The ClickFix PowerShell command fetches and executes a second remotely hosted PowerShell command, which displayed the decoy PDF referenced earlier in the chain (Questionnaire.pdf) to the user," Proofpoint said. "The document claimed to be from the Ministry of Foreign Affairs in Japan and contained questions regarding nuclear proliferation and policy in Northeast Asia." The second PowerShell script is configured to create a Visual Basic Script that runs every 19 minutes by means of a scheduled task, which, in turn, downloads two batch scripts that create, decode, and execute the Quasar RAT payload. It's worth pointing out that a variation of this attack chain was previously documented by Microsoft in February 2025. UNK_RemoteRogue ClickFix infection chain The second nation-state group to latch on to ClickFix is the Iran-linked MuddyWater group that has taken advantage of the technique to legitimate remote monitoring and management (RMM) software like Level for maintaining persistent access. The phishing emails, sent on November 13 and 14, 2024, coinciding with Microsoft's Patch Tuesday updates, masqueraded as a security update from the tech giant, asking message recipients to follow ClickFix-style instructions to address a supposed vulnerability. "The attackers deployed the ClickFix technique by persuading the target to first run PowerShell with administrator privileges, then copy and run a command contained in the email body," Proofpoint said. "The command was responsible for installing remote management and monitoring (RMM) software – in this case, Level – after which TA450 operators will abuse the RMM tool to conduct espionage and exfiltrate data from the target's machine." The TA450 ClickFix campaign is said to target finance, government, health, education, and transportation sectors across the Middle East, with an emphasis on the United Arab Emirates (U.A.E.) and Saudi Arabia, as well as those located in Canada, Germany, Switzerland, and the United States. Also observed boarding the ClickFix bandwagon is a suspected Russian group tracked as UNK_RemoteRogue towards the end of last year using lure emails sent from likely compromised Zimbra servers that included a link to a Microsoft Office document. Timeline of standard campaigns and ClickFix sightings (Jul 2024 - Mar 2025) Visiting the link displayed a page containing instructions to copy code from the browser into their terminal, along with a YouTube video tutorial on how to run PowerShell. The PowerShell command was equipped with capabilities to run JavaScript that executed PowerShell code linked to the Empire command-and-control (C2) framework. Proofpoint said the campaign sent 10 messages to individuals in two organizations associated with a major arms manufacturer in the defense industry. UNK_RemoteRogue has also been found to share infrastructure overlaps with another phishing campaign that targeted defense and aerospace entities with links to the ongoing conflict in Ukraine to harvest webmail credentials via fake login pages. "Multiple examples of state-sponsored actors using ClickFix have shown not only the technique's popularity among state actors, but also its use by various countries within weeks of one another," the company said. "Although not a persistently used technique, it is likely that more threat actors from North Korea, Iran, and Russia have also tried and tested ClickFix or may in the near future." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

IT and OT systems can seem worlds apart, and historically, they have been treated that way. Different teams and departments managed their operations, often with little or no communication. But over time OT systems have become increasingly networked, and those two worlds are bleeding into one another. And threat actors are taking advantage.  Organizations that have IT and OT systems -- oftentimes critical infrastructure organizations -- the risk to both of these environments is present and pressing. CISOs and other security leaders are tasked with the challenge of breaking down the barriers between the two to create a comprehensive cybersecurity strategy.  The Gulf Between IT and OT  Why are IT and OT treated as such separate spheres when both face cybersecurity threats? “Even though there's cyber on both sides, they are fundamentally different in concept,” Ian Bramson, vice president of global industrial cybersecurity at Black & Veatch, an engineering, procurement, consulting, and construction company, tells InformationWeek. “It's one of the things that have kept them more apart traditionally.” Age is one of the most prominent differences. In a Fortinet survey of OT organizations, 74% of respondents shared that the average age of their industrial control systems is between six and 10 years old.  Related:OT technology is built to last for years, if not decades, and it is deeply embedded in an organization’s operations. The lifespan of IT, on the other hand, looks quite different. “OT is looked at as having a much longer lifespan, 30 to 50 years in some cases. An IT asset, the typical laptop these days that's issued to an individual in a company, three years is about when most organization start to think about issuing a replacement,” says Chris Hallenbeck, CISO for the Americas at endpoint management company Tanium.  Maintaining IT and OT systems looks very different, too. IT teams can have regular patching schedules. OT teams have to plan far in advance for maintenance windows, if the equipment can even be updated. Downtime in OT environments is complicated and costly.  The skillsets required of the teams to operate IT and OT systems are also quite different. On one side, you likely have people skilled in traditional systems engineering. They may have no idea how to manage the programmable logic controllers (PLC) commonly used in OT systems.  The divide between IT and OT has been, in some ways, purposeful. The Purdue model, for example, provides a framework for segmenting ICS networks, keeping them separate from corporate networks and the internet.  Related:But over time, more and more occasions to cross the gulf between IT and OT systems -- intentionally and unintentionally -- have arisen.  People working on the OT side want the ability to monitor and control industrial processes remotely. “If I want to do that remotely, I need to facilitate that connectivity. I need to get data out of these systems to review it and analyze it in a remote location. And then send commands back down to that system,” Sonu Shankar, CPO at Phosphorus, an enterprise xIoT cybersecurity company, explains.  The very real possibility that OT and IT systems intersect accidentally is another consideration for CISOs. Hallenbeck has seen an industrial arc welder plugged into the IT side of an environment, unbeknownst to the people working at the company.  “Somehow that system was even added to the IT active directory, and they just were operating it as if it was a regular Windows server, which in every way it was, except for the part where it was directly attached to an industrial system,” he shares. “It happens far too often.” Cyberattack vectors on IT and OT environments look different and result in different consequences.  “On the IT side, the impact is primarily data loss and all of the second order effects of your data getting stolen or your data getting held for ransom,” says Shankar. “Disrupt the manufacturing process, disrupt food production, disrupt oil and gas production, disrupt power distribution … the effects are more obvious to us in the physical world.” Related:While the differences between IT and OT are apparent, enterprises ignore the reality of the two worlds’ convergence at their peril. As the connectivity between these systems grows, so do their dependencies and the potential consequences of an attack.  Ultimately, a business does not care if a threat actor compromised an IT system or an OT system. They care about the impact. Has the attack resulted in data theft? Has it impacted physical safety? Can the business operate and generate revenue?  “You have to start thinking of that holistically as one system against those consequences,” urges Bramson.  Integrating IT and OT Cybersecurity How can CISOs create a cybersecurity strategy that effectively manages IT and OT? The first step is gaining a comprehensive understanding of what devices and systems are a part of both the IT and OT spheres of a business. Without that information, CISOs cannot quantify and mitigate risk. “You need to know that the systems exist. There’s this tendency to just put them on the other side of a wall, physical or virtual, and no one knows what number of them exist, what state they're in, what versions they're in,” says Hallenbeck.  In one of his CISO roles, Christos Tulumba, CISO at data security and management company Cohesity, worked with a company that had multiple manufacturing plants and distribution centers. The IT and OT sides of the house operated quite separately.  “I walked in there … I did my first network map, and I saw all this exposure all over,” he tells InformationWeek. “It raised a lot of alarms.” Once CISOs have that network map on the IT and OT side, they can begin to assess risk and build a strategy for mitigation. Are there devices running on default passwords? Are there devices running suboptimal configurations or vulnerable firmware? Are there unnecessary IT and OT connections?  “You start prioritizing and scheduling remediation actions. You may not be able to patch every device at the same time. You may have to schedule it, and there needs to be a strategy for that,” Shankar points out.  The cybersecurity world is filled with noise. The latest threats. The latest tools to thwart those threats. It can be easy to get swept up and confused. But Shankar recommends taking a step back.  “The basic security hygiene is what I would start with before exploring anything more complex or advanced,” he says. “Most CISOs, most operators continue to ignore the basic security hygiene best practices and instead get distracted by all the noise out there.” And as all cybersecurity leaders know, their work is ongoing. Environments and threats are not static. CISOs need to continuously monitor IT and OT systems in the context of risk and the business’ objectives. That requires consistent engagement with IT and OT teams.  “There needs to be an ongoing dialogue and ongoing reminder prompting them and challenging them to be creative on achieving those same security objectives but doing it in context of their … world,” says Hallenbeck.  CISOs are going to need resources to achieve those goals. And that means communicating with other executive leaders and their boards. To be effective, those ongoing conversations are not going to be deep, technical dives into the worlds of IT and OT. They are going to be driven by business objectives and risks: dollars and cents.  “Once you have your plan, be able to put it in that context that your executives will understand so that you can get the resources [and] authorities to take action,” says Bramson. “At the end of the day, [this] is a business problem and when you touch OT, you're touching the lifeline, the life’s breath of how that business operates, how it generates revenue.” Building an IT/OT Skillset IT and OT security require different skillsets in many ways, and CISOs may not have all of those skills readily at their fingertips. The digital realm is a far cry from that of industrial technology. It is important to recognize the knowledge gaps and find ways to fill them.  “That can be from hiring, that can be from outside consultants’ expertise, key partnerships,” says Bramson.  An outside partner with expertise in the OT space can be an asset when CISOs visit OT sites -- and they should make that in-person trip. But if someone without site-specific knowledge shows up and starts rattling off instructions, conflict with the site manager is more likely than improved cybersecurity. “I would offer that they go with a partner or with someone who's done it before; people who have the creditability, people who have been practitioners in this area, who have walked sites,” says Bramson. That can help facilitate better communication. Security leaders and OT leaders can share their perspectives and priorities to establish a shared plan that fits into the flow of business.  CISOs also need internal talent on the IT and OT sides to maintain and strengthen cybersecurity. Hiring is a possibility, but the well-known talent constraints in the wider cybersecurity pool become even more pronounced when you set out to find OT security talent.  “There aren't a lot of OT-specific security practitioners in general and having people within these businesses that are in the OT side that have security specific training, that's vanishingly rare,” says Hallenbeck.  But CISOs needn’t despair. That talent can be developed internally through upskilling. Tulumba actually advocates for upskilling over hiring from the outside. “I've been like that my entire career. I think the best performing teams by and large are the ones that get promoted from within,” he shares. As IT and OT systems inevitability interact with one another, upskilling is important on both sides. “Ultimately cross-train your folks … to understand the IT side and the OT side,” says Tulumba.  

Just two seasons in, it’s time to put The Sandman to bed. The big-budget Netflix adaptation of the classic ’80s horror comic series by Neil Gaiman will end after the upcoming batch of episodes.In a statement that accompanied the release of the show’s new trailer, Sandman showrunner Allan Heinberg said “The Sandman series has always been focused exclusively on Dream’s story, and back in 2022, when we looked at the remaining Dream material from the comics, we knew we only had enough story for one more season.” (There are 75 issues of just the original Sandman series, not including all of the many spinoffs, sequels, and prequels. In total there will be just 22 episodes of Netflix’s Sandman.)You can watch the teaser for the final season below:Of course, The Sandman is based on comics written by Neil Gaiman, who is also an executive producer on the series. And since Season 1 premiered on Netflix back in the summer of 2022, Gaiman has been accused of sexual misconduct by multiple women. (Gaiman denies the allegations.)The article on Netflix’s own website about The Sandman Season 2, which contains an interview with Heinberg, never mentions Gaiman’s name a single time. That would have been unfathomable just a few years ago.Here is the new season’s official synopsis:After a fateful reunion with his family, Dream of the Endless (Tom Sturridge) must face one impossible decision after another as he attempts to save himself, his kingdom, and the waking world from the epic fallout of his past misdeeds. To make amends, Dream must confront longtime friends and foes, gods, monsters, and mortals. But the path to forgiveness is full of unexpected twists and turns, and true absolution may cost Dream everything. Based on the beloved award-winning DC comic series, the second season of THE SANDMAN will tell Dream's story arc in full to its thrilling conclusion.The Sandman Season 2 will debut in two different “volumes” on Netflix. The first half will premiere on July 3. The remaining five episodes will follow on July 24.Get our free mobile appThe Best and Worst Reviewed Movies By 25 Top DirectorsHere are the highest and lowest rated films on Rotten Tomatoes by 25 of the biggest directors working today.

Are you an experienced remote operations manager looking for their next gig? Do you get excited by knowledge bases and automated process? Do you love to use AI to 10X your productivity? Are you an effective communicator, especially async? Then you could be our first Operations & Knowledge Manager.Patchstack is a cyber security company helping companies and software developers to identify & patch vulnerabilities in open-source code. We have a strong community focus with our own gamified bug bounty program called Patchstack Alliance.Most importantly, we’re looking for a full-time team member who is an excellent communicator can grow with the rest of the team. This is a remote role but you should be based in Europe.What we do:We provide a SaaS solution to detect and virtually patch plugin vulnerabilities.We run a community-driven bug bounty platform (Patchstack Alliance) to nurture a community of independent security researchers behind the WordPress ecosystem.We maintain an open and free WordPress vulnerability databaseWe provide professional code review and security auditing to WordPress plugins We're looking for a proactive and experienced Operations and Knowledge Manager to help us scale our internal operations and knowledge infrastructure in a distributed, asynchronous environment. You’ll play a key role in shaping how our remote-first team works together—ensuring we have clear processes, effective communication, and easy access to the knowledge and tools we need to move fast and deliver impact.This role sits at the heart of the company, supporting cross-functional collaboration, aligning teams around shared goals, and making sure our knowledge systems and operational practices are scalable, accessible, and human-friendly.What You’ll DoDevelop and maintain company-wide knowledge systems including our company handbook and shared resources that keep our distributed team aligned and informed.Work with teams to define and refine processes and SOPs, making it easy for people to do great work, repeatably.Manage our suite of tools, including our knowledge management system, Take a human-centered approach to process design - you don’t just think about the process but the experience of the human working with that process.Use AI to help us build infrastructure fast - we are embedding AI as a practice at the heart of our stack. This is something you should be excited about. Facilitate asynchronous and synchronous planning and collaboration, enabling clear goal-setting, progress tracking, and decision-making.Champion asynchronous-first communication, helping the company stay productive and connected across time zones.Support operational rhythms such as team cadences, planning cycles, retrospectives, and more—making them efficient, valuable, and lightweight.Lead facilitation for team workshops, planning sessions, and cross-functional initiatives.Help us balance structure with flexibility, building just enough process to support outcomes without slowing people down.

Outpost marks London-based firm’s move into Middle East market The Dubai scheme will include luxury penthouses perched on top of each of its four towers RSHP has opened a new office in Dubai and unveiled its designs for a luxury hotel and apartment complex in the city. The London-based firm said it was opening its sixth office, and its first in the Middle East, to “demonstrate its commitment to the region’s dynamic architectural landscape”. While it already has overseas outposts in Paris, New York, Shanghai and Sydney, the firm’s presence in the Middle East has been minimal. Senior director John McElgunn said: “We are thrilled to announce the opening of our new office in Dubai, a dynamic city that epitomises innovation.  “This expansion reflects our commitment to strengthening our presence in the region and collaborating on transformative projects that shape the future.” The practice has one major project in the region, Maryah Plaza, a 500-home waterfront development in Abu Dhabi for Taiwanese property developer Farglory Group. It is set to add to this with a luxury mixed-use scheme in neighbouring city Dubai, announced today, which will consist of a row of six linked buildings flanked by two pairs of towers in the city’s prestigious Jumeirah district. The buildings will sit above 7,000sq m of retail space and a new marina Located on reclaimed land at the entrance of the Dubai Canal on the Arabian Gulf, the Peninsula Dubai scheme will include a 240-room five-star hotel, 182 luxury apartments, 7,000sq m of retail space and a 32-berth marina. The scheme, designed for H&H Development, will also include four triplex penthouses perched on the top of each tower with landscaped gardens and private pools. RSHP design director Richard Paul described the project as a “celebration of Dubai’s bold vision and connection to its waterfront heritage”. “Our goal was to design a dynamic and sustainable development where residents and visitors alike can thrive in harmony with the city’s natural beauty and views across the marina,” he said.  “We’re delighted to bring RSHP’s design philosophy to Dubai, a city that resonates with innovation and creativity.”