When Apple Watch Series 10 was announced in September, the company also unveiled a new Gold Link Bracelet made of stainless steel. However, while the Natural and Slate versions were available from day one, the gold version was unavailable but that has just changed.Apple Watch Gold Link Bracelet now availableTwo months after it was announced, the gold version of the Link Bracelet for the Apple Watch is now available to order from Apples online store. However, theres a catch. As noted by Bloombergs Mark Gurman, Apple says that the first orders will be shipped in 5 to 6 weeks, which is around Christmas.Although the website gives the option for users to search for pickup availability at a nearby Apple Retail Store, it seems that the accessory is not available anywhere for now.The Link Bracelet was one of the first watch bands created for the Apple Watch. Its made of 316L stainless steel and has more than 100 components in its composition. With the launch of the Series 10, Apple has updated the Link Bracelet with new colors to match the finishes of the latest Apple Watch.Its worth noting that the 42mm version also works with previous smaller Apple Watch models, while the 46mm version also works with previous versions of the larger Apple Watch including the Ultra.You can now order the new Apple Watch Gold Link Bracelet for $349. Dont forget to take a look at some of the deals on Apple Watch bands at Amazon.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple recently announced a new generation of the Mac mini, which introduced a new and much more compact design. Weve already seen some tidbits about whats inside this Mac mini, but iFixit has now shared its traditional teardown showing even more details about how Apple built its most compact Mac ever.iFixit tears down the new Mac MiniFrom the start, iFixit praises how easy the Mac mini is to disassemble despite having a much more compact design. The bottom plate is held on by clips that can be detached without causing any damage. The first thing users will see after removing the bottom plate is the CMOS battery, which can be easily replaced just by removing two screws.By removing a few other screws, users can access the wireless module cables and then remove the inner plate that gives access to most of the internal components, such as the speaker and the large fan that takes up half of the Macs space.Apple has redesigned the thermal management of the new Mac mini so that the fan keeps the computer cool by drawing air from the base and circulating it through the components before expelling it. Interestingly, the version with the M4 Pro chip has a larger copper heatsink than the base M4 version.As previously reported, the new Mac mini has a replaceable storage module. However, upgrading isnt exactly easy since the module is proprietary, but it is possible. iFixit successfully swapped modules between two Mac minis and it worked. One thing to keep in mind is that the M4 Pro version has a larger storage module, so you cant use it in the M4 version and vice versa.The USB-C ports and the headphone jack on the front can also be removed, but the same cant be said for the ports on the back. The logic board is protected with a copper layer for better heat dissipation, and unsurprisingly, the M4 chip has RAM soldered onto it.Even so, iFixit gave the new Mac mini a 7 in its repairability score. According to the company, the Macs main components are easily replaceable, which makes it easier for users to keep their computer running for years if something stops working. iFixit said the new Mac mini has a bright and repairable future ahead.The new Mac mini is now available in stores with prices starting at $599.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"You couldn't open the doors."Horrific EndFour people were killed in Toronto after the Tesla they were riding in crashed into a pillar and burst into flames.A fifth rider, an unidentified woman in her twenties, narrowly survived the crash after a bystander smashed open a window, allowing her to escape the burning vehicle.According to the heroic bystander's account, the Tesla Model Y's electronic doorsmay have been at fault for why the passengers were trapped inside the electric vehicle."You couldn't open the doors," the rescuer, Rick Harper, told the Toronto Star in a new interview. "I would assume the young lady would have tried to open the door from the inside, because she was pretty desperate to get out." Harper added that he didn't realize there were others trapped inside because the smoke was so thick."I don't know if that was the battery or what," Harper said. "But she couldn't get out."Death TrapPolice said the crash, which took place on October 24, occurred after the driver lost control of the vehicle, struck a guardrail, and then slammed into a pillar, per the CBC, catching fire upon impact.Authorities are still investigating the crash and fire. But the details that we have so far implicate to some degree the electronic doors used by Tesla and other automakers, which require power to open.The Elon Musk-owned automaker has a troubling history of owners getting locked in their cars without power. Some of these cases may be down to user error, since most Teslas come with manual release levers.However, these emergency measures have been criticized for being poorly designed and unintuitively placed for certain models, often requiring intimate knowledge of the car something that most owners, let alone a passenger in a panic, aren't likely to have.Moreover, with the Model Y in particular, not all vehicles come with manual releases for the rear doors, as Tesla warns in the car's manual. It's unclear if the Model Y involved in the crash was equipped with the emergency feature.Fire HazardThis isn't the first time that occupants have died after being allegedly trapped in a Tesla.In 2019, a father of five was burned alive in his Model S after the car's auto-retracting door handles failed to deploy, his family alleged in a lawsuit, preventing bystanders and first responders from setting him free from the intense blaze.Another driver nearly suffered the same fate in 2021. When his Tesla Model S caught fire, he claimed he was briefly stuck inside due to the vehicle's malfunctioning high tech door handles, though he eventually managed to escape.Considering that EV battery fires are some of the most formidable out there and often take tens of thousands of gallons of water and hours of work to extinguish, a reliable way of getting out of one of these vehicles in a pinch is the least you could ask for.Share This Article

People will believe anything these days including, it seems, obvious AI slop.As a viral post on X-formerly-Twitter highlights, one such example poorly,which attempts to show Donald Trump's son Barron singing a treacly AI-generated song, has picked up an astonishing number of fawning comments though in a further sign of the times, it's unclear what percentage of those commentators are bots themselves."Forever great America," the uncanny AI voice, which sounds nothing like the youngest Trump son, sings over swelling Hillsong Church-style drumlines. "God bless all the people."In the comments viewed on the screen-recorded video, users with multiple numbers in their handles a trademark of bot accounts sounded off like parodies of sycophants."I love songs so much," one such user replied, ending their missive with three red heart emojis."I love your song," wrote another. "Thank you so much for your Dad the PRESIDENT DONALD TRUMP will be going to protect the country GOD BLESS PRESIDENT DONALD TRUMP and Family."As several folks in the comments on X pointed out, these responses seem very much like they're AI-generated themselves."Bots applauding a bot," Johns Hopkins English professor Drew Daniel wrote, "the circle of virtual life completes itself, no humans necessary."While the now-viral video does indeed look like it was posted on YouTube, we weren't able to independently verify where it came from. We did, however, find others in a similar vein and they too appeared to harbor an unsettling mix of comments by bots and delusional humans.One such video, published by the "MAGA Songs" YouTube channel about a month ago, employs the same shoddy lip-syncing effect that has been used to turn static images into "singing" moving pictures for years now. Titled "My Father's Work is Never Done," the almost certainly AI-generated lyrics to this bizarre song essentially cast the serially-adultering president-elect in the role of an American Jesus."From the towers to the White House lawn, hes been the light when hope was gone," the fake Barron sings. "With every word, with every stand, he fights to save this promised land.""Never seen a family work so hard to Make America Great Again.!" one reply reads. "You deserved to win, congratulations!""Barron where are all the Beautiful songs that first hit YouTube, now wheres to be found??" another likely bot queries. "I just love your singing, is there a CD out to purchase?"Some human viewers are definitely being taken in, though; a video that went viral a few months ago showed two baffled elderly people insisting that a similar video of Barron singing as a younger cameraperson tries to explain that it's not.The entire experience of listening to these megachurch jam knockoffs offers an uncanny look into the world of conservative AI slop and it portends a grim future.Share This Article

Nov 12, 2024Ravie LakshmananVirtualization / VulnerabilityCybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the desktop for audit, compliance, and troubleshooting purposes.Particularly, the vulnerability exploits the "combination of a carelessly-exposed MSMQ instance with misconfigured permissions that leverages BinaryFormatter can be reached from any host via HTTP to perform unauthenticated RCE," security researcher Sina Kheirkhah said.The vulnerability details are listed below -CVE-2024-8068 (CVSS score: 5.1) - Privilege escalation to NetworkService Account accessCVE-2024-8069 (CVSS score: 5.1) - Limited remote code execution with the privilege of a NetworkService Account accessHowever, Citrix noted that successful exploitation requires an attacker to be an authenticated user in the same Windows Active Directory domain as the session recording server domain and on the same intranet as the session recording server. The defects have been addressed in the following versions -Citrix Virtual Apps and Desktops before 2407 hotfix 24.5.200.8Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16It's worth noting that Microsoft has urged developers to stop using BinaryFormatter for deserialization, owing to the fact that the method is not safe when used with untrusted input. An implementation of BinaryFormatter has been removed from .NET 9 as of August 2024."BinaryFormatter was implemented before deserialization vulnerabilities were a well-understood threat category," the tech giant notes in its documentation. "As a result, the code does not follow modern best practices. BinaryFormatter.Deserialize may be vulnerable to other attack categories, such as information disclosure or remote code execution."At the heart of the problem is the Session Recording Storage Manager, a Windows service that manages the recorded session files received from each computer that has the feature enabled.While the Storage Manager receives the session recordings as message bytes via the Microsoft Message Queuing (MSMQ) service, the analysis found that a serialization process is employed to transfer the data and that the queue instance has excessive privileges.To make matters worse, the data received from the queue is deserialized using BinaryFormatter, thereby allowing an attacker to abuse the insecure permissions set during the initialization process to pass specially crafted MSMQ messages sent via HTTP over the internet."We know there is a MSMQ instance with misconfigured permissions, and we know that it uses the infamous BinaryFormatter class to perform deserialization," Kheirkhah said, detailing the steps to create an exploit. "The 'cherry on top' is that it can be reached not only locally, through the MSMQ TCP port, but also from any other host, via HTTP.""This combo allows for a good old unauthenticated RCE," the researcher added.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 12, 2024Ravie LakshmananEmail Security / Threat IntelligenceCybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub profiles and send bulk emails directly to user inboxes."Whether you're aiming to reach a specific audience or expand your outreach, GoIssue offers the precision and power you need," the threat actor claimed in their post. "GoIssue can send bulk emails to GitHub users, directly to their inboxes, targeting any recipient."SlashNext said the tool marks a "dangerous shift in targeted phishing" that could act as a gateway to source code theft, supply chain attacks, and corporate network breaches via compromised developer credentials."Armed with this information, attackers can launch customized mass email campaigns designed to bypass spam filters and target specific developer communities," the company said.A custom build of GoIssue is available for $700. Alternatively, purchasers can gain complete access to its source code for $3,000. As of October 11, 2024, the prices have been slashed to $150 and $1,000 for the custom build and the full source code for "the first 5 customers."In a hypothetical attack scenario, a threat actor could use this method to redirect victims to bogus pages that aim to capture their login credentials, download malware, or authorize a rogue OAuth app that requests for access to their private repositories and data.Another facet of cyberdluffy that bears notice is their Telegram profile, where they claim to be a "member of Gitloker Team." Gitloker was previously attributed to a GitHub-focused extortion campaign that involved tricking users into clicking on a booby-trapped link by impersonating GitHub's security and recruitment teams.The links are sent within email messages that are triggered automatically by GitHub after the developer accounts are tagged in spam comments on random open issues or pull requests using already compromised accounts. The fraudulent pages instruct them to sign in to their GitHub accounts and authorize a new OAuth application to apply for new jobs.Should the inattentive developer grant all the requested permissions to the malicious OAuth app, the threat actors proceed to purge all the repository contents and replace them with a ransom note that urges the victim to contact a persona named Gitloker on Telegram."GoIssue's ability to send these targeted emails in bulk allows attackers to scale up their campaigns, impacting thousands of developers at once," SlashNext said. "This increases the risk of successful breaches, data theft, and compromised projects."The development comes as Perception Point outlined a new two-step phishing attack that employs Microsoft Visio (.vdsx) files and SharePoint to siphon credentials. The email messages masquerade as a business proposal and are sent from previously breached email accounts to bypass authentication checks."Clicking the provided URL in the email body or within the attached .eml file leads the victim to a Microsoft SharePoint page hosting a Visio (.vsdx) file," the company said. "The SharePoint account used to upload and host the .vdsx files is often compromised as well."Present within the Visio file is another clickable link that ultimately leads the victim to a fake Microsoft 365 login page with the ultimate goal of harvesting their credentials."Two-step phishing attacks leveraging trusted platforms and file formats like SharePoint and Visio are becoming increasingly common," Perception Point added. "These multi-layered evasion tactics exploit user trust in familiar tools while evading detection by standard email security platforms."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

The company -- taking direct aim at OpenAI, Anthropic, and other incumbents in the GenAI arms race -- plans to use the funding to fuel its agentic AI efforts.

Lisa Morgan, Freelance WriterNovember 12, 20246 Min ReadDragos Condrea via Alamy StockSoftware development is an ever-changing landscape. Over the years, it has become easier to generate high-quality code faster, though the definition of faster is a moving target.Take low-code tools, for example. With them, developers can build most of the functionality they need with the platform, so they only need to write the custom code the application requires. Low-code tools have also democratized software development -- particularly with the addition of AI.GenAI is accelerating development even further, and its changing the way developers think about code.Siddharth Parakh, senior engineering manager at Medable, expects Ai to revolutionize productivity.The ability for AI to automate repetitive tasks, refactor code and even generate solutions from scratch would allow developers to focus on higher-order problem-solving and strategic design decisions, says Parakh in an email interview. With AI handling routine coding, developers could become orchestrators of complex systems rather than line-by-line authors of software.But theres a catch: Currently, AI-generated code cannot fully replace human intuition in areas such as creative problem solving, contextual understanding, and domain-specific decision-making. Also, AI models are only as good as the data they are trained on, which can lead to bias issues, error propagation or unsafe coding practices, he says. Quality control, debugging, and nuanced decision-making are still areas where human expertise is necessary.Related:How AI HelpsThe operative work is automation.If AI takes over the majority of coding tasks, it would drive unprecedented efficiency and speed in software development, says Medables Parakh. Teams could iterate faster, adapt to changes more fluidly and scale projects without the traditional bottlenecks of manual coding. This could democratize software development, enabling non-experts to create functional software with minimal input.Geoffrey Bourne, co-founder of social media API company Ayrshare, says GenAI coding assistants are now an integral part of his coding.They produce lines of code which save me hours on a weekly basis. But, although the results are improving, theyre correct less than 40% of the time. You need the experience to know the code just isnt up to scratch and needs adjusting or a redo, says Bourne in an email interview. Newbie coders are starting out with these assistants at their fingertips but without the years of experience writing code their seniors have. Weve got to take this into account and not necessarily limit their access but find creative ways to inject that knowledge. You need to find a balance [between] the instant code fix with healthy experience and a critical eye.Related:The evolution of programming, especially through abstraction layers and GenAI, has significantly transformed the way Surabhi Bhargava, a machine learning tech leadat Adobe, approaches her work.GenAI has made certain aspects of development much faster. Writing boilerplate code, prototyping and even debugging is now more streamlined. Finding information across different documents is easier with AI and copilots, says Bhargava in an email interview. [Though] AI can speed things up, I now [must] critically assess AI-generated outputs. It has made me more analytical in reviewing the work produced by these systems, ensuring it aligns with my expectations and needs, particularly when handling complex algorithms or compliance-driven work.AI tools are also helping her create rapid prototypes and theyre reducing the cognitive load.I can focus more on strategic thinking, which improves productivity and gives me room to innovate, says Bhargava. Sometimes, its tempting to lean too heavily on AI for code generation or decision-making. AI-generated solutions arent always optimized or tailored for the specific needs of a project, resulting in bugs and issues in prod. [And] sometimes, it takes more time to set it up if the tools are complex to use.Related:Hands-Free Coding Still Hasnt ArrivedAt present, AI struggles with its own set of issues such as misinterpretation, hallucination and incorrect facts. Over-reliance on AI-generated code could lead to a lack of deep technical expertise in development teams.With humans less involved in the nitty-gritty of coding, we could see a decline in the essential skills needed to debug, optimize, or creatively problem-solve at a low level. Additionally, ethical and security concerns could arise as AI systems might unknowingly introduce vulnerabilities or generate biased solutions, says Parakh. Tom Taulli, author of AI-Assisted Programming: Better Planning, Coding, Testing, and Deployment has been using AI-assisted programming tools for the past couple years. This technology has had the most transformative impact by far on his work in his over 40-year work history.Whats interesting is that I approach a project in terms of natural language prompts, not coding or doing endless searchers on Google and StackOverflow. In fact, I set up a product requirements document that is a list of prompts. Then, I go through each one for the development of an application, says Taulli. These systems are far from perfect. But it only takes a few seconds to generate the code -- and this means I have more time to review it and make iterations.Taulli has been a backend developer primarily, but AI assisted programming has allowed him to do more front-end development.The funny thing is that one of the biggest drawbacks is the pace of innovation with these tools. It can be tough to keep up with the many developments, says Taulli. True, there are other well-known disadvantages, such as with security and intellectual property. Is the code being copied? Do you really own the code you create? says Taulli. However, I think one of the biggest drawbacks is the context window. Basically, the LLMs cannot understand the large codebases. This can make it difficult for sophisticated code refactoring..Another issue is the cut-off date of the LLMs. They may not have the latest packages and frameworks, but the benefits outweigh the drawbacks, he says.Tom Jauncey, head nerd at digital marketing agency Nautilus Marketing, says GenAI tools like GitHub Copilot have accelerated the coding process by letting him think about high-level architecture and design. His advice is to use AI to save time on boilerplate code and documentation.Some of the things that I had to learn were how to prompt AI tools and think critically about their output. It is important to remember that while AI is great at generative code, it doesn't always understand broader context and business requirements, says Jauncey. Thus, always cross-check the AI-generated code with official documentation. AI-powered tools ease the effort of exploring a new language or framework without having to go into syntax details.Edward Tian, CEO of GPTZero, believes its better to use GenAI to assist coding rather than relying on it entirely.Personalization is such a key aspect of coding, and GenAI sometimes just cant quite personalize things in the way you want. It can certainly create complicated code, but it just often falls short in terms of uniqueness, says Tian.Bottom LineGenAI is accelerating development by generating code quickly but beware of its limitations. While its good for writing boilerplate code and documentation, creating quick prototypes and debugging, its important to verify the outputs. Prompt engineering skills also help boost productivity.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Christmas came early for Marvelfans who dont like getting off their couch for their entertainment:Deadpool & Wolverine is now streaming at home. The biggest superhero film of the year and the only Marvel Cinematic Universe movie of 2024 is now available on Disney+.The movieaddstwo of the biggest stars from Foxs X-Men movies Ryan Reynolds Deadpool and Hugh Jackmans Wolverine to the broader MCU. In an extremely meta twist, the film sees the Fox X-Men universe targeted for deletion by the Time Variance Authority fromLoki. Its up to Reynolds Deadpool to save it by finding a Wolverine from elsewhere in the multiverse who can help him restore his timeline.On streaming, you canfreeze frame all of the movies many Marvel Easter eggs and maybe find even more referenceseveryone missed the first time around.DEADPOOL & WOLVERINEMarvelloading...READ MORE: Every Marvel Cinematic Universe Movie, Ranked From Worst to BestIve seen Deadpool & Wolverine two times already, and the second time I saw it in a theater it really cemented something for me: Hugh Jackman has to be the best superhero actor ever. As I wrote on ScreenCrush a few months ago...Jackmanswork inDeadpool & Wolverinemakes itthe perfect coda for and tribute to the FoxX-Menuniverse. So many of those films were silly, yet Jackman remained devoutly committed to the reality of Wolverines arduous psychological journey. (He also remained devoutly committed to eating nothing but brown rice and chicken for years on end to maintain the reality of Wolverines swole physique.)Deadpool & Wolverineis maybe the silliest of all theX-Menmovies intentionally so and yet Jackman gives maybe his single best performance as Wolverine in it.Deadpool & Wolverine is available on Disney+ now watch it at this link.Sign up for Disney+ here.Get our free mobile appDeadpool & Wolverine: All the Parts That Make No SenseDeadpool & Wolverine is a fun movie with a story that is really hard to wrap your mind around. Here are a bunch of reasons why.

Kevin Feige has hinted Deadpool and Wolverine may return to the Marvel Cinematic Universe.The superhero pair who are portrayed by Ryan Reynolds and Hugh Jackman respectively finally got their own movie set in the MCU with the eponymous Deadpool& Wolverine, and now the studios boss, 51, has said Marvel is always wondering where we can fit them in in terms of future projects.Speaking to Omelete, Feige said: The plans with Deadpool and Wolverine will always be the same: Were always wondering where we can fit them in, and how fast.Elsewhere in the interview, the studio boss said the studio was still committed to the reboot of Blade which will star Mahershala Ali as the titular vampire hunter after the film was removed from Disneys release schedule.MarvelMarvelloading...READ MORE: Every Marvel Cinematic Universe Movie, Ranked From Worst to BestFeige said: Were committed to Blade. We love the character, we love Mahershalas version of him. And rest assured, whenever we change direction with a project, or are still trying to figure out how it fits into our schedule, we let the public know.Youre updated on what's going on. But I can say that the character will make it to the MCU.The blockbuster, which has faced many setbacks since its 2019 announcement with directors and writers boarding and departing the project - was due to hit theaters on November 7, 2025, though it has now been replaced by Predator: Badlands and is yet to receive a new release date.Feige previously admitted Marvel was trying to crack the reboot, though insisted the studio didnt rush development on the film.He told BlackTree TV: For the last two years as weve been trying to crack that movie, the most important thing for us is not rushing it and making sure we are making the right Blade movie.Get our free mobile appThe Worst Parts of 15 Great MoviesThese movies are terrific. Theyre not perfect, though. Filed Under: Deadpool, Deadpool and Wolverine, Kevin Feige, Marvel, WolverineCategories: Movie News