A U.S. senator has written an open letter to Valve boss Gabe Newell asking for more stringent moderation of Steam.Mark Warner, the United States senator from Virginia, demanded Valve crack down on what he called hateful accounts and rhetoric proliferating on Steam. IGN has asked Valve for comment.Warner alleged that Steam is home to tens of thousands of groups that share and amplify antisemitic, Nazi, sexuality or gender-based hate, and white supremacist content, and called on Valve to bring its content moderation standards in line with industry standards and crack down on the rampant proliferation of hate-based content.Valve boss Gabe Newell. Photo by Olly Curtis/Future Publishing via Getty Images.Warners letter follows a report from the Anti-Defamation League (ADL) that identified over one million unique user accounts and nearly 100,000 user-created groups that glorified antisemitic, Nazi, white supremacist, gender and sexuality-based hatred, and other extremist ideologies on Valves Steam platform.The ADL found Steam hosts almost 900,000 users with extremist or antisemitic profile pictures, 40,000 groups with names that included hateful words, and rampant use of text-based images, particularly of swastikas, resulting in over one million unique hate-images.My concern is elevated by the fact that Steam is the largest single online gaming digital distribution and social networking platform in the world with over 100 million unique user accounts and a userbase similar in scale to that of the traditional social media and social network platforms, Warner said.Steam is financially successful, with a dominant position in its sector, and makes Valve billions of dollars in annual revenue. Until now, Steam has largely not received its due attention as a de facto major social network where its users engage in many of the same activities expected of a social media platform.We have seen on other social networking platforms that lax enforcement of the letter of user conduct agreements, when coupled with a seeming reluctance by those companies to embrace the spirit (namely providing users with a safe, welcoming place to socialize) of those same agreements, leads to toxic social environments that elevate harassment and abuse. You should want your users (and prospective users) to not have to wonder if they or their children will be harassed, intimidated, ridiculed or otherwise face abuse.This isnt the first time Warner has taken on video game tech companies over their alleged failings. He also pressed Discord to take action against hosting violent predatory groups that coerce minors into self-harm and suicide. Indeed, Warner said Valve was warned about this very problem two years ago when it received a Senate letter identifying nearly identical activity on your platform, and yet two years later it appears that Valve has chosen to continue a hands off-type approach to content moderation that favors allowing some users to engage in sustained bouts of disturbing and violent rhetoric rather than ensure that all of its users can find a welcoming and safe environment across your platform.Warners letter asks Valve to answer a series of questions on Steam no later than December 13, 2024. The questions directly ask about Valves current practices used to enforce its terms of service, its definition of terms, and the number of allegations it received about potential conduct violations and the findings of each complaint.It remains to be seen whether Valve responds to Warners letter, which is the third sent by Congress to the company in the last three years. Warners letter threatens Valve with more intense scrutiny from the federal government if it fails to take meaningful action against hate content, but as The Verge points out, First Amendment protections prevent the government from punishing companies for hosting legal albeit hateful speech.Photo by Olly Curtis/Future Publishing via Getty Images,Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Sony's $700 PlayStation 5 Pro gives games such as God of War: Ragnarok and Baldur's Gate 3 a big performance boost but it's also enduring teething problems, with players reporting issues in the likes of Silent Hill 2, Call of Duty: Black Ops 6 and Star Wars Jedi: Survivor.The recently released remake of beloved survival horror game Silent Hill 2 perhaps has the most complaints, with Eurogamer having spotted a number of fans flagging that both developer Bloober Team and publisher Konami have yet to comment on graphical issues headlined by a shimmering or flickering effect."I immediately knew something was off without even seeing gameplay previously or even playing the game before this," said Unlocky-Soil-2456 on Reddit. "Thats how bad this is. I cant even bring myself to play it in this state because its so distracting."Every Game Enhanced for PS5 Pro So FarIGN's Twenty Questions - Guess the game!IGN's Twenty Questions - Guess the game!To start:...try asking a question that can be answered with a "Yes" or "No".000/250Several other games are affected by this similar shimmering issue too. "I love my PS5 Pro for the most part, most games look wonderful, but there seems to be an issue with some games," said Chaystic on ResetEra. "There's this weird shimmering, aliasing, whatever you wanna call it. One big example is Black Ops 6, I thought my Pro was faulty or something, but it turns out I'm not the only one who noticed it. I've seen several social media posts who reported the same."Fellow PS5 Pro owners in the comments pointed it out in Spider-Man 2, Stellar Blade, and Alan Wake 2 as well, while Digital Foundry discovered what it called "severe image quality problems" in Star Wars Jedi: Survivor. "There are severe image quality concerns when elements like foliage interact with ray tracing," it said. "The end result is a strobing image quality downgrade that makes this Pro patch difficult to recommend."The PS5 Pro arrived November 7 as Sony's now standard mid-generation upgrade. More than 50 games received PS5 Pro specific patches upon its launch but, as this list includes Alan Wake 2 and Black Ops 6 among others receiving complaints, it's worth proceeding with caution.In our 7/10 review of the PS5 Pro, IGN said: "The PlayStation 5 Pro is an impressive console with noticeable boosts in performance and graphics for games that take advantage of its powerful hardware. But for $700, youll need to think twice about whether or not the upgrade is worth the price tag."Ryan Dinsdale is an IGN freelance reporter. He'll talk about The Witcher all day.

As it turns out, Christmas did not come early this past weekend at the box office, even with a nominal holiday action movie playing in theaters around the world. Indeed, the long troubled and forthcoming Dwayne Johnson and Chris Evans two-hander, Red One, saw its Yuletide hopes dashed over the weekend when estimates came in pegging the Christmas spectacles opening at $34 million.While technically the number one movie in North America, that number is down considerably when even compared to plenty of Johnsons other family friendly high-concept films like Black Adam (which was considered a disappointment when it opened at $67 million in 2022) and the second Jumanji movie he made with Kevin Hart, Jumanji: The Next Level, which debuted at $59.3 million five years ago in 2019.Technically Red Ones opening is comparable to Johnson and Harts first fun Jumanji flick, Welcome to the Jungle, which opened to $36.1 million in 2017. But that was seven years of inflation ago, and Jungle had a reasonable price tag of $90 million. Conversely, official reports claim Red One cost an eye-watering $200 million, andThe WrapOn paper, Red One was clearly intended to be a continuation of Jumanjis charm, with director Jake Kasdan helming all three movies. Yet Red One became something else as well: an attempt by an ambitious streamer to create its own family-friendly action IP by spending on Red One like it was a superhero movie. Crucially, however, Amazon MGM originally intended for Red One to be exactly thata streaming movie. When production began on the film in 2022, the plan was to have Red One on their streaming service Prime Video in time for Christmas the following year. Production pauses, caused by negotiations being dragged out during the acting and writers strikes of last year, delayed the movie until now. And during the interim, Johnson said he got the idea that the movie needed to be on the big screen in IMAX after watching the success of Christopher Nolans Oppenheimer in the same format.Whatever cracks one might wish to make at the folly of comparing intended streaming content starring Johnson and Evans to a talky, R-rated epic for adults, one should note that ahead of Red One, even Johnsons superhero stumble still actually eked out a north of $50 million opening. So a more interesting way to consider Red Ones failures might be to note that it offers a decent glimpse behind the curtain at the actual popularity of big, pricey streaming movies when their actual appeal isnt obscured by numbers massaged by the tech industry.The state of moviemaking is indeed in a strange place where audiences more often than not elect to stay home than go to the cinema on any given weekend, and in that environment streaming services and their owners have the opportunity to remain opaque about what is being watched for how long and by how many people. For instance, another Johnson streaming movie that never got released into theaters, Netflixs similarly titled Red Notice, was trumpeted by its streamer as its most popular movie of all-time, with the film allegedly generating 231 million views since 2021.Yet the numbers of how many people finished the film or actually enjoyed it (or even gave it their undivided attention) are murkier. There is obviously a world of difference between turning on something that is free (or part of a subscription you already paid for) and leaving it on in the background while wrapping presents versus paying $10 to $20 a ticket to see the film with your family ahead of Thanksgiving. But isnt that also kind of the point? Streaming services continue to be championed as the future of media consumption, or even cinema, and yet their seemingly algorithm-designed content with a tested movie star like Johnson and audience-favorite like Evans cannot generate as much excitement as an original (and sublime) family film, The Wild Robot, which opened at about $36 million in September.There are of course other conventional lessons that seem gleanable from Red Ones struggles, beginning with its price tag. As of press time, it is not clear if Red Ones exorbitant budget is partially borne out from the streaming model of paying above-the-line talent expanded fees to offset the films never having the opportunity to earn backends for the talent in a traditional theatrical rolloutwhich is why Amazons adult drama Air cost a reported $90 million, even though the non-salaried portion of that production was probably a fraction of the totalor if this is just the case of another Rock movie costing north of $200 million.According to The Wrap, though, Johnson alone demanded a $50 million payday and then allegedly caused the budget to balloon further by being chronically late to set. Producer Hiram Garcia categorically denied this allegation.Read more Whatever the case might be, it seems ill-advised to spend anywhere in the neighborhood of a quarter-billion dollars on a Christmas movie. Weve written before about how the industry went from reliably producing a few generally recognized Christmas favorites every decade to there not being a banner year for holiday classics since 2003. A large reason for that is the holiday movie has been surrendered to streaming services, which often treat them as disposable shovel programmer content. Conversely, attempting to rework the plot of 48 Hrs. or Lethal Weapon into a family movie with expensive talking polar bears and fist-fighting Krampuses seems equally tone deaf.Many of the celebrated holiday movies of yore, including 2003s Elf and Love Actually, were medium-budgeted movies that relied on quality talent in front of and behind the camera delivering the ephemeral magic. In other words, the best Christmas movies didnt try to just buy their popularity with special effects, or just phone the magic in, a la every Netflix Christmas movie you might watch this holiday season and have forgotten by New Years.Red One conversely feels like every other streaming service blockbuster that you might watch but regret afterward. Granted, not all audiences feel the same. It should be noted the film earned a respectable A- CinemaScore over the weekend, which is better than Black Adams B+. However, lest anyone has delusions of a long holiday season attempt to recover, it should be noted the traditional studios already seem to have the family market cornered with Universals highly anticipated Wicked slated to make landfall next week and, ironically enough, the Johnson co-starring Moana 2 from Disney prepared to open the weekend afterward. Just in time for the holidays.

What is the most underrated James Bond movie? That is a question that might have as much to do with when you ask it as it does the films themselves. Take On Her Majestys Secret Service for example. Over years and decades, it was generally treated as the black sheep of the Eon Productions canon; the one that was rejected by audiences in 1969 because Sean Connery isnt there, and the one that would get slipped in very late at night on TBS marathons in the 90s because it starred the one-and-done George Lazenby.Yet today the films bittersweet tone and outright tragic endingwith Bond crying over the body of his wife on their wedding day while Louis Armstrongs All the Time in the World is turned into an instrumental weepylingers so strongly that Eon more or less remade its elegiac quality, right down to the Louis Armstrong number, in No Time to Die. The brief Timothy Dalton era of 007 movies has undergone similar reappraisal on the internet where fans appreciated his tough, no-nonsense gruffness when juxtaposed with Roger Moores silliness. And so it goes. The stock of Bond is always rising and falling.So, with all that in mind, if you asked me today in 2024 what is the most underrated Bond adventure I would say the one that just turned 25 years old earlier this month.It has indeed been a quarter-century since The World Is Not Enough, the third Bond movie starring Pierce Brosnan and the first co-written by Neal Purvis and Robert Wade (scribes whod have a hand in every James Bond movie since). Generally well received upon release, if not riotously celebrated, The World Is Not Enough was reviewed by critics and fans as a serviceable nother one. This time with Denise Richards as a nuclear physicist, which might have conjured more howls from Gen-X and elder Millennial audiences than the older critics who grew up used to Eon Productions casting standards.Still, as the years passed, TWINE stands largely forgotten by anyone except diehards. And to be fair, no one should (or could) mistake The World Is Not Enough as the gold standard of its series. Nonetheless, there is actually a fairly solid and oft-overlooked soul to this installment. Its the film where Brosnan felt most confident and in command of his version of 007; the one which brought a graceful end to the 90s and post-Cold War era of James Bond; and the movie that burrowed so deeply into Bond and Ms psychologies that Eon covertly remade it during the Daniel Craig era.There is a case to be made that it is time to recognize The World Is Not Enough as one of the more underappreciated Bond flicks.A Setup So Good Eon Did It TwiceWhen producers Barbara Broccoli and Michael G. Wilson broke the story of The World Is Not Enough with their writers, as well as director Michael Apted, the film was going to originally feature one of the subtler pre-title sequences, particularly in the Brosnan era where they were almost all over-the-top. We would be introduced to Bond mid-mission where he interrogates a corrupt banker in Bilbao, Spain and then his life is saved by a mysterious third party as he quietly escapes from the office. The subsequent chase sequence along the Thames River would have then been saved for the very next scene after the opening credits.Thank Her Majesty for the change, because instead of being a forgettable intro, TWINE features one of the best. It was also the longest ever up to that point with its 14-minute runtime (a record No Time to Die finally broke in 2021). Obviously, this allowed the opening to have more bang for its buck. The opening is now the action highlight of the movie given it culminates with Bond highjacking Qs tricked out speedboat and pursuing an assassin along Londons Thames. They even wind up, appropriately enough, atop Londons Millennium Dome, a tourist attraction so new and of the moment that it wouldnt even be open to the public during the movies release.By itself this is just a terrific table-setter, right down to Garbages grooving 90s alt-rock title song. However, it also introduced one of the most intriguing, and prescient, setups in a Bond film. Rather than just introduce us to 007 wrapping up another case, we see the literal fallout of that mission when the money Bond retrieved from the aforementioned bank is discovered to have a bomb hidden inside its paper: it is used to execute a terrorist attack on MI6 headquarters that leaves one of Ms closest friends dead, and British intelligenceincluding Bond as an unwitting and physically injured patsyhumiliated.Its a prelude to a mission of intensely personal stakes for the wounded Bond, his employer, and MI6 itself, and it rather unintentionally picks up on geopolitical anxieties that would erupt into a bitter, horrifying reality a few years later when massive terrorist attacks on the West became more than just the work of fiction. Perhaps that is one reason Eon more or less remade this exact same setup in one of the production companys best films, Skyfall. Right down to the terrorist being someone from the past life of Judi Denchs M, Skyfall feels like a redo of The World Is Not Enoughs themes, remixed for a post-9/11 world (and with the villain being a riff on GoldenEyes 006 to boot).Skyfall does it better overall, but the naivet of The World Is Not Enoughs simple sense of escapism makes it a bit more charming to return to, plus the shots of Bond getting to wreak havoc in 90s London without any of the gloom and doom of the Craig era remains an absolute blast.Brosnan and Dench at Their BestA movie marking a personal vendetta for both Bond and M has became common place during the Craig era, but it was a novelty in 1999. And in some regards, The World Is Not Enough remains one of the more unique renditions of this growing clich. Whereas Craigs Bond had a deep emotional attachment to Denchs M, with the suggestion of her having groomed him as a troubled, bordering on sociopathic youth like a mother would a child, Brosnans Bond enjoyed a relationship with Denchs M more approaching that of equals and colleagueswhich made how they played off each other in this film uniquely interesting.With exception to Ralph Fiennes Mallory in the last couple of Craig entries, the Brosnan era is the only time in the Bond oeuvre where 007 is the old seasoned hand with a foot in the past, and M is the face of the future. The irony of a misogynistic relic of the Cold War like Bond having a woman as his boss practically writes itself, hence how she addresses him with those exact words in GoldenEye. Yet from that frosty introduction Brosnans Bond has somewhere to grow with M as the two reach a grudging and, eventually, admiring respect.That element comes to fruition in The World Is Not Enough, a movie where instead of treating M as just a bean-counter, or as a mother in need of protecting, Bond comes to see her as a real person and confidant. He recognizes she is taking it personal that her school chum (and ex-lover?) from Oxford was killed due to their mutual negligence. But from that recognition the two develop an unspoken trust and camaraderie. They have a mutual interest in redemption.But then, much of the movie is a showcase for Brosnans Bond. In the 90s, he was celebrated as a bit of the platonic ideal between Connerys aggressive swagger and Moores dapper silliness. Brosnan walked the line. After Craig entirely reinvented the character as brooding bruiser who grew out of his blunt instrument youth, Brosnans goldilocks approach was dismissed, particularly by online fandom who typically prefer the seriousness of Craig, or for that matter Dalton. Yet perhaps because I grew up in the 90s, Ive always had affection for Brosnans lighter touch, which was often more nuanced than detractors would suggest. And that styling was never so bespoke as in TWINE. While GoldenEye easily remains the one great Brosnan Bond movie, as with most 007 actors he was still finding his interpretation of the character in the first outing.By the time TWINE came around, though, the actor and producers knew exactly who this version of Bond was. He still has the charm and humorousness of both Connery and Moore, but there is also a wearied sadness and melancholy there. He is not a brooder like Craig (and probably like how Brosnan would have preferred to see the character written), but this Bond has lived through the Cold War, betrayals, and long empty nights. The charisma feels like a defense mechanism, and perhaps his weapon of last resort.And we see what happens when those defenses are circumvented after he meets the next great love of his life, as well as one of the more under-appreciated baddies in the seriesRead more One of the Better VillainsMany internet pixels have been spilled about Denise Richards as Dr. Christmas Jones. The former American model is spectacularly miscast as a nuclear scientist. Still, I would point out that not much more so than many of the other Bond movie casting choices in previous decades. Think of the Bond Girls who were later dubbed because of wooden line deliveriesor the ones who were introduced as fellow espionage professionals and then asked to just blankly run around in a bikini by the producers. The backlash to Richards casting says perhaps more about how audience expectations for womens leading roles had changed in the 40 or so years between Dr. No and TWINE while Eons had not.However, it should be noted that Christmas is not a lead in The World Is Not Enough. She is a character who sadly only exists so Bond has a love interest at the end of the film. And even in that pretext, she is at least written as competent in her expertise, even as the producers dubiously dress her up like 90s era Lara Croft for half the movie. Even so, she is tertiary to the central dynamic of the film: a romance between James and a woman named Elektra (Sophie Marceau).While On Her Majestys Secret Service has been reevaluated as a Bond classic, in 1999 it was still largely a black sheep. Which makes the choice to essentially subvert it bold. And the twist where the woman Bond falls in love with this time turns out to also be the real villain is bolder still.It is indeed one of the cleverer plot contours in the series when Bond and the audience discover at roughly the same time that the terrorist were introduced into believing is the mastermind villain, Robert Carlyles adequate Renard, is actually a patsy. He is a dupe as easily manipulated by Elektra King as as 007. She is the films surprise femme fatale who intentionally echoes Diana Riggs beloved Teresa di Vicenzo. For like Tracy, Elektra comes from a wealthy family (Bond always loves refined things, no?) but is damaged from that privileged lifestyle. Quite literally, as we learn she was tortured and maimed when she was kidnapped for an extended period by Renard.Initially, Bond and the audience is led to suspect that she was manipulated or seduced, much like the dubious and disputed pop culture image surrounding the Patty Hearst abduction. However, even that proves a red herring. As the film unfolds, we learn Elektra has manipulated Bond and M, as well as the viewers. In truth, Elektra seduces Bond by representing everything he loves, even as she also embodies everything he usually despises in a man: intensely privileged breeding, a sense of entitlement, and, finally, megalomania. She considers her familys oil holdings in Russia as her birthright, and will kill anyone who keeps her from it. Beginning with her father.As misjudged as casting Richards as Christmas Jones was (especially since rumors suggest Monica Bellucci was also in the running for the role), the film ultimately lives or dies based on the dynamic between Bond and Elektra, and casting an actress as adept as Marceau works wonders for the film. She and Brosnan kindle a sincere chemistry, just as the erudite French actress has enough playfulness to imbue Elektras later villainy with a fanged cruelty.It makes the actual climax of the film one of the best moments in Brosnans tenure. Thirty-seven years after Connerys Bond coldly assassinated Professor Dent in Dr. No, Brosnans 007 is forced to shoot Elektra King in cold blood. It feels uglier than how were used to seeing the Brosnan version of the character. Earlier in the movie, the character went so far as to acknowledge that cold-blooded murder is a filthy business. But doing it to a woman he loved for at least one night is a kind of self-abnegation. You can see it on Brosnans face as he holds the gun and begs for her to call off Renard and their scheme.You buy Elektras misplaced confidence when she smirks, You wouldnt kill me. Youd miss me. It sets up a typical Brosnan one-liner, though this one with venomous irony after he executes her: I never miss. But in the same breath, Denchs M arrives on the scene to witness a perverse tableau. Bond is visibly mourning the woman he murdered by brushing her hair. The moment is melodramatic but also faintly disturbing, including to M. It also gestures toward a quality of the character that would become dominant in the Craig era.Its also such a striking moment that it wreaks havoc on the rest of TWINEs finale, which has no more oxygen as Bond obligatorily kills Renard in a crashed submarine and saves Christmas.The End of an EraUltimately, The World Is Not Enough has a number of good moments like the Thames chase sequence or the death of Elektra King. The shootout between Bond and Renard in a nuclear missle silo is also 90s cheese, but of an entertaining flavor as Brosnan hops on chains designed to transport atomic weapons and uses them as a carnival ride while outrunning a fireball. There is also a touching sendoff to Desmond Llewelyn as Q and a surprisingly taut action sequence about navigating oil pipelines.But it is easy to admit the sum is lesser than the parts. There are a couple of action sequences that feel quite rote and strangely lacking for a Bond flick, such as the worst ski set-piece in the series and the aforementioned submarine fistfight. As good as Elektra is, the choice to keep Renard as the final heavy, presumably because he is a man, disservices the movie.Yet one cannot wonder if the film, and perhaps Brosnans whole tenure, might be better remembered if this had been the final entry of his run. While I am of the camp who thinks it is a shame that Brosnan didnt get a fifth film in the early 2000s to close out his era on a better note than Die Another Day, the flip side might have also been true. Brosnans interpretation of the character feels incredibly, inescapably rooted in the 90s. It is of that moment where the Cold War was over but the 20th century still had life left in it. During roughly that decade before terrorist attacks in 2001 changed the world for the worst, shortsighted optimists believed they were living at the end of history. They might have even argued the world had no more use for characters like James Bond.The three films Brosnan made between 1995 and 1999 absolutely tap into the anxieties of that moment, complete with TWINEs still timely narrative about Europeans willing to kill over getting oil out of Russia (or Tomorrow Never Dies satire of conservative media propaganda). In this context, TWINE acts as a bookend on elements introduced in GoldenEye. Robbie Coltrane as the best 007 contact in the series since Kerim Bey returns in the role of Valentin Zukovsky, a former KGB spymaster turned gangster. In GoldenEye, he wanted to permanently maim Bond for a Cold War injury Zukovsky sustained, but by the end of TWINE, he utilizes his last breath to save James life, confident Bond will avenge them both.The film also sees Denchs M and the audience finally recognize an implicit question she had for Bond in GoldenEye. Can you still be useful? The answer is yes, even if it rots away at another level of Bonds soul with one more dead lover in his arms.The World Is Not Enough is not top shelf Bond, but it might be at the top of the mid-tier pack. And just as it took about 20 years for even Daltons most uneven Bond film, Licence to Kill, to get its due, now seems apt for The World Is Not Enough to receive a couple of flowers of its own. If only for Elektras funeral.

Today DoorDash announced a variety of new features and improvements timed for the holiday season. One such change: a new integration with Apples Reminders app.Import Reminders lists into DoorDash, or copy/paste a listThe Reminders app is used in a variety of ways by different users, but one of the most common use cases is grocery lists. Apple has even added grocery-specific features in the last couple years.Now, as DoorDash tries to make a bigger push into being used not just for restaurant deliveries but also groceries, the company is rolling out a new Reminders integration.DoorDash is adding the ability to import a Reminders list to get a quicker start on your grocery order.You can choose which list to import, and each item on the list will trigger a search so you can find the exact products youre looking for from DoorDashs various partners.If you keep your grocery lists in Apple Notes or some other app instead, the same functionality is extended to lists you paste into the DoorDash app.All of this makes it quicker to get your shopping done within DoorDash.Do you plan to use this new Reminders integration? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

A new report today suggests that porch pirates thieves who steal packages left on doorsteps shortly after delivery have accessed tracking data from AT&T systems to follow iPhone deliveries.There has been a marked uptick in iPhones being stolen from doorsteps after being ordered from AT&T and delivered by Fedex, apparently with the help of real-time delivery updates CNET reports.A new rash of 2024 package thefts has uncovered a disturbing technique with thieves seizing private tracking data so they know exactly when packages are delivered, particularly iPhones. That allows these prescient porch pirates to jump in and steal the phones right when theyre delivered []Thieves are somehow getting tracking numbers or similar tracking information for iPhone deliveries, so they get real-time updates about when and where packages are delivered, allowing them to swoop in the moment the package status changes.AT&T is one of the few telecom companies that in many cases doesnt require signatures for high-value deliveries like iPhones. That allows thieves to steal packages when they are left unattended.Neither company has commented, and law enforcement is still investigating, but one theory is that the data is being accessed internally by rogue AT&T employees and then sold to thieves.The site recommends buying from companies and carriers who require a signature for high-value deliveries, as this should ensure packages are not left unattended on doorsteps.Photo byDan DennisonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Suck it, Shakespeare.Dead PoetsScientists have found that readers have a lot of trouble telling apart AI-generated and human-written poetry even works by the likes of William Shakespeare and Emily Dickinson.Even more surprisingly, the researchers found that humans generally prefer the former over the latter, which could bode poorly for the role of human creativity in the age of generative AI.As detailed in a new paper published in the journal Scientific Reports, University of Pittsburgh researchers Brian Porter and Edouard Machery conducted two experiments involving "non-expert poetry readers."They found that "participants performed below chance levels in identifying AI-generated poems. Notably, participants were more likely to judge AI-generated poems as human-authored than actual human-authored poems."AI-generated poems got higher scores from participants in qualities including rhythm and beauty, something that appeared to lead them astray in picking out which poem was the product of a language model and which was the creative output of a human artist.The team believes their difficulties may be due to the "simplicity of AI-generated poems" that "may be easier for non-experts to understand."In simple terms, AI-generated poetry is appealingly straightforward, and less convoluted, for the palate of the average Joe.Doing LinesIn their first experiment, participants were shown ten poems in a random order. Five were from renowned wordsmiths, including William Shakespeare, Emily Dickinson, and T.S. Eliot. The other five were generated by OpenAI's already out-of-date GPT 3.5 large language model, which was tasked to imitate the style of the aforementioned poets.In a second experiment, participants were told to rate the poems based on 14 different characteristics including quality, emotion, rhythm, and ironically, perhaps originality. The participants were split into three groups who were then told that the poems were AI-generated, human-written, or given no information about their origin.Interestingly, the group told that the poems were AI-generated tended to give the poems a lower score than those who were told that the poems were human-written.And the third group, who received no information about the poems' origins, actually favored the AI-generated poems over the human-written ones."Contrary to what earlier studies reported, people now appear unable to reliably distinguish human-out-of-the-loop AI-generated poetry from human-authored poetry written by well-known poets," the two researchers concluded in their paper."In fact, the 'more human than human' phenomenon discovered in other domains of generative AI is also present in the domain of poetry: non-expert participants are more likely to judge an AI-generated poem to be human-authored than a poem that actually is human-authored," they wrote.More on generative AI: The Wall Street Journal Is Testing AI-Generated Summaries of Its ArticlesShare This Article

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid secrets found and reported remained valid for more than 5 days. According to the same research, on average, it takes organizations 27 days to remediate leaked credentials. Combine that with the fact that non-human identities outnumber human identities by at least 45:1, and it is easy to see why many organizations are realizing stopping secrets sprawl means finding a way to deal with this machine identity crisis. Unfortunately, the research also shows that many teams are confused about who owns the security of these identities. It is a perfect storm of risk. Why Does Rotation Take So LongSo, why are we taking so long to rotate credentials if we know they are one of the easiest attack paths for adversaries? One major contributing factor is a lack of clarity on how our credentials are permissioned. Permissions are what authorize what specific things one entity, such as a Kubernetes workload or a microservice, can successfully request from another service or data source. Let's remember what remediation of a secrets sprawl incident means: you need to safely replace a secret without breaking anything or granting new, too-wide permissions, which would potentially introduce more security risks to your company. If you already have full insight into the lifecycle of your non-human identities and their associated secrets, this is a fairly straightforward process of replacing them with new secrets with the same permissions. This can take considerable time if you don't already have that insight, as you need to hope the developer who originally created it is still there and has documented what was done. Let's look at why permissions management is especially challenging in environments dominated by NHIs, examine the challenges developers and security teams face in balancing access control and productivity, and discuss how a shared responsibility model might help.Who Really Owns Secrets Sprawl?Secrets sprawl generally refers to the proliferation of access keys, passwords, and other sensitive credentials across development environments, repositories, and services like Slack or Jira. GitGuardian's latest Voice of the Practitioners report highlights that 65% of respondents place the responsibility for remediation squarely on the IT security teams. At the same time, 44% of IT leaders reported developers are not following best practices for secrets management. Secrets sprawl and the underlying issues of over-permissioned long-lived credentials will continue to fall in this gap until we figure out how to better work together in a shared responsibility model.The Developer's Perspective On PermissionsDevelopers face enormous pressure to build and deploy features quickly. However, managing permissions carefully, with security best practices, can be labor-intensive. Each project or application often has its own unique access requirements, which take time to research and properly set, almost feeling like a full-time job on top of the work making and deploying their applications. Best practices for creating and managing permissions too commonly do not get applied evenly across teams, are seldom documented appropriately, or are forgotten altogether after the developer gets the application working. Compounding the issue, in too many cases, developers are simply granting too wide of permissions to these machine identities. One report found that only 2% of granted permissions are actually used. If we take a closer look at what they are up against, it is easy to see why.For instance, think about managing permissions within Amazon Web Services. AWS's Identity and Access Management (IAM) policies are known for their flexibility but are also complex and confusing to navigate. IAM supports various policy typesidentity-based, resource-based, and permission boundariesall of which require precise configurations. AWS also offers multiple access paths for credentials, including IAM roles and KMS (Key Management Service) grants, which each come with its own unique access configurations. Learning this system is no small feat.Another common example of a service where permissions can become difficult to manage is GitHub. API keys can grant permissions to repositories across various organizations, making it challenging to ensure appropriate access boundaries. A single key can unintentionally provide excessive access across environments when developers are members of multiple organizations. The pressure is on to get it right, while the clock is always ticking and the backlog keeps getting bigger. Why Security Teams Alone Can't Fix ThisIt may seem logical to assign security teams responsibility for monitoring and rotating secrets; after all, this is a security concern. The reality is that these teams often lack the granular project-level knowledge needed to make changes safely. Security teams don't always have the context to understand what specific permissions are essential for keeping applications running. For instance, a seemingly minor permission change could break a CI/CD pipeline, disrupt production, or even cause a company-wide cascading failure if the wrong service disappears.The dispersed nature of secrets management across teams and environments also increases the attack surface. With no one really in charge, it becomes much harder to maintain consistency in access controls and audit trails. This fragmentation often results in excessive or outdated credentials and their associated permissions remaining active for far too long, possibly forever. It can make it difficult to know who has legitimate or illegitimate access to which secrets at any given time.A Shared Responsibility Model For Faster RotationDevelopers and security teams could help address these issues by meeting in the middle and building a shared responsibility model. In such a model, developers are more responsible for consistently managing their permissions through proper tooling, such as CyberArk's Conjur Secrets Manager or Vault by HashiCorp, while also better documenting the permissions and scope of the necessary permissions at the project level. Security teams should be helping developers by working to automate secrets rotation, investing in the proper observability tooling to gain clarity into the state of secrets, and working with IT to eliminate long-lived credentials altogether. If developers clearly document which permissions are needed in their requirements, it could help security teams conduct faster and more precise audits and speed remediation. If security teams work to ensure that the easiest and fastest overall path toward implementing a new non-human identity secret is also the safest and most scalable route, then there are going to be far fewer incidents that require emergency rotation, and everyone wins. The goal for developers should be to ensure that the security team can rotate or update credentials in their applications with confidence, on their own, knowing they're not jeopardizing production.Key Questions to Address around PermissioningWhen thinking through what needs to be documented, here are a few specific data points to help this cross-team effort flow more smoothly: Who Created the Credential? - Many organizations find it difficult to track credential ownership, especially when a key is shared or rotated. This knowledge is essential to understanding who is responsible for rotating or revoking credentials.What Resources Does It Access? - API keys can often access a range of services, from databases to third-party integrations, making it essential to limit permissions to the absolute minimum necessary.What Permissions Does It Grant? - Permissions vary widely depending on roles, resource-based policies, and policy conditions. For instance, in Jenkins, a user with `Overall/Read` permission can view general information, while `Overall/Administer` grants full control over the system.How Do We Revoke or Rotate It? - The ease of revocation varies by platform, and in many cases, teams must manually track down keys and permissions across systems, complicating remediation and prolonging exposure to threats.Is the Credential Active? - Knowing whether a credential is still in use is critical. When NHIs use long-lived API keys, these credentials may remain active indefinitely unless managed properly, creating persistent access risks.Permissions Are Challenging, But We Can Manage Them Together As One TeamAccording to the GitGuardian report, while 75% of respondents expressed confidence in their secrets management capabilities, the reality is often much different. The average remediation time of 27 days reflects this gap between confidence and practice. It is time to rethink how we implement and communicate secrets and their permissions as an organization.While developers work diligently to balance security and functionality, the lack of streamlined permissions processes and uncentralized or unstandardized documentation paths only amplify the risks. Security teams alone can't resolve these issues effectively due to their limited insight into project-specific needs. They need to work hand-in-hand with developers every step of the way. GitGuardian is building the next generation of secrets security tooling, helping security and IT teams get a handle on secrets sprawl. Knowing what plaintext, long-lived credentials are exposed in your code and other environments is a needed first step to eliminating this threat. Start today with GitGuardian.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creativeusing everything from human trust to hidden flaws in technology. The real question is: are you ready? Every attack holds a lesson, and every lesson is an opportunity to strengthen your defenses. This isn't just newsit's your guide to staying safe in a world where cyber threats are everywhere. Let's dive in. Threat of the WeekPalo Alto Networks Warns of Zero-Day: A remote code execution flaw in the Palo Alto Networks PAN-OS firewall management interface is the newest zero-day to be actively exploited in the wild. The company began warning about potential exploitation concerns on November 8, 2024. It has since been confirmed that it has been weaponized in limited attacks to deploy a web shell. The critical vulnerability has no patches as yet, which makes it all the more crucial that organizations limit management interface access to trusted IP addresses. The development comes as three different critical flaws in Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) have also seen active exploitation attempts. Details are sparse on who is exploiting them and the scale of the attacks. Top NewsBrazenBamboo Exploits Unpatched Fortinet Flaw: A threat-actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity described BrazenBamboo as the developer of three distinct malware families DEEPDATA, DEEPPOST, and LightSpy, and not necessarily one of the operators using them. BlackBerry, which also detailed DEEPDATA, said it has been put to use by the China-linked APT41 actor.About 70,000 Domains Hijacked by Sitting Ducks Attack: Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. Sitting Ducks exploits misconfigurations in a web domain's domain name system (DNS) settings to take control of it. Of the nearly 800,000 vulnerable registered domains over the past three months, approximately 9% (70,000) have been subsequently hijacked.Got a Dream Job Offer on LinkedIn? It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin. The attacks have been observed targeting the aerospace, aviation, and defense industries since at least September 2023. Interestingly, the tactics overlap with that of the notorious North Korea-based Lazarus Group.WIRTE Targets Israel With SameCoin Wiper: WIRTE, a Middle Eastern threat actor affiliated with Hamas, has orchestrated cyber espionage operations against the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as well as carried out disruptive attacks that exclusively target Israeli entities using SameCoin wiper. The destructive operations were first flagged at the start of the year.ShrinkLocker Decryptor Released: Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. First identified earlier this year, ShrinkLocker is notable for its abuse of Microsoft's BitLocker utility for encrypting files as part of extortion attacks targeting entities in Mexico, Indonesia, and Jordan. Trending CVEsRecent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-10924, CVE-2024-10470, CVE-2024-10979, CVE-2024-9463, CVE-2024-9465, CVE-2024-43451, CVE-2024-49039, CVE-2024-8068, CVE-2024-8069, CVE-2023-28649, CVE-2023-31241, CVE-2023-28386, CVE-2024-50381, CVE-2024-7340, and CVE-2024-47574. These security flaws are serious and could put both companies and regular people at risk. To stay safe, everyone needs to keep their software updated, upgrade their systems, and constantly watch out for threats. Around the Cyber WorldThe Top Routinely Exploited Vulnerabilities of 2023 Revealed: Cybersecurity agencies from the Five Eyes nations, Australia, Canada, New Zealand, the U.K., and the U.S., have released the list of top 15 vulnerabilities threat actors have been observed routinely exploiting in 2023. This includes security flaws from Citrix NetScaler (CVE-2023-3519, CVE-2023-4966), Cisco (CVE-2023-20198, CVE-2023-20273), Fortinet (CVE-2023-27997), Progress MOVEit Transfer (CVE-2023-34362), Atlassian (CVE-2023-22515), Apache Log4j (CVE-2021-44228), Barracuda Networks ESG (CVE-2023-2868), Zoho ManageEngine (CVE-2022-47966), PaperCut MF/NG (CVE-2023-27350), Microsoft Netlogon (CVE-2020-1472), JetBrains TeamCity (CVE-2023-42793), Microsoft Outlook (CVE-2023-23397), and ownCloud (CVE-2023-49103). "More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks," the U.K. NCSC said. The disclosure coincided with Google's announcement that it will begin issuing "CVEs for critical Google Cloud vulnerabilities, even when we do not require customer action or patching" to boost vulnerability transparency. It also came as the CVE Program recently turned 25, with over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers assigned as of October 2024. The U.S. National Institute of Standards and Technology (NIST), for its part, said it now has a "full team of analysts on board, and we are addressing all incoming CVEs as they are uploaded into our system" to address the backlog of CVEs that built up earlier this calendar year.GeoVision Zero-Day Under Attack: A new zero-day flaw in end-of-life GeoVision devices (CVE-2024-11120, CVSS score: 9.8), a pre-auth command injection vulnerability, is being exploited to compromise and enlist them into a Mirai botnet for likely DDoS or cryptomining attacks. "We observed a 0day exploit in the wild used by a botnet targeting GeoVision EOL devices," the Shadowserver Foundation said. Users of GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, and GVLX 4 V3 are recommended to replace them.New Banking Trojan Silver Shifting Yak Targets Latin America: A new Windows-based banking trojan named Silver Shifting Yak has been observed targeting Latin American users with the goal of stealing information from financial institutions such as Banco Ita, Banco do Brasil, Banco Bandresco, Foxbit, and Mercado Pago Brasil, among others, as well as credentials used to access Microsoft portals such as Outlook, Azure, and Xbox. The initial attack stages of the malware are believed to be initiated by phishing emails that lead the victims to malicious .ZIP archives hosted on fake websites. The development comes as the threat actor known as Hive0147 has begun to use a new malicious downloader called Picanha to deploy the Mekotio banking trojan. "Hive0147 also distributes other banking trojans, such as Banker.FN also known as Coyote, and is likely affiliated with several other Latin American cyber crime groups operating different downloaders and banking trojans to enable banking fraud," IBM X-Force said.Tor Network Faces IP Spoofing Attack: The Tor Project said the Tor anonymity network was the target of a "coordinated IP spoofing attack" starting October 20, 2024. The attacker "spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network," the project said. "The origin of these spoofed packets was identified and shut down on November 7, 2024." The Tor Project said the incident had no impact on its users, but said it did take a few relays offline temporarily. It's unclear who is behind the attack.FBI Warns About Criminals Sending Fraudulent Police Data Requests: The FBI is warning that hackers are obtaining private user information from U.S.-based tech companies by compromising U.S. and foreign government/police email addresses to submit "emergency" data requests. The abuse of emergency data requests by malicious actors such as LAPSUS$ has been reported in the past, but this is the first time the FBI has formally admitted that the legal process is being exploited for criminal purposes. "Cybercriminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request," the agency said.New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework. In this campaign detected in October 2024, users searching for tax-related content on Bing are lured into downloading an obfuscated JavaScript. Upon execution, this script retrieves a Windows Installer (MSI) from a remote server, which installs Brute Ratel. The toolkit then connects to command-and-control (C2) servers for further instructions, allowing the attacker to control the infected system. It's believed that the end goal of the attacks is to deploy ransomware on compromised hosts. Lunar Spider is also the developer behind IcedID, suggesting that the threat actor is continuing to evolve their malware deployment approach to counter law enforcement efforts. It's not just Lunar Spider. Another infamous cybercrime gang called Scattered Spider has been acting as an initial access broker for the RansomHub ransomware operation, employing advanced social engineering tactics to obtain privileged access and deploy the encryptor to impact a critical ESXi environment in just six hours." The disclosure comes as ransomware attacks, including those aimed at cloud services, continue to be a persistent threat, even as the volume of the incidents is beginning to witness a drop and there is a steady decline in the ransom payment rates. The appearance of new ransomware families like Frag, Interlock, and Ymir notwithstanding, one of the noteworthy trends in 2024 has been the rise of unaffiliated ransomware actors, the so-called "lone wolves" who operate independently. Resources, Guides & Insights Expert WebinarHow to be Ready for Rapid Certificate Replacement Is certificate revocation a nightmare for your business? Join our free webinar and learn how to replace certificates with lightning speed. We'll share secrets to minimize downtime, automate replacements, master crypto agility, and implement best practices for ultimate resilience.Building Tomorrow, SecurelyAI Security in App Development AI is revolutionizing the world, but are you prepared for the risks? Learn how to build secure AI applications from the ground up, protect against data breaches and operational nightmares, and integrate robust security into your development process. Reserve your spot now and discover the essential tools to safeguard your AI initiatives. Cybersecurity ToolsGrafana Grafana is an open-source monitoring and observability platform that enables cybersecurity teams to query, visualize, and alert on security metrics from any data source. It offers customizable dashboards with flexible visualizations and template variables, allowing for real-time threat monitoring, intrusion detection, and incident response. Features such as ad-hoc queries and dynamic drill-downs facilitate the exploration of metrics related to network traffic, user behavior, and system logs. Seamless log exploration with preserved filters supports forensic investigations, while visual alert definitions ensure timely notifications to security operations centers through integrations with tools like Slack and PagerDuty. Additionally, Grafana's ability to mix different data sourcesincluding custom onesprovides comprehensive security monitoring across diverse environments, enhancing the organization's ability to maintain a robust cybersecurity posture.URLCrazy is an OSINT tool designed for cybersecurity professionals to generate and test domain typos or variations, effectively detecting and preventing typo squatting, URL hijacking, phishing, and corporate espionage. By creating 15 types of domain variants and leveraging over 8,000 common misspellings across more than 1,500 top-level domains, URLCrazy helps organizations protect their brand by registering popular typos, identifying domains diverting traffic intended for their legitimate sites, and conducting phishing simulations during penetration tests. Tip of the WeekUse Canary Tokens to Detect Intrusions Hackers rely on staying hidden, but canary tokens help you catch them early. These are fake files, links, or credentials, like "Confidential_Report_2024.xlsx" or a fake AWS key, placed in spots hackers love to snoopshared drives, admin folders, or cloud storage. If someone tries to access them, you get an instant alert with details like their IP address and time of access.They're easy to set up using free tools like Canarytokens.org and don't need any advanced skills. Just keep them realistic, put them in key places, and check for alerts. Make sure you test your tokens after setup to ensure they work and avoid overusing them to prevent unnecessary noise. Place them strategically in high-value areas, and monitor alerts closely to act quickly if triggered. It's a smart, low-effort way to spot hackers before they can do damage.ConclusionThat's it for this week's cybersecurity updates. The threats might seem complicated, but protecting yourself doesn't have to be. Start simple: keep your systems updated, train your team to spot risks, and always double-check anything that seems off.Cybersecurity isn't just something you doit's how you think. Stay curious, stay cautious, and stay protected. We'll be back next week with more tips and updates to keep you ahead of the threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Lisa Morgan, Freelance WriterNovember 18, 20247 Min ReadYAY Media AS via Alamy StockBusiness competitiveness is driving organizations deeper into the cloud where they can take advantage of more services. Leading organizations are realizing economic benefits ranging from cost savings and deeper insights to successful innovations. Artificial intelligence is driving an increase in cloud usage.We anticipate a continued growth of a few significant cloud trends for 2025, with the rise of GenAI being a major driver, says John Samuel, global CIO and EVP at CGS (Computer Generated Solutions), a global IT and outsourcing provider. Cloud providers are heavily investing in GenAI technologies, collaborating with chip manufacturers to enhance performance and scalability. This partnership enables cloud platforms to power a growing ecosystem of downstream SaaS providers that are building solutions to allow easier adoption of AI-based solutions. As a result, GenAI is becoming a key enabler for adopting advanced AI capabilities across industries, with cloud acting as the backbone.Mike Stawchansky, chief technology officer at financial services software applications provider Finastra, warns that privacy concerns and contractual ambiguity around the rights to utilize customer data for GenAI will become more of an issue. Customers want the insights and efficiencies GenAI can deliver but may not be willing to grant more extensive access to their data.Related:Capacity issues are becoming more frequent as organizations grapple with the resource-heavy workloads that AI-powered technologies bring. Further, expansion into other cloud regions may hold businesses back as different regions present their own unique compliance and data residency challenges, says Stawchansky in an email interview. GenAI is going to continue to put pressure on businesses to be better, faster, and more efficient. Early adopters are seeing gains, so those who have not yet begun to experiment with the technology risk falling behind.Cloud security will also become more of an issue, however. Security teams will begin to harness AI assistance to automate response processes for cloud-based exposure and threat detection.The volume of exposures and threats, combined with varying experience levels in SecOps teams, means that effective remediation relies on the ability to guide team members with prescriptive remediation procedures using AI. This will see mainstream adoption in 25, says Or Shoshani, co-founder and chief executive officer at real-time cloud security company Stream.Security. Enterprises have done little to evolve their detection and response capabilities to meet the unique aspects of the cloud environment. They are relying on processes and technology designed for securing on-prem infrastructures and its insufficient. Its a combination of lack of awareness of the problem, in addition to inertia.Related:Following are some more cloud trends to watch in 2025:1. Multi- and hybrid clouds will become more commonCloud providers recognize that customers prefer to leverage multiple cloud platforms for flexibility, risk mitigation, and performance optimization. In response, they are enabling inter-cloud operability, which enables users to perform analytics and utilize data across cloud providers without moving their data, according to CGS Samuel.Enterprises [and] small- to medium-sized businesses appear well-prepared for upcoming cloud trends like GenAI adoption and multi-cloud strategies. Cloud providers are responding by enabling technologies that reduce on-premises infrastructure needs, making it easier for companies to offload workloads to the cloud, Samuel says.Faiz Khan, founder & CEO at multi-cloud SaaS and managed service provider Wanclouds, says the major public cloud providers eliminated data transfer fees over the last year, making it easier to migrate data from one public cloud provider to another.Related:"By adopting a multi-cloud approach, you can train your distributed AI workloads and models across multiple environments. For instance, there could be a benefit to using Azure's computing power to train one AI model and AWS for another. Or you could keep your legacy cloud workloads on one public cloud and then your AI workloads on a separate public cloud, says Khan in an email interview. This approach enables enterprises to tailor their cloud environment to the needs of each AI application. It's also become a lot cheaper to migrate these applications across public clouds if the environment or needs change.However, time and cost can slow adoption. Businesses need sufficient time to research and implement new cloud solutions, and the confidence that the shift will deliver the cost optimization they expect. Balancing immediate costs with long-term cloud benefits is an important consideration.2. CISOs will need better cloud monitoringSOC and the SecOps teams will need to integrate cloud context into their day-to-day detection and response operations in 2025 to effectively detect and respond to exposures and threats in real time.Most SecOps teams are still relying on alert-based tools designed for on prem environments that are missing information related to exposure and attack path across all elements of the cloud infrastructure, saysStream.SecuritysShoshani. This results in an inability to identify real threats and massive amounts of time [to investigate] false positives.3. Cloud spending will increaseWanclouds Khan says most organizations will increase their cloud spending substantially in 2025.Like other aspects of IT, AI will be the force behind most of the trends occurring in the cloud in 2025. AI is going to drive a big spending boom in the cloud next year. Organizations need to increase the amount of cloud resources they have to be able to handle the compute GenAI model training requires, says Khan. Furthermore, we're also seeing IT teams now spending on new AI tools and features that can be utilized to improve and automate cloud management."4. Landing zones will gain more tractionLanding zones provide a standardized framework for cloud adoption. They are becoming more prominent as they address scalability and security concerns.Cloud providers are putting together templates for various industry verticals, such as finance and healthcare, that will allow customers to build solutions for regulatory environments much faster, saysFinastrasStawchansky. Most enterprises will be some way along their cloud-adoption and migration roadmaps today. Its just a question of how well-equipped they are for scaling their capabilities, especially as they seek to operationalize resource-heavy technologies, such as LLMs and GenAI. Having structured ways to approach scaling resources, while efficiently harnessing this technology will be crucial for ensuring ROI.5. Cybersecurity resilience will use digital twins for ransomware war gamesCyber recovery rehearsals will reach a new level of sophistication as organizations aim for ever faster recovery times in todays hybrid and multi-cloud environments.Cyber criminals are now using AI to increase the frequency, speed and scale of their attacks. In response, organizations will also use AI -- but this time, to fight back, says Matt Waxman, SVP and GM of data protection at secure multi-cloud data management company Veritas Technologies. As we know, the key to success is all in the preparation, so much of this work is going to be done in advance, using AI to predict the best response when ransomware inevitably hits.Organizations will play out ransomware wargames using cloud-based digital twins in AI-powered simulations of every possible attack scenario across entire infrastructures -- from edge to core to cloud.Plans are one thing, but an organization cant claim resilience without proving that those plans have been pressure tested. More than a nice-to-have, these advanced rehearsals will soon become mandated by regulation, says Waxman.6. Cyberspace will extend to outer spaceSatellite connectivity is growing, though Waxman says space-based computing may get a nudge in 2025.As humans return to the moon for the first time in more than 50 years aboard NASAs Artemis II, technology visionaries will be re-inspired to explore the possibilities of space-based computing, says Waxman. Datacenters in space present many benefits. For example, the unique environmental conditions mean that much less energy is required to spin disks or cool racks. However, there are also obvious challenges, such as transmission latency, which makes storage in space more effective for data that only needs accessed occasionally, like backup data.Spurred by the promise of datacenters freed from atmospheric constraints, in 2025, visionaries will begin to set their minds to overcoming the barriers to computing in space, he says.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports