Our mission is to bring more games to more people around the world, across devices. We believe gaming should be easy to access and available for all players, no matter what device you choose to play with. Thats why were dedicated to making great games available across consoles, PCs, and with cloud gaming.Today, millions of Xbox Game Pass Ultimate members are enjoying Xbox Cloud Gaming to play top titles from the Xbox Game Pass catalog on various devices. Weve also heard your excitement about having more flexibility to stream games you own beyond the Game Pass catalog. Starting today, Im excited to announce that were allowing Game Pass Ultimate members to stream select games they own through TVs and browser on supported devices like smartphones, PCs, and tablets,in all 28 countries where Xbox Cloud Gaming (Beta) is available. This is just the beginning. Next year, were excited to bring this feature to Xbox consoles and the Xbox app on Windows.50 Great Games Available Today, With More to ComeWe are happy to announce that over 50 great games are now available for streaming. Our library of cloud-playable titles will continue to grow, as we work with our partners around the world to bring you a diverse and expansive selection of great games across devices. You can stream any version of these games below that you own, for example Cyberpunk 2077: Ultimate Edition and The Witcher 3: Wild Hunt Complete Edition.Here are the games available today:Animal WellAssassins Creed MirageAvatar: Frontiers of PandoraBalatroBaldurs Gate 3Banishers: Ghosts of New EdenCall of Duty: Modern Warfare II (2022)The Casting of Frank StoneCyberpunk 2077Dragon Quest III HD-2D RemakeDredgeDying Light 2 Stay HumanFarming Simulator 25Fear the SpotlightFinal Fantasy XIV OnlineFinal FantasyFinal Fantasy IIFinal Fantasy IIIFinal Fantasy IVFinal Fantasy VFinal Fantasy VIHadesHarry Potter: Quidditch ChampionsHigh On LifeHitman World of AssassinationHogwarts LegacyHouse Flipper 2Kena: Bridge of SpiritsLego Harry Potter CollectionLife is Strange: Double ExposureMetro ExodusMortal Kombat 1NBA 2K25PGA Tour 2K23PhasmophobiaPrince of Persia: The Lost CrownRust Console Edition7 Days to DieStar Wars OutlawsStrayThe Crew MotorfestThe Outlast TrialsThe Plucky SquireThe Witcher 3: Wild HuntTom Clancys The Division 2TopSpin 2K25UndertaleVisions of ManaWarhammer 40,000: Space Marine 2WWE 2K24Ready to Get Started? Heres How:Game Pass Ultimate members can stream select cloud-playable games you own, even if theyre not included with Game Pass Ultimate, directly on various devices. This includes Samsung Smart TVs, Amazon Fire TV devices, Meta Quest headsets as well as other browser supported devices like PCs, smart phones, and tablets. For more details, see below or check out our support page.On your PC, phone, tablet, handheld, and most devices with access to a web browser:Use a supported browser like Microsoft Edge, Google Chrome, or Apple Safari.Navigate to https://xbox.com/play.Sign into your Xbox Game Pass Ultimate membership.Look for Stream your own game to discover games you can play right now, and others you can stream after purchasing them.Connect a supported controller. Controllers like the Xbox Wireless Controller, Xbox Adaptive Controller, PlayStation DualSense, or DualShock 4 controller are all compatible. On PC, some games will also support mouse and keyboard input.Start playing!On supported TVs and VR headsets:Download and launch the Xbox app (on supported Samsung TV, Amazon Fire device) or the Xbox Cloud Gaming app (on Meta Quest 2, 3 or Pro)..Sign into your Xbox Game Pass Ultimate membership.Look for Stream your own game to discover games you can play right now, and others you can stream after purchasing them.Connect a compatible Bluetooth-enabled wireless controller. Controllers like the Xbox Wireless Controller, Xbox Adaptive Controller, PlayStation DualSense, or DualShock 4 controller are all compatible.Start playing!If youre not an Xbox Game Pass Ultimate member yet, you can join here to start playing hundreds of great games across console, PC, and cloud. Games you digitally purchase for streaming can also be downloaded and played on an Xbox console.Thank you for being a part of Xbox. Your passion and support inspire us every day to bring the joy of gaming everywhere.

Apple has released public beta 3 for macOS Sequoia 15.2 and iPadOS 18.2, bringing refinements and bug fixes to Apples forthcoming software updates. Heres what to expect.What to expect from the new public beta 3Todays new public beta releases arrive just hours after Apple released new builds of macOS Sequoia 15.2 and iPadOS 18.2 to developers.Public beta 3 provides the same exact software as what launched in developer beta 4 earlier today.Unfortunately but also unsurprisingly, so far we havent discovered any new features or noteworthy changes in the latest betas.Apple instead has shipped bug fixes and performance enhancements in these latest betas that help push the software updates closer to being ready for public launch.These updates are expected to release to all users in December, likely the week of December 9.Features coming in macOS 15.2 and iPadOS 18.2There are a lot of new features available in macOS 15.2 and iPadOS 18.2. Heres a sampling of the highlights:ChatGPT integration with Siri and writing toolsGenmoji (currently iPad and iPhone only)Image Wand, an AI-powered Notes app featureWeather widget that can be added to the Menu BarNew AirPlay settings when sharing your Mac screenImage Playground app for creating original imagesFind My option to share a lost items locationOverall, while Apple Intelligence is definitely at the core of these updates, Apple has included several nice quality of life improvements beyond AI too.Have you been using the betas? What are your favorite new features? Let us know in the comments.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Just a few hours after releasing the latest iOS 18.2 beta for developers, a new public beta is here. iOS 18.2 public beta 3 arrives as one of the last releases before next months full launch. Heres whats new.Todays new public beta is the same software build as the developer beta 4 released earlier this afternoon.This latest build has little to offer in terms of new features or big changes. Just a few small new updates have been discovered:the Photos apps video scrubber now shows millisecondsCamera Controls accessibility settings have been added to the standard Camera Control settings hub, centralizing more options in one placeadded in the last beta but just discovered: you can now set a default Contactless App to replace Wallet inside Settings Appssmall design tweaks to Apple MailOverall, beta 3 is focused on performance improvements and bug fixes. Which makes sense, because were getting very close to Apple shipping the RC (release candidate) version of iOS 18.2.Apple has recently released weekly iOS 18.2 betas, but the company will likely take next week off due to the Thanksgiving holiday, meaning our next chance for a beta will be the week of December 2.Most likely, thats when well get the RC update ahead of a public launch the week of December 9.Highlights of iOS 18.2iOS 18.2 is a huge release for users, largely due to the highly anticipated new Apple Intelligence features. These include:Genmoji:Make your own custom emoji for use in any app.ChatGPT in Siri:Siri can tap into ChatGPTs knowledge, and you can even query ChatGPT directly.Image Playground: Create original AI images in animation, illustration, or sketch styles.Visual intelligence:Use iPhone 16s Camera Control to get relevant info from your physical environment.and moreBut there are also great additions outside of AI, such as a redesigned Mail app, new Find My features, Camera Control upgrades, and even more.If you havent yet joined the public beta program, you can do so now via beta.apple.com to install the pre-release software today.What are your favorite or most anticipated iOS 18.2 features? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"There have got to be so many people who are so embarrassed to be repping him on the streets driving their Teslas and who want to completely disavow this guy."Drag RaceFor longtime Tesla owners, Elon Musk's increasing rightwing crusading has made their electric cars into mortifying red flags and now, a bunch are sticker-slapping back.As the climate change news siteHeatmap reports, a Hawaii-based sticker maker is doing a booming business selling bumper stickers to Tesla owners who, as one of his wares advertises, got their EVs "before we knew [Musk] was crazy.""I started making stickers on my own before the Elon sticker," explained Matthew Hiller, the Waikiki resident behind the popular Etsy shop "Mad Puffer Stickers."An aquarium employee who often makes "fish stickers" for work, Hiller said that he got the idea to start making his tongue-in-cheek accessories in 2023 when considering buying a Tesla of his own. After Musk purchased Twitter and started his "extreme censoring," however, the creative realized he definitely couldn't handle the heat that came with being associated with such a toxic brand and that gave him an idea."I figured, theres no wayIm buying a Tesla but there have got to be so many people who are so embarrassed to be repping him on the streets driving their Teslas and who want to completely disavow this guy," Hiller told Heatmap. "Because I know I would want to sell mine immediately after I saw what he was doing."Hiller's first sticker, a small run of the aforementioned "I bought this before we knew Elon was crazy," repeatedly went viral on social media and even ended up on news sites likeBusiness Insider and the Washington Post. Unsurprisingly, that meant he had to print way, way more."I would be selling five to seven a day," he said, "and then suddenly, there would be 50 a day because someone else talked about it on Reddit."Line Goes UpMore than a year in, Hiller says that the attention his anti-Musk stickers have gotten is "insane" and that in the aftermath of Donald Trump's electoral upset, sales are up "unbelievably.""I can barely keep up," he told Heatmap. "My full-time job is at the aquarium, and I come home and pack stickers until 11 p.m. Its just me and my wife doing it all."Obviously, there are lots and lots of cheap knockoffs being sold on Amazon and other such sites but considering that Hiller's are less than $10 a pop without Etsy's sale prices, getting an original is still a viable option.In a "ballpark" estimate, the sticker salesman said he's sold more than 10,000 units since last year, with an average of 180 going out per day."Its rough," Hiller said.More on anti-Musk sentiment: Elon Musk Responds to Concerns That His Political Antics Are Tanking Tesla SalesShare This Article

"Brilliant. No notes."AI GoreCoca-Cola drew criticism for rolling out an uninspired and lazily AI-generated holiday advertisement this year.The ad is pretty much exactly the kind of insipid corporate sludge you'd expect from AI: predictable, unimaginative and vaguely uncanny.Fortunately, Redditors took matters into their own hands, celebrating tooth-rotting soft drinks with a far more "unhinged" take on Coke's concept.The result harkens back to the glowy days of AI gore, when Will Smith glitchily "eating" a bowl of spaghetti went mega-viral, withunsettling mishmashes of morphing body appendages and explosions. At one point, a polar bear even yeets its offspring into an icy lake for no discernible reason."Brilliant,"one Redditor assessed. "No notes."Out of TouchCoke contracted three separate AI studios for its cheap-looking ad, and it didn't take long for netizens to call out the company for brazenly replacing human artists with bland AI."FUN FACT: Coca-Cola is red because its made from the blood of out-of-work artists!" Alex Hirsch, the creator of the Disney TV show "Gravity Falls," tweeted in a tongue-in-cheek post.It's only the latest in a string of companies relying on cheap generative AI for its ads. Earlier this year, the corporate husk of Toys "R" Us was flamed for a similar effort.Perhaps it would've served Coke better to lean into the limitations of the tech. During this year's Super Bowl half-time, after all, its sports drink brand Bodyarmor released a nausea-inducing generative AI ad in an attempt to make a point about offering its customers a "real" product.At least, the ad passed the low bar of being somewhat entertaining to watch, which can't be said of its latest cringe-inducing attempt."They should've made it more self-aware and comical, it would've had a better reception IMO," one Redditor argued."Tough for the marketing department to make a self-aware ad when they are all out of touch in the first place," another replied.Share This Article

Nov 21, 2024Ravie LakshmananArtificial Intelligence / Software SecurityGoogle has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library."These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Google's open-source security team said in a blog post shared with The Hacker News.The OpenSSL vulnerability in question is CVE-2024-9143 (CVSS score: 4.3), an out-of-bounds memory write bug that can result in an application crash or remote code execution. The issue has been addressed in OpenSSL versions 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, and 1.0.2zl.Google, which added the ability to leverage large language models (LLMs) to improve fuzzing coverage in OSS-Fuzz in August 2023, said the vulnerability has likely been present in the codebase for two decades and that it "wouldn't have been discoverable with existing fuzz targets written by humans."Furthermore, the tech giant noted that the use of AI to generate fuzz targets has improved code coverage across 272 C/C++ projects, adding over 370,000 lines of new code."One reason that such bugs could remain undiscovered for so long is that line coverage is not a guarantee that a function is free of bugs," Google said. "Code coverage as a metric isn't able to measure all possible code paths and statesdifferent flags and configurations may trigger different behaviors, unearthing different bugs."These AI-assisted vulnerability discoveries are also made possible by the fact that LLMs are proving to be adept at emulating a developer's fuzzing workflow, thereby allowing for more automation.The development comes as the company revealed earlier this month that its LLM-based framework called Big Sleep facilitated the detection of a zero-day vulnerability in the SQLite open-source database engine.In tandem, Google has been working towards transitioning its own codebases to memory-safe languages such as Rust, while also retrofitting mechanisms to address spatial memory safety vulnerabilities which occur when it's possible for a piece of code to access memory that's outside of its intended bounds within existing C++ projects, including Chrome.This includes migrating to Safe Buffers and enabling hardened libc++, which adds bounds checking to standard C++ data structures in order to eliminate a significant class of spatial safety bugs. It further noted that the overhead incurred as a result of incorporating the change is minimal (i.e., an average 0.30% performance impact)."Hardened libc++, recently added by open source contributors, introduces a set of security checks designed to catch vulnerabilities such as out-of-bounds accesses in production," Google said. "While C++ will not become fully memory-safe, these improvements reduce risk [...], leading to more reliable and secure software."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 21, 2024Ravie LakshmananFinancial Fraud / Data BreachThreat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers."They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News."New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code, and using a batch script to dynamically generate and execute the Python script."NodeStealer, first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover.It's assessed to be developed by Vietnamese threat actors, who have a history of leveraging various malware families that are centered around hijacking Facebook advertising and business accounts to fuel other malicious activities.The latest analysis from Netskopke shows that NodeStealer artifacts have begun to target Facebook Ads Manager accounts that are used to manage ad campaigns across Facebook and Instagram, in addition to striking Facebook Business accounts.In doing so, it's suspected that the intention of the attackers is not just to take control of Facebook accounts, but to also weaponize them for use in malvertising campaigns that further propagate the malware under the guise of popular software or games."We recently found several Python NodeStealer samples that collect budget details of the account using Facebook Graph API," Michael Alcantara explained. "The samples initially generate an access token by logging into adsmanager.facebook[.]com using cookies collected on the victim's machine."Aside from collecting the tokens and business-related information tied to those accounts, the malware includes a check that's explicitly designed to avoid infecting machines located in Vietnam as a way to evade law enforcement actions, further solidifying its origins.On top of that, certain NodeStealer samples have been found to use the legitimate Windows Restart Manager to unlock SQLite database files that are possibly being used by other processes. This is done so in an attempt to siphon credit card data from various web browsers.Data exfiltration is achieved using Telegram, underscoring that the messaging platform still continues to be a crucial vector for cybercriminals despite recent changes to its policy.Malvertising via Facebook is a lucrative infection pathway, often impersonating trusted brands to disseminate all kinds of malware. This is evidenced by the emergence of a new campaign starting November 3, 2024, that has mimicked the Bitwarden password manager software through Facebook sponsored ads to install a rogue Google Chrome extension."The malware gathers personal data and targets Facebook business accounts, potentially leading to financial losses for individuals and businesses," Bitdefender said in a report published Monday. "Once again, this campaign highlights how threat actors exploit trusted platforms like Facebook to lure users into compromising their own security."Phishing Emails Distribute I2Parcae RAT via ClickFix TechniqueThe development comes as Cofense has alerted to new phishing campaigns that employ website contact forms and invoice-themed lures to deliver malware families like I2Parcae RAT and PythonRatLoader, respectively, with the latter acting as a conduit to deploy AsyncRAT, DCRat, and Venom RAT.I2Parcae is "notable for having several unique tactics, techniques, and procedures (TTPs), such as Secure Email Gateway (SEG) evasion by proxying emails through legitimate infrastructure, fake CAPTCHAs, abusing hardcoded Windows functionality to hide dropped files, and C2 capabilities over Invisible Internet Project (I2P), a peer-to-peer anonymous network with end-to-end encryption," Cofense researcher Kahng An said."When infected, I2Parcae is capable of disabling Windows Defender, enumerating Windows Security Accounts Manager (SAM) for accounts/groups, stealing browser cookies, and remote access to infected hosts."Attack chains involve the propagation of booby-trapped pornographic links in email messages that, upon clicking, lead message recipients to an intermediate fake CAPTCHA verification page, which urges victims to copy and execute an encoded PowerShell script in order to access the content, a technique that has been called ClickFix.ClickFix, in recent months, has become a popular social engineering trick to lure unsuspecting users into downloading malware under the pretext of addressing a purported error or completing a reCAPTCHA verification. It's also effective at sidestepping security controls owing to the fact that users infect themselves by executing the code.Enterprise security firm Proofpoint said that the ClickFix technique is being used by multiple "unattributed" threat actors to deliver an array of remote access trojans, stealers, and even post-exploitation frameworks such as Brute Ratel C4. It has even been adopted by suspected Russian espionage actors to breach Ukrainian government entities."Threat actors have been observed recently using a fake CAPTCHA themed ClickFix technique that pretends to validate the user with a 'Verify You Are Human' (CAPTCHA) check," security researchers Tommy Madjar and Selena Larson said. "Much of the activity is based on an open source toolkit named reCAPTCHA Phish available on GitHub for 'educational purposes.'""What's insidious about this technique is the adversaries are preying on people's innate desire to be helpful and independent. By providing what appears to be both a problem and a solution, people feel empowered to 'fix' the issue themselves without needing to alert their IT team or anyone else, and it bypasses security protections by having the person infect themselves."The disclosures also coincide with a rise in phishing attacks that make use of bogus Docusign requests to bypass detection and ultimately conduct financial fraud."These attacks pose a dual threat for contractors and vendors immediate financial loss and potential business disruption," SlashNext said. "When a fraudulent document is signed, it can trigger unauthorized payments while simultaneously creating confusion about actual licensing status. This uncertainty can lead to delays in bidding on new projects or maintaining current contracts."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

While Pixars movies are available to stream on Disney+, the animation studio has made very little content exclusively for Disney+ in the last few years. Some of the streaming shows thatlook like Pixar work were made by others, like theMonsters at Work show (based onMonsters Inc. and Monsters University) which was technically produced outside of Pixar. Thus far theyve made some Forky shorts, a series of brief cartoons about Dug fromUp, aCars on the Road show, and thats about it.But Pixar has two full-fledged Disney+ series coming to streaming in the next three months. The first isDream Productions, and its the first TV series set in theInside Out universe. The film takes place between the two films,and spins off the brain workers, first introduced in the originalInside Out, who create Rileys dreams.That includes the director of dreams, played by Paula Pell, reprising her role fromInside Out.Joining her are Richard Ayoade and several of the voices fromInside Out including Amy Poehler as Joy, Lewis Black as Anger, Phyllis Smith as Sadness, plus Tony Hale and Liza Lapira as the current voices of Fear and Anger. (Rileys new emotions fromInside Out 2 dont appear because the show is set before its events occurred.)You can watch the trailer for the show below:READ MORE: Every Pixar Movie, Ranked From Worst to BestHere is the series official synopsis:Taking place in between the events of Inside Out and Inside Out 2 is Pixar Animation Studios Dream Productions, an all-new series about the studio inside Rileys mind where dreams really do come trueevery night, on time and on budget. Riley is growing up and when her memories need some extra processing, Joy and the rest of the Core Emotions send them to Dream Productions. Acclaimed director Paula Persimmon (voice of Paula Pell) faces a nightmare of her own: Trying to create the next hit dream after being paired up with Xeni (voice of Richard Ayoade), a smug daydream director looking to step up into the big leagues of night dreams.Dream Productions premieres on Disney+ on December 11. The series will run for four episodes. Pixars first totally originalseries for Disney+,Win or Lose, premieres on February 19, 2025.Sign up for Disney+ here.Get our free mobile appThe 25 Best Sequel TitlesThese sequels all share one thing in common: They all have really good titles.

ResponsibilitiesDevelop and maintain user-facing features using Vue.js, JavaScript, and TailwindCSS.Collaborate with backend developers to ensure seamless frontend-backend integration.Utilize tools like Node.js and Vue CLI to set up and manage projects.Deploy applications on static hosting platforms (e.g., Netlify, Vercel).Write clean, maintainable, and efficient code while adhering to best practices.Hiring ProcessApplication: Submit your applicating and confirm your availability for this role.Test Task: Shortlisted candidates will receive a test task (On the email you've applied with). You will:Set the start time.Propose a budget for the task.Specify a completion timeframe.Confirm the tasks start.Final Selection: The candidate with the best performance will join us for ongoing front-end tasks. Related Jobs See more Front-End Programming jobs

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)About Us:Crisis Control Solutions LLC is a Miami-based company specializing in risk mitigation and crisis management services. We provide innovative solutions to businesses, offering digital products, online courses, and expert consulting. Our mission is to empower businesses and individuals to navigate uncertainty with confidence.Role Overview:We are seeking a talented and driven Social Media Expert to join our team remotely. This part-time position is ideal for a creative individual with a passion for digital marketing and social media. The selected candidate will help boost our online presence, drive sales of our digital products, and position our founder as a leading speaker in the U.S.Key Responsibilities:Digital Product Sales: Manage and optimize the sales of our digital products on platforms like SamCart and Online Courses.Social Media Campaigns: Create and execute engaging online marketing campaigns across LinkedIn, Facebook, and other platforms to increase brand awareness and conversions.Founder Promotion: Develop and implement strategies to position the company founder as a prominent speaker in the U.S. market.Performance Tracking: Monitor and analyze campaign performance, providing actionable insights for improvement.Content Creation: Design and publish engaging content (e.g., posts, ads, and videos) to attract and retain an online audience.Requirements:Based in Florida and authorized to work in the U.S.Proven experience in social media management and digital marketing.Familiarity with platforms like LinkedIn, Facebook, SamCart, and online course tools.Excellent communication skills and creativity.Ability to work independently and manage time effectively.Basic graphic design and video editing skills are a plus.