Chris Kerr, News EditorJanuary 6, 20251 Min ReadImage via Paramount PicturesThe Sonic the Hedgehog movie franchise has surpassed $1 billion in worldwide box office receipts.Paramount Pictures confirmed the news in a press release and said the third entry in the film series, Sonic the Hedgehog 3, has earned over $187 million domestically and more than $100 million internationally to deliver cumulative worldwide gross of over $312 million.Sonic the Hedgehog and its sequel Sonic the Hedgehog 2 earned a combined $725.2 million globally and generated $181 million in consumer spending from home rentals and purchases.Knuckles, the television spinoff that debuted on Paramount Plus, generated over 11 million total global viewing hours during its first 28 days on the streaming platform.Paramount Pictures CEO Brian Robbins described the video-game-turned-movie-franchise as an "unstoppable cultural force with limitless potential.""Congratulations to our partners at SEGA, our filmmaking team, including Neal, Toby, and Jeff, who have revolutionized the heights that Sonic can reach, and the legions of loyal and devoted fans who have helped guide us every step of the way," he added."As each chapter of Sonic's adventures continues to raise the bar, we're incredibly proud and excited to continue delivering stories and characters that resonate with audiences around the world."Paramount has confirmed it intends to develop a fourth instalment in the movie franchise.Read more about:TransmediaAbout the AuthorChris KerrNews Editor, GameDeveloper.comGame Developer news editor Chris Kerr is an award-winning journalist and reporter with over a decade of experience in the game industry. His byline has appeared in notable print and digital publications including Edge, Stuff, Wireframe, International Business Times, andPocketGamer.biz. Throughout his career, Chris has covered major industry events including GDC, PAX Australia, Gamescom, Paris Games Week, and Develop Brighton. He has featured on the judging panel at The Develop Star Awards on multiple occasions and appeared on BBC Radio 5 Live to discuss breaking news.See more from Chris KerrDaily news, dev blogs, and stories from Game Developer straight to your inboxStay UpdatedYou May Also Like

With Dragon Age: The Veilguard out the door, BioWare fans have turned their attention to Mass Effect 5 and are trying to piece together a picture of what sort of game it will be. One of the big questions about Mass Effect 5 is whether its famous Paragon / Renegade morality system will return. Now, the games lead developer has teased fans with a cryptic response.For the uninitiated, Mass Effect games let you pick from various dialogue options, some of which are on the Paragon (good) side of its morality system, some on the Renegade (bad) side. Not only do your dialogue choices affect the outcome of quests, the main story, and your relationship with the various characters in the game, but the way your Commander Shepard looks. Go all in on Renegade, for example, and your Shepard starts to look evil in a Jedi, dark side of the Force, kind of way.Mike Gamble, project director of Mass Effect 5 and executive producer at BioWare, took to X/Twitter to discuss the original trilogys Paragon / Renegade system following questions from fans about whether or not having all this Renegade content was worth it given most people played Paragon.Gamble acknowledged most people played Paragon in Mass Effect, but pointed out, it would have been meaningless if Renegade had not existed.He added: The ability to choose is stronger than the number of people playing any option, in my opinion.IGN's Twenty Questions - Guess the game!IGN's Twenty Questions - Guess the game!To start:...try asking a question that can be answered with a "Yes" or "No".000/250This taps into one of the key appeals of role-playing games: that they react to your choices in meaningful ways whether those choices are good, bad, or ugly. This is something Baldurs Gate 3 does tremendously well. Larians RPG contains a huge amount of content most players will never see because their choices take the game in a certain direction, but the experience is all the richer for it. It's also something some BioWare fans critisized Dragon Age: The Veilguard for not doing.Now we come to Mass Effect 5 itself, and one fans observation that it is likely to see the return of the Paragon / Renegade system because of hints hidden in a Mass Effect image BioWare released back in 2023.Gambles response: I was talking about the trilogy. Youll just have to wait and seeIt may be some time before we find out. Things have been quiet on Mass Effect ever since BioWare revealed a 30-second trailer for Mass Effect 5 on the occasion of N7 Day 2023, leading fans to once again hunt for fresh info.The biggest revelation was that the long-awaited sequel would indeed tie into Mass Effect: Andromeda in some way. There had been questions about whether BioWare would quietly drop any references to its ill-fated spin-off, but it seems still fully part of the canon, with Mass Effect 5 potentially set long after the events of the original trilogy.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Kick off the new year with a bangand some serious savings. Whether you're looking to stock up on essentials, upgrade your kitchen gadgets, or dive into some epic gaming, there are some incredible deals in the UK right now. From discounted Coke cans and Star Wars PC bundles to must-have air fryers and streaming offers, there's something for everyone. Here are the best deals to check out today.72 Cans of Coke Zero for 18It's a deal worth celebrating. Right now, you can grab 72 cans of Coke Zero for just 18 at Amazon. Simply add three 24-packs to your basket, and the discount will automatically apply at checkout, slashing your total from 52.50. That's an impressive 34.50 in savingsperfect for stocking up while this deal lasts, as its likely to expire today.72 Cans for 18Coca Cola Zero Sugar 330ml CansStar Wars Collection Bundle (PC)Calling all Star Wars fans! For a limited time, the Star Wars Collection Bundle is down from 75 to just 9.87. This massive discount gets you 14 iconic Star Wars games as a single Steam key, making it an unmissable deal for any fan of a galaxy far, far away. As Yoda says, "The Force is strong with this one!" Heres whats included in the bundle:Star Wars Jedi Knight II: Jedi OutcastStar Wars Jedi Knight: Dark Forces IIStar Wars Jedi Knight: Jedi AcademyStar Wars Jedi Knight: Mysteries of the SithStar Wars Republic CommandoStar Wars StarfighterStar Wars The Clone Wars: Republic HeroesStar Wars The Force Unleashed: Ultimate Sith EditionStar Wars The Force Unleashed IIStar Wars: Dark ForcesStar Wars: Knights of the Old RepublicStar Wars Empire at War: Gold PackStar Wars: Knights of the Old Republic IIStar Wars Battlefront II (Classic)Limited TimeStar Wars Collection Bundle (PC)Xbox Series X Mini FridgeStay cool in style with the Xbox Series X Mini Fridge. Currently 49.99 at Currys, this exclusive item is 20 off its original price of 69.99. Its the ultimate accessory for keeping drinks chilled while gaming or as a unique gift for any Xbox enthusiast. Available for a limited time only, so dont wait too long!Currys ExclusiveXbox Series X Mini FridgeNinja Foodi MAX Dual Zone Air FryerUpgrade your kitchen game with the Ninja Foodi MAX Dual Zone Air Fryer, now 179.99 at Amazon. Thats a 60 discount from its original price of 239.99. This versatile air fryer features a dual-zone design, allowing you to cook two different dishes simultaneously with ease. Its perfect for meal prep or whipping up family dinners quickly, but this deal wont last forever.Amazon ExclusiveNinja Foodi MAX Dual Zone Air FryerDisney+ With Ads (3-Months)If youre thinking of canceling your Disney+ subscription, dont hit that button just yet. Disney is offering a special deal for current usersthree months of Disney+ with Ads for only 2.99/month. Thats a 40% discount from the usual 4.99/month price. Check your account to see if youre eligible and enjoy access to your favorite shows and movies at a bargain price.Current Users OnlyDisney+ With Ads (3-Months)Robert Anderson is a deals expert and Commerce Editor for IGN. You can follow him @robertliam21 on Twitter.

Put down the stilton! Step away from that tub of Cadburys Celebrations and refrain from pouring yourself a lunchtime Snowball Christmas is over, people. Its time to get serious. The UK TV schedules have got the memo at least; theyve stopped airing tinselly specials and getting dewy-eyed over Gavin & Stacey, and started airing crime shows again just the thing to toughen us up so we can face down 2025 with a steely glare. Grantchester series nines finally airing in the UK after its 2024 US debut, theres new Silent Witness, NCIS, Father Brown and all kinds of police-based business with Patience, Playing Nice and more.If crimes not your bag, then look forward to Western American Primeval on Netflix, the second series of mind-bending sci-fi Severance on Apple TV+, the second and final series of sci-fi Beacon 23, the Star Trek: Section 31 movie, plus a new run of From, all coming in January. Beyond that, we have more Yellowjackets, Reacher, Cobra Kai and The White Lotus, arriving on streaming in Feb, along with new six-part UK drama A Thousand Blows, from the creator of Peaky Blinders.As well as all that, heres a big look ahead to the new British drama coming up, all the big returning British series this year, and for crime fans, a list of the new UK crime dramas to anticipate in 2025.Well update this list of TV highlights weekly with more shows, dates and times as the release announcements arrive. If youre based in the US, heres where to look for the relevant info.

Today at CES 2025 in Las Vegas, Schlage unveiled its new Schlage Sense Pro Smart Deadbolt, marking the companys first Ultra Wideband-enabled smart lock, complete with support for Matter-over-Thread.Schlage has consistently been at the forefront of connected home smart locks. In March 2022, it made history as the first company to launch an NFC-assisted Apple Home Keys-enabled smart lock solution, the popular Schlage Encode Plus. Now, lets take a closer look at the features and capabilities of the upcoming Schlage Sense Pro Smart Deadbolt.Schlage Sense Pro Smart DeadboltThe Schlage Sense Pro will feature Matter-over-Thread support and deliver hands-free unlocking. Thread is, of course, the power-efficient, low-bandwidth, and low-latency communication protocol for IoT devices. Its more efficient than Wi-Fi, which prolongs battery life in connected devices, and because theres lower latency, theres less delay between issuing commands. Another advantage of Thread is that it eliminates the requirement for a separate hub for each brand or device. All you need is a thread-enabled border router, and the good news is that you might already have one. The HomePod (2nd-generation), HomePod mini, and the 3rd-generation Apple TV 4K with Ethernet all sport Thread radios and serve as border routers. There are quite a few non-Apple Thread border routers as well.The Schlage Sense Pro, with Matter support over Thread, is poised to become a versatile smart lock. It can be easily controlled through various platforms like Apple HomeKit, Amazon Alexa, and Google. Additionally, it leverages the efficiency, bandwidth, and latency advantages of Thread.But thats not all the Sense Pro aims to deliver. Schlages flagship lock boasts the latest version of its Converge technology, which introduces support for Ultra Wideband between the lock and the users paired and authorized device.Ultra Wideband technology intelligently calculates speed, trajectory, and motion, enabling the lock to better comprehend the users positioning and intent to enter. In essence, it will unlock the door precisely at the moment the user reaches it. The Sense Pro offers various convenient features, including hands-free unlocking, keypad access code entry, and tap-to-unlock using NFC, among others.The Schlage Sense Pro, similar to the Encode Plus (review) before it, is poised to become a compelling addition to connected homes. What are your thoughts on it? Schlage has announced that we can expect its new flagship smart lock to arrive later this year. Well provide more details, including a comprehensive review and hands-on experience, once its released!Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

We may be just a few days into 2025, but Apple thinks it can already tell which upcoming music artists are set to make a breakthrough this year. The company shared its predictions as the Shazam Fast Forward 2025.Apple looked at the trending artists in the first five days of music Shazammed by users, and had its own music editors review them The company said the method has a proven track record, though its perhaps hard to separate cause from effect when Apple highlights a musician.With more than 300 million global monthly users and over 100 billion global song recognitions since its launch, Shazams unique ability to accurately predict the next breaking artist is unparalleled and has become a reliable and invaluable tool for both artists and fans over the years.Last years predictions list proved to be another great batch of talent, with two-thirds of the artists reaching Apple Musics Daily Top 100 in 150 countries, and a third entering Shazam National charts in 46 countries. On average compared to the year prior, Shazams class of 2024 Predictions artists saw a +34% increase in Shazam song matches, a +146% increase in Apple Music streams, and a +269% increase in radio spins.Apple shared the first 10 of 50 artists, with the first day focused on dance music.Today, Shazam unveiled Shazam Fast Forward 2025, its revamped list of yearly predictions, spotlighting 50 artists that are perfectly poised to have a breakthrough year.Starting today and continuing through Friday, Shazam will unveil 10 artists per day, broken down into broader genres spanning Dance; Latin; Alternative, Rock, and Country; Pop; and Hip-Hop and R&B. To discover each batch of daily predictions, music fans can now explore an all-newmicrositeto get to know these emerging artists, discover their bios, and access playlists, or check outShazams curator pageon Apple Music.Apple says there are multiple indicators of success for each artist.Each artist featured has shown early indicators of future growth, including early and consistent momentum in Shazam activity, as well as discovery trends in more than one country. You can find the 10 dance artists below.ProphecyThe Spanish DJ duo first gained traction on Shazam in May 2023, with early popularity in Romania and Argentina. Collaborations with David Guetta on Kill The Vibe (their top song on Shazam) and Tisto on My City saw Prophecy enter charts in Denmark, Hungary, and Croatia. Their top countries for Shazam activity are the US, Germany, and Mexico. Prophecy have also reached Apple Musics Top Dance Songs chart in more than 50 countries worldwide, including nine where theyve reached the top 10.KhathapillarThe South African Amapiano DJ first appeared on Shazams radar in May 2024 in South Africa. His top track, Diqabang, saw him collaborating with Sol Phenduka, Smash SA, and Kamoh Xaba, and it would spend over five months on the South African Shazam chart in 2024.ALSO ASTIRThe North Macedonia Electronic artist first popped on Shazam in October 2022 in Greece. His top track, Forget, drove a peak in song recognitions for him in July 2024. His top countries for Shazam activity are the US, Germany, and Brazil.Joe HuntThe British Garage DJ first gained traction on Shazam in August 2024 in New Zealand. His top track, Up To No Good (Extended), landed him on the Shazam charts for the first time, enjoying Shazam chart runs in New Zealand as well as his home country of Great Britain.MarasiThe Greek DJ first popped on Shazam in March 2023 in the United Arab Emirates. His top track Opera earned him a spot on the Greek Shazam chart, spending over 6 months on the chart and peaking at No. 64. His top countries for Shazam activity are his home country of Greece, followed by the US and France.Nu-LaThe British dance singer-songwriter first appeared on Shazams radar in January 2023. Her top track on Shazam is a collaboration with British DJ CHANEY, Out of My Depth (feat. Nu-La).QuentroThe Turkish DJ first showed up on Shazams radar in June 2024 in Greece. As Quentro geared up to debut his top track Perreo, song recognitions for Quentro on Shazam hit its peak.TR3NACRIAThe Italian DJ trio first gained traction on Shazam in April 2023 in the Netherlands. The trio enjoyed massive chart success this year with their top song La Foule (feat. StereoKilla) [Le Monde Mix] spending more than four months on the French Shazam chart, peaking at No. 36 in March. Their tracks Le Vent Nous Portera and Intro also hit the French chart this year. Previously, TR3NACRIA spent more than 5 weeks on the Greek Shazam chart with their song Sikulambele (feat. Lizwi) in 2023.VXSIONThe Brazilian House DJ first popped on Shazam in February 2023 in Romania. Their top song, Amana with Maz, spent more than seven months on the Greek Shazam chart this year, peaking at No. 35. Following the release of his remix of Days Of The Week by Flight Facilities, VXSION saw an uptick in song recognitions in July 2024.WITH UThe German Dance duo first gained traction on Shazam in April 2024 in Israel. Their top song, Karibu, spent nearly five months on the Italian Shazam chart, peaking at No. 33 in June 2024. July 2024 was one of the duos strongest months on Shazam, following the release of their track Alive with Albert Breaker and Mohalizer.Image: AppleAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Ensuring HomeKit compatibility for smart home products is now very much easier to achieve. Apple has agreed to accept Matter certification for all new devices, without requiring additional testing before granting the Works With Apple Home badge.Although it was always the goal that Matter support meant automatic compatibility with HomeKit, Google Home, Alexa, and Samsung Smart Things, there was previously a difference between theory and practice Theory and practice of the Matter standardPrior to the development of the Matter standard, every smart home device had to achieve separate compatibility with each of the main smart home platforms it wanted to support.Brands would have to submit applications to Apple, Google, Amazon, and Samsung, and then send their products for specific testing by each company. This added both time and expense to the product development process.The Matter standard was intended to change all of this. All the main platforms supported it, which meant that so long as a device was Matter-compatible, it would by definition also be compatible with Apples HomeKit, Google Home, Amazon Alexa, and Samsung Smart Things.In practice, however, none of the smart home platforms took this for granted. Each still required devices to be subjected to their own tests before they would grant the Works With badge.HomeKit compatibility now assumedHowever, Apple has now agreed to accept Matter certification as proof of HomeKit compatibility, without the need for additional testing. Provided a product passes all the Matter tests, Apple will allow it to use the Works With Apple Home badge. The news was announced by the Connectivity Standards Alliance.A key part of many Matter device makers go-to-market journey is earning major smart home ecosystems Works With certification and badges. These programs often require device makers to complete the Alliances certification process, and then participate in an entirely separate testing process for each Works With ecosystem.Recognizing the need for a more streamlined end-to-end certification process, the Alliance is excited to share that Apple has begun accepting Alliance Interop Lab test results for Matter devices for Works With Apple Home, and that Google and Samsung will be doing the same for their respective Works With Google Home, and Works With SmartThings certifications later this year, underscoring the credibility and reliability of the Alliances testing programs.The Lab is continuing to work with other members [read: Amazon] towards integrating additional Works With programs.Streamlined certification for improved versionsAnother obstacle for smart home products was that a software update for an existing product would need to go through the same certification process as the original, making it slower and more expensive to push over-the-air upgrades.The CSA has now agreed to a streamlined process, merely checking that they still work in the same way.The FastTrack Recertification Program was introduced by the Matter Working Group in November 2024. This new recertification program simplifies the process, significantly reducing costs and administrative overhead for product makers. It ensures product makers can more easily release critical updates to enhance their products and utilize the Interop Lab as a light touch check using the Labs capabilities to check that updates do not unintentionally degrade in functionality or performance when used with other popular devices and systems.Companies can also gain certification for carrying out their own tests using the CSAs test suite.Photo byPatrick CampanaleonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 06, 2025Ravie LakshmananBlockchain / MalwareCybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems."By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.Hardhat is a development environment for Ethereum software, incorporating various components for editing, compiling, debugging and deploying smart contracts and decentralized apps (dApps).The list of identified counterfeit packages is as follows -nomicsfoundations@nomisfoundation/hardhat-configureinstalledpackagepublish@nomisfoundation/hardhat-config@monicfoundation/hardhat-config@nomicsfoundation/sdk-test@nomicsfoundation/hardhat-config@nomicsfoundation/web3-sdk@nomicsfoundation/sdk-test1@nomicfoundations/hardhat-configcrypto-nodes-validatorsolana-validatornode-validatorshardhat-deploy-othershardhat-gas-optimizersolidity-comments-extractorsOf these packages, @nomicsfoundation/sdk-test has attracted 1,092 downloads. It was published over a year ago in October 2023. Once installed, they are designed to harvest mnemonic phrases and private keys from the Hardhat environment, following which they are exfiltrated to an attacker-controlled server."The attack begins when compromised packages are installed. These packages exploit the Hardhat runtime environment using functions such as hreInit() and hreConfig() to collect sensitive details like private keys, mnemonics, and configuration files," the company said."The collected data is transmitted to attacker-controlled endpoints, leveraging hardcoded keys and Ethereum addresses for streamlined exfiltration."The disclosure comes days after the discovery of another malicious npm package named ethereumvulncontracthandler that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but instead harbored functionality to drop the Quasar RAT malware.In recent months, malicious npm packages have also been observed using Ethereum smart contracts for command-and-control (C2) server address distribution, co-opting infected machines into a blockchain-powered botnet called MisakaNetwork. The campaign has been tracked back to a Russian-speaking threat actor named "_lain.""The threat actor points out an inherent npm ecosystem complexity, where packages often rely on numerous dependencies, creating a complex 'nesting doll' structure," Socket said."This dependency chain makes comprehensive security reviews challenging and opens opportunities for attackers to introduce malicious code. _lain admits to exploiting this complexity and dependency sprawl in npm ecosystems, knowing that it is impractical for developers to scrutinize every single package and dependency."That's not all. A set of phony libraries uncovered across the npm, PyPI, and RubyGems ecosystems have been found leveraging out-of-band application security testing (OAST) tools such as oastify.com and oast.fun to exfiltrate sensitive data to attacker-controlled servers.The names of the packages are as follows -adobe-dcapi-web (npm), which avoids compromising Windows, Linux, and macOS endpoints located in Russia and comes with capabilities to collect system informationmonoliht (PyPI), which collects system metadatachauuuyhhn, nosvemosssadfsd, holaaaaaafasdf (RubyGems), which contain embedded scripts designed to transfer sensitive information via DNS queries to an oastify.com endpoint"The same tools and techniques created for ethical security assessments are being misused by threat actors," Socket researcher Kirill Boychenko said. "Originally intended to uncover vulnerabilities in web applications, OAST methods are increasingly exploited to steal data, establish command and control (C2) channels, and execute multi-stage attacks."To mitigate the supply chain risks posed by such packages, it's recommended that software developers verify package authenticity, exercise caution when typing package names, and inspect the source code before installation.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorJanuary 6, 20256 Min ReadSergei Kovalkov via Alamy StockAlthough most of the software development lifecycle is now automated, infrastructure continues to be a largely manual process requiring specialized teams. Yet with infrastructure demands rapidly growing, more organizations now look toward automation for help.GitOps uses Git project repositories as the single source of truth for managing application configuration and deployment information, says Elliot Peele, senior manager of software development at analytics software provider SAS. "By using declarative specifications stored in a Git repository, it ensures that the desired state of the system is always maintained and continuously reconciled," he explains in an email interview.Mike Rose, data and analytics director at technology research and advisory firm ISG, notes that a GitOps framework ensures that the entire system -- including infrastructure, applications, and configurations -- is described in a consistent manner within Git, allowing for consistent, repeatable, and auditable changes across environments. "It enhances transparency and traceability and significantly reduces the risk of configuration drift between the desired state and the actual state of the infrastructure." he states via email.Peele adds that the approach not only enables continuous integration and deployment, but also provides version management and rollback capabilities, which are crucial for maintaining consistency and reliability in infrastructure management.Related:GitOps in ActionGitOps implementations have a significant impact on infrastructure automation by providing a standardized, repeatable process for managing infrastructure as code, Rose says. The approach allows faster, more reliable deployments and simplifies the maintenance of infrastructure consistency across diverse environments, from development to production. "By treating infrastructure configurations as versioned artifacts in Git, GitOps brings the same level of control and automation to infrastructure that developers have enjoyed with application code."Rose states that GitOps reduces manual errors, allows increased deployment frequency, and generally improves overall system reliability. "Probably one of the most valuable but intangible benefits of GitOps is its ability to foster closer collaboration between development and operations teams as both groups work from the same set of Git repositories to manage application code and infrastructure configurations," he says. "This alignment will accelerate the feedback loop between development and operations."Related:GitOps will have a significant impact on infrastructure automation, Peele predicts. "By providing consistency, version control, continuous deployment, reduced configuration drift, and enhanced security and compliance, GitOps is a game changer in software development and deployment practices," he says. "It enables peer review for configuration changes and allows developers without prior operations experience to control their application's deployment."Multiple BenefitsGitOps' primary benefit is its ability to enable peer review for configuration changes, Peele says. "It fosters collaboration and improves the quality of application deployment." He adds that it also empowers developers -- even those without prior operations experience -- to control application deployment, making the process more efficient and streamlined.Another benefit is GitOps' ability to allow teams to push minimum viable changes more easily, thanks to faster and more frequent deployments, says Siri Varma Vegiraju, a Microsoft software engineer. "Using this strategy allows teams to deploy multiple times a day and quickly revert changes if issues arise," he explains via email. "This high deployment velocity accelerates releases, allowing teams to deliver business impact quicker."Related:Since infrastructure state is defined in code and stored in Git, static analysis can be performed to detect security misconfigurations, Vegiraju says. "This approach helps enhance the overall security posture by identifying and addressing potential vulnerabilities early."Rose reports that ISG research shows that an environment using GitOps -- along with complementary AI Ops improvements -- can see a productivity efficiency of at least 30% over a two-year time horizon.Top AdoptersGitOps is most likely to be adopted by enterprises that focus on automation and consistency, Peele says. "The peer review nature of GitOps lends itself to companies that are focused on compliance, requiring multiple reviews of any application configuration or deployment changes."Enterprises with cloud-native environments, and those heavily invested in DevOps practices, are also likely to adopt GitOps, Rose says. "This includes any organization prioritizing rapid, reliable software delivery and infrastructure management," he notes. Such enterprises often have a high rate of change in their infrastructure and applications, making the version control and automation aspects of GitOps particularly valuable.Enterprises undergoing digital transformation or moving toward microservices architectures are also prime candidates for GitOps adoption, Rose says. He notes that Gits "single source of truth" aligns well with container orchestration platforms, such as Kubernetes, making it especially attractive for organizations using such technologies.Possible PitfallsWhile GitOps offers numerous benefits, many new adopters face obstacles. "The significant challenge is the steep learning curve for teams unfamiliar with Git or DevOps concepts," Rose says. "This can lead to initial productivity slowdowns and may require a substantial investment in training and upskilling."GitOps requires a deep understanding of the organization's current IT infrastructure and applications, as well as advanced knowledge of Git, Peele warns. "This can be daunting for teams that are new to these concepts."Small organizations with simpler infrastructures may find GitOps adds unnecessary overhead, since the complexity of managing a GitOps pipeline may outweigh the benefits, Vegiraju says.Looking ForwardAn important emerging trend is the increasing intersection of GitOps and AIOps. "This convergence is leveraging AI and machine learning to enhance automation, predict issues, and optimize infrastructure management within the GitOps framework," Rose says. He notes that AI algorithms can analyze Git commit patterns to predict potential conflicts or issues before they occur or to optimize deployment strategies based on historical performance data.About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Carrie Pallardy, Contributing ReporterJanuary 6, 20257 Min ReadNicoElNino via Alamy Stock PhotoCybersecurity leaders always have a lot on their minds. What are the latest threats to their enterprises? What emerging technologies can bolster their defenses? How can they secure the necessary talent and the budget? Whats on the regulatory horizon?As 2025 begins, InformationWeek spoke to four leaders in the cybersecurity space about some of the biggest issues on their minds.AI-Fueled Threats and DefenseAI was on everyones lips in 2024, and there is every reason to expect that this technology boom will continue to be top of mind in 2025.AI makes threat actors more prolific and sophisticated. They can use it to automate large-scale attacks. They can make phishing lures more convincing. Deepfake audio and video continue to improve, making them harder to spot. In 2024, scammers effectively manipulated a finance worker into paying them $25 million, thanks to a deepfake video conference.The same powerful capabilities of AI are, of course, being applied on the defensive side. AI-driven automation, for example, speeds threat detection and frees up analysts time for more complex work.But AI has myriad use cases. In addition to cybersecurity threats and defensive tools, this technology is being applied up and down the technology stack. Cybersecurity leaders must think about the security implications of AI throughout their enterprises.Related:We are seeing a lot of projects moving [forward] and it sort of feels like security is being asked to follow behind the business and reduce the risk after the fact, says Patrick Sullivan, CTO, security strategy at Akamai Technologies, a cloud computing and security company.Insider ThreatsIn 2024, KnowBe4 hired a North Korean hacker to fill an open IT position. The cybersecurity company recognized the insider threat early on, before the person was even onboarded. But this is not an isolated kind of threat.Aggressor nation states will continue to use this kind of approach to infiltrate US companies and critical infrastructure providers, whether to steal intellectual property and data or to cause disruption to essential services.We're really seeing a need now for advanced controls in that talent acquisition process and in our ongoing insider threat monitoring programs to be able to mitigate against these new kinds of attacks that are out there, Sharon Chand, principal of cyber risk services at consulting firm Deloitte, asserts.Escalating Geopolitical TensionsThe escalating geopolitical tensions across the world play out, in part, in the cybersecurity space. Nation state-backed threat actors and hacktivists targetorganizations in the US and across the world in the service of political goals.Related:The UK rangalarm bells regarding Russias ability to conduct cyber-warfare on British businesses, BBC reports. US Cyber Command warns of Chinas ability to disrupt US critical infrastructure in the event that conflict erupts between the two countries, according to Reuters.Disruptive CyberattacksThis year is set to be a record for ransomware payments, and blockchain data platform Chainalysis points out that big game hunting is a big driver.Sam Rubin, senior vice president of Unit 42 consulting and threat intelligence at cybersecurity company Palo Alto Networks, tells InformationWeek that attacks that cause crippling business disruption are on the rise.These disruptive attacks especially for large organizations that have a big role in the economy or in their market are becoming the target and a way for the threat actors to get very large multimillion-dollar pay days, he explains.Zero Day VulnerabilitiesIn November, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and a number of their partners released a list of the top routinely exploited vulnerabilities in 2023. Of the 15 top common vulnerabilities and exposures (CVEs), 11 were zero days.Related:Some of that is nation state actors. Some of that is ransomware operators. So, all adversary classes seem to be pivoting more toward zero days, says Sullivan.Third-Party RisksIn the summer of this past year, business at thousands of car dealerships was upended following two cyberattacks on a single software provider: CDK Global. The health care industry experienced a major disruption when Change Healthcare, a payment and claims provider, was hit with ransomware. The potential of another cyberattack with a massive ripple effect looms large in 2025.There's just so much so much dependency on third parties among lots and lots of companies and different industries. And, I think there will be a large-scale attack on a company that impacts not only that company but those [that] depend on it, says Ann Irvine, chief data and analytics officer at Resilience, a cybersecurity risk management company.As enterprises incorporate more third parties into their supply chains, more web apps and APIs are exposed, Sullivan points out. [Businesses need] to understand where those vulnerabilities emerge, prioritize them, and then have an efficient patching process to remediate, he urges.The Need for Integrated Security PlatformsThe market for security platforms and tools is massive. If you can think of a security challenge, there are probably a host of vendors clamoring to serve up a solution. But there is a movement to consolidate those solutions.We're seeing continued creativity of the bad actors coming into multiple different types of attack vectors, and historically, some of our defenses have been quite siloed in their ability to prevent [and] mitigate those kinds of attacks, says Chand. We're seeing the need for enterprise clients to really think about integrated security platforms.Networking company Extreme Networks surveyed 200 CIOs and IT decision markers, and 88% reported a desire for a single integrated platform that includes AI, networking, and security.Upskilling the Cyber WorkforceThe cybersecurity challenge shortage is an ongoing concern. Consulting firm Gartner predicts that more than half of cyber incidents will stem from a lack of talent and human failure by 2025.In addition to filling roles, enterprises are also tasked with the prospect of upskilling their current cybersecurity talent. As threats evolve, in no small part due to AI, cybersecurity workers need to be able to keep up.And AI isnt the only area where cybersecurity teams will need to sharpen their skills. I do expect to see more and more attacks in that OT environment. So, we're going to need more and more humans that are focused on understanding and mitigating those attacks in the enterprise, says Chand.A Maturing Cyber Insurance IndustryInsurance is a big consideration for enterprise leaders wrangling with the management of cybersecurity risk. S&P Global anticipates that cyber insurance rates will continue to increase and the terms and conditions for policies will tighten. The market research company predicts premiums will increase 15% to 20%, hitting $23 billion by the end of 2026.Irvine points out that the cyber insurance space is still growing. As it matures, it has the opportunity to influence cybersecurity practices. The insurance industry is just going to continue to mature and demand good practices, which are good for their bottom line but also ultimately good for their customers, she says.The Spotlight on Security LeadersCISOs are increasingly being looked to as strategic enterprise leaders. The transition of the role is out of the IT tower into the boardroom to speak the language of risk, to speak the language of business and to help be a driver for that enterprise, says Rubin.In Deloittes The Global Future of Cyber Survey, about one-third of respondents reported that CISO involvement in strategic conversations increased over the past year.Boards and C-suites may be becoming more aware of the importance of cybersecurity, but there are personal liability concerns among CISOs. The 2024 Voice of the CISO report from cybersecurity company Proofpoint found that 66% of global CISOs are worried about their personal, financial, and legal liability.In recent years, there have been examples that fuel those concerns. Joseph Sullivan, the former chief security officer of Uber, received probation and a fine for his role in a 2016 data breach. The Security and Exchange Commission (SEC)filed a lawsuit against SolarWinds and its CISO Timothy Brown over 2019 cyberattacks that impacted the US government. A judge dismissed most of the charges, but it does not completely erase the possibility of personal liability for CISOs.A New AdministrationAs enterprise leaders consider the outlook for 2025, the incoming Trump administration is definitely a factor. A change in federal leadership means potential changes to regulation. Trump is also likely to make changes to CISA, and he has been vocal about his intentions to repeal the Biden administrations AI executive order.I am paying attention to is this change in US federal government says Irvine. It really does matter, and things could change quite dramatically.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports