For a limited time, Amazon has the Halo-inspired NERF LMTD Needler Dart-Firing Blaster for only $68.18, a 33% price drop from its usual $100 MSRP. This Halo Needler is one of the coolest looking guns in NERF's LMTD lineup, which is a collection of fan-service weapons that is designed after iconic weapons from popular movies and games. It doesn't go on sale very often, and this is about as low as it goes outside of the major annual sales events.Save 33% Off NERF LMTD Halo Needler, Now $68.18NERF LMTD Halo Needler Dart-Firing BlasterThe Needler is a common Convenant infantry weapon in the Halo universe and Hasbro did an excellent job of faithfully creating its look. There are a lot of cool little touches, like the needles and accents that light up whenever you grip the handle, a 10-dart rotating drum (10 Elite darts included, but it will also take standard darts), and a display stand that activates all the light-up features when mounted. You'll even get a game card with in-game content for Halo Infinite. Note that it's not a very accurate blaster and has a slow rate of fire, so it personally wouldn't be my weapon of choice for any life-or-death competitions, but it is definitely a Nerf that I would show off on its display stand when I'm not playing around with it.Nerf LMTD Halo Needler BlasterLooking for more weapons to add to your arsenal? Check out the best NERF guns of 2024.

On Oct. 15, 2004, comedian Jon Stewart visited the CNN debate show Crossfire. Then hosted by conservative Tucker Carlson and liberal Paul Begala, Crossfire purported to examine issues from two opposing perspectives, giving viewers a more objective look at complex concerns and offering middle ground. But Stewart wasnt interested in playing the shows usual game.Im here to ask you to stop stop hurting America, he said with just a little of his trademark sarcasm under his plea. And come work for America. When the hosts tried to play off his comment by joking and asking about the pay, Stewart retorted, The pay isnt good, but you can sleep at night.Stewarts visit befuddled the hosts not just because he criticized former Clinton advisor Begala as much as he did Carlson, who hadnt yet reached the far-right position he holds today, but also because he wasnt just there to make jokes. He wanted something done.Its easy to understand why Crossfire expected toothless laughs from Stewart. After all, on that very same day in 2004, Stewarts colleagues from Comedy Central, South Park creators Trey Parker and Matt Stone, debuted their new movie. Thus entered Team America: World Police into the pop culture landscape.A Michael Bay parody performed entirely by marionette puppets, Team America: World Police has the trappings of a ripped-from-the-headlines style satire. The moviesG.I. Joestyle counterterrorist team doesnt just fight random Islamic terrorists in a post-9/11 America; they also ultimately face off against North Korean leader Kim Jong Il and the Film Actors Guild (the real-world Screen Actors Guild, renamed to accommodate a slur/pun).Make no mistake, Team America is funny, even 20 years later. But decades on, when George W. Bush, Dick Cheney, and Karl Rove have given way to Donald Trump, J.D. Vance, and Steve Bannon, Parker and Stones sense of humor has come to crystallize the apathetic humor that still invites people to laugh while the world burnsand then mock anyone who tries to change it.Laughing at NothingSee, theres three kinds of people, says a drunk guy at the end of Team America: World Polices second act. What follows is a profane rant about genitals and their respective sexual possibilities, put in the bluntest, must explicit terms possible.Those types of speeches are common to the work of Parker and Stone, who made Team America with co-writer and frequent collaborator Pam Brady. South Park became a hit with its cursing children, its defiantly non-PC characterizations, and, of course, Mr. Hankey the Christmas Poo. However, Parker and Stone have always leaned more toward predecessor The Simpsons than follower Family Guy, using blue humor to make a point behind the laugh.Team America makes itsAt the end of the movie, Gary repeats the drunk guys terms to explain the lesson he learned.Were dicks! Were reckless, arrogant, stupid dicks, he declares. And the Film Actors Guild are pussies. And Kim Jong Il is an asshole. He continues the analogy to justify Team Americas actions via various forms of sexual penetration. I dont know much in this crazy, crazy world, but I do know that if you dont let us fuck this asshole, we are going to have our dicks and our pussies all covered in shit.To be clear, its very funny to hear this profane speech delivered with such sincerity, especially within the context of a self-serious Michael Bay style story. The fact that its a puppet getting misty-eyed to sweeping orchestral music makes it only more hilarious. It is not, however, a convincing political analysis. Even though Gary acknowledges that the Film Actors Guild have laudable goals and Team America deserves some criticism, its still better to let them do what they want. Its still better to let America attack its enemies.Join our mailing listGet the best of Den of Geek delivered right to your inbox!Or, to put it in a less profane, and less charitable, way: America is going to do whatever it wants, so lets just laugh about it instead of worrying about the consequences.Giving Up and Laughing it OffTeam Americas ethos of resignation fits right alongside South Parks humor.A year before Team America, South Park celebrated its 100th episode with Im a Little Bit Country in which the kids take advantage of a protest against the Iraq War to get out of school. When the media points out that the kids know nothing about American history, theyre assigned a huge test about the Revolution. But every time the kids try to study (well, except for Cartman, who nearly kills himself to get a flashback to 1776 and avoid book learning), theyre interrupted by adults who want to yell at each other about the founding fathers.The show similarly weighed in on the 2004 election with season 8s Douche and Turd, in which the titular objects vie to become the next mascot for the school. By the time the two figures stand on a stage and hold a debate, its clear that the show considers the race between Bush and Democratic candidate John Kerry to be little more than a choice between a Giant Douche and a Turd Sandwich.While Kyle and Cartman argue vigorously for their chosen candidates, Stan spends much of that episode refusing to participate, insisting a single vote doesnt matter. However, Douche and Turd seems to end with a bit of civic optimism, as Stans parents assure him that its always important to vote, even if your candidate loses. But then the episode actually ends with the schools original cow mascot reinstated, and Stans dad Randy pointing out that his vote didnt actually matter.As Douche and Turd shows, South Park often has a sense of resignation about the world as it is, which matches the creators own Libertarian politics. Systems will do what they will do, and theres little we can do about it, the show seems to suggest. Its only what individuals do that matters, so dont get caught up in extreme positions.Of course there are some outliers. In 2018, South Park launched its 22nd season with Dead Kids, in which the school shooting epidemic invades the town. Stans mom Sharon has the rational and moral response to children getting murdered in school. She screams and demands that something change, but everyone else treats her as odd for caring. The kids, meanwhile, resent the shootings as if they were common interruptions to their day. Cartman cares more that Token claims to have not seen Black Panther, and Stans dad Randy dismisses Sharons outrage as her being on her period.At points, Dead Kids represents South Park at its best. Randy goes to increasingly absurd lengths to learn about his wifes condition and reaffirm his love for her, mirrored by the B-plot with Cartman channeling an action detective to investigate Token. And Sharons feelings of anger and frustration mirrors the way most of us feel about living in a country that is apparently okay with school shootings happening on a regular basis.That is, until the closing title card of the episode, in which a #cancelsouthpark watermark appears over Parker and Stones names. Even at the end of an episode that feels immediate and funny, Parker and Stone have to end on a self-satisfied joke, pleased not only with how much they may have just offended you, but that you can do nothing about it.Whatever catharsis the episodes humor may have invoked, it ended with the equivalent of a Reddit poster asking, U mad bro?Read more Just JokingLike Dead Kids, Team America often reaches points of enduring hilarity. Parker and Stone parody 2000s and 90s action movies with Mel Brooks-level accuracy. The combination of (really impressive) puppets and apparently high-tech equipment gets a chuckle every time. Gags about Gary remembering his brothers death by gorilla or the signal for Garys blown cover (wave your arms and look scared) still work today. And the extended, X-rated sex scene, played completely straight but with puppets, retains its subversive power.That subversion does not extend to the movies politics. Instead the absurdity and boundary-pushing of the jokes serve to reinforce the status quo. The film equates caring about any sort of larger injustice with the smug absurdity of an expensive Broadway musical about poor people gleefully refusing to pay their rent and being stepped over while dying of a plague in the streets. Instead of pushing for extremes, the humor goes for a banal idea of common sense, the assumption that both sides of an issue are wrong and the truth lies somewhere in the middle.Garys speech, however, shows the limitations of that response. While Gary concedes that the actors do have a point and that Team America can sometimes go too far, he ultimately says that Team America is a greater good. Its important to listen to the actors who have good looks and cameras, but Team America should stay intact with its guns and right to kill indiscriminately.Whether Parker and Stone intended it or not, Team America is in retrospect a forerunner to far right meme culture, Pepe the Frog and Chad images that have spread from 4Chan to the rest of the internet. Its not just that Team America points out the absurdity of America thinking of itself as righteous, or that rich and self-involved celebrities claim to speak for the people. Its that it treats it all with a shrug, mocking those upset about the world more than those who created it, because what can we do about those who created it, anyway?Unlike far right memes, Team America is often actually funny, and obviously has far more care in its construction than just the laziest bit of offensive observation. However, its satire is exactly the sort of ineffective, easily dismissible humor that major networks and politicians depend upon. It is, at best, partisan hackery, to use Jon Stewarts charge against Crossfire. At worst, Team Americas reduction of political discourse to smug dick jokes is exactly the type of apathetic irony that undermines empathy.

Its time to get a look at whats next Developer_Direct is back. On Thursday, January 23 at 10am Pacific / 1pm Eastern / 6pm UK, fans will get an inside look at a selection of highly anticipated games coming to Xbox Series X|S, PC, and Game Pass players this year.Presented by the game creators themselves, Developer_Direct offers an in-depth look at upcoming titles, how theyre being created, and whos creating them. Well visit Compulsion Games in Montreal, Canada to learn more about South of Midnight, head to Montpellier, France to see Sandfall Interactive for a look at Clair Obscur: Expedition 33, stop by the legendary id Studios in Richardson, Texas to check in on DOOM: The Dark Ages, and visit a surprise location to see another studios brand new game.Fans should tune in on Xbox channels at 10am PT / 1pm ET / 6pm UK, January 23 to see all the latest on:DOOM: The Dark Ages Developed by id Software, DOOM: The Dark Ages is the prequel to the critically acclaimed DOOM (2016) and DOOM Eternal that tells the epic cinematic origin story of the Doom Slayers rage. In this third installment of the modern DOOM series, players will step into the blood-stained boots of the Doom Slayer in this never-before-seen dark and sinister medieval war against Hell. Learn more during the full game reveal at Developer_Direct.South of Midnight Compulsion Games, the creators of Contrast and We Happy Few, will share a deep dive on South of Midnight, a third person action-adventure game set in the American Deep South. As Hazel, you will explore the mythos and confront mysterious creatures inspired by Southern Folklore to unravel her familys hidden past in this dark, modern folktale.Clair Obscur: Expedition 33 Sandfall Interactive will take us behind-the-scenes at their studio to shed some light on the development of Clair Obscur: Expedition 33, this debut studios incredible new RPG. The team will share more about the games creation and how they plan to deliver an incredible story in a gorgeous fantasy world.Stay tuned to our official social channels for more from Developer_Direct, airing on Thursday, January 23 at 10am Pacific / 1pm Eastern / 6pm UK.

This article originally appeared in the October 2012 issue of ELLE DECOR. For more stories from our archive, subscribe to ELLE DECOR All Access.Ive always loved excess, declares Grard Tremolet, and during the 30 years the designer spent at the heart of the Paris fashion world, he was certainly a larger-than-life figure. Tremolet made a striking appearance, for instance, at the 1986 inauguration of the Museum of Fashion and Textiles at the Louvre, arriving in a floor-length frock coat with a leopard-print lining, a black top hat, and a veil that covered his face. Simon UptonIn a salon, the bergre is Louis XV, and the armchair is Rgence. The fashionable Tremolet started his career in the accessories department of Jean-Louis Scherrer, and later became the right-hand man of probably the most famous embroiderer of the 20th century, Franois Lesage. He rubbed shoulders with celebrities such as Lauren Bacall and Elizabeth Taylor, and met regularly with some of the worlds most talented designers. Each couture house had its own spirit, Tremolet recalls. At Yves Saint Laurent, it was like entering a temple. There was no noise. Karl Lagerfelds studio at Chanel, on the other hand, was the complete opposite: There was always music, and things going on.Simon UptonChinese vessels and a 19th-century bust of Bacchus line the mantel in the dining area; an antique farm table was cut down to serve as a cocktail table, and the beams are original.Today, Tremolets life may be less at the cutting edge, but it is no less glamorous. He now works as a freelance embroiderer for couturiers and decorators, and lives with his partner, David Barr de lEtang, a government tax official, at Chteau dAilly in Calvados, in Frances Normandy region. Ive always had delusions of grandeur, Tremolet says with a laugh. So when we decided to move to the country, nothing less than a chteau would do! Ive always had delusions of grandeur, Tremolet says with a laugh.The couple visited some 20 estates over a period of 18 months and were starting to despair. Then, late one Sunday evening in 2007, Barr de lEtang spotted an ad on the Internet. It read: 18th-century chteau with island, chapel, and cemetery. By the following Thursday, they had made an offer.Simon UptonThe dining areas 19th-century chandelier is a family heirloom, and the chairs are Rgence; the mirror is 18th century, the cabinet is Venetian, and the farm table is original to the property.The chteau in question is set in an eight-acre park complete with a river and an avenue of chestnut trees planted in 1700. The chapel dates from the 11th century, as does the main body of the house, which has barely been changed since 1721. Tremolet relates how the uncle of Charlotte Corday, the assassin of French revolutionary Jean-Paul Marat, celebrated Mass there. The chteau had remained in the same family, according to Tremolet, until they purchased it; its last resident was the Comtesse de Vigneral.Simon UptonIn the games room, the table and the armchairs, which are embellished with embroidery by Franois Lesage, are all Louis XVI, and the side chair is Louis XV; the chandelier is Venetian, and the cabinet door, left, was originally in the chteaus kitchen.The idiosyncratic Tremolet immediately fell under the propertys spell; he was enamored of the chteaus intimate size (many of its 30 rooms are small by French castle standards) and 18th-century details, among them the magnificent fireplaces and a bed alcove in a first-floor guest room. But not everything had withstood the test of time. Two rooms had been completely devastated by dry rot. Parts of the door frames and walls were missing in the entrance hall, and there were serious problems with humidity. It took two years to dry everything out, Tremolet recalls.I simply drew on my imagination, as well as from films like Barry Lyndon.For the interiors, his goal was to create a fresh, playful version of grand 18th-century style. If youre looking for historical accuracy, there are huge mistakes, he readily admits. I simply drew on my imagination, as well as from films like Barry Lyndon. He painted the walls of a salon with cheeky monkeys dressed up in various costumes, and added a games room. He also gave full rein to one of his passions: mixing bold and surprising colors. For a first-floor hallway, for instance, he chose bright yellow and tomato-red. And there is a touch of pink in almost every room. It wasnt a conscious decision, Tremolet says. Thats just the way it turned out. Simon UptonA guest room bed is dressed in Indian cashmere, and the headboard is upholstered with an antique carpet; the light fixture and hanging lamp are Egyptian, the chair is Syrian, and a carpet serves as a pelmet above the door. Decorating the chteau also gave Tremolet a chance to showcase objects and furniture hed been accumulating for yearshe has a fondness for portraiture and owns something like 20 different coffee sets. Even in a chteau, Theres not enough cupboard space for all the china, he admits. Other pieces found their places more effortlessly. Barr de lEtang relates how visitors who had been to the chteau as children claimed the mirror in the games room had always been there. In actual fact, he says, we installed it.The one area Tremolet took true over-the-top liberties with was a bedroom on the first floor, which had been renovated in the 1960s. There, he created an Oriental room reminiscent of his childhood in North Africa (he was born in Algiers). The space has purple-, red-, and orange-striped walls, turquoise curtains, leopard-print chairs, a bed canopy made from a camel blanket, and a Venetian cabinet he has owned for decades. There is also a wardrobe where he keeps costumes for the couples 18th-century theme parties, the most notable one held each year on the eve of Bastille Day. Its our counter-Revolution, Tremolet jokes. Simon UptonIn another guest room, the walls and curtains are of a Thevenon toile de Jouy, and the beds alcove is covered in taffeta; the armchair is Louis XV, and the rug is Russian.The annual summer party includes a picnic in the park, boat rides on the river, and fireworks at night. The odds are that such events will continue for years to come, as the couple say they are sure that they are there to stay. As Barr de lEtang notes with amusement, There are two places left in the cemetery. This story originally appeared in the October 2012 issue of ELLE DECOR.

At CES 2025, Satechi has unveiled the SM3 Slim Mechanical Backlit Bluetooth Keyboard, a sleek, low-profile mechanical keyboard built with Mac users in mind. Its Satechis first full-size mechanical keyboard, and its designed to balance style, functionality, and comfort perfect for those who want the mechanical typing experience without the bulk.Specs & features of the SM3The SM3 Slim Mechanical Backlit Bluetooth Keyboard brings a premium typing experience to both Mac and Windows users. Heres what you need to know:Full-Size Layout (108 Keys) Includes a numeric keypad for those who need more functionality, such as business professionals and programmers.Low-Profile brown switches -Shorter travel distance reduces finger fatigue while delivering a satisfying, tactile typing experience.Four device connectivity Connect to up to four devices via Bluetooth 5.0, 2.4 GHz USB receiver, or wired USB-C connection. Instantly switch between devices with ease.Customizable backlighting Choose from 14 different backlight patterns, with 3 brightness levels and 4 LED speeds.Rechargeable battery & USB-C charging The 2500mAh battery charges via USB-C and offers a reliable wired connection when needed.Adjustable feet for comfort Tailor the typing angle to reduce wrist strain, with added stability to prevent movement while typing.My experience with SM1Ive been using the little brother of the SM3, Satechi SM1 Slim Mechanical Keyboard for over a year now, and its become my go-to keyboard. Ive never been a fan of traditional mechanical keyboards theyre often bulky, loud, and tedious for everyday use. But the SM1 changed my mind, offering the perfect blend of mechanical feel and low-profile design.The SM3 builds on that success by offering a full-size option without sacrificing the sleekness and simplicity that made the SM1 such a hit. With low-profile brown switches, you get the satisfying tactile feedback of a mechanical keyboard, but without the clunky feel or overwhelming noise.Pricing & availability The Satechi SM3 Slim Mechanical Keyboard is available now for $119.99 on Satechi.net. It comes in Light and Dark color variants, making it easy to match any setup.If youve been looking for a mechanical keyboard thats made for Mac, offers versatile connectivity, and is comfortable for long typing sessions, the Satechi SM3 should be on your radar. Its a CES 2025 standout that blends style, performance, and practicality in one impressive package.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

It says a lot about Apples design that the MacBook Air is seen as the ultimate standard targeted by PC laptop brands. Just matching the aesthetics and performance of the machine is seen as a tough goal, but ASUS may have gone one better with its new Zenbook A14.The new machine not only succeeds in emulating the look of the MacBook Air, but exceeds its specs in no fewer than five different ways including being even lighter ASUS Zenbook A14Glance quickly at the machine and you could easily be forgiven for mistaking it for a new MacBook Air. The keyboard looks just as neat, the trackpad as large, and the overall design looks every bit as sleek as the Apple design on which it is so clearly based.But despite the base machines $900 price being less than the starting price of a 13-inch MacBook Air, ASUS has actually beaten Apples specs in five different ways.WeightThe MacBook Air weighs in at 2.7 pounds, while the Zenbook A14 comes in at 2.2 pounds for the lightest model in the line-up, and 2.4 pounds for the heaviest one.Casing materialThat weight saving appears in part to be based on a new material which ASUS says is 30% lighter and three times stronger than anodized aluminum. The company calls it Ceraluminum, as it claims to combine the benefits of both ceramic and aluminum materials. Ceraluminumundergoes rigorous lab testing to meet tough real-world conditions. For scratch resistance, the material is tested by placing the laptop, along with keys and coins, inside a rotating drum.Shock resistance is tested bydropping the laptopfroma50cm height,and wear resistance is evaluated by rubbing thematerial 18,000 times in the same placeto check the colordoesntfade.This robust testing ensuresthatZenbookA14remains scratch-free, resilient to shocks, andmaintainsits pristine looks, providing users with a laptop that is both lightweight and exceptionally durable.DisplayThe A14 has an OLED screen, in contrast with Apples IPS LCD with miniLED backlighting. Apple doesnt look set to make the switch to OLED screens until next year even for the MacBook Pro, while the MacBook Air may have to wait until 2028.BezelsAlso display-related, while there isnt much in it, it certainly appears as if ASUS has managed thinner bezels at the sides of the screen.Battery lifeApple cites up to 18 hours of movie playback (the least demanding task), while ASUS claims over 32 hours of continuous video playback on a single charge.But it wont match MacBook Air performanceOne area where it wont compete with the real deal is in performance. The machine offers a choice of Snapdragon X Plus or Snapdragon X Elite processors, and those are not remotely in the same league as the M2 or M3 chip you get with the MacBook Air.The MacBook Air is so powerful that you actually need a pretty good reason now to opt instead for the more expensive MacBook Pro.But given that many MacBook Air owners use their machines for undemanding tasks like writing, email, and web, the Zenbook will have more than enough power for many.The best news about this for Mac users is that it puts pressure on Apple to up its own game in the other areas where the A14 does push the limits.Photo: ASUSAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 09, 2025Ravie LakshmananCybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer."Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to bypass antivirus systems, posing a significant risk to over 100 million macOS users globally."The cybersecurity company said it detected the new version in late September 2024, with the malware distributed using phishing websites and fake GitHub repositories under the guise of popular software such as Google Chrome, Telegram, and TradingView.Banshee Stealer was first documented in August 2024 by Elastic Security Labs. Offered under a malware-as-a-service (MaaS) model to other cybercriminals for $3,000 a month, it's capable of harvesting data from web browsers, cryptocurrency wallets, and files matching specific extensions. The malware operation suffered a setback in late November 2024 when its source code leaked online, prompting it to shut down their operations. However, Check Point said it has identified multiple campaigns still distributing the malware through phishing websites, although it's currently not known if they are carried out by previous customers.The new variant is notable for removing a Russian language check used to prevent infections of Macs that had set Russian as the default system language. Dropping the feature alludes to the possibility that the threat actors are looking to cast a wider net of potential targets.Another crucial update is the use of a string encryption algorithm from Apple's XProtect antivirus engine to obfuscate the plaintext strings used in the original version of Banshee Stealer."Modern malware campaigns are exploiting common human vulnerabilities, not just platform-specific flaws," Eli Smadja, security research group manager at Check Point Research, said in a statement shared with The Hacker News. "MacOS, like any other OS, is exposed to these evolving threats, especially as cybercriminals employ advanced techniques like social engineering and fake software updates."The development comes as unsolicited messages on Discord are being used to propagate various stealer malware families such as Nova Stealer, Ageo Stealer, and Hexon Stealer under the pretext of testing out a new video game."One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts," Malwarebytes said. "This also helps them because some of the stolen information includes friends accounts of the victims."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 09, 2025The Hacker NewsAI Security / SaaS SecurityAs SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI. Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks without going through the proper channels. When these tools are used without IT or the Security team's knowledge, they often lack sufficient security controls, putting company data at risk.Shadow AI Detection ChallengesBecause shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on IP addresses and domain names, these AI assistants can fly under the radar because they share an IP address or domain with approved applications.Additionally, some employees utilize standalone AI tools tied to personal accounts, like personal ChatGPT instances, to assist with work-related tasks. While these AI apps aren't connected to corporate infrastructure, there's still the risk that employees will input sensitive data into them, increasing the chance of data leaks.Shadow AI Security RisksLike any shadow apps, shadow AI apps expand the attack surface through unmonitored integrations and APIs. They're often set up with weak configurations like excessive permissions, duplicative passwords, and no multi-factor identification (MFA), increasing the risk of exploitation and lateral movement within the network.However, shadow AI tools are even more dangerous than traditional shadow apps because of their ability to ingest and share information. One study found that as many as 15% of employees post company data in AI tools. Since GenAI models learn from every interaction, there's a risk they will expose sensitive information to unauthorized users or spread misinformation. How Reco Discovers Shadow AI in SaaSReco, a SaaS security solution, uses AI-based graph technology to discover and catalog shadow shadow AI. Here's how Reco works:Active Directory Integration: Reco begins by integrating with your organization's Active Directory, such as Microsoft Azure AD or Okta, to gather a list of approved and known applications and AI tools.Email Metadata Analysis: Reco analyzes email metadata from platforms like Gmail and Outlook to detect communications with unauthorized tools. It filters out internal apps and marketing emails and focuses on usage indicators, like account confirmations and download requests.GenAI Module Matching: Using a proprietary, fine-tuned model based on interactions and NLP, Reco consolidates and cleans the list, matching identities with corresponding apps and AI tools. Then, it creates a list of all SaaS apps and AI tools being used, who is using them, and what authentication mechanisms are being used.Shadow Application Detection: By comparing this list against a list of known applications and AI tools, Reco produces a list of unauthorized applications and shadow AI tools.What Reco Can Tell You About Shadow AI ToolsAfter Reco produces the list of shadow AI tools and apps, Reco can answer questions like:Which SaaS apps are currently in use across your organization? Of these apps, which are utilizing AI assistants and copilots? Reco inventories all applications running in your environment that are associated with your business email. It creates a list of who is using what, how they're authenticating, and produces activity logs in order to understand their behavior. That way, it can alert to suspicious activity, like excessive downloads, external file sharing, or permission changes. It also provides a Vendor Risk Score so security teams can prioritize riskier apps.What app-to-app connections exist?SaaS applications don't operate as islands. You need to understand how they're interacting with other applications to effectively manage risk. Reco shows you all the app-to-app integrations discovered within your environment. For example, you can see if an AI tool has been connected to a business-critical application like Gmail or Snowflake, and what permissions each AI application has.What identities are using each AI tool? What permissions do they have and how are they authenticating?One of the main challenges in SaaS security is the lack of centralization identity management is spread out across multiple apps. Reco consolidates identities across all SaaS applications so you can manage them from a single console. You can dig into what permissions each identity has, how they're authenticating, and whether or not they have Admin privileges. Who does not have MFA enabled? Who has excessive permissions? You can create roles and enforce policies that span multiple apps.What actions has each identity taken across SaaS and AI applications and when did this happen?Reco's AI-based knowledge graph technology maps all discovered SaaS applicationsincluding sanctioned and shadow applicationsassociated identities from both humans and machines, their permission levels, and actions. The knowledge graph then looks for changes in these vectors over time. If the graph indicates a dramatic change, then Reco alerts on an anomaly. For example, if there is a decrease in user engagement, Reco can predict the employee is planning on leaving the organization.Find out which AI applications are accessing sensitive data and who is using them. Then, implement governance and access management policies via the Reco platform.What Reco Cannot Do for Shadow AI SecuritySince Reco operates in an agentless, read-only capacity, there are certain limitations to its shadow AI security capabilities. Here's what Reco can't do:Prevent Data Input: Reco cannot stop users from entering sensitive data into unauthorized AI tools or applications.Block Shadow AI Tools: Reco does not directly block or disable shadow AI tools or integrations since it does not interfere with app functionality.Restrict User Behavior: Reco cannot enforce policies or prevent users from accessing unapproved toolsit can only detect and alert on activity.Modify Permissions: Reco cannot change user permissions or revoke access to shadow AI tools, as it only has read-only access to the data and doesn't have write access to SaaS applications.Stop API Integrations: Reco cannot prevent third-party shadow AI tools from connecting via APIs, but it can identify and alert these connections.Ultimately, Reco is a visibility and detection tool. It can't take action itself, but it can empower Security teams with the knowledge needed to take appropriate action at the right time to reduce risks.How Reco Continuously Secures SaaS Applications and AI ToolsAfter Reco discovers all your shadow applications and AI tools, takes inventory, and ranks them, Reco provides continuous security for the full SaaS lifecycle. Reco delivers:Posture management and compliance: Reco identifies misconfigurations that may put your data at risk, such as over-permissioned users, publicly exposed files, stale accounts, and weak authentication mechanisms. The 'How to Fix' feature gives instructions on how to clean up risks. It continuously monitors for configuration changes that could lead to data exposure via SaaS Security Posture Management (SSPM).Identities and Access Governance: Reco unifies identities across your SaaS applications, enabling centralized management of permissions and roles. By analyzing user permission levels and behaviors within your SaaS ecosystem, Reco provides visibility into critical exposure gaps that could lead to a breach.Threat Detection and Response: Reco delivers real-time alerts for unusual activities that may indicate malicious intent, such as impossible travel, unusual downloads, suspicious permission changes, or repeated failed login attempts. It integrates with your SIEM or SOAR so organizations can remediate SaaS risks efficiently within existing workflows.To learn more about Reco, you can watch the pre-recorded demo here. Or visit reco.ai to schedule a live demo.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

On Dec. 8, cybersecurity company BeyondTrust notified the US Department of the Treasury of a threat actor intrusion, according to a letter Treasury sent to the US Senate Committee on Banking, Housing, and Urban Affairs.This incident joins the list of other attacks attributed to China state-sponsored advanced persistent threat (APT) actors. How was this attack executed, and what is the outlook for ongoing cyber threats from China?The US Treasury HackThe threat actor gained access to Treasury end user workstations via a compromise of BeyondTrust. The threat actor was able to use a stolen key to override the services security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users, according to the letter.As of Jan. 6, BeyondTrust fully patched vulnerabilities relating to the SaaS instances of BeyondTrust Remote Support, according to the companys security advisory.BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product. BeyondTrust notified the limited number of customers who were involved, and it has been working to support those customers since then, a BeyondTrust spokesperson shared via email.Related:The threat actor targeted the Office of Foreign Assets Control (OFAC), the Office of Financial Research (OFR), and US Treasury Secretary Janet Yellens office, The Guardian reports.OFAC administers a number of sanctions programs; threat actors could have targeted OFAC to gain insight into forthcoming US sanctions.It's a more targeted approach designed specifically to get an inside look [at], potentially, future US policy, John Ghose, government investigations and enforcement attorney and special counsel at law firm Baker Donelson, tells InformationWeek.It is also possible the hackers have other motivations. Their intention will probably be to manipulate or degrade the integrity of the data associated with the sanctioned personalities in China, says Tom Kellerman, senior vice president of cyber strategy at application security company Contrast Security. Is there a process ongoing right now to verify the integrity of the data associated with the multitude of Chinese citizens that have been sanctioned by Treasury?Chinese Cyber Threats and US ResponseChinese officials frequently deny involvement in hacking operations, but the US linked China state-backed threat actors to several major intrusions, including the Treasury breach.Related:The major telecommunications hack discovered last year was linked to APT Salt Typhoon. China state-backed actors were also found responsible for the 2015 breach of the US Office of Personnel Management (OPM), which impacted the data of 35 million government employees. In 2020, the US Department of Justice charged four Chinese military-backed hackers for their involvement in the 2017 breach of credit reporting agency Equifax.While the Treasury and telecommunications hacks have come to light recently, cyber threats from China are ongoing. Cyber insurgency within US critical infrastructure is far deeper than just Treasury, says Kellerman.China-backed APT groups may be lurking in US government and company systems as a part of espionage campaigns, but there is growing concern about the potential for disruptive cyberattacks that cripple critical infrastructure if geopolitical tensions boil over into outright conflict. What can be done as nation state cyber threats continue to loom?Sanctions are a common response. Shortly following the news of the Treasury hack, the federal department announced sanctions on a cybersecurity company based in Beijing, relating to its role in helping breach US communications systems between the summer of 2022 and 2023, The New York Times reports.Related:At this point when it comes to actors like China and Russia and others that are so heavily blacklisted to what extent do we have a response? We're already limiting trade significantly, he says. The response would require just more sophisticated hardening of our information systems including all levels of the supply chain, says Ghose.Hardening of the supply chain requires an understanding of common threat actor tactics.We need to pay attention to the Chinese modus operandi, which is [to] island hop through other parties, whether it be cybersecurity vendors or whether it be through telecommunications carriers, and the fact that they're developing zero days faster than any other nation state, which still allows them to bypass a lot of cybersecurity defenses, Kellerman tells InformationWeek.And zero-day exploitation is on the rise. Cybersecurity consulting company Mandiant, a part of Google Cloud, found that 70% of vulnerabilities exploited in 2023 were zero days, an increase compared to 2021 and 2022.Hacks like the one of Treasury could prompt more focus on the supply chain and third-party reliance.Is it possible that this then results in more internalization, less reliance on third parties because of the difficulty of securing the supply chain? Ghose asks. That'll be an interesting development to watch.The Treasury hack also comes just before the beginning of a second Trump administration, and President-elect Trump has been vocal about taking an aggressive approach to China.The timing is interesting just because we're about to have an administration change, Ghose points out. So the Treasury leadership is going to be turning over soon. So, OFAC policy could look very different in, say, a couple of months from now.The US response to nation state cyber threats, beyond OFAC, could change under a new administration.

This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. The worlds first industrial-scale plant for green steel promises a cleaner future As of 2023, nearly 2 billion metric tons of steel were being produced annually, enough to cover Manhattan in a layer more than 13 feet thick. Making this metal produces a huge amount of carbon dioxide. Overall, steelmaking accounts for around 8% of the worlds carbon emissionsone of the largest industrial emitters and far more than such sources as aviation.Read the full story.Douglas Main Green steel is one of our 10 Breakthrough Technologies for 2025, MIT Technology Reviews annual list of tech to watch. Check out the rest of the list, and cast your vote for the honorary 11th breakthrough. 2025 is a critical year for climate tech Casey Crownhart I love the fresh start that comes with a new year. And one thing adding a boost to my January is our newest list of 10 Breakthrough Technologies. As I was looking over the finished list this week, I was struck by something: While there are some entries from other fields that are three or even five years away, all the climate items are either newly commercially available or just about to be. Its certainly apt, because this year in particular seems to be bringing a new urgency to the fight against climate change. Its time for these technologies to grow up and get out there. Read the full story.This story is from The Spark, our weekly climate and energy newsletter. Sign up to receive it in your inbox every Wednesday. A New York legislator wants to pick up the pieces of the dead California AI bill The first Democrat in New York history with a computer science background wants to revive some of the ideas behind the failed California AI safety bill, SB 1047, with a new version in his state that would regulate the most advanced AI models. Assembly member Alex Bores hopes his bill, currently an unpublished draft that MIT Technology Review has seen, will address many of the concerns that blocked SB 1047 from passing into law last year. Read the full story. Scott J Mulligan MIT Technology Review Narrated: How covid conspiracy theories led to an alarming resurgence in AIDS denialism Podcaster Joe Rogan, former presidential candidate Robert F. Kennedy Jr, and football quarterback Aaron Rodgers are all helping revive AIDS denialisma false collection of theories arguing either that HIV doesnt cause AIDS or that theres no such thing as HIV at all. These ideas were initially promoted back in the 1980s and 90s but fell out of favor, as more and more evidence stacked up against them, and as more people with HIV and AIDS started living longer lives thanks to effective new treatments. But then coronavirus arrived. This is our latest story to be turned into a MIT Technology Review Narrated podcast, whichwere publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as its released.Ask our journalists anything! Do you have questions about emerging technologies? Well, weve got answers. MIT Technology Reviews science and tech journalists are hosting an AMA on Reddit tomorrow at 12 pm ET. Submit your questions now! The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 Wildfires are sweeping through Los Angeles Unusually strong winds and dry weather are accelerating multiple fires around the city. (Vox)+ While California is no stranger to wildfires, these are particularly awful. (The Atlantic $)+ Five people are known to have died, and thousands have lost their homes.(NY Mag $)+ The quest to build wildfire-resistant homes. (MIT Technology Review) 2 AI can now predict how the genes inside a cell will drive its behavior Scientists are hopeful it could usher in cell-specific therapies to fight genetic diseases. (WP $)+ How AI can help us understand how cells workand help cure diseases. (MIT Technology Review)3 The Biden administration is planning a further chips crackdown One of its final acts will be a push to prevent sales of chips to China and Russia. (Bloomberg $)+ A group of tech representatives is begging the US government to reconsider. (Reuters)4 Elon Musks DOGE division wants to slash $2 trillion in federal spending But even he admits its a ridiculously ambitious goal. (WSJ $)+ He reckons he might be able to cut half that amount. (NBC News)5 Meta exempted its top advertisers from content moderation processesIt agreed to suppress standard testing for high spenders. (FT $) + Mark Zuckerberg appears to be following Xs playbook. (Wired $)+ Maybe the two platforms arent so different after all. (The Atlantic $)6 How one teenager embarked on a nationwide swatting spreeAlan Filions false shooting calls sent police into hundreds of schools across the US. (Wired $) 7 Blue Origin is limbering up to launch its new Glenn rocketIn the companys very first flight. (New Scientist $) + If successful, the flight could prove Blue Origins worthiness as a SpaceX rival. (The Register)8 Grok could be getting an unhinged modeWhatever that means. (TechCrunch) + Xs chatbot was one of the biggest AI flops of 2024. (MIT Technology Review)9 The secret to scaling quantum computing? Fiber optic cables Mixing quantum data with regular ole internet gigabits is one solution. (IEEE Spectrum) 10 This robot vacuum has limbs All the better to clean your home with. (The Verge)+ A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook? (MIT Technology Review)Quote of the day I voted for TrumpI didnt vote for Elon. Preston Parra, chairman of the pro-Trump Conservative PAC, expresses his frustration with Elon Musks escalating involvement in US politics to the New York Times. The big story The weeds are winning October 2024 Since the 1980s, more and more plants have evolved to become immune to herbicides. This threatens to decrease yields, and in extreme cases can wipe out whole fields. At worst, it can even drive farmers out of business. Its the agricultural equivalent of antibiotic resistance, and it keeps getting worse. Agriculture needs to embrace a diversity of weed control practices. But thats much easier said than done. Read the full story. Douglas Main We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet 'em at me.) + Andrew McCarthy has taken more than 90,000 pictures of the sun, which is pretty amazing.+ Sciences most famous dogs? Yes please.+ What better time to reorganize your kitchen cupboards than at the start of the new year?+ The Robbie Williams biopic Better Man is completely bonkersand a whole lot of fun.