Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have Patch Now recommendations (with no browser or Exchange patches) for January.Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional testing on how MSI Installer, MSIX and AppX packages are installed, updated, and uninstalled.To navigate these changes, the Readiness team has providedthis useful infographicdetailing the risks of deploying the updates.Known issuesReadiness worked with both Citrix and Microsoft to detail the more serious update issues affecting enterprise desktops, including:Windows 10/11: Following the installation of the October 2024 security update, some customers report that theOpenSSH(Open Secure Shell) service fails to start, preventingSSHconnections. The service fails without detailed logging; manual intervention is required to run the sshd.exe process. Microsoft is investigating the issue with no (as of now) published schedule for either mitigations or a resolution.Citrix reported significant issues with its Session Recording Agent (SRA), causing the January update to fail to complete successfully. Microsoft published a security bulletin (KB5050009) that says: Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. Once this situation occurs, however, the update process stops and proceeds to rollback to the original state.In short, if you have the Citrix SRA installed, your device was (likely) not updated this month.Major revisionsFor this Patch Tuesday, we have the following revisions to previously released updates:CVE-2025-21311: Windows Installer Elevation of Privilege Vulnerability. Microsoft has released an updated group policy (SkuSiPolicy.p7b) to better handle security related issues with VBS scripts included in the knowledge note, Guidance for blocking rollback of Virtualization-based Security (VBS).CVE-2025-21308: Windows Themes Spoofing Vulnerability. Microsoft recommends disablingNTLMfor desktop systems to address this vulnerability. Guidance on theprocess can be found here:Restrict NTLM: Outgoing NTLM traffic to remote servers.Microsoft also releasedCVE-2025-21224to address two memory related security vulnerabilities in the legacy line printer daemon (LPD), a Windows feature that has been deprecated for 15 years. I cant see things improving for these print-related functions (given the problems weve seen for the past decade). Maybe now is the time to start removing these legacy features from your platform.Windows lifecycle and enforcement updatesThe following Microsoft products will beretiredthis year:Microsoft Genomics: Jan. 6, 2025Visual Studio App Center: March 31, 2025SAP HANA Large Instances (HLI): June 30, 2025Of course, we dont need to mention the elephant in the room. Microsoft will end support for Windows 10 in October.Each month, we analyze Microsofts updates across key product families Windows, Office, and developer tools to help you prioritize patching efforts. This prescriptive, actionable, guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and apps.For this release cycle from Microsoft, we have grouped the critical updates and required testing efforts into different functional areas including:Remote desktopJanuary has a heavy focus on Remote Desktop Gateway (RD Gateway) and network protocols, with the following testing guidance:RD Gateway Connections: Ensure RD Gateway (RDG) continues to facilitate both UDP and TCP traffic seamlessly without performance degradation. Try disconnecting RDG from an existing/established connection.VPN, Wi-Fi, and Bluetooth Scenarios: test end-to-end configurations and nearby sharing functionality.DNS Management for Operators: Verify that users in the Network Configuration Operators group can manage DNS client settings effortlessly.Local Windows file system and storageFile system and storage components also get minor updates. Desktop and server file system testing efforts should focus on:Offline Files and Mapped Drives: Test mapped network drives under both online and offline conditions. Pay close attention toSync Centerstatus updates.BitLocker: Validate drive locking and unlocking, BitLocker-native boot scenarios, and post-hibernation states with BitLocker enabled.Virtualization and Microsoft Hyper-VHyper-Vand virtual machines receive lightweight updates:Traffic Testing: Install the Hyper-V feature and restart systems. Monitor network performance and ensure no regressions in virtual network traffic or virtual machine management.Security and authenticationKey areas for security-related testing include:Digest Authentication Stress Testing: Simulate heavy loads while using Digest authentication to uncover potential issues.SPNEGONegotiations: Verify Secure Negotiation Protocol (SPNEGO) functionalities in cross-domain or multi-forest Active Directory setups.Authentication Scenarios: Test applications relying onLSASSprocesses and ensure that protocols like Kerberos, NTLM, and certificate-based authentication remain stable under load.Other critical updatesThere are some additional testing priorities for this release:App Deployment Scenarios: Install and updateMSIX/Appxpackages with and without packaged services, confirming admin-only requirements for updates.WebSocket Connections: Establish and monitor secureWebSocketconnections, ensuring proper encryption and handshake results.Graphics and Themes: TestGDI+-based apps and workflows involving theme files to ensure UI elements render correctly across different view modes. Some suggestions include foreign language applications that rely on Input Method Editors (IMEs).Januarys updates maintain a medium-risk profile for most systems, but testing remains essential especially for networking, authentication, and file system scenarios. We recommend prioritizing remote network traffic validation, with light testing for storage and virtualization environments. If you have a large MSIX/Appx package portfolio, theres a lot of work to do to ensure that your package installs, updates and uninstalls successfully.Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:Browsers (Microsoft IE and Edge)Microsoft Windows (both desktop and server)Microsoft OfficeMicrosoft Exchange and SQL ServerMicrosoft Developer Tools (Visual Studio and .NET)Adobe (if you get this far)BrowsersThere were no Microsoft browser updates for Patch Tuesday this month. Expect Chromium updates that will affect Microsoft Edge in the coming week. (You can find the enterprise release schedule for Chromiumhere.)Microsoft WindowsThis is a pretty large update for the Windows ecosystem, with 124 patches for both desktops and servers, covering over 50 product/feature groups. Weve highlighted some of the major areas of interest:Fax/TelephonyMSI/AppX/Installer and the Windows update mechanismsWindows COM/DCOM/OLENetworking, Remote DesktopKerberos, Digital Certificates, BitLocker, Windows Boot ManagerWindows graphics (GDI) and Kernel driversUnfortunately, Windows security vulnerabilitiesCVE-2025-21275andCVE-2025-21308both affect core application functionality and have been publicly disclosed. Add these Windows updates to your Patch Now release schedule.Microsoft OfficeMicrosoft Office gets three critical updates, and a further 17 patches rated important. Unusually, three Microsoft Office updates affecting Microsoft Access fall into the zero-day category withCVE-2025-21366,CVE-2025-21395andCVE-2025-21186publicly disclosed. Add these Microsoft updates to your Patch Now calendar.Microsoft Exchange and SQL ServerThere were no updates from Microsoft for SQL Server or Microsoft Exchange servers this month.Microsoft Developer Tools (Visual Studio and .NET)Microsoft has released seven updates rated as important affecting Microsoft .NET and Visual Studio. Given the urgent attention required for Office and Windows this month, you can add these standard, low-profile patches to your standard developer release schedule.Adobe and third-party updatesNo Adobe related patches were released by Microsoft this month. However, two third-party, development related updates were published; they affect GitHub (CVE-2024-50338) andCERTCC patch (CVE-2024-7344). Both updates can be added to the standard developer release schedule.

IMacncoming President Trump says he has met with Apple CEO Tim Cook, who reportedly committed the company to a greatly increased investment in the US.Tim Cook (left) with Donald Trump in a meeting during the latter's first presidential termAhead of the inauguration ceremony, Trump held a victory rally in which he talked of business leaders promising to invest in the US. According to Fox Business, he named SoftBank, DAMAC, and Apple."I spoke with Tim Cook of Apple," said Trump. "He said they're going to make a massive investment in the United States because of our big election win." Continue Reading on AppleInsider | Discuss on our Forums

Following our previous visit toStudio MM, we are moving ourMeet Your Next Employer seriesto Los Angeles this week to explore the work ofBunch Design.From their office in La Caada Flintridge, the firm has built a portfolio of thoughtful, creative, and unique projects with a strong emphasis on the inventive use of materials, the qualities of light, use of structure, and the relationship between the space and its users. Recently, the firms Hollywood ADU project was honored at the 2024 AIA|LA Residential Architecture Awards.Over on Archinect Jobs, the firm iscurrently hiringfor a Senior Architect to join their Los Angeles team. For candidates interested in applying for a position or anybody interested in learning more about the firms output, we have rounded up four ADU projects in the city by Bunch Design that exemplify the firms ethos.Hollywood ADU. Image courtesy: Bunch DesignHollywood ADU, Hollywood, CAThe Hollywood ADU was designed to accommodate retired parents on...

The Monster Hunter Wilds team at Capcom has revealed its thought process when it decides on a roster of monsters for a Monster Hunter game. In an interview with IGN, director Yuya Tokuda spoke about the studios processes for coming up with the upcoming titles roster of monsters.Tokuda spoke about how, when deciding a monster for a game, the team first tries to answer questions like where the monster would live in an areas ecosystem and hierarchy. Giving the example of Arkveld, Tokuda talks about considering its place in the ecological pyramid of an area.We first consider what we want players to experience when facing major monsters like Arkveld, as well as the setting, ecosystem and so on of the world, unique to each title, Tokuda explained. We then think about the kind of monsters needed to do that. In a way, we start by putting puzzle pieces together, like, If this monster exists in this place, how does the ecological pyramid work here?Tokuda also explained that the team doesnt take any ratios of brand new monsters versus returning ones from previous titles into consideration when coming up with a roster. More important for the team, according to Tokuda, is the player experience, and how it would feel to hunt these monsters.We dont focus too much on the proportion or number of new versus old monsters, said Tokuda. Whats important at the end of the day is the overall level design and order of monsters across the entire game, as well as the balance of ecological pyramids in each area. We take this multifaceted approach to decide which monsters to include.To that end, even the decision to further fill out a new games monster roster with returning monsters and fan-favourites largely comes down to whether it makes sense to bring the monster to the new games environments. Current technological advancements in game development also plays into this.So even when were selecting old monsters to put in the game, part of that involves making sure to stay true to that monsters concept while thinking about how much room each monster has to grow when theyre reborn using current-day technology and game design, he said.Capcom recently revealed that, alongside Congalala, Gravios will also be one of the returning monsters in Monster Hunter Wilds. The announcement was made with a new gameplay showcase, giving us our first look at Gravios with the games current engine. While Rise and Sunbreak players got to fight against Basarios essentially a juvenile Gravios the grown-up version of the monster is capable of doing quite a bit of damage to hunters thanks to an array of moves, ranging from fire, sleep and poison gases, as well as a fire beam.Monster Hunter Wilds will be available on PC, PS5 and Xbox Series X/S with it comes out on February 28. In the mean time, players will get the chance to experience the games beta releases between February 6 and 9, and then again on February 13 and 16.

html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"DNEG Senior Creature TD Mengya Zhang has released the Houdini Skin Slide Deformer: a GPU-accelerated Houdini add-on for creating skin sliding effects in character animation.The hardware-agnostic tool, which can be downloaded for free, generates realistic skin sliding without the need for a full tissue simulation, preserving the volume of the character.A high-performance volume-preserving skin slide deformer for VFX and animation workThe deformer generates realistic skin sliding without the need for underlying tissue simulation.The video above shows the results when applied directly on top of the Point Deform skin mesh from a recent muscle simulation project.Unlike Delta Mush deformers, available in DCC apps like Maya and Houdini to smooth out unwanted artefacts in character animations, it maintains the volume of the character mesh.It supports both triangle- and quad-based meshes, and provides fast results on meshes of reasonable density.Zhang developed the deformer as part of R&D work on OpenCL, the hardware-agnostic parallel programming framework supported in Houdini for GPU-accelerated simulation.On LinkedIn, Zhang noted that she had also created the tool using VEX, Houdinis CPU-only expression language, and that OpenCL is just way much faster in this case.Now available on Gumroad along with Mengya Zhangs Houdini Wrinkle Deformer HDAZhang has now released the skin slide deformer on Gumroad, using a Pay What You Want model for individual artists: you can download it for free, or donate to support the work.As well as the HDA files for the deformer itself and its OpenCL wrapper, the download includes a .hip file for a demo scene.You can also download one of Zhangs previous projects, the Houdini Wrinkle Deformer HDA, which generates jitter-free skin-like wrinkles on animated geometry, on a similar basis.License conditions and system requirementsMengya Zhangs Houdini Skin Slide Deformer is compatible with Houdini. GPU acceleration requires an OpenCL-compatible graphics card, which includes both AMD and NVIDIA GPUs.The tool is available for non-commercial use under a Pay What You Want model. The license agreement prohibits claiming authorship, including of derivative works, in demo reels.For studios, commercial licenses start at $200.Download Mengya Zhangs Houdini Skin Slide Deformer HDA from Gumroad(Enter a figure of $0 to download it for free, or make a voluntary donation)Have your say on this story by following CG Channel on Facebook, Instagram and X (formerly Twitter). As well as being able to comment on stories, followers of our social media accounts can see videos we dont post on the site itself, including making-ofs for the latest VFX movies, animations, games cinematics and motion graphics projects.

Cognosphere to pay $20m to settle FTC complaint on Genshin ImpactGames firm will introduce "new age-gate and parental consent protections" and "in-game disclosures around virtual currency" in response News by Sophie McEvoy Staff Writer Published on Jan. 20, 2025 Genshin Impact distributor Cognosphere has agreed to pay $20 million to settle charges made by the US Federal Trade Commission.In a complaint filed on January 17, 2025, in the United States District Court for the Central District of California, the FTC alleged that Cognosphere violated the Children's Online Privacy Protection Act (COPPA) and deceived users about the cost of in-game transactions.The FTC claimed that Cognosphere pushed the marketing of Genshin Impact towards children under 13 and collected personal information without parental consent, which goes against the COPPA.It also alleged that Cognosphere "deceived players about the odds of winning" loot box prizes and that the purchasing process for in-game currency is too confusing for consumers. It claimed this misleads players regarding "the amount of money that would likely need to be spent to obtain certain prizes."Under the proposed order, Cognosphere is required to adhere to changes outlined in the complaint including the prohibition of selling loot boxes to children under 16 without parental consent and rectify the misrepresentation of loot box odds, prices, and features.In response to the complaint, Cognosphere said that while it believed "many of the FTC's allegations are inaccurate," it agreed to the settlement because it "values the trust of [its] community and shares a commitment to transparency for [its] players.""Under the agreement, we will introduce new age-gate and parental consent protections for children and young teens and increase our in-game disclosures around virtual currency and rewards for players in the US in the coming months," it said.Director of the FTC's Bureau of Consumer Protection Samuel Levine added: "Genshin Impact deceived children, teens, and other players into spending hundreds of dollars on prizes they stood little chance of winning."Companies that deploy these dark-pattern tactics will be held accountable if they deceive players, particularly kids and teens, about the true costs of in-game transactions."Cognosphere is a subsidiary of Chinese developer MiHoYo and publisher of Genshin Impact. It conducts business in the United States as HoYoverse.

Marvel Snap developer Second Dinner hopes to have the card battler back online "within 24 hours" after it was made unavailable in the United States due to the studio's links with TikTok owner ByteDance."We've been working around the clock to bring Marvel Snap back up in the U.S. and hope to have it back online within 24 hours. We'll update you once it's back up," reads the latest social media post from the studio.The title went dark on Sunday, with Second Dinner confirming the news on X while pledging to remedy the situation as soon as possible."Unfortunately, Marvel Snap is temporarily unavailable in U.S. app stores and is unavailable to play in the U.S.," wrote the developer. "This outage is a surprise to us and wasn't planned. Marvel Snap isnt going anywhere. Were actively working on getting the game up as soon as possible and will update you once we have more to share."Players who attempted to boot up the title were greeted with a message explaining it has been banned in the United States."Sorry, Marvel Snap isn't available right now," it read, as reported by IGN. "A law banning Marvel Snap has been enacted in the U.S. Unfortunately, that means you can't use Marvel Snap for now. Rest assured, we're working to restore our service in the U.S. Please stay tuned!"Marvel Snap is published by Nuverse, a subsidiary of TikTok owner Bytedance. It looks like that connection is now causing trouble for Marvel Snap and developer Second Dinner after a new U.S. law banning TikTok came into effect over the weekend.That law prevents people in the United States from using the popular social media app and was purportedly ushered in over concerns about its links to the Chinese government.As reported by the BBC, the U.S. Supreme Court upheld the decision on Friday after ByteDance failed to sell TikTok to a company in the United States before January 19, 2025.Although the ban was upheld, President-elect Donald Trump claims he will "likely" give ByteDance and TikTok a 90-day reprieve after he takes office on January 20.In the meantime, Second Dinner co-founder and chief development officer Ben Brode indicated players in the U.S. can use a VPN to circumvent the ban."I am hearing that VPN software will allow you to continue playing Marvel Snap in the meantime, as long as you pretend you're from Canada or something," he noted on Bluesky.It was previously reported that Bytedance was restructuring its video game business and discussing a potential asset sale with Chinese conglomerate Tencent, which was recently added to a list of "Chinese military companies" by the U.S. Department of Defence.Bytedance confirmed it "made the difficult decision to restructure our gaming business" in November 2023, but it remains unclear which subsidiaries were impacted.

Last September, well before Halloween and a full four months out from Leigh Whannells reimagining of a Universal Monsters classic, The Wolf Man, we got our first look at Whannell and Blumhouse Productions new take on the famous werewolf. Supposedly.While a theme park performer visibly stood in front of a poster for this Januarys Wolf Man with a goofy-looking latex mask onpresumably it would seem scarier in the dark at Universal Studios Halloween Horror Nights for where it was intended it obviously wasnt the real deal Whannell and makeup artist Arjen Tuiten (Pans Labyrinth) designed for the finished film. Even so, the internet predictably bayed in anger. Thats not a wolf man! many seemed to cry. Its an old timey mountain man with really long hair and a bad dentist!Four months later, the howling is gone and we now know what Whannell and Tuiten actually made. Rest assured, it does not look like Halloween Horror Nights Deliverance reject. But its also safe to say that it is probably the most human-seeming werewolf weve had in decades, even by the virtue of the Wolf Man franchise. Sure, the original The Wolf Man of 1941 canonized the pop culture image of werewolves by having the upright Lon Chaney Jr. be buried underneath yak hair and prosthetic teeth, but even 85 years later it appears more elaborate than the minimalist creature in Whannells Wolf Man.By contrast, when Christopher Abbott steps into the shoes of the doomed protagonist in 2025s Wolf Man, he barely qualifies as a werewolf at all. The term is noticeably never used in the movie. Instead the creature is given a vaguely Indigenous folk origin, with mutterings about the Face of the Wolf being sprinkled into the screenplay. Indeed, the Face of the Wolf curse is suggested to be a mere disease that once transmitted needs neither full moon or silver bullets to be controlled.It simply turns Abbotts kindly father into a pitifully sick man who gnaws at his wounds like a dog in a trap. It is a deliberate departure, and we can attest anecdotally that the design has left a few colleagues (as well as this writer) underwhelmed. Reimagining the werewolf as a metaphor for sickness is well and good, but if you call your movie WOLF MAN, a certain level of furry iconography is expected. Abbotts lycanthrope, however, could just as easily be a poor bastard turning into an extra in the next Planet of the Apes.All of which raises the question of what exactly do viewers want from a big screen werewolf these days? Well, there are two schools of thoughtUniversal PicturesThe O.G. Bipedal WerewolfFew would argue John Landis An American Werewolf in London remains the gold standard for lycanthrope cinema. A shrewd and effective update of The Wolf Man for the Boomer generation, it made werewolves scary again and marked the 1980s as a golden age for sophisticated prosthetics in monster movies. And a lot of that success was achieved by Landis hiring his pal Rick Baker, a barely 30-year-old special effects makeup wunderkind, to design the beast. But as iconic as their hound from hell became, it was also a point of contention between the director and the makeup artist whod win an Oscar for the work.I wanted it to be a biped, and I was actually hoping for something a little more on the man side as well, Baker said in the Beware the Moon documentary about the making of the film. I always thought it was kind of interesting, that kind of combination of animal and person. But John said, No, four-legged hound from hell!It is easy to see why Baker was drawn to the image of a two-legged werewolf standing upright and covered perhaps in a mans tattered clothes. That is, after all, what werewolves had looked like onscreen since the beginning of movies.While the earliest silent film werewolf pictures have been lost to time and obscurity, the first widely seen film about a man turning into a beast came from Universal Pictures six years before the original Wolf Man. Yep, prior to Lon Chaney Jr., there was Broadway thespian Henry Hull and his rather unlikable doomed hero in The Werewolf of London.Released in 1935 near the tail-end of Universals first cycle of monster moviesit came out the same year as Bride of FrankensteinThe Werewolf of Londons eponymous beastie was designed by legendary makeup artist Jack Pierce, the same man who masterminded the looks of Karloffs Mummy and Frankenstein Monster. He also would get to utilize his original werewolf ideas on The Wolf Man, because in 1935 the classically trained Hull demurred sitting beneath such extensive makeup. Instead, he argued, audiences would want to see the human character (and actor) still beneath the wolf design. We imagine he and Leigh Whannell might have gotten along.Join our mailing listGet the best of Den of Geek delivered right to your inbox!As a consequence, the werewolf in Werewolf of London has more in common with Mr. Hyde in various Jekyll and Hyde flicks. Hulls werewolf prowls the streets of London in an overcoat, scarf and hat, stalking women of the night like the spirit of Jack the Ripper returned. He even apparently retains the power of speech.Future generations of makeup artists affectionately refer to this werewolf design as the Elvis of Werewolves, and even have homaged it on occasionsuch as Josh Hartnetts throwback to the more man than wolf antihero in John Logans underrated Penny Dreadful. Largely however, the look was supplanted and forgotten after Pierces improvements in 41.While a staple of childhood nostalgia and Halloween decorations today, there is still something rather gnarly about Chaney in his full werewolf regalia in The Wolf Man and its various sequels. It also defined the look of a guy still in his clothes covered in so much fur that his face became completely unrecognizable. With a good actor, which on his sober days Chaney very much could be, the design might even become ferocious. There is in fact something quite wicked about the scene in the film where in appropriately dark shadows on a foggy soundstage, Chaney comes running full tilt at first Evelyn Ankers and then Claude Rains with a look of murder in his eyes. Perhaps more thrilling and amusing than scary, its still left an impression for a reason.Over the following 40 years, every cinematic werewolf in one way or another was an homage, imitation, or knockoff of what Pierce and Chaney did. Some of them are quite impressive in their own right, such as another real-life hellraiser in front of and behind the camera, Oliver Reed. He experienced a much more elaborate full body fur-job in Hammer Studios The Curse of the Werewolf (1961). A loose adaptation of Guy Endores underrated novel The Werewolf of Paris, the Hammer film draws on Medieval ideas of werewolfism being passed on through the blood and the sins of the father. Yet the design in the movie is pure Hollywood, if by way of the UKs Roy Ashton. The teeth are sharper, the face more animalistic, and the blood of his victims finally visible, but if you squint it could still just resemble Reed after a particularly bad bender.It was probably the best 20th century upgrade on Pierces standard, especially when compared to the cheaper designs in movies like I Was a Teenage Werewolf (1957) and the various Paul Naschy Wolfman knockoff movies from 1970s Spain. But they, along with cartoon shows like Scooby-Doo, also made the emphasis on the Man in Wolf Man kitschy by the 80s.Universal PicturesThe Four-Legged Hound from HellA four-legged hound from hell. With blazing eyes, its wolfen features are twisted and demonic. So reads John Landis screenplay for An American Werewolf in London. Its an image he first dreamed up as a teenager in 1969 while working on Kellys Heroes (1970), and its one that never left him all the way until he forced Rick Baker to accept theyre not doing the Wolf Man anymore.It was a shrewd choice. By the 80s, the bipedal werewolf was a costume that kids went trick r treating in. Yet in American Werewolf, not only did Landis and Baker dream up the greatest werewolf transformation of all time, but also an enormous beast who on four legs appeared like a rabid dog with red eyes so cruel it could turn Piccadilly Circus into a slaughterhouse. It was such a tremendous achievement that the Academy finally made Best Makeup and Hairstyling an official category at the Oscars, just so they could award Baker for his work. It also created a boom industry for prosthetic-heavy creature features.Ironically, it was also not the only groundbreaking werewolf movie of 1981. In fact, the werewolf transformation in The HowlingAmerican Werewolfs, likely much to writer-director Joe Dantes chagrin since he had hired Baker to design his werewolf effects during the years-long gap Baker waited for Landis to find financing for American. Ultimately, Baker awkwardly pulled out of The Howling and left his protege Rob Bottin to design that movies werewolves.In truth, they are closer to a hybrid of what became Pierce and Bakers calling cards. While still bipedal, Dante and Bottins werewolves stand upright at a towering seven feet. With enormous jutting snouts and long lupine ears, they are modeled after the Big Bad Wolf in Walt Disneys classic Three Little Pigs cartoon from 1933. Theyre every bit as terrifying to look at as Landis hound from hell.Still, the hound seemed to mostly win out in the short term. The 80s were subsequently filled with werewolf movies that tried to emulate the elaborate transformations of both 81 films to varying success. While some remained old-fashioned, such as the nostalgic throwback to Universal monsters in Waxwork (1988), or for that matter Baker and Landis work with Michael Jackson on the Thriller music video (which is still more of a werecat than wolf), more of them emulated the four-legged bestial excess of the era. This would include the first transformation in Neil Jordans The Company of Wolves from 1984 (the second transformation, meanwhile, saw characters turn into actual grey wolves).And when the prosthetics craze of the 80s eventually died down, werewolf movies of the 90s and 2000s continued to owe more to American Werewolf than Wolf Man. Even the purely CGI werewolves in Stephen Sommers kitschy Van Helsing spend more time on four legs than two and have a big (and strangely cuddly) cartoon wolfs head on top.There have been throwbacks that went the other way like the aforementioned 2010s TV series, Penny Dreadful. Similarly, Jack Nicholson landed a lot closer to Henry Hull than either Lon Chaney or Landis in Mike Nichols Wolf (1994), but that Baker design likely had more to do with just keeping Nicholsons moneymaker front and center.Baker did eventually get the chance to finally do his true, fullsteam ahead tribute to the bipedal Wolf Man in a literal remake of the 41 movie: 2010s The Wolfman, starring Benicio del Toro. Its not a perfect film, but Baker and del Toros epic monster design is a triumph, as well a tribute to Pierces design that is more ferocious and menacing looking in its bloody, long-clawed sophistication.And yet, audiences rejected it then. The 2010 Wolfman flopped for a variety of other reasons too, but more than a few online critics sniffed that compared to Bakers work on American Werewolf, the old school bipedal werewolf looked hokey. It won Baker another Oscar and today has its defenders (including this one), but the movies failure noticeably put a silver bullet in bipedal werewolves at a time when the creatures were more popularly seen as little better than big furry dogs in the all-CGI Twilight movie designs. Or they were turned into literal wolves, a la HBOs attempt to cash-in on the Twilight craze with the saucier True Blood.The Best of Both Worlds?Based on the mixed reception of Whannells Wolf Manpersonally I found it underwhelming, but our Joe George loved it!it seems unlikely that the film will change opinions about the antiquated nature of the bipedal werewolf. The film might achieve its goal of making the werewolf look purely like a man dying of a strange disease, but frankly, wed rather revel in Baker and del Toros update going hound-dog on London by gaslight.Be that as it may, we think the best looking movie werewolves emulate the sophistication of Landis hound from hell but retain some elements of the bipedal creature. American Werewolf is the lycanthrope masterpiece of 81, but the general monster designs in The Howling are honestly more fun. Similarly, movies that attempted to emulate both in the 21st century, such as Neil Marshalls Dog Soldiers and the first couple of Len Wiseman-directed Underworld flicks (more so the second one where they had a decent budget) look far cooler than the CGI nonsense of either Van Helsing or Twilight.Perhaps the best werewolves are the ones who are caught forever dead in the middle between man and beast?

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with old-school methods.To stay ahead, we need to understand how cybersecurity is now tied to diplomacy, where the safety of networks is just as important as the power of words. Threat of the WeekU.S. Treasury Sanctions Chinese and North Korean Entities The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) leveled sanctions against a Chinese cybersecurity company (Sichuan Juxinhe Network Technology Co., LTD.) and a Shanghai-based cyber actor (Yin Kecheng) over their alleged links to Salt Typhoon and Silk Typhoon threat clusters. Kecheng was associated with the breach of the Treasury's own network that came to light earlier this month. The department has also sanctioned two individuals and four organizations in connection with the North Korean fraudulent IT worker scheme that aims to generate revenue for the country by dispatching its citizens to China and Russia to obtain employment at various companies across the world using false identities. Top NewsSneaky 2FA Phishing Kit Targets Microsoft 365 Accounts A new adversary-in-the-middle (AitM) phishing kit called Sneaky 2FA has seen moderate adoption among malicious actors for its ability to steal credentials and two-factor authentication (2FA) codes from Microsoft 365 accounts since at least October 2024. The phishing kit is also called WikiKit owing to the fact that site visitors whose IP address originates from a data center, cloud provider, bot, proxy, or VPN are directed to a Microsoft-related Wikipedia page. Sneaky 2FA also shares some code overlaps with another phishing kit maintained by the W3LL Store.FBI Deletes PlugX Malware from Over 4,250 Computers The U.S. Department of Justice (DoJ) disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete a variant of the PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." The malware, attributed to the China-nexus Mustang Panda threat actor, is known to spread to other systems via attached USB devices. The disruption is part of a larger effort led by the Paris Prosecutor's Office and cybersecurity firm Sekoia that has resulted in the disinfection payload being sent to 5,539 IP addresses across 10 countries.Russian Hackers Target Kazakhstan With HATVIBE Malware The Russian threat actor known as UAC-0063 has been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The spear-phishing attacks leverage lures related to the Ministry of Foreign Affairs to drop a malware loader named HATVIBE that's then used to deploy a backdoor called CHERRYSPY.Python Backdoor Leads to RansomHub Ransomware Cybersecurity researchers have detailed an attack that started with a SocGholish infection, which then paved the way for a Python backdoor responsible for deploying RansomHub encryptors throughout the entire impacted network. The Python script is essentially a reverse proxy that connects to a hard-coded IP address and allows the threat actor to move laterally in the compromised network using the victim system as a proxy.Google Ads Users Targeted by Malicious Google Ads In an ironic twist, a new malvertising campaign has been found targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. The brazen tactic is being used to hijack advertiser accounts and push more ads to perpetuate the campaign further. Google said the activity violates its policies and it's taking active measures to disrupt it. Trending CVEsYour go-to software could be hiding dangerous security flawsdon't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.This week's list includes CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (Windows Hyper-V NT Kernel Integration VSP), CVE-2024-55591 (Fortinet), CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 (Ivanti Endpoint Manager), CVE-2024-7344 (Howyar Taiwan), CVE-2024-52320, CVE-2024-48871 (Planet Technology WGS-804HPT industrial switch), CVE-2024-12084 (Rsync), CVE-2024-57726, CVE-2024-57727, CVE-2024-57728 (SimpleHelp), CVE-2024-44243 (Apple macOS), CVE-2024-9042 (Kubernetes), CVE-2024-12365 (W3 Total Cache plugin), CVE-2025-23013 (Yubico), CVE-2024-57579, CVE-2024-57580, CVE-2024-57581, CVE-2024-57582 (Tenda AC18), CVE-2024-57011, CVE-2024-57012, CVE-2024-57013, CVE-2024-57014, CVE-2024-57015, CVE-2024-57016, CVE-2024-57017, CVE-2024-57018, CVE-2024-57019, CVE-2024-57020, CVE-2024-57021, CVE-2024-57022, CVE-2024-57023, CVE-2024-57024, CVE-2024-57025 (TOTOLINK X5000R), CVE-2025-22785 (ComMotion Course Booking System plugin), and 44 vulnerabilities in Wavlink AC3000 routers. Around the Cyber WorldThreat Actors Advertise Insider Threat Operations Bad actors have been identified advertising services on Telegram and dark web forums that aim to connect prospective customers with insiders as well as recruit people working at various companies for malicious purposes. According to Nisos, some of the messages posted on Telegram request for insider access to Amazon in order to remove negative product reviews. Others offer insider services to process refunds. "In one example, the threat actors posted that they would connect buyers to an insider working at Amazon, who could perform services for a fee," Nisos said. "The threat actors clarified that they were not the insider, but had access to one."U.K. Proposes Banning Ransom Payments by Government Entities The U.K. government is proposing that all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, refrain from making ransomware payments in an attempt to hit where it hurts and disrupt the financial motivation behind such attacks. "This is an expansion of the current ban on payments by government departments," the government said. "This is in addition to making it mandatory to report ransomware incidents, to boost intelligence available to law enforcement and help them disrupt more incidents."Gravy Analytics Breach Leaks Sensitive Location Data Gravy Analytics, a bulk location data provider that has offered its services to government agencies and law enforcement through its Venntel subsidiary, revealed that it suffered a hack and data breach, thereby threatening the privacy of millions of people around the world who had their location information revealed by thousands of Android and iOS apps to the data broker. It's believed that the threat actors gained access to the AWS environment through a "misappropriated" key. Gravy Analytics said it was informed of the hack through communication from the threat actors on January 4, 2025. A small sample data set has since been published in a Russian forum containing data for "tens of millions of data points worldwide," Predicta Lab CEO Baptiste Robert said. Much of the data collection is occurring through the advertising ecosystem, specifically a process called real-time bidding (RTB), suggesting that even app developers' may not be aware of the practice. That said, it's currently unclear how Gravy Analytics put together the massive trove of location data, and whether the company collected the data itself or from other data brokers. News of the breach comes weeks after the Federal Trade Commission banned Gravy Analytics and Venntel from collecting and selling Americans' location data without consumers' consent.CISA Issues a Series of Security Guidance The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging Operational Technology (OT) owners and operators to integrate secure-by-design elements into their procurement process by selecting manufacturers who prioritize security and meet various compliance standards. It's also advising companies to better detect and defend against advanced intrusion techniques by making use of Microsoft's newly introduced expanded cloud logs in Purview Audit (Standard). Separately, the agency has updated its Product Security Bad Practices guide to include three new bad practices on the use of known insecure or deprecated cryptographic functions, hard-coded credentials, and product support periods. "Software manufacturers should clearly communicate the period of support for their products at the time of sale," CISA said. "Software manufacturers should provide security updates through the entire support period." Lastly, it called on the U.S. government to take the necessary steps to bolster cybersecurity by closing the software understanding gap that, combined with the lack of secure-by-design software, can lead to the exploitation of vulnerabilities. The guidance comes as the European Union's Digital Operational Resilience Act, or DORA, entered into effect on January 17, 2025, requiring both financial services firms and their technology suppliers to improve their cybersecurity posture.Researchers Demonstrate Antifuse-based OTP Memory Attack A new study has found that data bits stored in an off-the-shelf Synopsys antifuse memory block used in Raspberry Pi's RP2350 microcontroller for storing secure boot keys and other sensitive configuration data can be extracted, thereby compromising secrets. The method relies on a "well-known semiconductor failure analysis technique: passive voltage contrast (PVC) with a focused ion beam (FIB)," IOActive said, adding the "the simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory bitcell rows sharing common metal 1 contacts." In a hypothetical physical cyber attack, an adversary in possession of an RP2350 device, as well as access to semiconductor deprocessing equipment and a focused ion beam (FIB) system, could extract the contents of the antifuse bit cells as plaintext in a matter of days.Biden Administration Issues Executive Order to Improve U.S. Cybersecurity Outgoing U.S. President Joe Biden signed a sweeping executive order that calls for securing federal communications networks against foreign adversaries; issuing tougher sanctions for ransomware gangs; requiring software and cloud providers to develop more secure products and follow secure software development practices; enabling encryption by default across email, instant messaging, and internet-based voice and video conferencing; adopting quantum-resistant encryption within existing networks; and using artificial intelligence (AI) to boost America's cyber defense capabilities. In a related development, the Commerce Department finalized a rule banning the sale or import of connected passenger vehicles that integrate certain software or hardware components from China or Russia. "Connected vehicles yield many benefits, but software and hardware sources from the PRC and other countries of concern pose grave national security risks," said National Security Advisor Jake Sullivan, noting the rule aims to protect its critical infrastructure and automotive supply chain. The White House said the move will help the U.S. defend itself against Chinese cyber espionage and intrusion operations. Over the past week, the Biden administration has also released an Interim Final Rule on Artificial Intelligence Diffusion that seeks to prevent the misuse of advanced AI technology by countries of concern. Expert WebinarSimplify, Automate, Secure: Digital Trust for EnterprisesManaging digital trust isn't just a challengeit's mission-critical. Hybrid systems, DevOps workflows, and compliance demands have outgrown traditional tools. DigiCert ONE is here to change the game.In this webinar, you'll discover how to:Simplify: Centralized certificate management to reduce complexity and risk.Automate: Streamline trust operations across systems.Secure: Meet compliance demands with advanced tools.Modernize: Keep up with DevOps with smarter software signing.From IoT to enterprise IT, DigiCert ONE equips you to secure every stage of digital trust. Watch NowP.S. Know someone who could use this? Share it. Cybersecurity ToolsAD-ThreatHunting: Detect and stop threats like password sprays, brute force attacks, and admin misuse with real-time alerts, pattern recognition, and smart analysis tools. With features like customizable thresholds, off-hours monitoring, and multi-format reporting, staying secure has never been easier. Plus, test your defenses with built-in attack simulations to ensure your system is always ready.OSV-SCALIBR: It is a powerful open-source library that builds on Google's expertise in vulnerability management, offering tools to secure your software at scale. It supports scanning installed packages, binaries, and source code across Linux, Windows, and Mac, while also generating SBOMs in SPDX and CycloneDX formats. With advanced features like container scanning, weak credential detection, and optimization for resource-constrained environments, OSV-SCALIBR makes it easier than ever to identify and manage vulnerabilities. Tip of the WeekMonitor, Detect, and Control Access with Free Solutions In today's complex threat landscape, advanced, cost-effective solutions like Wazuh and LAPS offer powerful defenses for small-to-medium enterprises. Wazuh, an open-source SIEM platform, integrates with the Elastic Stack for real-time threat detection, anomaly monitoring, and log analysis, enabling you to spot malicious activities early. Meanwhile, LAPS (Local Administrator Password Solution) automates the rotation and management of local admin passwords, reducing the risk of privilege escalation and ensuring that only authorized users can access critical systems. Together, these tools provide a robust, multi-layered defense strategy, giving you the ability to detect, respond to, and mitigate threats efficiently without the high cost of enterprise solutions.ConclusionThe digital world is full of challenges that need more than just staying alertthey need new ideas, teamwork, and toughness. With threats coming from governments, hackers, and even people inside organizations, the key is to be proactive and work together. This recap's events show us that cybersecurity is about more than defense; it's about creating a safe and trustworthy future for technology.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The governments infrastructure watchdog has given the projects a red rating in its annual report, published on Thursday (16 January), meaning they have major issues with project definition, schedule, budget, quality and/or benefits delivery.The New Hospital Programme, which was touted to deliver 40 new hospitals by 2030 and to rebuild a further five hospitals largely made with Reinforced Autoclaved Aerated Concrete, was also given a red rating.The report defines red-rated projects as those where: Successful delivery [] appears to be unachievable. There are major issues with project definition, schedule, budget, quality and/or benefits delivery, which at this stage do not appear to be manageable or resolvable.Adjaye Associates plans for a Holocaust Memorial and Learning Centre in Victoria Tower Gardens has been given a red rating for the consecutive third year. The project remains on hold while the government tries to overturn a Victorian law prohibiting construction in the gardens.AdvertisementThe Holocaust Memorial Bill was reintroduced by the government in July 2024, more than two years after the High Court ruled to uphold the London County Council (Improvements) Act 1900, which holds the site cannot be built on.Meanwhile, HS2 Phase 1 remains under construction, including stations at Old Oak Common, Solihull and Birminghams Curzon Street designed by WilkinsonEyre, Arup and Grimshaw respectively.The mega-project is not due to complete until the early 2030s and, as plans stand, will not carry passengers into central London. The development of an HS2 terminus at Euston Station is still shrouded in uncertainty as stakeholders consider how to build a more affordable scheme.Other projects given a red rating in the IPAs annual report include the UK Health Security Agencys plans for a science hub in Harlow. Last year the National Audit Office said the cost of the project had increased sixfold, to 3.2 billion, with an opening date of 2036 at the earliest.In a foreword to the report, Georgina Gould, parliamentary secretary at the Cabinet Office, repeated the governments pledge to publish a national infrastructure strategy in spring, saying that it would set out government investment in schools and hospitals as well as energy and transport projects.AdvertisementGould also hailed the forthcoming creation of a National Infrastructure and Service Transformation Authority, which is set to combine the functions of the IPA and National Infrastructure Commission.She said the body would have an enhanced role in supporting major projects, bringing oversight of strategy and delivery into one organisation, developing and implementing our 10-year national infrastructure strategy and driving more effective delivery of infrastructure across the country.2025-01-20Will Ingcomment and share