Jan 23, 2025Ravie LakshmananThreat Intelligence / Data BreachAn analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads.The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024."These two payload samples are identical except for victim specific data and the attacker contact details," security researcher Jim Walter said in a new report shared with The Hacker News.Both HellCat and Morpheus are nascent entrants to the ransomware ecosystem, having emerged in October and December 2024, respectively.A deeper examination of the Morpheus/HellCat payload, a 64-bit portable executable, has revealed that both samples require a path to be specified as an input argument.They are both configured to exclude the \Windows\System32 folder, as well as a hard-coded list of extensions from the encryption process, namely .dll, .sys, .exe, .drv, .com, and .cat, from the encryption process."An unusual characteristic of these Morpheus and HellCat payloads is that they do not alter the extension of targeted and encrypted files," Walter said. "The file contents will be encrypted, but file extensions and other metadata remain intact after processing by the ransomware."Furthermore, Morpheus and HellCat samples rely on the Windows Cryptographic API for key generation and file encryption. The encryption key is generated using the BCrypt algorithm.Barring encrypting the files and dropping identical ransom notes, no other system modifications are made to the affected systems, such as changing the desktop wallpaper or setting up persistence mechanisms.SentinelOne said the ransom notes for HellCat and Morpheus follow the same template as Underground Team, another ransomware scheme that sprang forth in 2023, although the ransomware payloads themselves are structurally and functionally different."HellCat and Morpheus RaaS operations appear to be recruiting common affiliates," Walter said. "While it is not possible to assess the full extent of interaction between the owners and operators of these services, it appears that a shared codebase or possibly a shared builder application is being leveraged by affiliates tied to both groups."The development comes as ransomware continues to thrive, albeit in an increasingly fragmented fashion, despite ongoing attempts by law enforcement agencies to tackle the menace."The financially motivated ransomware ecosystem is increasingly characterized by the decentralization of operations, a trend spurred by the disruptions of larger groups," Trustwave said. "This shift has paved the way for smaller, more agile actors, shaping a fragmented yet resilient landscape."Data shared by NCC Group shows that a record 574 ransomware attacks were observed in December 2024 alone, with FunkSec accounting for 103 incidents. Some of the other prevalent ransomware groups were Cl0p (68), Akira (43), and RansomHub (41)."December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head," Ian Usher, associate director of Threat Intelligence Operations and Service Innovation at NCC Group, said."The rise of new and aggressive actors, like FunkSec, who have been at the forefront of these attacks is alarming and suggests a more turbulent threat landscape heading into 2025."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risksdownload the full report here.New research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to.For instance, one standout statistic from the report is that 45% of third-party applications access sensitive user information without good reason. Although third-party apps may be essential for marketing and functionality purposes, not all of them need access to the kind of personal and financial user information that cybercriminals are hunting for. It's safer to limit apps' access to it on a need-to-know basis.For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart below strongly suggests that they will)Sensitive Data ExposureThe chart below, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories, and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing users' sensitive personal, financial, and health information is a good place to start for a quick win, but the report reveals many others.For instance, it looks at app popularity as a risk factor:It's generally accepted that more popular apps are safer. This is based on the idea that if an app has been around for a long time and developed a sizable user base then user communities and security professionals will have reached an accurate conclusion about its reputation. They will know whether it's robust and if its developers can be trusted to use modern coding practices, issue improvement updates, and quickly patch bugs. Less popular apps are more likely to be neglected and are at greater risk of compromise, so they shouldn't be trusted to access personal user data. On that basis, a popular app is seen as less risky than one that appeared yesterday.The chart above shows that:Leisure and Hospitality industry websites integrate an average of just over two unpopular apps. Online Retail and Entertainment include around one. If owners haven't established that these apps are safe, they would be best advised to disable them and use alternatives until they have. Taking simple steps like these will reduce their overall web exposure score.Tracking TechnologiesThat said, even well-established third-party apps can increase an organization's level of web exposure, particularly tracking apps, as the chart below shows: The Facebook and TikTok pixels, for example, have been known to collect private user information after being misconfigured. This is why the research covers the prevalence of these and other tracking technologies on various industry websites, but an interesting thing about it (and about the Reflectiz data-gathering exercise that informed it) is the fact that the sheer number of trackers or pixels deployed doesn't necessarily reveal the whole picture.For instance, looking at the chart below it may seem that Publishing industry websites pose the greatest risk to user privacy because they average around 12 trackers each. While they might appear to offer twice as many data stealing opportunities to malicious actors as healthcare websites, with just under six trackers each, there are more factors to consider.Although these findings should prompt publishers to review their use of tracking technologies because of the privacy risks, they should also take the chart below as a cue to ask where these pixels are being deployed and by whom. The report doesn't just reveal potentially compromising practices, it also encourages businesses to appreciate the importance of context. In this case, the context includes what is being done, and which department is doing it:The State of Web Exposure 2025 found that marketing and digital departments are more likely to instigate risk, such as tracking pixels in payment iFrames for no reason. This is an inherently more dangerous context than running a pixel on a page full of static images because if it's modified by malicious actors, it has a better chance of stealing user payment data. (It may also be a riskier context than a healthcare website, which will tend to attract more attacks by malicious actors.) Therefore, a publishing business looking to reduce its overall web exposure should prioritize best-practice training for staff in its marketing department.The Bottom LineThe report turns up many interesting insights: Entertainment industry websites experience almost twice as much malicious activity as Finance industry sites, for example. Education industry sites are exposed to high risk due to their overreliance on public content delivery networks. As such insights pile up, it becomes clear that companies across industries wishing to reduce their web exposure can't take a one-size-fits-all approach. The context of the risk factors affecting them will shape their responses to them. The report reveals that each industry faces a landscape of dynamically shifting risk variables, and the need to turn them into actionable priorities is what prompted Reflectiz to pioneer an innovative technology called Exposure Rating. It analyzes the huge number of data points it gathers from scanning millions of websites by considering each risk factor in context, adds them together to create an overall level of risk, and expresses this as a simple grade, from A to F, with added remediation advice. It's an easy-to-understand way of identifying the security priorities for each organization, focusing their attention where it's most needed, and benchmarking their performance against industry peers.Download the full research report here. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Lisa Morgan, Freelance WriterJanuary 23, 202510 Min ReadPanther Media GmbH via Alamy StockArtificial Intelligence is virtually everywhere, whether enterprises have an AI strategy or not. As AI capabilities continue to get more sophisticated, businesses are trying to capitalize on it, but they havent done enough foundational work to succeed. While its true that companies have been increasing their AI budgets over the last several years, its become clear that the ROI of such efforts varies significantly, based on many dynamics, such as available talent, budget, and a sound strategy. Now, organizations are questioning the value of such investments to the point of pulling back in 2025.According to Anand Rao, distinguished service professor, applied data science andartificial Intelligence at Carnegie Mellon University, the top three challenges are ROI measurement, realization, and maintenance.If the work Im doing takes three hours and now it takes a half an hour, thats easily quantifiable, [but] human performance is variable, says Rao. The second way is having a baseline. We don't [understand] human performance, but we are saying AI is 95% better than a human, but which human? The top-most performer, an average performer, or the new employee?When it comes to realizing ROI, there are different ways to look at it. For example, if AI saves 20% of five peoples time, perhaps one could be eliminated. However, if those five people are now spending more time on higher value tasks, then it would be unwise to let any of them go because they are providing more value to the business.Related:The other challenge is maintenance because AI models need to be monitored and maintained to remain trustworthy. Also, as humans use AI more frequently, they get more adept at doing so while AI is learning from the human, which may increase performance. Enterprises are not measuring that either, Rao says.[T]here's a whole learning curve happening between the human and the AI, and independently the two. That might mean that you may not be able to maintain your ROI, because it may increase or decrease from the base point, says Rao.Anand Rao, Carnegie Mellon UniversityTheres also a time element. For example, ChatGPT-4 was introduced in March 2023, but enterprises werent ready for it, but in six months or less, businesses had started investing systematically to develop their AI strategy. Nevertheless, theres still more to do.[T]he crucial fact is that we are still in the very early days of this technology, and things are moving very quickly, says Beatriz Sanz Saiz, global consulting data and AI Leader at business management consulting firm EY. Enterprises should become adept at measuring value realization, risk and safety. CIOs need to rethink a whole set of metrics because they will need to deliver results. Many organizations have a need for a value realization office, so that for everything they do, they can establish metrics upfront to be measured against, whether that is cost savings, productivity, new revenue growth, market share, employee satisfaction [or] customer satisfaction.Related:The GenAI ImpactWhile many enterprises have had plenty of success with traditional AI, Kjell Carlsson, head of AI strategy at enterprise MLOps platform Domino Data Lab, estimates that 90% of GenAI initiatives are not delivering results that move the needle on a sustained basis, nor are they on track to do so.[M]ost of these organizations are not going after use cases that can deliver transformative impact, nor do they have the prerequisite AI engineering capabilities to deliver production-grade AI solutions, says Carlsson. Many organizations are under the misconception that merely making private instances of LLMs and business apps with embedded GenAI capabilities available to business users and developers is an effective AI strategy. It is not. While there have been productivity gains from these efforts, in most cases, these have been far more modest than expected and have plateaued quickly.Related:Though GenAI has many similarities to driving business value with traditional AI and machine learning, it requires expert teams that can design, develop, operationalize and govern AI applications that rely on complex AI pipelines. These pipelines combine data engineering, prompt engineering, vector stores, guardrails, upstream and downstream ML and GenAI models, and integrations with operational systems.Successful teams have evolved their existing data science and ML engineering capabilities into AI product and AI engineering capabilities that allow them to build, orchestrate and govern extremely successful AI solutions, says Carlsson.Kjell Carlsson, Domino Data LabSound tech strategies identify a business problem and then select the technologies to solve it, but with GenAI, users have been experimenting before they define a problem to solve or expected payoff.[W]e believe there is promise of transformation with AI, but the practical path is unclear. This shift has led to a lack of focus and measurable outcomes, and the derailment of plenty of AI efforts in the first wave of AI initiatives, says Brian Weiss, chief technology officer at hyperautomation and enterprise AI infrastructure company Hyperscience. In 2025, we anticipate a more pragmatic or strategic approach where generative AI tools will be used to deliver value by attaching to existing solutions with clearly measurable outcomes, rather than simply generating content. [T]he success of AI initiatives hinges on a strategic approach, high-quality data, cross-functional collaboration and strong leadership. By addressing these areas, enterprises can significantly improve their chances of achieving meaningful ROI from their AI efforts.Andreas Welsch, founder and chief AI strategist at boutique AI strategy firm Intelligence Briefing, says early in the GenAI hype cycle, organizations were quick to experiment with the technology. Funding was made available, and budgets were consolidated to explore what the technology could offer, but they didnt need to deliver ROI. Times have changed.Organizations who have been stuck in the exploration phase without assessing the business value first, are now caught off guard when the use case does not deliver a measurable return, says Welsch. Set up a formal process and governance that assess the business value and measurable return of an AI product or project prior to starting. Secure stakeholder buy-in and establish a regular cadence to measure progress, ensure continued support or stop the project, [and] assess existing applications in your company. Which of those offers AI capabilities that you are not using yet? You dont need to build every app from scratch.Many Potholes to NavigateJamie Smith, CIO at University of Phoenix, says the cost of AI is being reflected more frequently in SaaS contracts, whether the contracts specify it or not.Weve seen this in the past 6 months, as the cost to compute using AI rises and rises and is set to continue to do so as models grow more robust -- and therefore more power hungry. SaaS providers are looking at their utility bills and passing the cost to businesses, says Smith. As a result, SaaS contracts -- and partnerships more broadly -- are going to come under a lot more scrutiny. If these costs are rising, then partners productivity needs to match.Edward Smyshliaiev, chief technology officer at Hedgefun:D says many organizations derail their AI ROI though a combination of overambition, under-preparation and a lack of alignment between AI teams and business leaders.AI isnt a magic wand; its a tool. To wield it effectively, companies need to ensure data pipelines are clean and reliable and invest in training staff to interpret and act on AI outputs, says Smyshliaiev. A shared vision between AI teams and leadership is critical -- everyone must know what success looks like and how to measure it.Sean Bhardwaj, managing partner at strategic consulting firm Breakthrough Growth Partners is a fractional chief AI officer and strategist. In this role, hes observed that two of the top reasons enterprises arent realizing better ROI on their AI initiatives is because they lack a foundational strategy and focus on the human side of AI adoption.For example, one of his clients wanted to implement AI-driven customer recommendations, only to discover mid-project that the data infrastructure couldnt support it. Similarly, organizations often assume that teams will adopt AI enthusiastically, which isnt necessarily the case.Planning for adoption with training and incentives is essential to see real engagement and impact, says Bhardwaj. I advise companies to see each stage as an investment in capability-building, with each phase laying the groundwork for the next.All too often, organizations discard AI initiatives that dont meet initial expectations rather than rethinking their approach.John Bodrozic, co-founder and CIO at homeowner lifecycle platform HomeZada, has observed that enterprises are relying solely on standalone AI to solve problems or find new growth opportunities, but they are ultimately being led by development teams and not product management teams.There are so many areas where AI can impact bottom-line cost savings and top line revenue growth, but only when these use-case scenarios are explored by cross-functional teams that combine software and AI development specialists with members of the functional team, says Bodrozic. Without this direct interaction, ROI from AI is challenging at best.The Business ViewA 2023 Gartner report found that only 54% of AI projects get past the proof-of-concept phase, and many of those fail to deliver on the promised financial or operational impact. According to Ed Gaudet, CEO and founder of health care risk management solution provider Censinet, companies may believe that AI will make everything better, but they never specify what better means.Enterprises must take a phased, strategic approach [that requires] defining clear use cases that have actual business value like the automation of a drudgery, supply chain optimization, or leveraging chatbots to meet better customer experience. Secondly, organizations need to create structural capabilities like a good data governance framework, scalable infrastructure and strong developer and engineering skills. Companies that train their employees in AI have a 43% higher success rate deploying AI projects.Nicolas Mougin, consulting and support director at global cloud platform Esker, credits rushed implementations as a reason for ROI shortfalls.The pressure to stay competitive in a rapidly evolving technological landscape drives many organizations to implement AI without sufficient planning. Instead of conducting thorough needs assessments or piloting solutions, businesses often rush to deploy tools in the hope of gaining an edge, says Mougin. However, hastily executed projects overlook key considerations such as data readiness, scalability or user adoption.Edward Starkie, director, GRC at global risk intelligence company Thomas Murray, believes that most organizations are not in a suitable position to be able to adopt AI and exploit it to its fullest extent.To be successful there is a level of maturity that is required which [depends] upon having the necessary mechanisms supporting the design, creation and maintenance of the technology in a field which is short of genuine expertise, says Starkie. [E]specially at board level, a lack of education is a key contributing factor. [Mandates] are being issued without the without understanding the importance of the core components being in place.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

The show must go on. And so, despite all of the devastation and tragedy in Southern California in recent weeks, its time to announce the nominees for this years Academy Awards.As usual, the nominees include a mix of expected names and surprises. I was happily surprised to see so many nominations forThe Substance, the disturbing and funny body horror comedy starring Demi Moore as a fading star who takes a mysterious drug that restores her youth at a terrible cost. The film was nominated for five Oscars, including Best Picture, Best Original Screenplay, Best Makeup and Hairstyling, Best Actress for Moore, and Best Director forCoralie Fargeat.On the other hand, I was shocked by several omissions.The striking point-of-view cinematography ofNickel Boys was overlooked, as was the unforgettable score toChallengers.And there were a lot ofnominations for the Bob Dylan biopicA Complete Unknown: Picture, Director, Adapted Screenplay, Actor, Supporting Actor, Supporting Actress, Sound, and Costume Design.The winners of the 2025 Oscars will be announced live on ABC and Hulu on March 2. The show will be hosted by Conan OBrien.FocusFocusloading...READ MORE: The 12 Worst Oscar Wins in HistoryBest PictureAnoraThe BrutalistA Complete UnknownConclaveDune: Part TwoEmilia PerezIm Still HereNickel BoysThe SubstanceWickedBest DirectorSean Baker, AnoraBrady Corbet, The BrutalistJames Mangold, A Complete UnknownJacques Audiard, Emilia PerezCoralie Fargeat, The SubstanceA24A24loading...Best ActorAdrien Brody, The BrutalistTimothee Chalamet, A Complete UnknownColman Domingo, Sing SingRalph Fiennes, ConclaveSebastian Stan, The ApprenticeBest ActressCynthia Erivo, WickedKarla Sofia Gascon, Emilia PerezMikey Madison, AnoraDemi Moore, The SubstanceFernanda Torres, Im Still HereSearchlightSearchlightloading...Best Supporting ActorYura Borisov, AnoraKieran Culkin, A Real PainEdward Norton, A Complete UnknownGuy Pearce, The BrutalistJeremy Strong, The ApprenticeBest Supporting ActressMonica Barbaro, A Complete UnknownAriana Grande, WickedFelicity Jones, The BrutalistIsabella Rossellini, ConclaveZoe Saldana, Emilia PerezNeonNeonloading...Best Original ScreenplayAnoraThe BrutalistA Real PainSeptember 5The SubstanceBest Adapted ScreenplayA Complete UnknownConclaveEmilia PerezNickel BoysSing SingUniversal Pictures / DreamWorks AnimationUniversal Pictures / DreamWorks Animationloading...Best Animated FeatureFlowInside Out 2Memoir of a SnailWallace & Gromit: Vengeance Most FowlThe Wild RobotBest International FeatureIm Still HereThe Girl With the NeedleEmilia PerezThe Seed of the Sacred FigFlowBest Live Action ShortA LienAnujaIm Not a RobotThe Last RangerThe Man Who Could Not Remain SilentEMILIA PREZNetflixloading...Best Original ScoreThe BrutalistConclaveEmilia PerezWickedThe Wild RobotBest Original SongEl Mal, Emilia PerezThe Journey, The Six Triple EightLike a Bird, Sing SingMi Camino, Emilia PerezNever Too Late, Elton John: Never Too LateBest Documentary FeatureBlack Box DiariesNo Other LandPorcelain WarSoundtrack to a Coup dEtatSugarcaneDUNE 2Warner Bros.loading...Best SoundA Complete UnknownDune: Part TwoEmilia PerezWickedThe Wild RobotBest Production DesignThe BrutalistConclaveDune: Part TwoNosferatuWickedBest Documentary ShortDeath By NumbersI Am Ready, WardenIncidentInstruments of a Beating HeartThe Only Girl in the OrchestraFocusFocusloading...Best CinematographyThe BrutalistDune: Part TwoEmilia PerezMariaNosferatuBest Makeup and HairstylingA Different ManEmilia PerezNosferatuThe SubstanceWickedBest Animated ShortBeautiful MenIn the Shadow of the CypressMagic CandiesWander to WonderYuck!WICKEDUniversalloading...Best Costume DesignA Complete UnknownConclaveGladiator IINosferatuWickedBest Film EditingAnoraThe BrutalistConclaveEmilia PerezWickedBest Visual EffectsAlien: RomulusBetter ManDune: Part TwoKingdom of the Planet of the ApesWickedGet our free mobile appPeople Who Won Oscars To Make Up For Awards They Should Have Won in the PastSometimes, we can speculate that the Academy awards certain performances not because they're the best, but because they should have won long before.

Time zones: SBT (UTC +11), GMT (UTC +0), MSK (UTC +3), CEST (UTC +2), BST (UTC +1), JST (UTC +9), CST (UTC +8), WIB (UTC +7), MMT (UTC +6:30), BST (UTC +6), NPT (UTC +5:45), IST (UTC +5:30), UZT (UTC +5), IRDT (UTC +4:30), GST (UTC +4)We are looking for an experienced, forward-thinking, and results-driven Head of Product to lead Toggls product organisation through a transformational phase. As Head of Product, you will play a pivotal role in driving Toggls growth from $20M to $50M ARR by leading its transition from a time-tracking-centric tool to an integrated suite of products, ensuring each aligns with company objectives, market trends, and customer needs.The annual salary for this role is 130,000 with yearly increases based on performance, and participation in the company-wide performance-based bonus plan.You can work from anywhere in Europe.Your ability to balance strategic leadership with hands-on expertise, particularly in product-led growth and B2B SaaS, will be critical. You will align diverse product teams, ensure impactful product initiatives, and guide Toggls evolution into a cohesive suite of products.About the TeamWe are a global team of 130+ awesome people working from over 40 countries around the globe. We hire globally, you work locallyin the heart of London, a beach outside of Ro de Janeiro, or a quiet village near Florence, the choice is yours. Every few months we travel to meet up somewhere in the world and spend some quality time together. We place a huge amount of trust in our people, and we measure the outcomes rather than the work itself. Our values fuel our results.The RoleAs the Head of Product at Toggl, you will:Define and execute a product strategy driving Toggls short and long term revenue goals and company mission.Identify opportunities to expand into upmarket segments while retaining a strong foothold in SMBs.Optimise growth through data-driven decision-making, leveraging product analytics, A/B testing, and customer insights to identify opportunities and enhance user engagement.Champion lean research methodologies to ensure efficient, evidence-based decision-making without overburdening teams with unnecessary processes.Balance data-driven methods with an instinctive understanding of, and obsession for, beautiful customer experiences.Partner with Marketing, Sales, and Customer Success to optimise customer acquisition, retention, and expansion. Collaborate with the executive team to define go-to-market and revenue strategies.Lead by example**:** Be hands-on when necessary, offering direct guidance to identify and resolve product issues efficiently. Mentor a diverse group of product managers and designers, cultivating a culture of strategic partnership where both roles play a key role in user research and discoveryImprove execution speed while maintaining high standards, instilling a culture of delivering thoughtful, ambitious MVPs and creating scalable, repeatable processes for experimentation and implementation that reduce ambiguity and facilitate effective decision-making.About YouWed love to hear from you if you have:Proven experience in B2B SaaS and PLG environments, ideally in companies scaling between $20M-$50M ARR.Strong product sense, with an instinctive ability to identify what makes a great product and guide teams to execute accordingly.Proven success balancing upmarket expansion with SMB self-serve growth in a SaaS environment, with a nuanced understanding of their differing needs.Excellent situational leadership skills, knowing when to delegate, coach, or step in to address challenges.Comfortable navigating both strategic and tactical aspects of product leadership, with the ability to zoom in and out as needed.A confident yet pragmatic approach to experimentation, where decisions are made boldly, validated thoughtfully, and where outcomes, whether success or failure, are owned and learned from.An expert communicator, capable of translating complex product strategies into clear, actionable plans for diverse audiences within the company.BenefitsFreedom to choose when and how much you work - we only measure results24 days of paid time off a year, plus your local holidaysUnlimited sick leaveIn-person meetups for team-building (expenses covered)4-6 weeks paid sabbatical (depending on the tenure)Laptop budget up to 2,500 and it renews every 3 years2,000 budget to set up your home office, and additional 300 every year after 3 years of tenure3,000 per year for co-working space membership and/or internet service at home4,000 per year contribution to use for training, workshops, and conferences2,400 per year contribution for any equipment or services to improve and/or maintain your physical and mental healthSupport for buying tools you need for doing your best work (even eyeglasses if you need a new pair)

This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. This is what might happen if the US withdraws from the WHO On January 20, his first day in office, US president Donald Trump signed an executive order to withdraw the US from the World Health Organization. The US is the biggest donor to the WHO, and the loss of this income is likely to have a significant impact on the organization, which develops international health guidelines, investigates disease outbreaks, and acts as an information-sharing hub for member states. But the US will also lose out. Read the full story.Jessica HamzelouWhy the next energy race is for underground hydrogen It might sound like something straight out of the 19th century, but one of the most cutting-edge areas in energy today involves drilling deep underground to hunt for materials that can be burned for energy. The difference is that this time, instead of looking for fossil fuels, the race is on to find natural deposits of hydrogen. In an age of lab-produced breakthroughs, it feels like something of a regression to go digging for resources. But looking underground could help meet energy demand while also addressing climate change. Read the full story.Casey Crownhart This article is from The Spark, MIT Technology Reviews weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here. Cattle burping remedies: 10 Breakthrough Technologies 2025 Companies are finally making real progress on one of the trickiest problems for climate change: cow burps. The worlds herds of cattle belch out methane as a by-product of digestion, as do sheep and goats. That powerful greenhouse gas makes up the single biggest source of livestock emissions, which together contribute 11% to 20% of the worlds total climate pollution, depending on the analysis. Enter the cattle burping supplement. DSM-Firmenich, a Netherlands-based conglomerate, says its Bovaer food supplement significantly reduces the amount of methane that cattle belchand its now available in dozens of countries. Read the full story.James Temple Cattle burping remedies is one of our 10 Breakthrough Technologies for 2025, MIT Technology Reviews annual list of tech to watch. Check out the rest of the list, and cast your vote for the honorary 11th breakthrough. The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 Tech leaders are squabbling over Trumps new Stargate AI project Musk says its backers dont have enough money. Satya Nadella and Sam Altman disagree. (The Guardian)+ Its far from the first time Musk and Altman have clashed. (Insider $)+ The scrap could threaten Musks cordial relationship with Donald Trump. (FT $) 2 Trump has threatened to withhold aid from California He falsely claimed the states officials have been refusing to fight the fires with water. (WP $)+ A new fire broke out along the Ventura County border last night. (LA Times $)3 Redditors are weighing up banning links to X In response to Elon Musks salute. (404 Media)+ Not everyone agrees that the boycott will have the desired effect, though. (NYT $)4 How right-leaning male YouTubers helped to elect TrumpYoung men are responding favorably to content painting them as powerless. (Bloomberg $) 5 Why the US isnt handing out bird flu vaccines right now Its not currently being treated as a priority. (Wired $)+ How the US is preparing for a potential bird flu pandemic. (MIT Technology Review)6 Why you might be inadvertently following Trump on social media And why it may take a while for Meta to honor requests to unfollow. (NYT $)+ The company has denied secretly adding users to Trumps followers list. (Insider $)+ Handily enough, Trump has ordered the US government to stop pressuring social media firms. (WP $)7 Investors interest in weight-loss drugs is waningA disappointing trial and falling sales spell bad news for the sector. (FT $) + Drugs like Ozempic now make up 5% of prescriptions in the US. (MIT Technology Review)8 A software engineer is trolling OpenAI with a new domain nameAnanay Arora registered OGOpenAI.com to redirect to a Chinese AI lab. (TechCrunch) 9 Macbeth is being turned into an interactive video game The Scottish play is being given a 21st century makeover. (The Verge) 10 Why measuring the quality of your sleep is so tough Not everyone agrees on what counts as good sleep, for a start. (New Scientist $)Quote of the day I acknowledge that this action is largely just virtue signalling. But if somebody starts popping off Nazi salutes at the presidential inauguration of a purported first world country, then virtue signalling is the least I can do. A Reddit moderator explains their decision to ban links to X in their forum after Elon Musks gestures at a post-inauguration rally this week, NBC News reports. The big story Welcome to Chula Vista, where police drones respond to 911 calls February 2023 In the skies above Chula Vista, California, where the police department runs a drone program, its not uncommon to see an unmanned aerial vehicle darting across the sky. Chula Vista is one of a dozen departments in the US that operate what are called drone-as-first-responder programs, where drones are dispatched by pilots, who are listening to live 911 calls, and often arrive first at the scenes of accidents, emergencies, and crimes, cameras in tow. But many argue that police forces adoption of drones is happening too quickly, without a well-informed public debate around privacy regulations, tactics, and limits. Theres also little evidence that drone policing reduces crime. Read the full story. Patrick Sisson We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet 'em at me.) + If you were struck by the beautiful scenery in The Brutalist, check out where it was filmed.+ This newly-unearthed, previously unreleased Tina Turner track is a banger.+ What to expect from the art world in the next 12 months.+ Let's take a look at this years potential runners and riders for the Oscars.

On January 20, his first day in office, US president Donald Trump signed an executive order to withdraw the US from the World Health Organization. Ooh, thats a big one, he said as he was handed the document. The US is the biggest donor to the WHO, and the loss of this income is likely to have a significant impact on the organization, which develops international health guidelines, investigates disease outbreaks, and acts as an information-sharing hub for member states. But the US will also lose out. Its a very tragic and sad event that could only hurt the United States in the long run, says William Moss, an epidemiologist at the Johns Hopkins Bloomberg School of Public Health in Baltimore. A little unfair? Trump appears to take issue with the amount the US donates to the WHO. He points out that it makes a much bigger contribution than China, a country with a population four times that of the US. It seems a little unfair to me, he said as he prepared to sign the executive order. It is true that the US is far and away the biggest financial supporter of the WHO. The US contributed $1.28 billion over the two-year period covering 2022 and 2023. By comparison, the second-largest donor, Germany, contributed $856 million in the same period. The US currently contributes 14.5% of the WHOs total budget. But its not as though the WHO sends a billion-dollar bill to the US. All member states are required to pay membership dues, which are calculated as a percentage of a countrys gross domestic product. For the US, this figure comes to $130 million. China pays $87.6 million. But the vast majority of the USs contributions to the WHO are made on a voluntary basisin recent years, the donations have been part of multibillion-dollar spending on global health by the US government. (Separately, the Bill and Melinda Gates Foundation contributed $830 million over 2022 and 2023.) Its possible that other member nations will increase their donations to help cover the shortfall left by the USs withdrawal. But it is not clear who will step upor what implications it might have to the structure of donations. Martin McKee, professor of European public health at the London School of Hygiene at Tropical Medicine, thinks it is unlikely that European members will increase their contributions by much. The Gulf states, China, India, Brazil, and South Africa, on the other hand, may be more likely to pay more. But again, it isnt clear how this will pan out, or whether any of these countries will expect greater influence over global health policy decisions as a result of increasing their donations. Deep impacts WHO funds are spent on a range of global health projectsprograms to eradicate polio, rapidly respond to health emergencies, improve access to vaccines and medicines, develop pandemic prevention strategies, and more. The loss of US funding is likely to have a significant impact on at least some of these programs. It is not clear which programs will lose funding, or when they will be affected. The US is required to give 12 months notice to withdraw its membership, but voluntary contributions might stop before that time is up. For the last few years, WHO member states have been negotiating a pandemic agreement designed to improve collaboration on preparing for future pandemics. The agreement is set to be finalized in 2025. But these discussions will be disrupted by the US withdrawal, says McKee. It will create confusion about how effective any agreement will be and what it will look like, he says. The agreement itself also wont make as big an impact without the US as a signatory, says Moss, who is also a member of a WHO vaccine advisory committee. The US would not be held to information-sharing standards that other countries could benefit from, and it might not be privy to important health information from other member nations. The global community might also lose out on the USs resources and expertise. Having a major country like the United States not be a part of that really undermines the value of any pandemic agreement, he says. McKee thinks that the loss of funding will also affect efforts to eradicate polio and to control outbreaks of mpox in the Democratic Republic of Congo, Uganda, and Burundi, which continue to report hundreds of cases per week. The virus has the potential to spread, including to the US, he points out. Moss is concerned about the potential for the spread of vaccine-preventable diseases. Robert F. Kennedy Jr., Trumps pick to lead the Department of Health and Human Services, is a prominent antivaccine advocate, and Moss worries about potential changes to vaccination-based health policies in the US. That, combined with a weakening of the WHOs ability to control disease outbreaks, could be a double whammy, he says: Were setting ourselves up for large measles disease outbreaks in the United States. At the same time, the US is up against another growing threat to public health: the circulation of bird flu on poultry and dairy farms. The US has seen outbreaks of the H5N1 virus on poultry farms in all states, and the virus has been detected in 928 dairy herds across 16 states, according to the US Centers for Disease Control and Prevention. There have been 67 reported human cases in the US, and one person has died. While we dont yet have evidence that the virus can spread between people, the US and other countries are already preparing for potential outbreaks. But this preparation relies on a thorough and clear understanding of what is happening on the ground. The WHO provides an important role in information sharingcountries report early signs of outbreaks to the agency, which then shares the information with its members. This kind of information not only allows countries to develop strategies to limit the spread of disease but can also allow them to share genetic sequences of viruses and develop vaccines. Member nations need to know whats happening in the US, and the US needs to know whats happening globally. Both of those channels of communication would be hindered by this, says Moss. As if all of that werent enough, the US also stands to suffer in terms of its reputation as a leader in global public health. By saying to the world We dont care about your health, it sends a message that is likely to reflect badly on it, says McKee. Its a classic lose-lose situation, he adds. Its going to hurt global health, says Moss. Its going to come back to bite us.

Sto Ltd was subject of winding up petition from German parent last monthExternal wall insulation specialist Sto Ltd has gone into administration, Grant Thornton has confirmed.The firm, which is based at Kings Norton near Birmingham, called in administrators last Friday.In a statement, a Grant Thornton spokesperson said: I can confirm that colleagues from Grant Thornton were appointed on [17 January] and they continue to evaluate the position of the business. Further information will be made available in due course.Stos main office and warehouse is in BirminghamSto Ltd is a subsidiary of German parent Sto SE & Co. KGa, set up in 1954, and which had a turnover of 1.5bn in 2023. It employs more than 5,700 people across nearly 40 countries.Last month Sto SE & Co. KGa filed a winding up notice against Sto Ltd at the Edinburgh Court of Session. No reason for the filing was given.In its last set of results, Sto Ltd posted an improved turnover of 15.8m in 2023. The accounts, which were signed off last February, show income was up 19% but pre-tax profit fell 12% to 672,000. The accounts also reveal it employed 49 people.Sto SE & Co. KGa has been contacted for comment.

South Bank scheme has been mired in series of planning and legal wranglesSource: Make ArchitectsThe scheme, designed by Make, will include a 25-storey towerThe redevelopment of ITVs former London headquarters on the South Bank is set to start next month after campaigners decided not to take up the chance to appeal a High Court ruling made last month.The ruling on a legal challenge to former communities secretary Michael Goves decision to give the job designed by Make and known as 72 Upper Ground the green light last year was made just before Christmas.Mr Justice Mould dismissed the challenge from a local campaign group called Save Our Southbank (SoS).SoS then had until this week (21 January) to decide whether to launch a legal challenge through the Court of Appeal and at the time spokesperson Michael Ball said: We are considering our options carefully.But the deadline has come and gone and no appeal has been launched. SoS has been contacted for comment.The ITV building has already been wrapped in scaffolding ahead of its demolition by McGee which is now set to start next month.The 500m scheme is set to be built by Multiplex after original contractor Lendlease was replaced by the firm in the autumn.The High Court quashed a legal challenge to the scheme just before ChristmasIt is being developed by CO-RE and funded by Mitsubishi Estate and is due to complete in early 2029.Others working on the job, which has been mired in planning and legal wrangles, include QS T&T Alinea, landscape architect Grant Associates and engineer Arup.The mixed-use scheme will include a 25-storey office building connected to two buildings of 14 and six storeys. It will also feature new cafes and restaurants, cultural venues and green space.SoS had argued that the tower could be refurbished to provide 200 homes and 500,000 sq ft of offices while saving a huge amount of embodied carbon compared to Makes full redevelopment approach.

Samsung and Google are working on an Apple Vision Pro-like mixed reality VR headset running Android XR and Google Gemini. We knew that already and even got a demo of it last year. But Samsung also revealed a little more at its phone-focused Samsung Unpacked winter event, specifically, a common Google-Samsung AI ecosystem partnership that could be the missing piece to join it all together. That AI-infused experience will be on a next-gen VR/AR headset this year, but expect it to also be running on the Galaxy S25 phone and glasses that will connect to them.In a sense, I already got a preview of what the future holds at the end of last year. This story is part of Samsung Event, CNET's collection of news, tips and advice around Samsung's most popular products. Samsung's vision for its products all connects via AI. And now that AI is becoming consistent. SamsungA seeing AI that works in real timeSamsung briefly addressed upcoming VR/AR headsets and glasses at its latest Unpacked event, but we largely knew about those already. Still, Samsung's demonstration of real-time AI that can see things on your phone or through cameras is exactly the trend we were expecting to arrive in 2025.Project Moohan (meaning "Infinity" in Korean) is a VR headset with passthrough cameras that blend the virtual and real, much like the Vision Pro or Meta's Quest 3. The design feels a lot like Meta's discontinued Quest Pro but with far better specs. The headset has hand and eye tracking, runs Android apps via an Android XR OS being fully revealed later this year, and uses Google Gemini AI as an assistive layer throughout. Google's Project Astra tech, which enables that real-time assistance on glasses, phones and headsets, is debuting on Samsung's Galaxy S25 series of phones. But I've already seen it in action on my face.My demos last year let me use Gemini to assist me as I looked around a room, watched YouTube videos or did basically anything else. Live AI needed to be started up into that live mode to use it, after which it could both see and hear what I was looking at or hearing. There were pause modes to temporarily stop the live assistance too.Samsung showed off what looks like similar real-time AI functions on the Galaxy S25 phones, and more was promised. I expect it'll be able to work while watching videos on YouTube, much like my Android XR demo did. And according to Samsung and Google's execs working on Android XR, it could even be used for live help while playing games. Gemini's on-the-fly visual recognition skills might start feeling the same between glasses and phones. SamsungBetter battery life and processingfor glasses?Samsung and Google have also confirmed they're working on smart glasses, also using Gemini AI, to compete with Meta's Ray-Bans and a wave of other emerging eyewear. AR glasses are also apparently in the works.While Project Moohan is a standalone VR headset with its own battery pack and processors, much like Apple's Vision Pro, the smaller smart glasses Google and Samsung are working on -- and any glasses after that -- will rely on connections and processing assistance from phones to work. That's how smart glasses like Meta's Ray-Bans already work.But, maybe, with more features means the need for more intensive phone processing. Live AI could start becoming an increasingly used feature, leaning on phones to continually be working to assist these glasses. The better processing, graphics, and most importantly, improved battery life and cooling sounded to me like ways to make these phones better pocket computers for eventual glasses. Personal data clouds are what Samsung and Google are going to lean on to drive smarter AI assistants on both glasses and phones. SamsungA personal data set that these AI gadgets will needSamsung also announced an obscure-sounding Personal Data Engine that Google and Samsung's AI will take advantage of, bucketing personal data into a place where AI could possibly develop richer conclusions and connections to all the things that are part of your life.How that plays out or is secured, or where its limits are, was extremely unclear. But it sounds like a repository of personal data that Samsung and Google's AI can train off and work with connected extended products, including watches, rings and glasses.Camera-enabled AI wearables are only as good as the data that can assist them, which is why so many of these devices right now feel clunky and weird to use, including Meta's Ray-Bans in their AI modes. Usually, these AI devices hit walls when it comes to knowing things your existing apps already know better. Google and Samsung are clearly trying to fix that.Will I want to trust that process with Google and Samsung, or anyone else? How will these phones, and future glasses, make that relationship between AI and our data clearer and more manageable? It feels like we're watching one shoe drop here, with others coming when Google's I/O developer conference will likely discuss Android XR and Gemini's advances in far more depth.Samsung's making Project Moohan its first headset, following with glasses in the future after that. Expect Google to get into more details along with Samsung at the developer-focused Google I/O conference around May or June and possibly the full rundown in the summer at Samsung's next expected Unpacked event. By then, we may know a lot more about why this seemingly boring new wave of Galaxy S25 phones might be building up an infrastructure that will play out in clearer detail by the end of the yearor even after that.