Square Enix has now completed the story of the third and final part of the Final Fantasy 7 Remake trilogy.Speaking to Famitsu and translated by Eurogamer, Final Fantasy series producer Yoshinori Kitase and Final Fantasy 7 Rebirth director Naoki Hamaguchi said development on the highly anticipated conclusion is progressing smoothly."I'm very satisfied with [the story], so I'm sure fans will be satisfied with the final chapter," Kitase said, adding that Final Fantasy 7 Rebirth creative director Tetsuya Nomura gave him "homework" to ensure this was the case.The story of Part 3, which currently lacks an official name or release window, was required to have a respect for the original Final Fantasy 7 alongside a new level of satisfaction not felt in that game, Kitase said.I'm very satisfied with [the story], so I'm sure fans will be satisfied with the final chapter.Square Enix announced its plans to release Final Fantasy 7 Remake as a trilogy in June 2022, following the release of the first game which had fans questioning if the entire story would need a dozen parts to be told properly. This is because Final Fantasy Remake itself only adapted the opening few hours of the original game, up to the point where the party leaves Midgar.Final Fantasy 7 Rebirth expanded the scope significantly, however, introducing the open world and thus covering myriad locations such as Costa del Sol, the Golden Saucer, and many more, including some new ones.It brought the overall story up to the end of Disc 1 of the original Final Fantasy 7, which closes in both games with what's arguably the most iconic moment in video game history.Part 3 will pick up immediately after this, though very little is known about it so far. Development began in June 2022 but Square Enix hasn't said when it will end, only vaguely noting it hopes to release Part 3 by 2027.Every Gold Saucer Date (1997 vs. Final Fantasy 7 Rebirth)IGN's Twenty Questions - Guess the game!IGN's Twenty Questions - Guess the game!To start:...try asking a question that can be answered with a "Yes" or "No".000/250Something it has said, however, is that it "will not cheat" when it comes to the Highwind airship. This allowed the party to quickly move around the map in the original game but, now in the world of fast travel, many fans wondered how the iconic ship could be implemented."We will not cheat with the airship system [in Part 3] but take the challenge head on so it can freely fly all over the game map," Hamaguchi said in November.In our 9/10 review of the last game, IGN said: "Final Fantasy 7 Rebirth impressively builds off of what Remake set in motion, both as a best-in-class action role playing game full of exciting challenges and an awe inspiring recreation of a world that has meant so much to so many for so long."Ryan Dinsdale is an IGN freelance reporter. He'll talk about The Witcher all day.

Of all of the things connected to your PC, your mouse would be the last thing you'd expect to set itself alight. But that was the reality redditor lommelinn faced after they reportedly found their gaming mouse alight on their desk while their PC was in sleep mode and it almost burned down their apartment.Posting to reddit, Iommelinn claimed: I smelled smoke early this morning, so I rushed into my room and found my computer mouse burning with large flames. Black smoke filled the room. I quickly extinguished the fire, but exhaled a lot of smoke in the process and my room is in a bad shape now, covered with black particles (my modular synth as well). Fortunately, we avoided the worst, but the fact that this can happen is still shocking. It's an older wired, optical mouse from Gigabyte.The mouse in question is a Gigabyte M6880X, an older wired mouse that seems like a completely normal wired gaming mouse. With no battery inside and running via USB 2.0, which only pulls in 5V of power at 0.5A, the Gigabyte M6880X's alleged catastrophic failure has certainly raised eyebrows.In images posted by the user, the mouse itself appears to have had its top rear panel completely melted away, with the underside of the mouse managing to escape from much damage. The reasons behind why only the top casing of the mouse was damaged is also a mystery. In additional imagery, the damage to the users desk is also present, with a melted portion of the desk and mousepad in sight.Gigabyte officially responded to Iommelinns claim in a comment within the reddit thread, confirming it had launched an investigation:Hi Everyone,"We have been made aware of the incident shared by lommelin regarding the M6880X gaming mice. Our customer's safety is our top priority and we are actively looking into this case. Our team has reached out to lommelin to offer support and to investigate the matter fully. In the meantime, we appreciate the communitys understanding and patience as we work to address this issue."Best,"The GIGABYTE Team.In a subsequent reddit post, lommelinn expressed their disbelief at the surprising series of events. "My PC was in sleep mode," they explained. "Since then, I checked the USB port with a voltage meter and it's fine. No clue how this can happen."Image credit: Iommelinn / reddit.Sayem is a freelancer based in the UK, covering tech & hardware. You can get in touch with him at @sayem.zone on Bluesky.

The Oscar nominations are at last here. After painful and necessary delays due to the wildfires in California, we now know who the Academy of Motion Picture Arts and Sciences have deemed to be the best films of 2025. All 10 of them.Its still a bit surreal after months of speculation and prognostication that the envelope is in for the 10 films nominated for Oscars shiniest prize. There have been snubs and surprises along the way, but below we have gathered all chosen few for your perusal. If you need a chance to catch up on some of them, or simply wish to know how to see them again, below is a viewing guide to the Best Picture nominees of 2025.NEONAnoraSean Bakers AnoraAnora is available to rent or buy on: Amazon and Apple (U.S. and UK)A24The Brutalist*Brady Corbets monumental, 3.5-hour exploration of the myth (and maybe lie) of the American immigrant experience is a frontrunner at this years Oscars with many expecting The Brutalist to take home the top prizes for Best Picture and Best Director. The film also features career-best performances from Adrien Brody and Felicity Jones as educated Jewish Holocaust survivors who flee the horrors of Europe and find capitalist predations unique to the U.S. Both actors were nominated for Oscars, as is Guy Pearce in the Best Supporting Actor category.The Brutalist is currently playing only in theaters.Searchlight PicturesA Complete UnknownTimothe Chalamet is Bob Dylan. Thats at least what the posters and trailers tell you about A Complete Unknown. And it seems that the Academy was convinced to agree. Chalamet picked up his second Oscar nomination for playing the voice of a generation, which was just one in a fleet of nods this James Mangold musical biopic received, including Best Picture.A Complete Unknown is currently playing only in theaters.ConclaveWho knew cardinals could go so hardcore? Probably anyone who paid close attention to the inner-workings of the Vatican, and that is now a lot more people thanks to Edward Bergers shockingly taut and addictive political thriller, Conclave. A parable about almost any power struggle occurring in the West this century, the film pits progressives against conservatives with the throne of St. Peter on the lineand it does so with a murderers row of talent in front of the camera, including Ralph Fiennes, Stanley Tucci, John Lithgow, Isabella Rossellini, and more!Conclave is available to stream on: Peacock(U.S. only); and to rent or buy on: Apple (U.S. and UK)WBDune: Part TwoAnother cinematic Chalamet experience, Denis Villeneuves Dune: Part Two is the highest grossing movie (for now) on this list. It is also a true cinematic achievement that seems destined to stand the test of time among science fiction and blockbuster fans, particularly since it did the seemingly impossible by sticking the landing while adapting Frank Herberts ponderous novel of the same name. Honestly, its a bit strange this film isnt more of a frontrunner.Join our mailing listGet the best of Den of Geek delivered right to your inbox!Dune: Part Two is available to stream on: Max(U.S. only), Netflix (U.S. only), and NOW (UK only)NetflixEmilia PrezPerhaps the most controversial movie on the list, Jacques Audiards Emilia Prez is a galaxy-brained swing for the fences in which a French filmmaker tells the story of how a Mexican drug cartel leader (Karla Sofa Gascn) who transitions into becoming a woman and a better person with the help of her corrupt, if guilt-ridden, attorney (Zoe Saldaa). And its a musical. Some people admire its earnest audacity and fearlessness while others suggest Audiard should have stayed in his lane. Decide for yourself.Emilia Prez is available to stream on: Netflix(U.S. and UK)Sony Pictures ReleasingIm Still HereA surprise nomination, this, Walter Salles Im Still Here is a Brazilian film about living in the shadow of uncertainty and dictatorship. Based on the real disappearance (and eventually confirmed murder) of Rubens Paiva, a civilian engineer and outspoken critic of the military dictatorship that consumed his country in the 1960s and 70s, the film is really about the shadow of the unknown left on his wife Eunice (Fernanda Torres).Im Still Here is currently playing in theaters.MGMNickel BoysOne of the best movies of the year, which we are relieved to see make the list, RaMell Ross Nickel Boys is a groundbreaking exploration of perception, identity, and memory. It places viewers directly into the shoes of a young Black man in 1960s Florida when he is unjustly sent to the Nickel Academy reform school (a fictionalized version of the real-life horror show at the Dozier School for Boys). Through his eyes, and that of a friend, we experience the joys, sorrows, and betrayal of surviving in America.Nickel Boys is currently playing only in theaters in the U.S. and UK.The SubstanceOnly the seventh horror film to ever be nominated for Best Picture, Coralie Fargeats The Substance is a body horror fantasia. As much dark comedy and satirical, rage-fueled screed as a straight-ahead chiller, The Substance will still take your breath away and curl your toes as Demi Moores Elisabeth Sparkle will do anything to look more youthful including take a magic drug that causes a more nubile young thing (Margaret Qualley) to pop out of her body Alien style.The Substance is available to stream on: Mubi(U.S. and UK); and available to rent on: Apple, Amazon (U.S. and UK)Wicked*The other mega-blockbuster on this list, and perhaps the real populist contender for the Best Picture crown, is Jon M. Chus soaring adaptation of Wicked. Well, at least one half of Wicked since the film transfers only Act One of the Broadway musical to the screen. Be that as it may, its bowled moviegoers over thanks to Cynthia Erivos powerhouse performance and Ariana Grandes heavenly vocals. And wouldnt you know it, both of them got Oscar nominations this morning.Wicked is available to rent on: Apple, Amazon (U.S. and UK)

Ever since Disney acquired the Star Wars franchise, Marvel Comics has been hard at work telling the further adventures of the characters you know and love from the films. Comic books spanning the Original Trilogy and Prequel eras, as well as tie-ins to the Sequel films, have been key to expanding the current Star Wars canon, much in the same way the old Expanded Universe of books, comics, and games did pre-Disneywith one major difference.While the now non-canon EU dove headfirst into stories about what happened to Luke Skywalker, Leia Organa, and Han Solo after the events of Return of the Jedi, the Disney-era comics and books have largely shied away from fully exploring what happened next to our original trio of heroes after the trilogy. In fact, until now, the main Star Wars comic has focused on filling in the gaps between A New Hope, The Empire Strikes Back, and Return of the Jedi, essentially focusing on Original Trilogy side quests rather than pushing Luke, Han, and Leias stories forward. That changes this year with the arrival of a new Star Wars #1, which will kick off a new series of stories for the trio set in the New Republic era, after the fall of the Empire but many decades before the rise of the First Order, a time period in which these characters are still in their prime.Written by Alex Segura and penciled by Phil Noto, the story picks up after the Battle of Jakku and the final surrender of the Empire. Luke, Han, and Leia are working to rebuild and usher in a new era of peace under the banner of the fledgling New Republic, but thats not so easy when the scum of the galaxy are vying for control. The solicit on StarWars.com teases that our heroes will have to contend with pirates, thieves, and a bloodthirsty gang of mercenaries in the new series. The announcement also promises other returning characters like Mon Mothma as well as new allies.Now that weve put the period at the end of the Galactic Civil War with the Battle of Jakku, we can speed ahead into a new, uncharted era, with some new galactic threats, foes, and mysteries for our beloved heroes to grapple with, blending the familiar with the new and shocking, Segura said in a statement. These stories will be packed with action and the character moments Star Wars fans have come to expect, featuring twists on the galaxy and landscape we know, with an eye toward making sure people can jump in easily and with any issue. We cant wait.While Marvel has definitely published some excellent Star Wars adventures over the last decade and changeparticularly all of its Darth Vader books (seriously, go pick up all of those collections)a New Republic ongoing about Luke, Leia, and Han feels like the true main event, what all of the Star Wars volumes that came before it have been working toward. Its certainly the story fans were dying to see when Disney announced the return of Mark Hamill, Carrie Fisher, and Harrison Ford in The Force Awakens (simpler times). But with the Sequels jumping ahead 30 years to focus on a new central cast of younger heroes, the New Republic years remain a chunk of Luke, Han, and Leias history thats still largely missing in the current canon.In the 2010s, Disney and Lucasfilm mostly abstained from fleshing out too much of the central trios story on the page in order to preserve a blank slate for future filmsand later, the TV series. By completely wiping the continuity of Star Wars clean in 2014, Lucasfilm was free to make a new trilogy that wasnt beholden to the story established by the many books and comics of the 80s, 90s, and 00s that covered similar material. Gone were fan-favorite storylines like the Heir to the Empire books that introduced Grand Admiral Thrawn as a new threat for the New Republic and the Dark Empire comics that resurrected the Emperor as a clone. No more stories of Luke forming the New Jedi Order and training a new generation of Knights or of Han and Leia and their Jedi children. Yes, some of those old EU stories were very silly or just plain bad, but many more took Star Wars in interesting and even daring new directions. Just look at how many ideas from the old EU stories have found their way back into the new canon (e.g. Thrawn, Han and Leia having a child who grows up to become an evil mass murderer, Lukes Jedi Order getting blown up).Needless to say, this new direction for Star Wars comics opens the door for some exciting new possibilities for the franchises first family. Although The Mandalorian and The Book of Boba Fett did give us glimpses of Lukes post-Return of the Jedi story, theres still so much we dont know about his life beyond the broad strokes in movie tie-in books, and we know even less about Han and Leia during this time period. As great as its been to see new charactersRey, Finn, Poe, Mando, Grogu, Ahsokatake center stage on screen, its good to know that Disney, Lucasfilm, and Marvel are finally ready to unlock a new era for Luke, Han, and Leia, too.The new Star Wars #1 hits your local comic shop on May 7.

This article originally appeared in the October 2012 issue of ELLE DECOR. For more stories from our archive, subscribe to ELLE DECOR All Access.This was a new start, says Kim Hersov of the London home she moved into a couple of years ago with her two sons from a previous marriage, her new partner, artist Barry Reigate, his teenage daughter, and the young son they had together. But new for Hersov is a far cry from the radical shift in decor that often accompanies dramatic life changes. Rather than jettisoning the past and everything associated with it, Hersov filled the house with memory-laden belongings, yet still managed to create a setting that feels completely fresh. It helped that Hersov, editor-at-large for Harpers Bazaar UK, worked with interior designer Hubert Zandberg, who is also a dear friend (he is the godfather of her and Reigates child). They share a passion for flea-market shopping and eclectic finds. Hubert can second-guess me, says Hersov. They had worked together on her previous home, which she describes as proper, and he calls quite sophisticated, grown-up, and very grand.Hersov says of that earlier phase in her life, A little bit of it was playing house. Like a lot of my friends, I got married really youngand you do the things you think youre supposed to do. Then you grow into yourself.Simon UptonKim Hersov with her son, Aidan, outside their London home, which was designed by Hubert Zandberg. So when it came to designing the new place, Zandberg wanted to reflect the fact that Hersov has become a bit of a rock chick, as he puts it. Shes still very elegant, but her style has developed. So he situated beloved old pieces in unexpected settings, creating eccentric juxtapositions. A mismatched collection of silver candlesticks is now clustered on a table in the dining area, which lies in a part of the house that has a raw, industrial feeling. A pair of chinoiserie demilune tables became bathroom vanities. And a hand-painted screen is now displayed in a sitting room filled with Reigates edgy, Pop Art drawings. That was a lovely screen, and we wanted to reuse it, says Zandberg. In Kims previous house, it just blended into the whole rest of the grand aesthetic perfection. But here, it gets a voice. It starts to become witty, it starts to become exotic. It gets a new personality.Simon UptonA photograph by Mat Collishaw, a Zandberg-designed sofa upholstered in a Zimmer + Rohde cotton, and a candelabra by Hersovs partner, Barry Reigate, in the living room. The African textiles, furnishings, and objects that are layered throughout the rooms reflect another piece of Hersovs backstory. Her older sons father is South African, as is Zandberg, whom she met a decade ago in Cape Town.For Hersov, repurposing things from her past was also an act of familial respect. Her grandmother, a San Francisco socialite and grande dame, had a strong influence on Hersovs life and taste. Her new house is filled with objects, including silver candlesticks, that were gifts from this venerable lady. And the shells and coral that appear throughout Hersovs rooms are an echo of her grandparents beach house, which had a hallway lined with shells.But history also exerted a more problematic influence over the design process. The structure, built in the mid-19th century, is Grade-II Listed, which means it has historic significance, and any changes or alterations must be approved by a planning board. When Hersov acquired the house, it was derelict and had no electricity. Yet despite the fact that it had to be completely gutted, she was on a tight leash when it came to the design of any new structural elements.Simon UptonA painting by Shezad Dawood hangs above the fireplace in the family room, the carved chair is African, a custom-made ottoman is studded with buttons from a vintage military coat, and the 1950s light fixture is from Brazil; the leather-and-chrome chairs were found at a Paris flea market, the curtains are of a Pierre Frey linen, and the kilim is from Lizzo. Part of the prerequisite of a listed building is that you have to put things back, says Hersov with a sigh. Even though they had been stripped out, we had to then make sure the original plaster moldings and ceilings were restored or replaced. And I couldnt do a double-door entrance into the living room or change the placement of the staircase because the board wanted me to keep it the way they thought the original would have been. The only part that is completely new is the double-height conservatory at the back of the house; and the ground-floor kitchen and dining room were opened up to create a more expansive space.Artworks by Reigate, a framed African headdress, and a 19th-century painting in the conservatory; the pillows are covered in African block-print fabrics, and the floors are polished concrete.Simon UptonIn the primary bedroom, a Louis XVI-style bench upholstered in a Pierre Frey fabric sits at the foot of the custom-made four-poster, the bamboo chairs were found at a Paris flea market; and the desks came from a Madrid jewelry store; the screens are by Nominka DAlbanella, the walls are covered in silk, and the rug is from Lizzo. Simply getting planning approval took a whole year, during which Reigate used the house as a painting studio, in part to keep out squatters, who have a habit of laying claim to Londons uninhabited buildings. And while the finished rooms hardly feel like they belong to a contemporary art gallery, they nonetheless house an extensive collection of significant works, including a photograph by Mat Collishaw, a painting by Alastair Mackinven, photographs by Pieter Hugo, and numerous works by Reigate. A lot of our friends are artists, so the art is quite personal, says Hersov.See Inside This Edgy, Sophisticated AbodeThe eclectic collection adds a new layer to Hersovs personal history, and feels completely at home among the assortment of objects that fills the rooms. I dont think art should be put on a pedestal, explains Zandberg. Im a little bit slapdash about it. If the room is sincere, and the art is good, it will work. Its like peopleif theyre true to themselves, when they meet, it works.Its equally true of old friends and new. In interior design, as in life, its wonderful when they all get along.

A Subaru security vulnerability allowed millions of cars to be remotely tracked, unlocked, and started. A full years worth of location history was available, and was accurate to within five meters Security researcher Sam Curry reached an unusual deal with his mother: he would buy her a Subaru if she would let him try to hack it.He started by looking for flaws in the MySubaru Mobile App, but couldnt find any. He didnt stop there, however.From my past experience with car companies, I knew there could be publicly accessible employee-facing applications with broader permissions than the customer-facing apps. With that in mind, I decided to shift focus and started hunting for other Subaru-related websites to test.A friend helped him find a promising-looking sub-domain. It of course required an employee login, but some digging around in a Javascript directory revealed insecure password reset code. All they needed then was a valid employee email address, which they found with a quick web search. They reset the password, and were then able to login.The one remaining barrier was 2FA protection, but this turned out to be trivial to defeat, as it ran on the client side and could be removed locally. At that point they were in.The left navbar had a ton of different functionality, but the juiciest sounding one was Last Known Location. I went ahead and typed in my moms last name and ZIP code. Her car popped up in the search results. I clicked it and saw everywhere my mom had traveled the last year.It appeared that they could also remotely take control of any Subaru with Starlink installed, and they tested this by getting permission to target a friends car.She sent us her license plate, we pulled up her vehicle in the admin panel, then finally we added ourselves to her car. We waited a few minutes, then we saw that our account had been created successfully.Now that we had access, I asked if they could peek outside and see if anything was happening with their car. I sent the unlock command. They then sent us this video.Not only did they have control of the car, but its owner didnt even receive a message that an authorized user had been added to their account.Curry sent a report to Subaru, and the company had it fixed by the next day, also confirming that there was no evidence of anyone else having gained access.Perhaps the most worrying part of the story is Currys conclusion that it was hard to even write the post because he didnt think any of it would surprise others in the security industry.Most readers of this blog already work in security, so I really dont think the actual password reset or 2FA bypass techniques are new to anyone. The part that I felt was worth sharing was the impact of the bug itself, and how the connected car systems actually work.The auto industry is unique in that an 18-year-old employee from Texas can query the billing information of a vehicle in California, and it wont really set off any alarm bells. Its part of their normal day-to-day job. The employees all have access to a ton of personal information, and the whole thing relies on trust.It seems really hard to really secure these systems when such broad access is built into the system by default.Photo: Subaru. GIF via Sam Curry.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Ookla, the firm behind Speedtest, just published its semi-annual U.S. connectivity report covering the second half of 2024. One takeaway is that 5G performance is improving. However, this raises one key question: can anyone notice?The report shows that 5G performance has continued to improve nationwide, delivering faster download and upload speeds. For iPhone users, better 5G performance means faster app downloads and fewer streaming video interruptions.Yet 5G seems to have a reputation for being an upgrade in name only. Aside from ultrafast mmWave 5G performance in specific venues, 5G can seem like a continuation of 4G/LTE. 5G in 2024So what does the data say? Ooklas oldest comparable report covers the first half of 2024. Here are some comparisons between the first half and second half of last year.5G Speed Score factors in download, upload, and latency results.T-Mobile jumped from 228.24 to 242.76.Verizon dipped from 191.56 to 185.26.AT&T inched from 131.63 to 132.68.Meanwhile, in the category of what do customers actually think, the needle hasnt moved favorably, although the results are virtually unchanged.Customer sentiment is based on a 5-star rating system.T-Mobile slightly slipped from 3.73 to 3.7.Verizon held up at 3.29 throughout the year.AT&T moved from 3.14 to 3.12. Better than mid, but the story is largely unchanged.Ookla adds 5G availability rankings to its latest report. This factors in how often a carriers customers can access 5G a majority of the time.T-Mobile leads at 89.4%.AT&T comes in second at 86.2%.Verizon stays below 50% at 49.3%.Thats an area that well have to watch in future reports. See both reports in full below:For now, you can learn more about Ooklas testing methodology here, and be sure to let us know what you think about 5G in the real world these days.Top iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 23, 2025Ravie LakshmananThreat Intelligence / Data BreachAn analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads.The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024."These two payload samples are identical except for victim specific data and the attacker contact details," security researcher Jim Walter said in a new report shared with The Hacker News.Both HellCat and Morpheus are nascent entrants to the ransomware ecosystem, having emerged in October and December 2024, respectively.A deeper examination of the Morpheus/HellCat payload, a 64-bit portable executable, has revealed that both samples require a path to be specified as an input argument.They are both configured to exclude the \Windows\System32 folder, as well as a hard-coded list of extensions from the encryption process, namely .dll, .sys, .exe, .drv, .com, and .cat, from the encryption process."An unusual characteristic of these Morpheus and HellCat payloads is that they do not alter the extension of targeted and encrypted files," Walter said. "The file contents will be encrypted, but file extensions and other metadata remain intact after processing by the ransomware."Furthermore, Morpheus and HellCat samples rely on the Windows Cryptographic API for key generation and file encryption. The encryption key is generated using the BCrypt algorithm.Barring encrypting the files and dropping identical ransom notes, no other system modifications are made to the affected systems, such as changing the desktop wallpaper or setting up persistence mechanisms.SentinelOne said the ransom notes for HellCat and Morpheus follow the same template as Underground Team, another ransomware scheme that sprang forth in 2023, although the ransomware payloads themselves are structurally and functionally different."HellCat and Morpheus RaaS operations appear to be recruiting common affiliates," Walter said. "While it is not possible to assess the full extent of interaction between the owners and operators of these services, it appears that a shared codebase or possibly a shared builder application is being leveraged by affiliates tied to both groups."The development comes as ransomware continues to thrive, albeit in an increasingly fragmented fashion, despite ongoing attempts by law enforcement agencies to tackle the menace."The financially motivated ransomware ecosystem is increasingly characterized by the decentralization of operations, a trend spurred by the disruptions of larger groups," Trustwave said. "This shift has paved the way for smaller, more agile actors, shaping a fragmented yet resilient landscape."Data shared by NCC Group shows that a record 574 ransomware attacks were observed in December 2024 alone, with FunkSec accounting for 103 incidents. Some of the other prevalent ransomware groups were Cl0p (68), Akira (43), and RansomHub (41)."December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head," Ian Usher, associate director of Threat Intelligence Operations and Service Innovation at NCC Group, said."The rise of new and aggressive actors, like FunkSec, who have been at the forefront of these attacks is alarming and suggests a more turbulent threat landscape heading into 2025."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risksdownload the full report here.New research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to.For instance, one standout statistic from the report is that 45% of third-party applications access sensitive user information without good reason. Although third-party apps may be essential for marketing and functionality purposes, not all of them need access to the kind of personal and financial user information that cybercriminals are hunting for. It's safer to limit apps' access to it on a need-to-know basis.For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart below strongly suggests that they will)Sensitive Data ExposureThe chart below, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories, and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing users' sensitive personal, financial, and health information is a good place to start for a quick win, but the report reveals many others.For instance, it looks at app popularity as a risk factor:It's generally accepted that more popular apps are safer. This is based on the idea that if an app has been around for a long time and developed a sizable user base then user communities and security professionals will have reached an accurate conclusion about its reputation. They will know whether it's robust and if its developers can be trusted to use modern coding practices, issue improvement updates, and quickly patch bugs. Less popular apps are more likely to be neglected and are at greater risk of compromise, so they shouldn't be trusted to access personal user data. On that basis, a popular app is seen as less risky than one that appeared yesterday.The chart above shows that:Leisure and Hospitality industry websites integrate an average of just over two unpopular apps. Online Retail and Entertainment include around one. If owners haven't established that these apps are safe, they would be best advised to disable them and use alternatives until they have. Taking simple steps like these will reduce their overall web exposure score.Tracking TechnologiesThat said, even well-established third-party apps can increase an organization's level of web exposure, particularly tracking apps, as the chart below shows: The Facebook and TikTok pixels, for example, have been known to collect private user information after being misconfigured. This is why the research covers the prevalence of these and other tracking technologies on various industry websites, but an interesting thing about it (and about the Reflectiz data-gathering exercise that informed it) is the fact that the sheer number of trackers or pixels deployed doesn't necessarily reveal the whole picture.For instance, looking at the chart below it may seem that Publishing industry websites pose the greatest risk to user privacy because they average around 12 trackers each. While they might appear to offer twice as many data stealing opportunities to malicious actors as healthcare websites, with just under six trackers each, there are more factors to consider.Although these findings should prompt publishers to review their use of tracking technologies because of the privacy risks, they should also take the chart below as a cue to ask where these pixels are being deployed and by whom. The report doesn't just reveal potentially compromising practices, it also encourages businesses to appreciate the importance of context. In this case, the context includes what is being done, and which department is doing it:The State of Web Exposure 2025 found that marketing and digital departments are more likely to instigate risk, such as tracking pixels in payment iFrames for no reason. This is an inherently more dangerous context than running a pixel on a page full of static images because if it's modified by malicious actors, it has a better chance of stealing user payment data. (It may also be a riskier context than a healthcare website, which will tend to attract more attacks by malicious actors.) Therefore, a publishing business looking to reduce its overall web exposure should prioritize best-practice training for staff in its marketing department.The Bottom LineThe report turns up many interesting insights: Entertainment industry websites experience almost twice as much malicious activity as Finance industry sites, for example. Education industry sites are exposed to high risk due to their overreliance on public content delivery networks. As such insights pile up, it becomes clear that companies across industries wishing to reduce their web exposure can't take a one-size-fits-all approach. The context of the risk factors affecting them will shape their responses to them. The report reveals that each industry faces a landscape of dynamically shifting risk variables, and the need to turn them into actionable priorities is what prompted Reflectiz to pioneer an innovative technology called Exposure Rating. It analyzes the huge number of data points it gathers from scanning millions of websites by considering each risk factor in context, adds them together to create an overall level of risk, and expresses this as a simple grade, from A to F, with added remediation advice. It's an easy-to-understand way of identifying the security priorities for each organization, focusing their attention where it's most needed, and benchmarking their performance against industry peers.Download the full research report here. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Lisa Morgan, Freelance WriterJanuary 23, 202510 Min ReadPanther Media GmbH via Alamy StockArtificial Intelligence is virtually everywhere, whether enterprises have an AI strategy or not. As AI capabilities continue to get more sophisticated, businesses are trying to capitalize on it, but they havent done enough foundational work to succeed. While its true that companies have been increasing their AI budgets over the last several years, its become clear that the ROI of such efforts varies significantly, based on many dynamics, such as available talent, budget, and a sound strategy. Now, organizations are questioning the value of such investments to the point of pulling back in 2025.According to Anand Rao, distinguished service professor, applied data science andartificial Intelligence at Carnegie Mellon University, the top three challenges are ROI measurement, realization, and maintenance.If the work Im doing takes three hours and now it takes a half an hour, thats easily quantifiable, [but] human performance is variable, says Rao. The second way is having a baseline. We don't [understand] human performance, but we are saying AI is 95% better than a human, but which human? The top-most performer, an average performer, or the new employee?When it comes to realizing ROI, there are different ways to look at it. For example, if AI saves 20% of five peoples time, perhaps one could be eliminated. However, if those five people are now spending more time on higher value tasks, then it would be unwise to let any of them go because they are providing more value to the business.Related:The other challenge is maintenance because AI models need to be monitored and maintained to remain trustworthy. Also, as humans use AI more frequently, they get more adept at doing so while AI is learning from the human, which may increase performance. Enterprises are not measuring that either, Rao says.[T]here's a whole learning curve happening between the human and the AI, and independently the two. That might mean that you may not be able to maintain your ROI, because it may increase or decrease from the base point, says Rao.Anand Rao, Carnegie Mellon UniversityTheres also a time element. For example, ChatGPT-4 was introduced in March 2023, but enterprises werent ready for it, but in six months or less, businesses had started investing systematically to develop their AI strategy. Nevertheless, theres still more to do.[T]he crucial fact is that we are still in the very early days of this technology, and things are moving very quickly, says Beatriz Sanz Saiz, global consulting data and AI Leader at business management consulting firm EY. Enterprises should become adept at measuring value realization, risk and safety. CIOs need to rethink a whole set of metrics because they will need to deliver results. Many organizations have a need for a value realization office, so that for everything they do, they can establish metrics upfront to be measured against, whether that is cost savings, productivity, new revenue growth, market share, employee satisfaction [or] customer satisfaction.Related:The GenAI ImpactWhile many enterprises have had plenty of success with traditional AI, Kjell Carlsson, head of AI strategy at enterprise MLOps platform Domino Data Lab, estimates that 90% of GenAI initiatives are not delivering results that move the needle on a sustained basis, nor are they on track to do so.[M]ost of these organizations are not going after use cases that can deliver transformative impact, nor do they have the prerequisite AI engineering capabilities to deliver production-grade AI solutions, says Carlsson. Many organizations are under the misconception that merely making private instances of LLMs and business apps with embedded GenAI capabilities available to business users and developers is an effective AI strategy. It is not. While there have been productivity gains from these efforts, in most cases, these have been far more modest than expected and have plateaued quickly.Related:Though GenAI has many similarities to driving business value with traditional AI and machine learning, it requires expert teams that can design, develop, operationalize and govern AI applications that rely on complex AI pipelines. These pipelines combine data engineering, prompt engineering, vector stores, guardrails, upstream and downstream ML and GenAI models, and integrations with operational systems.Successful teams have evolved their existing data science and ML engineering capabilities into AI product and AI engineering capabilities that allow them to build, orchestrate and govern extremely successful AI solutions, says Carlsson.Kjell Carlsson, Domino Data LabSound tech strategies identify a business problem and then select the technologies to solve it, but with GenAI, users have been experimenting before they define a problem to solve or expected payoff.[W]e believe there is promise of transformation with AI, but the practical path is unclear. This shift has led to a lack of focus and measurable outcomes, and the derailment of plenty of AI efforts in the first wave of AI initiatives, says Brian Weiss, chief technology officer at hyperautomation and enterprise AI infrastructure company Hyperscience. In 2025, we anticipate a more pragmatic or strategic approach where generative AI tools will be used to deliver value by attaching to existing solutions with clearly measurable outcomes, rather than simply generating content. [T]he success of AI initiatives hinges on a strategic approach, high-quality data, cross-functional collaboration and strong leadership. By addressing these areas, enterprises can significantly improve their chances of achieving meaningful ROI from their AI efforts.Andreas Welsch, founder and chief AI strategist at boutique AI strategy firm Intelligence Briefing, says early in the GenAI hype cycle, organizations were quick to experiment with the technology. Funding was made available, and budgets were consolidated to explore what the technology could offer, but they didnt need to deliver ROI. Times have changed.Organizations who have been stuck in the exploration phase without assessing the business value first, are now caught off guard when the use case does not deliver a measurable return, says Welsch. Set up a formal process and governance that assess the business value and measurable return of an AI product or project prior to starting. Secure stakeholder buy-in and establish a regular cadence to measure progress, ensure continued support or stop the project, [and] assess existing applications in your company. Which of those offers AI capabilities that you are not using yet? You dont need to build every app from scratch.Many Potholes to NavigateJamie Smith, CIO at University of Phoenix, says the cost of AI is being reflected more frequently in SaaS contracts, whether the contracts specify it or not.Weve seen this in the past 6 months, as the cost to compute using AI rises and rises and is set to continue to do so as models grow more robust -- and therefore more power hungry. SaaS providers are looking at their utility bills and passing the cost to businesses, says Smith. As a result, SaaS contracts -- and partnerships more broadly -- are going to come under a lot more scrutiny. If these costs are rising, then partners productivity needs to match.Edward Smyshliaiev, chief technology officer at Hedgefun:D says many organizations derail their AI ROI though a combination of overambition, under-preparation and a lack of alignment between AI teams and business leaders.AI isnt a magic wand; its a tool. To wield it effectively, companies need to ensure data pipelines are clean and reliable and invest in training staff to interpret and act on AI outputs, says Smyshliaiev. A shared vision between AI teams and leadership is critical -- everyone must know what success looks like and how to measure it.Sean Bhardwaj, managing partner at strategic consulting firm Breakthrough Growth Partners is a fractional chief AI officer and strategist. In this role, hes observed that two of the top reasons enterprises arent realizing better ROI on their AI initiatives is because they lack a foundational strategy and focus on the human side of AI adoption.For example, one of his clients wanted to implement AI-driven customer recommendations, only to discover mid-project that the data infrastructure couldnt support it. Similarly, organizations often assume that teams will adopt AI enthusiastically, which isnt necessarily the case.Planning for adoption with training and incentives is essential to see real engagement and impact, says Bhardwaj. I advise companies to see each stage as an investment in capability-building, with each phase laying the groundwork for the next.All too often, organizations discard AI initiatives that dont meet initial expectations rather than rethinking their approach.John Bodrozic, co-founder and CIO at homeowner lifecycle platform HomeZada, has observed that enterprises are relying solely on standalone AI to solve problems or find new growth opportunities, but they are ultimately being led by development teams and not product management teams.There are so many areas where AI can impact bottom-line cost savings and top line revenue growth, but only when these use-case scenarios are explored by cross-functional teams that combine software and AI development specialists with members of the functional team, says Bodrozic. Without this direct interaction, ROI from AI is challenging at best.The Business ViewA 2023 Gartner report found that only 54% of AI projects get past the proof-of-concept phase, and many of those fail to deliver on the promised financial or operational impact. According to Ed Gaudet, CEO and founder of health care risk management solution provider Censinet, companies may believe that AI will make everything better, but they never specify what better means.Enterprises must take a phased, strategic approach [that requires] defining clear use cases that have actual business value like the automation of a drudgery, supply chain optimization, or leveraging chatbots to meet better customer experience. Secondly, organizations need to create structural capabilities like a good data governance framework, scalable infrastructure and strong developer and engineering skills. Companies that train their employees in AI have a 43% higher success rate deploying AI projects.Nicolas Mougin, consulting and support director at global cloud platform Esker, credits rushed implementations as a reason for ROI shortfalls.The pressure to stay competitive in a rapidly evolving technological landscape drives many organizations to implement AI without sufficient planning. Instead of conducting thorough needs assessments or piloting solutions, businesses often rush to deploy tools in the hope of gaining an edge, says Mougin. However, hastily executed projects overlook key considerations such as data readiness, scalability or user adoption.Edward Starkie, director, GRC at global risk intelligence company Thomas Murray, believes that most organizations are not in a suitable position to be able to adopt AI and exploit it to its fullest extent.To be successful there is a level of maturity that is required which [depends] upon having the necessary mechanisms supporting the design, creation and maintenance of the technology in a field which is short of genuine expertise, says Starkie. [E]specially at board level, a lack of education is a key contributing factor. [Mandates] are being issued without the without understanding the importance of the core components being in place.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports