EA Q3 results "not the financial performance we wanted or expected"CEO says declines in revenue and net bookings were driven by "temporary underperformance" of EA Sports FC 25Image credit: Electronic Arts Feature by Sophie McEvoy Staff Writer Published on Feb. 5, 2025 Electronic Arts has published its financial results for the third quarter of FY25, experiencing declines in revenue and net bookings.CEO Andrew Wilson said it "was not the financial performance we wanted or expected," which was driven by the "temporary underperformance" of EA Sports FC 25.EA pre-announced its Q3 results last month, in which it revised its full-year and third quarter guidance due two of its franchises EA Sports FC and Dragon Age not meeting financial expectations.Here's what you need to know:The numbers:Revenue: $1.88 billion (down 3% year-on-year)Net income: $293 million (up 1% year-on-year)Net bookings: $2.22 billion (down 6% year-on-year)The highlights:EA Sports FC 25 experienced a "high-quality and stable launch" in September 2024, but the momentum didn't last the entire quarter.The overall Global Football franchise experienced a "mid-single-digit decline year-over-year" in the third quarter, leading to "lower-than-expected" sales of FC 25.Wilson noted this result was due to players staying in past franchise iterations during the holiday period. The game also experienced "lower-than-expected engagement" due to "specific issues with balance."An update was implemented on January 16, 2025, alongside the Team of the Year event, which Wilson said has seen a "strong response" and "positive gameplay sentiment indicators from our community." As a result, player retention for the title "surpassed expectations" last month.As for Dragon Age: The Veilguard, which launched on October 31, 2024, Wilson said that despite experiencing a "high-quality launch", its financial underperformance was due to the title not "resonat[ing] with a broad-enough audience in this highly competitive market."CFO Stuart Canfield added that this reinforced "the importance of our actions to reallocate resources towards our most significant and highest-potential opportunities."Last week, Dragon Age developer BioWare announced it was "reimagining" how it operated, with BioWare staff had been "redeployed" into other EA teams as it continues development on the next Mass Effect game. IGN reported that a "smaller number" of employees from the Dragon Age team had been laid off in the process.Elsewhere, EA confirmed that the next Battlefield is scheduled for release in 2026. It also announced the launch of the community test program, Battlefield Labs, which Wilson said had been received "well beyond our expectations" during the earnings call's Q&A.Net bookings were down year-over-year for Apex Legends, but performed "in line with our expectations." Wilson gave further insight into the trajectory of the franchise during the earnings call, suggesting that a substantial update will be implemented after Battlefield's launch next year.The Sims franchise grew year-over-year during Q3, following the release of two creator kits for The Sims 4 and the launch of MySims: Cozy Bundle. The latter "outperformed expectations," with Canfield noting that 50% of those who purchased the title were new to EA. The game was released on Switch as well as PC.Looking ahead to Q4, EA expects net bookings of $1.44 billion to $1.59 billion a decline of 13% compared to its previous forecast and down 4% year-over-year. Canfield said this was "driven by declines in Global Football and Apex Legends" while "partially offset by the release of Split Fiction."Canfield commented: "Q3 was not the quarter we expected, but despite the impact to our near-term results, our long-term outlook remains unchanged. Our teams remain focused on player feedback, continually adapting our games and services to reflect evolving player preferences in addition to refining our portfolio to deliver sustainable growth.""With a strong line-up of new experiences including EA Sports College Football 26, Battlefield, and Skate we are positioned to return to growth in FY26. Additionally, we will make measured progress beyond our games as we continue to scale our EA Sports App, advertising, and sponsorship opportunities."

Chris Kerr, News EditorFebruary 5, 20254 Min ReadImage via EA At a GlanceQ3 net bookings fell by 6 percent YoY to $2.2 billionwith live service net bookings tumbling by 8 percent. The publisher attributed the downturn to subpar performances from Dragon Age: The Veilguard and EA Sports FC 25.EA, which has made significant layoffs this year, expects to deliver over $7 billion in net bookings during FY25.EA has reported a downturn in net bookings and live service revenue after key titles like EA Sports FC 25 and Dragon Age: The Veilguard fell short of internal expectations.The company had already warned that would be the case, and in its latest fiscal report for the third quarter ended December 31, 2024, confirmed that net bookings dropped by 6 percent year-over-year to $2.2 billion.Within total net bookings, full game net bookings dipped by 3 percent year-on-year to $633 million. Live services and other net bookings fell by 8 percent to $1.58 billion over the same period.EA CFO Stuart Canfield said that decline was the result of soft performances from some titles."Dragon Age: The Veilguard underperformed [within] the competitive dynamics of the single-player RPG market and EA Sports FC 25 started strong, but softened through the holiday period," said Canfield.Sticking with Veilguard, Canfield added that blockbuster storytelling has traditionally been a solid bet but feels the landscape is now shifting. "[Dragon Age's] financial performance highlights the evolving industry landscape and reinforces the importance of our actions to reallocate resources towards our most significant and highest potential opportunities," he added.It can often be difficult to extract meaning from corpospeak, but it's a snippet that indicates EA is becoming increasingly downbeat about the prospects of single-player experiences. Perhaps that's no surprise given live services represented 74 percent of EA's business on a trailing 12 month basis.In any case, EA has now tempered its expectations for Veilguardwhich has attracted 1.5 million players to dateand updated its full-year guidance to include "lower contributions" from the title.EA boss indicates one major franchise could be getting a massive overhaulDiscussing its other franchises, EA CEO Andrew Wilson said EA Sports FC underperformed because some players are waiting longer to upgrade between annual releases."While early acquisition started out strong, post-launch acquisition cohorts waited longer in the cycle to acquire a new title as many stayed in prior iteration," explained Wilson. "Combined plays in our full HD experiences were flat year-over-year. This mix shift and slower new player acquisition accounted for about half of the title's underperformance versus expectations."He indicated that recent attempts to fix gameplay issues generated a "strong response," driving player retention rates and delivering a record number of weekly active users in January. Wilson described the impact of EA Sports FC's performance as a "temporary" blip rather than a structural issue that will impact the company in the long-term."Our global football franchise net bookings have grown over 70 percent over the last five fiscal years, making it one of the biggest sports entertainment properties in the world," he added, noting that FY25 remains on track to be the second most successful year in the history of the franchise.The company's other major sports franchise, American Football, remains on pace to surpass $1 billion in net bookings during the current fiscal year and delivered double-digit weekly active user growth in Q3.Elsewhere, Apex Legends net bookings declined year-over-year but Wilson explained that performance was in with expectations. He said the live service shooter "has not been headed in the direction that we have wanted for some time" and suggested a robust overhaul could be on the way."We do believe there will be a time where we need to do a more meaningful update of Apex as a broad game experience," he continued. "You should imagine we probably wouldn't drop that on top of a Battlefield launch. And so from a timing standpoint, our thinking right now is that that would exist post Battlefield."The Sims franchise, meanwhile, delivered year-over-year growth and according to Wilson surpassed expectations after expanding with spin-off MySims: Cozy Bundle. He noted that 50 percent of all players who purchased that title were new to EA.Looking ahead, EA expects to deliver net bookings of $7 billion to $7.15 billion by the end of the fiscal year on March 31, 2025down 6 percent to 4 percent year-on-year.EA has also announced plans for a $1 billion accelerated stock repurchase in addition to its current $375 million per quarter program. Canfield said that decision "reinforces our strategy and commitment to returning capital to stockholders" and "demonstrates our confidence in our long-term growth outlook."Read more about:FinancialsEATop StoriesAbout the AuthorChris KerrNews Editor, GameDeveloper.comGame Developer news editor Chris Kerr is an award-winning journalist and reporter with over a decade of experience in the game industry. His byline has appeared in notable print and digital publications including Edge, Stuff, Wireframe, International Business Times, andPocketGamer.biz. Throughout his career, Chris has covered major industry events including GDC, PAX Australia, Gamescom, Paris Games Week, and Develop Brighton. He has featured on the judging panel at The Develop Star Awards on multiple occasions and appeared on BBC Radio 5 Live to discuss breaking news.See more from Chris KerrDaily news, dev blogs, and stories from Game Developer straight to your inboxStay UpdatedYou May Also Like

Google updated its artificial intelligence principles on Tuesday to remove commitments around not using the technology in ways that cause or are likely to cause overall harm. A scrubbed section of the revised AI ethics guidelines previously committed Google to not designing or deploying AI for use in surveillance, weapons, and technology intended to injure people. The change was first spotted by The Washington Post and captured here by the Internet Archive.Coinciding with these changes, Google DeepMind CEO Demis Hassabis, and Googles senior exec for technology and society James Manyika published a blog post detailing new core tenets that its AI principles would focus on. These include innovation, collaboration, and responsible AI development the latter making no specific commitments.Theres a global competition taking place for AI leadership within an increasingly complex geopolitical landscape, reads the blog post. We believe democracies should lead in AI development, guided by core values like freedom, equality, and respect for human rights. And we believe that companies, governments, and organizations sharing these values should work together to create AI that protects people, promotes global growth, and supports national security.These are the AI applications that Google previously said it wouldnt pursue. Image: GoogleHassabis joined Google after it acquired DeepMind in 2014. In an interview with Wired in 2015, he said that the acquisition included terms that prevented DeepMind technology from being used in military or surveillance applications. While Google had pledged not to develop AI weapons, the company has worked on various military contracts, including Project Maven a 2018 Pentagon project that saw Google using AI to help analyze drone footage and its 2021 Project Nimbus military cloud contract with the Israeli government. These agreements, made long before AI developed into what it is today, caused contention among employees within Google who believed the agreements violated the companys AI principles.Googles updated ethical guidelines around AI bring it more in line with competing AI developers. Metas Llama and OpenAIs ChatGPT tech are permitted for some instances of military use, and a deal between Amazon and government software maker Palantir enables Anthropic to sell its Claude AI to US military and intelligence customers.See More:

Uber is getting ready for the launch of Waymos public robotaxi service in Austin, Texas, prompting customers to join a list of people interested in riding in the Alphabet-owned companys AVs when they finally go live. It also revealed photos of the new co-branded robotaxis that will operate across a swath of the Texas capital as part of the new service.Currently, Waymo isnt open to the public in Austin. The companys driverless vehicles are only available to a small group of people who joined Waymos waitlist to become early testers of the service. Waymo has not said when the service will open up to the broader public, but reading between the lines of this Uber announcement, it sounds like it may be soon. (A spokesperson for Waymo didnt respond to a request for comment.)When it does launch, Waymos vehicles will be available exclusively on Ubers app in Austin. The two companies first announced their partnership to put Waymos robotaxis on Ubers app back in 2023. They ran a short-lived pilot in Phoenix and now plan on launching the first official version in Austin, with Atlanta to follow.Waymos own ridehail app, Waymo One, will not be operational in Austin. Customers who open Waymo One will be redirected to Ubers app.To prepare, Uber is asking customers in Austin to indicate their interest in being passengers in Waymos fully driverless (the company calls them rider only) vehicles. In the app settings under Preferences, customers can choose to join the interest list to get updates about Waymos launch and increase their chance of being paired with an autonomous vehicle when the service goes live.The co-branded vehicles will also soon be spotted tooling around Austin without a driver behind the wheel. The vehicles will only operate within a geofenced 37-square-mile swath of the city that includes Hyde Park, Montopolis, and downtown.Uber customers that get paired with a Waymo will pay the same rates as UberX, Uber Green, Uber Comfort, or Uber Comfort Electric, the company says. (Ride prices for all ridehailing, robo or otherwise, fluctuate based on traffic and the time of day.) Those fares will be provided upfront before customers accept the ride, and once the vehicle arrives, customers can unlock and start the ride from the Uber app. (Theres also a start ride button in the vehicle.)The two companies will share the responsibilities of running and managing a fleet of autonomous vehicles. Uber will use contractors for vehicle cleaning, repair, and other general depot operations, while Waymo will handle roadside assistance (when the robotaxis inevitably get stuck) and customer service. They will obviously share in the costs and the revenue produced by the robotaxi service, though both companies have declined to share the split.Waymo currently operates its own Waymo One ridehail service in San Francisco, Phoenix, and Los Angeles; it recently hit the milestone of operating 150,000 rides each week in all three cities. Studies have shown that Waymo has better customer retention than human-powered ridehail services like Uber and Lyft.See More:

EA CEO Andrew Wilson has commented on the financial failure of Dragon Age: The Veilguard, saying it failed to "resonate with a broad enough audience."Last week, EA restructured Dragon Age developer BioWare to focus on Mass Effect 5 only, meaning some who worked on The Veilguard were moved to projects at other EA studios, while other staff were laid off.The decision followed EAs announcement that Dragon Age: The Veilguard had underperformed on its expectations for the long-awaited action RPG. EA said Dragon Age "engaged" 1.5 million players during its recent financial quarter, which was down nearly 50% from the company's projections.IGN has chronicled some of Dragon Age: The Veilguards development challenges, including layoffs and the departure of several project leads at different stages.According to Bloomberg reporter Jason Schreier, BioWare staff believe it was a miracle Dragon Age: The Veilguard released a complete game after EA forced live-service into it, then reversed course.Now, speaking in an investor-focused financial call, Wilson suggested its role-playing games need to have shared-world features and deeper engagement alongside high-quality narratives.In order to break out beyond the core audience, games need to directly connect to the evolving demands of players who increasingly seek shared-world features and deeper engagement alongside high-quality narratives in this beloved category, Wilson said in prepared remarks.Dragon Age had a high-quality launch and was well-reviewed by critics and those who played. However, it did not resonate with a broad enough audience in this highly competitive market.Reading between the lines, Wilson is suggesting that if Dragon Age: The Veilguard had shared-world features" and deeper engagement, it might have sold more copies. But its hard to understand that position when you consider EA backed BioWares major reset of Dragon Age. As IGN has reported, this reboot saw Dragon Age shift from the skeleton of a multiplayer game with repeatable quests, a tech base, and the outline of a story, to a full-blown single-player RPG.Fans are already saying EA has learnt the wrong lessons from Dragon Age: The Veilguard, and are pointing to the enormous success of single-player only RPGs that have been released recently, including Larians all-conquering Baldurs Gate 3. Either way, it seems Dragon Age is now dead, at least for the foreseeable future. But what does this all mean for Mass Effect 5?EA CFO Stuart Canfield touched on EAs decision to restructure BioWare to focus on the next Mass Effect, which has reportedly involved cutting the 200-person studio down to less than 100 people.Historically, blockbuster storytelling has been the primary way our industry bought beloved IP to players, Canfield said. The game's financial performance highlights the evolving industry landscape and reinforces the importance of our actions to reallocate resources towards our most significant and highest potential opportunities.Its worth noting that single-player only games make up a tiny portion of EAs overall revenue. The bulk of the companys cash comes from live service (74% in the last 12 months). Ultimate Team is doing the heavy lifting here, but there are live service contributions from everything from Apex Legends to The Sims. The upcoming Skate is a live service, and the next Battlefield will inevitably be treated as such, too.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Deepfakes essentially putting words in someone elses mouth in a very believable way are becoming more sophisticated by the day and increasingly hard to spot. Recent examples of deepfakes include Taylor Swift nude images, an audio recording of President Joe Biden telling New Hampshire residents not to vote, and a video of Ukrainian President Volodymyr Zelenskyy calling on his troops to lay down their arms.Although companies have created detectors to help spot deepfakes, studies have found that biases in the data used to train these tools can lead to certain demographic groups being unfairly targeted.A deepfake of Ukraine President Volodymyr Zelensky in 2022 purported to show him calling on his troops to lay down their arms.Olivier Douliery/AFP via Getty ImagesMy team and I discovered new methods that improve both the fairness and the accuracy of the algorithms used to detect deepfakes.To do so, we used a large dataset of facial forgeries that lets researchers like us train our deep-learning approaches. We built our work around the state-of-the-art Xception detection algorithm, which is a widely used foundation for deepfake detection systems and can detect deepfakes with an accuracy of 91.5%.We created two separate deepfake detection methods intended to encourage fairness.One was focused on making the algorithm more aware of demographic diversity by labeling datasets by gender and race to minimize errors among underrepresented groups.The other aimed to improve fairness without relying on demographic labels by focusing instead on features not visible to the human eye.It turns out the first method worked best. It increased accuracy rates from the 91.5% baseline to 94.17%, which was a bigger increase than our second method as well as several others we tested. Moreover, it increased accuracy while enhancing fairness, which was our main focus.We believe fairness and accuracy are crucial if the public is to accept artificial intelligence technology. When large language models like ChatGPT hallucinate, they can perpetuate erroneous information. This affects public trust and safety.Likewise, deepfake images and videos can undermine the adoption of AI if they cannot be quickly and accurately detected. Improving the fairness of these detection algorithms so that certain demographic groups arent disproportionately harmed by them is a key aspect to this.Our research addresses deepfake detection algorithms fairness, rather than just attempting to balance the data. It offers a new approach to algorithm design that considers demographic fairness as a core aspect.Siwei Lyu, Professor of Computer Science and Engineering; Director, UB Media Forensic Lab, University at Buffalo and Yan Ju, Ph.D. Candidate in Computer Science and Engineering, University at BuffaloThis article is republished from The Conversation under a Creative Commons license. Read the original article. Story by The Conversation An independent news and commentary website produced by academics and journalists. An independent news and commentary website produced by academics and journalists. Get the TNW newsletterGet the most important tech news in your inbox each week.Also tagged with

China is considering opening an antitrust investigation into Apples App Store commissions, mirroring those already carried out in the US, EU, and elsewhere.However, its likely that the Chinese government is simply raising the possibility as a form of leverage in the latest trade war instigated by the Trump administration Investigations and lawsuits elsewhereApple has already faced antitrust investigations and action around the world, through a mix of legislators and lawsuits from customers and developers. The core argument has been that because Apple had monopolistic control over the sale of iPhone apps, it was free to set its own commission rates and terms, and developers had no choice but to agree.The most dramatic change happened in the EU, where the Digital Markets Act required Apple to allow iPhone and iPad apps to be sold throughthird-party app stores. Apple did its best to make this option as unattractive as possible for developers in what has been described asan act of malicious compliance, and its likely that it will be forced to change its terms.In the US, Apple suffered a smaller loss, when a case brought byEpic Gamesresulted in the company being told that it must allow developers to link to alternative ways of purchasing in-app content. The company again complied in a way that would protect its commissions, and the judge in this case has indicated that Apple islikely to be found in breachof her ruling.There have also been similar investigations and lawsuits in a number of other countries, including Australia, India, Korea, and Japan.China considering antitrust investigationThere have been mumblings before about possible antitrust investigations in China. A lawsuit was filed by an iPhone owner back in 2021, but that case was dismissed when the court ruled that Apples commissions were in line with those on Android app stores, and there was no evidence that consumers ended up paying higher charges.However, Bloomberg reports that the countrys antitrust regulator is considering opening an investigation.Chinas antitrust watchdog is laying the groundwork for a potential probe into Apple Inc.s policies and the fees it charges app developers, part of a broader push by Beijing that risks becoming another flashpoint in the countrys trade war with the US.The State Administration for Market Regulation is examining Apples policies, which include taking a cut of as much as 30% on in-app spending and barring external payment services and stores, people familiar with the matter said.Likely leverage in trade warWhile China has long murmured about the possibility of antitrust investigations into Apple and other US companies, the timing of this news is unlikely to be coincidental.While Trump hasnt yet acted on his threatened chip tariffs, he yesterday imposed a blanket 10% import duty on all goods arriving from China. The Chinese government responded by imposing tariffs on some US imports, and literally seconds later announced an antitrust investigation into Google. The announcement about Apple followed shortly afterwards.A similar thing happened when Trump instigated a trade war against China during his first term, with Apple a key target for retaliation.That being the case, its likely that China wants to initially hold out the threat of an investigation as leverage, and then if that doesnt achieve anything it will proceed at that stage using the threat of a finding against Apple as stakes in the trade war.Photo of Beijing skyline byzhang kaiyvonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Feb 05, 2025The Hacker NewsVulnerability / Threat DetectionAs the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey Report 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025.Companies are increasing the frequency of vulnerability assessments In 2024, 24% of respondents said they conduct vulnerability assessments more than four times per year, up from 15% in 2023. This shift highlights a growing recognition of the need for continuous monitoring and quick response to emerging threats. Meanwhile, biannual assessments are becoming less common, with the percentage of organizations conducting them dropping from 29% to 18%. The trend toward more frequent vulnerability assessments signals a collective move toward a stronger, more resilient security posture.How frequently does your organization conduct IT security vulnerability assessments?One-quarter of respondents conduct vulnerability assessments more than four times per year.How often you should run vulnerability scans depends on a number of factors, including the risk level of your environment and compliance requirements: High-risk areas, such as public-facing applications and critical infrastructure, may need daily or weekly scans. Less critical systems can be scanned monthly or quarterly. Some compliance regulations, like the Payment Card Industry (PCI DSS), require vulnerability scans to be performed at least once every three months. Major changes to infrastructure, such as new cloud accounts, network changes or large structural changes to web applications, may require more frequent scans. Continuous scanning is becoming more popular because it provides 24/7 monitoring of your IT environment. It can also help reduce the time to find and fix vulnerabilities. When choosing a vulnerability scanning frequency, it's important to consider the pace of technology and the need to close cybersecurity gaps before attackers exploit them. The top cause of cybersecurity issues is peopleUser-related security issues are a significant concern for IT professionals. Organizations citing a lack of end-user or cybersecurity training as a root cause increased from 28% in 2023 to 44% in 2024. Additionally, nearly half of respondents identified poor user practices or gullibility as a major problem, tripling from 15% to 45%. Poor user behavior can lead to cybersecurity vulnerabilities in many ways. After compromising a user's login credentials, cybercriminals can gain unauthorized access to an organization's network.This contributes to anywhere from 60% to almost 80% of cybersecurity breaches. IT professionals clearly view users as a key factor in cybersecurity challenges, making it even more important for organizations to take proactive measures, like vulnerability assessments and training, to close security gaps and reduce risks to minimize human-centered trouble.What are the top three root causes of your cybersecurity issues?Nearly 9 in 10 respondents named a lack of training or bad user behavior as one of the biggest causes of cybersecurity challenges.Vulnerability management is a high priority for cybersecurity investment As security maturity levels off for many businesses, there's an increased focus on proactive cybersecurity measures. Interest in investment in vulnerability assessment doubled from 13% in 2023 to 26% in 2024. This trend coincides with growing investments in cloud security (33%), automated pentesting (27%) and network security (26%), highlighting the critical need to identify and address vulnerabilities quickly in a fast-moving threat landscape. Which of the following cybersecurity investments do you anticipate making in the next 12 months?Vulnerability assessment is on the cybersecurity investment shortlist for 2025.Vulnerability assessments are key to minimizing incident costsBusinesses are seeing that their security investments are paying off, with a trend toward lower-cost cybersecurity incidents in 2024. Proactive measures like vulnerability assessments can significantly reduce incident costs and enhance cybersecurity resilience.Fast and Effective Vulnerability Management with VulScanVulScan is a comprehensive solution that identifies and prioritizes internal and external vulnerabilities in the networks you manage. It simplifies scheduling scans and filtering results for effective vulnerability management. Intuitive dashboards and reports facilitate quick identification of critical vulnerabilities to address before they can be exploited. Additionally, setting up unlimited network scanners and accessing scan results through the web management portal is quick and easy.VulScan Features:Local and remote internal vulnerability managementLocal and hosted external vulnerability scanningMulti-tenant management dashboardVulnerability noise managementAutomatic service ticket creationAbility to scan by IP address, domain name or hostnameLearn more about VulScan today.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Feb 05, 2025Ravie LakshmananMalware / Network SecurityA malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels."AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis."It allows attackers to control infected systems stealthily, exfiltrate data and execute commands while remaining hidden making it a significant cyberthreat."The starting point of the multi-stage attack chain is a phishing email that contains a Dropbox URL that, upon clicking, downloads a ZIP archive.Present within the file is an internet shortcut (URL) file, which serves as a conduit for a Windows shortcut (LNK) file responsible for taking the infection further, while a seemingly benign decoy PDF document is displayed to the message recipient.Specifically, the LNK file is retrieved by means of a TryCloudflare URL embedded within the URL file. TryCloudflare is a legitimate service offered by Cloudflare for exposing web servers to the internet without opening any ports by creating a dedicated channel (i.e., a subdomain on trycloudflare[.]com) that proxies traffic to the server.The LNK file, for its part, triggers PowerShell to execute a JavaScript code hosted on the same location that, in turn, leads to a batch script (BAT) capable of downloading another ZIP archive. The newly downloaded ZIP file contains a Python payload designed to launch and execute several malware families, such as AsyncRAT, Venom RAT, and XWorm.It's worth noting that a slight variation of the same infection sequence was discovered last year propagating AsyncRAT, GuLoader, PureLogs Stealer, Remcos RAT, Venom RAT, and XWorm."This AsyncRAT campaign has again shown how hackers can use legitimate infrastructures like Dropbox URLs and TryCloudflare to their advantage," Singh noted. "Payloads are downloaded through Dropbox URLs and temporary TryCloudflare tunnel infrastructure, thereby tricking recipients into believing their legitimacy."The development comes amid a surge in phishing campaigns using phishing-as-a-service (PhaaS) toolkits to conduct account takeover attacks by directing users to bogus landing pages mimicking the login pages of trusted platforms like Microsoft, Google, Apple, and GitHub.Social engineering attacks conducted via emails have also been observed leveraging compromised vendor accounts to harvest users' Microsoft 365 login credentials, an indication that threat actors are taking advantage of the interconnected supply chain and the inherent trust to bypass email authentication mechanisms.Some of other recently documented phishing campaigns in recent weeks are below -Attacks targeting organizations across Latin America that make use of official legal documents and receipts to distribute and execute SapphireRATAttacks exploiting legitimate domains, including those belonging to government websites (".gov"), to host Microsoft 365 credential harvesting pagesAttacks impersonating tax agencies and related financial organizations to target users in Australia, Switzerland, the U.K., and the U.S. to capture user credentials, make fraudulent payments, and distribute malware like AsyncRAT, MetaStealer, Venom RAT, XWormAttacks that leverage spoofed Microsoft Active Directory Federation Services (ADFS) login pages to gather credentials and multi-factor authentication (MFA) codes for follow-on financially motivated email attacks Attacks that employ Cloudflare Workers (workers.dev) to host generic credential harvesting pages mimicking various online servicesAttacks targeting German organizations with the Sliver implant under the guise of employment contractsAttacks that utilize zero-width joiner and soft hyphen (aka SHY) characters to bypass some URL security checks in phishing emailsAttacks that distribute booby-trapped URLs that deliver scareware, potentially unwanted programs (PUPs) and other scam pages as part of a campaign named ApateWebRecent research by CloudSEK has also demonstrated that it's possible to exploit Zendesk's infrastructure to facilitate phishing attacks and investment scams."Zendesk allows a user to sign up for a free trial of their SaaS platform, allowing registration of a subdomain, that could be misused to impersonate a target," the company said, adding attackers can then use these subdomains to deliver phishing emails by adding the targets' email addresses as "users" to the Zendesk portal."Zendesk does not conduct email checks to invite users. Which means that any random account can be added as a member. Phishing pages can be sent, in the guise of tickets assigned to the email address."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Joe Sagrilla, Faculty, McCombs School of Business at the University of Texas at AustinFebruary 5, 20255 Min ReadZoonar GmbH via Alamy StockAs organizations look to increase business performance through generative AI, traditional methods for increasing adoption of new technologies are unlikely to be effective for several reasons.First, unlike most enterprise systems, which are designed to automate specific tasks, GenAI tools are general purpose. While standard use cases can be developed and shared, sustainable productivity gains will result from employees innovating and finding novel ways to use GenAI tools in real-time as conditions change.Second, many GenAI tools are enabled rather than implemented, thus bypassing the user engagement opportunities a formal implementation project affords. For example, many organizations are using GenAI for text generation in word processors and notetaking in video conference software. No implementation project was needed to make this leap; the new functionality was simply activated. Third, GenAI tools are probabilistic rather than deterministic. Having employees attend structured training makes sense for a deterministic system, one that will always generate predictable outputs from a given set of inputs. Conversely, GenAI tools rely on statistical methods and have inherent variability in their outputs. Enter the same prompt in your favorite large language model (LLM) twice and you will get two different responses.Related:The final key difference between prior technologies and GenAI is the level of technical knowledge required. Unlike previous technologies, many GenAI tools are designed to be low code or no code. Users tell the technology what to do via natural language processing or simple graphic interfaces. Because there is no need to translate desired functions into computer code, employees can innovate automations independently, breaking the reliance on IT and specialized coding skills.Culture at the Core of GenAI AdoptionThe challenge for business leaders will be to increase the type of GenAI adoption that continually taps new pools of business value through independent, real-time use case innovation on pace with changing business demands. This will require an important cultural component that I call digital mindset.Digital mindset entails a functional understanding of data and systems, enabling innovation in daily work activities across multiple domains. Digital mindset is a productivity accelerant, insufficient by itself, and most impactful when paired with domain expertise and other soft skills, like problem-solving and communications. Leaders Can Drive Bottom-Up GenAI AdoptionRelated:Cultural changes require a strong leadership push to be successful. There are several practical steps leaders can take to begin building or reinforcing digital mindset and driving value-add GenAI adoption:Role model the behavior. Leaders should be embodiments of digital mindset, role modeling the desired behaviors and consistently walking the walk. To do this, leaders should gain hands-on experience using GenAI tools.Create the right conditions. Encouragement for employees to use GenAI must be matched with a positive user experience, especially for first-time users. Leaders should establish an infrastructure that makes GenAI both safe and easy to use.Communicate clearly and transparently. GenAI adoption should be enhanced through a multi-pronged communication plan, with messaging that evolves over time and, at a minimum, accomplishes a few critical objectives: provides clear guidance, demystifies the organizations approach to GenAI, builds excitement, sets expectations, and celebrates specific examples of success.Embrace the culture shift. For organizations that are resistant or lagging, leaders need to use cultural interventions to treat the root causes -- the underlying employee beliefs and values -- rather than the symptoms. Overcoming limiting beliefs like AI is going to replace me or I need to wait for training before I can start must be overcome to build momentum toward sustained success. Related:Effective cultural interventions create positive changes in employee attitudes that drive new behaviors that generate artifacts that create business value. Because the change unfolds through these layers sequentially, its important to have benchmarks for each layer that help indicate a strong culture (digital mindset) versus a weak one (analog mindset). Some examples of good and bad at each layer include:Layer 1: Culture -- Beliefs and ValuesDigital mindset examples - Technology can make my role more valuable; using new technologies will create skills that transfer to other systems; using new technology is a way to learnAnalog mindset examples - Technology will replace my job; by the time I learn this new technology, it will change again; I need to wait for training before I startLayer 2: AttitudesDigital mindset examples Enthusiastic view of technologyAnalog mindset examples Cynical view of technologyLayer 3: BehaviorsDigital mindset examples Seek out resources and training; experiment with new technologies on daily tasks; spread knowledge to colleaguesAnalog mindset examples Disparage and resist new technology; subvert implementation efforts; encourage complexity to reduce automation potentialLayer 4: Artifacts -- Outcomes that Deliver Business ValueDigital mindset examples Process innovation; productivity gains; analytics enablementAnalog mindset examples Manual processes; unreliable data; stale skillsetsMeasuring ProgressLevels of GenAI adoption can be measured across a continuum ranging from resistant to champion adoption, with several steps in between.GenAI Adoption Levels (Worst to Best)0 Resistant - Actively resists or avoids using GenAI tools, either due to fear, mistrust or a perception that they threaten job security.1 Forced adoption - Engages minimally with GenAI, using only the basic features necessary to meet mandatory requirements or appease supervisors.2 Cautious adoption - Begins to explore GenAIs capabilities beyond the bare minimum, often through limited, low-stakes experimentation.3 Enthusiastic adoption - Shows genuine interest in integrating GenAI tools into their workflow, actively participating in use cases provided by supervisors or team leaders.4 Creative adoption - Develops novel use cases for GenAI independently, often designing solutions tailored to specific departmental needs or even contributing to larger strategic goals.5 Champion adoption - Fully embraces GenAI as a core part of their work and actively promotes its use across departmental boundaries. Champions are adept at identifying new opportunities for GenAI, both operationally and strategically, and regularly share their insights and solutions to drive organizational adoption.Companies that have previously invested in building digital mindsets are likely to find themselves further along the continuum, another testament to the many benefits of instilling digital mindsets within the culture.ConclusionOrganizations that proactively build digital mindset not only position themselves to derive immediate value from GenAI, but also strengthen their long-term adaptability and competitiveness in an increasingly technology-driven business landscape.About the AuthorJoe SagrillaFaculty, McCombs School of Business at the University of Texas at AustinJoe Sagrilla is a business leader, management consultant, and university faculty. His specialties include business strategy, technology, transformation, process improvement and organizational performance. He currently lives in Austin, Texas.See more from Joe SagrillaNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports