Candy Crush Saga is among the most popular games of the modern age. With hundreds of millions of players, its a game that combines relaxation with a compelling just one more go approach. You could say much the same thing about casual gaming classic, Microsoft Solitaire, the game that introduced many of us to the beloved solo card game when it was included on Windows PCs from 1990.Perhaps its no wonder, then, that today sees the release of Candy Crush Solitaire for iOS and Android devices its a combination of Candy Crushs vibrant looks and beloved mechanics with Solitaires enduring appeal.We saw an opportunity to bring together two timeless gaming experiences, Candy Crush Saga and Solitaire, both of which offer a satisfying balance of relaxation and challenge, King Executive Producer Marta Cortinas tells me. Extensive research and player testing showed strong demand for a product that combines strategic card play with engaging visuals and creative mechanics. The goal was to create a fresh, immersive experience that retains the strategic depth of Solitaire while incorporating the vibrant and rewarding gameplay that Candy Crush Saga is known for. The first step was identifying the right type of solitaire gameplay that would best align with the Candy Crush experience.Unlike the suit-matching solitaire you might be familiar with known as Klondike a key change here is that Candy Crush Solitaire bases itself on another variant, known as TriPeaks.TriPeaks Solitaire differs from Klondike in that it focuses more on clearing a board by playing cards in ascending or descending order, rather than building suits, explains Cortinas. This means players can focus on making strategic decisions without being restricted by suit or color. It was the right choice for Candy Crush Solitaire because it allows for a faster-paced, more intuitive gameplay experience that aligns with the rewarding, pick-up-and-play nature of the Candy Crush franchise.Its mechanics provide a great blend of strategy and progression, similar to how players advance in Candy Crush levels. From there, we layered in the signature Candy Crush Saga elements, colorful boosters, engaging progression, and collectible rewards, ensuring that players would recognize the familiar sense of accomplishment and fun from our franchise.For Candy Crush players, those elements will be immediately familiar. The Color Bomb and Lollipop Hammer boosters from Saga make appearances here to help you along, obstacles in your game will (of course) be candy-themed, and Candy Crush characters will make appearances along the way, taking you on an adventure outside of the Candy Kingdom for the first time.Which brings us to another big change to Solitaire progression. The original card game tends to be built for standalone rounds but, in classic Candy Crush style, each round of Candy Crush Solitaire is now part of a series of escalating levels.Progression in Candy Crush Solitaire is designed to feel just as rewarding as in other Candy Crush games, says Cortinas. Players advance by completing levels and unlocking postcards from various locations around the world, adding a collectible element to the game. Additionally, weve introduced the Hold Slot mechanic, which allows players to strategically set aside a card for later use, adding another layer of progression and planning. We have the same plan for Candy Crush Solitaire as with our other live games of adding new levels each week to help our players keep progressing through the game and always refining and tweaking those levels, to ensure we are hitting expectations when it comes to delivering the best quality content for our players.The team at King is committed not only to adding new levels, but tweaking the game based on player feedback, introducing new gameplay mechanics, and keeping things moving with seasonal events, challenges, and rewards. Solitaire might be a static game, but Candy Crush Solitaire certainly wont be.As the first new Candy Crush game since 2018, its clearly something King is very proud of, and excited to release. I ask why this game was chosen to continue the franchises lineage:We only launch a new game when we believe we have something truly special to offer, enthuses Cortinas. Our business is built on testing and learning, to ensure the experience were giving our players is the best we can deliver. The Solitaire genre has been growing, and our research showed strong interest from both Candy Crush players and Solitaire fans in a game that merges the best of both worlds. After extensive testing and refinement, we saw that Candy Crush Solitaire had the potential to be a meaningful and engaging addition to the franchise.Its all the more special that King is now a part of Microsoft, home of the version of Solitaire many played for the very first time. In some ways, this game is the continuation of two gaming lineages.Candy Crush Solitaire is available today for iOS and Android devices.

If 27-inch 5K displays arent your thing, BenQs 32-inch 4K monitor is a fun option Ive been testing and loving. The BenQ RD320UA 32-inch Ergo Arm Programming Monitor with MoonHalo is designed to maximize comfort during long coding (or writing) sessions. How Im using BenQ RD320UAAs a 4K display, the RD320UA is ultra sharp when using 19201080 screen real estate. However, Ive been using the scaled resolution option of 25601440 without straining my eyes. This works well when using the 32-inch 4K monitor next to the 27-inch 5K monitor without noticeable resizing weirdness.Speaking of eye strain, the RD320UA minimizes discomfort in three ways.MoonHaloThe MoonHalo light source, like a customizable backlight behind the display, illuminates the area behind it, reducing eye strain from the monitors light.This is great for late-night keyboard sessions. It beats working in a dark room or staying up late in a bright room when youre coding or writing.The MoonHalo is easily toggled on/off, with seven color temperatures ranging from daylight to warmer tones, and adjustable brightness. Customizing MoonHalo to different modes allows for a cool backlight in Light Mode, a warm backlight in Dark Mode, and no backlight in M-book mode.When the display turns off, so does the MoonHalo light. During testing, using Apple Vision Pro with my Mac mini at night turned off my actual display, including the MoonHalo light. Removing Apple Vision Pro woke up the display, and the MoonHalo lit up the room again. It was a delightful experience!Ergo ArmThe Ergo Arm is delightful to use. The monitor floats above your desk, and you can easily raise and lower it with a light touch. The arm has two pieces that allow you to position the monitor precisely. You can also rotate the display from landscape to portrait orientation quickly.Night Hours ProtectionRD320UA features Night Hours Protection, which dynamically adjusts the displays luminosity for late-night work. It uses minimum brightness technology, low-light eye-care filter, and dark-room display optimization, BenQ explains.With advanced low brightness technology capable of descending far below conventional limitations, Night Hours Protection allows programmers to find their optimal brightness setting even in the darkest of rooms, alleviating strain on the eyes and facilitating the elusive flow state while your eyes remain fresh during coding sessions well into the night.Importantly, switching modes and adjusting display preferences are easily accessible through the displays built-in menu no need to dig through complicated settings.BenQs Nano Matte Panel wraps up my affinity for the RD320UA, making it great to use in direct lighting during the day while reducing glare at dark environments.For more specs around the monitor:32-inch, 16:9, 384021602000:1 contrast ratio90W USB-C KVM switching built-inDualView Plus and picture-in-picture/picture-by-picture support Finally, I just have to mention that the RD320UA is also a wonderful monitor for simply watching videos and movies or playing a lo-fi video games on YouTube as a seven-year-old.The new BenQ RD320UA is available from benq.com and Amazon for $699.99. Find compatible BenQ software here, including Display Pilot 2.Best Mac mini accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Consumer electronics from China are getting more expensive for both consumers and businesses, as Trumps 10% import tariffs take effect. Additionally, removal of a small-value exemption on existing tariffs means some products are now subject to import taxes as high as 45%.Courier companies are also applying their own collection fees on top of the tariffs, further increasing costs and some companies are pausing imports while they figure out what to do As of this week, import duty of 10% is payable on the value of all products imported from China. Trump also removed a long-standing exemption on any existing duties on shipment values below $800. This means that taxes and fees are being levied on even the smallest of purchases, in some cases exceeding the price originally paid for the items.This applies to both consumers buying products from China directly and businesses like Apple whose products are made in China. Unlike last time, where the taxes were imposed on specific product categories, and Apple was able to lobby for exemptions, the new tariffs apply universally.Wired reports that consumers are now receiving noticed from courier companies advising that their packages cannot be delivered until they have paid the tariffs and admin fees for collecting them.Over the past 24 hours, US shoppers have reported receiving notices from UPS and DHL stating they owed between $20 to over $50 [] DHL, UPS, and Amazon did not respond to requests for comment from WIRED. A spokesperson for FedEx said the company was working on helping customers adapt to what they called substantial changes resulting from the recent tariff announcements.Small businesses are also struggling to respond, with keyboard company Qwertykeys telling The Verge that it has suspended US sales for now.The keyboard company Qwertykeys has temporaily halted all shipments to the United States in response to President Trumps tariffs on Chinese goods going into effect. The company says its working on ways to mitigate shipping costs and that the tariffs have made it so that all keyboards from China to the U.S. are now subject to 45% tariffs at full value.Apple is also potentially getting caught up in retaliatory action by China against US companies.Photo byqiwei yangonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Feb 06, 2025Ravie LakshmananFinancial Fraud / CryptocurrencyA new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, Kaspersky researchers Dmitry Kalinin and Sergey Puzan said in a technical report.The moniker is a reference to an embedded software development kit (SDK) that employs a Java component called Spark that masquerades as an analytics module. It's currently not known whether the infection was a result of a supply chain attack or if it was intentionally introduced by the developers.While this is not the first time Android malware with OCR capabilities has been detected in the wild, it's one of the first instances where such a stealer has been found in Apple's App Store. The infected apps in Google Play are said to have been downloaded over 242,000 times.The campaign is assessed to have been active since March 2024, with the apps distributed via both official and unofficial app stores. The applications masquerade as artificial intelligence (AI), food delivery, and Web3 apps, although some of them appear to offer legitimate functionality."The Android malware module would decrypt and launch an OCR plug-in built with Google's ML Kit library, and use that to recognize text it found in images inside the gallery," Kaspersky said. "Images that matched keywords received from the C2 were sent to the server."In a similar vein, the iOS version of SparkCat relies on Google's ML Kit library for OCR to steal images containing mnemonic phrases. A notable aspect of the malware is its use of a Rust-based communication mechanism for C2, something rarely observed in mobile apps.Further analysis of keywords used and the regions where these apps were made available indicate that the campaign is primarily targeting users in Europe and Asia. It's assessed that the malicious activity is the work of a threat actor who is fluent in Chinese."What makes this Trojan particularly dangerous is that there's no indication of a malicious implant hidden within the app," the researchers said. "The permissions that it requests may look like they are needed for its core functionality or appear harmless at first glance."The disclosure comes as Zimperium zLabs detailed another mobile malware campaign targeting Indian Android device owners by distributing malicious APK files via WhatsApp under the guise of banking and government applications, allowing the apps to harvest sensitive perusal and financial information.The cybersecurity company said it has identified over 1,000 phony apps linked to the campaign, with the attackers leveraging roughly 1,000 hard-coded phone numbers as exfiltration points for SMS messages and one-time passwords (OTPs)."Unlike conventional banking Trojans that rely solely on command-and-control (C&C) servers for one-time password (OTP) theft, this malware campaign leverages live phone numbers to redirect SMS messages, leaving a traceable digital trail for law enforcement agencies to track the threat actors behind this campaign," security researcher Aazim Yaswant said.The attack campaign, named FatBoyPanel, is said to have amassed 2.5 GB of sensitive data to date, all of which is hosted on Firebase endpoints that are accessible to anyone sans authentication.This includes SMS messages from Indian banks, bank details, credit and debit card information, and government-issued identification details belonging to about 50,000 users, a majority of whom are located in the Indian states of West Bengal, Bihar, Jharkhand, Karnataka, and Madhya Pradesh. These incidents tell a cautionary tale of the importance of properly vetting code apps, including scrutinizing reviews and checking the authenticity of the developers, before downloading them, even if they are uploaded to official app storefronts.The development also follows the emergence of 24 new malware families targeting Apple macOS systems in 2024, up from 21 in 2023, according to security researcher Patrick Wardle.This coincides with a surge in information stealer attacks, such as those involving Poseidon, Atomic, and Cthulhu, that are specifically aimed at the users of the desktop operating system."Infostealers leveraging macOS often exploit the native AppleScript framework," Palo Alto Networks Unit 42 researchers Tom Fakterman, Chen Erlich, and Tom Sharon said in a report published this week."This framework provides extensive OS access, and it also simplifies execution with its natural language syntax. Since these prompts can look like legitimate system prompts, threat actors use this framework to trick victims via social engineering."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.Why is PAM climbing the ranks of leadership priorities? While Gartner highlights key reasons such as enhanced security, regulatory compliance readiness, and insurance requirements, the impact of PAM extends across multiple strategic areas. PAM can help organizations enhance their overall operational efficiency and tackle many challenges they face today.To explore more about PAM's transformative impact on businesses, read The Cyber Guardian: PAM's Role in Shaping Leadership Agendas for 2025 by a renowned cybersecurity expert and former Gartner lead analyst Jonathan Care. What cybersecurity challenges may organizations face in 2025?The cybersecurity landscape is predicted to be highly dynamic in 2025, marked by evolving attack techniques, new vulnerabilities, and an expanding attack surface. The most acute trends include:Insider threatsOrganizations often focus on external threats, while overlooking risks from within. Insider threats are one of the most underestimated yet impactful cybersecurity risks. Insider risks may manifest in several forms:malicious actors may intentionally harm your organizationnegligent employees might carelessly exfiltrate your sensitive dataexternal attackers can compromise your employees' credentials to gain unauthorized access to your systems.The scope of insider threats becomes even clearer when checking the recent statistics. According to Verizon's 2024 Data Breach Investigations Report, 31% of all data breaches over the past decade have involved stolen credentials. In the last year alone, 68% of all breaches included a human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering.Third-party vulnerabilitiesReliance on third-party vendors, contractors, and suppliers introduces significant security risks. Threats stemming from inadequate vendor security, software supply chain attacks, and subcontractor vulnerabilities continue to grow more prominent.High-profile incidents, such as the Change Healthcare data breach, in which 190 million records were compromised due to weak third-party access controls, underscore the need for robust PAM solutions. Sophisticated cyberattacksWith the evolution of AI and ML, cyberattacks are becoming increasingly targeted and sophisticated. AI enables malicious actors to create more convincing phishing schemes, whereas ML helps them make brute-force attacks more efficient.Advanced persistent threats represent a particularly insidious class of cyberattacks. These prolonged, targeted attacks are often performed by nation-states or organized crime groups aiming to steal sensitive information or disrupt operations.The 2024 Salt Typhoon cyber espionage attack on the U.S. telecommunications networks is a prime example. It highlights the persistent threat posed by state-sponsored cyber actors and highlights vulnerabilities within critical communication infrastructures that need urgent attention and remediation.Hybrid environmentsAs organizations continue to adopt hybrid work models, managing privileged access across dispersed teams, multiple locations and numerous devices becomes increasingly complex. Hybrid environments make it harder to monitor and enforce consistent access controls. Employees and contractors may also access corporate systems from unsecured devices and networks, creating gaps in security policies and increasing the risk of credential theft and unauthorized access. In recent years, many companies tend to switch between on-premises and cloud environments. While offering scalability and efficiency, hybrid environments are more susceptible to misconfigurations, providing more entry points for cybercriminals to exploit. Compliance pressuresRegulatory compliance remains one of the major challenges for organizations in 2025, as governments and industry bodies continue to introduce stricter data protection and cybersecurity regulations. Depending on the industry or region, organizations may be subjected to the GDPR, HIPAA, PCI DSS, SOX, DORA, NIS2, and others. These cybersecurity standards, laws, and regulations mandate robust access controls, data protection measures, incident response capabilities, and thorough auditing activities.Non-compliance can result in significant financial, legal, and reputational consequences.How can PAM help cybersecurity leaders overcome these challenges?PAM solutions play a pivotal role in addressing these challenges by allowing organizations to control and monitor access to critical systems and sensitive data. PAM solutions like Syteca empower organizations to:Enforce the principle of least privilege. Limit user access to only those resources necessary for their job duties.Centralize access control. Manage privileged accounts across on-prem, cloud, and hybrid environments.Implement multi-factor authentication (MFA). Verify the identities of all users accessing your IT infrastructure.Grant just-in-time (JIT) access. Provide temporary access to your critical systems, thus, minimizing exposure to persistent threats.Automate account discovery. Detect and secure unmanaged privileged accounts within your systems.Secure credentials with vaulting and rotation. Prevent credential theft by encrypting and systematically rotating passwords.Prevent lateral movement attacks. Stop cybercriminals from escalating privileges and moving across your networks undetected.Manage privileged user sessions. Track and analyze user sessions to detect and stop unusual activity.Streamline audits. Provide comprehensive activity logs and reports for security audits.A robust PAM solution ensures that only the right people, at the right time, with the right level of access, can interact with your critical systems helping you stay resilient and compliant. Beyond access control: How modern PAM enhances cybersecurity ecosystems Many modern PAM solutions go beyond traditional access control by integrating with broader cybersecurity ecosystems. Organizations can use PAM solutions along with Security Information and Event Management (SIEM) systems, User Activity Monitoring (UAM) platforms, and IT ticketing systems for a more holistic approach to cybersecurity.PAM + ticketing systems: Enhanced access controlUsing PAM in conjunction with ticketing systems helps organizations enforce strict access validation. Before granting privileged access, the system verifies the presence of a corresponding ticket. If the ticket is valid, access is granted. Thus, PAM's integration with ticketing systems enhances accountability and security by ensuring that access is only granted for authorized, documented requests.PAM + SIEM: Advanced threat detectionIntegrating PAM with SIEM systems allows you to correlate privileged access activities with broader security events. SIEM systems analyze privileged access logs to detect unusual patterns, such as unauthorized access attempts or privilege escalation. If a privileged session triggers a security event, SIEM can automatically alert IT teams.PAM + UAM: Visibility into privileged user activityIf you use PAM along with UAM solutions, you gain deeper insights into how privileged users interact with your critical assets. Security teams can monitor on-screen privileged user activity, application/web usage, keystrokes, and file transfer operations to detect unusual or risky behavior. When a security event occurs, teams can replay privileged sessions to understand exactly what happened.With Syteca, you don't need two separate solutions. It's a comprehensive cybersecurity platform that enables you to leverage both PAM and UAM functionalities for robust access management, user activity monitoring, real-time alerts, and proactive incident response. Note: Syteca also integrates with SIEMs, ticketing systems, and SSO software, allowing you to build a cybersecurity ecosystem tailored to your specific needs.PAM's strategic benefits for organizationsIn addition to helping companies tackle cybersecurity challenges and meet IT compliance requirements, PAM solutions offer some other strategic benefits. Enhanced operational efficiencyPAM automates routine and time-consuming tasks such as password rotations, access approvals, and privileged session monitoring. This reduces the workload on IT teams, allowing them to focus on higher-value initiatives and strategic projects. Streamlined operations ensure that employees and partners can access critical resources without interruptions, fostering a more productive work environment.Cost savings and increased ROIPAM drives higher return on investment (ROI) by preventing costly breaches, minimizing downtime, and automating access management processes. For instance, organizations leveraging PAM often see measurable reductions in the time and resources required to manage privileged accounts.Reduced insurance premiumsImplementation of PAM solutions demonstrates robust security measures to cyber insurance providers, helping businesses reduce premiums. Insurers evaluate the effectiveness of an organization's risk management systems, including access controls, when determining premiums.PAM as a priority for cybersecurity leadersAs cybersecurity threats evolve, the importance of PAM continues to grow. By addressing pressing challenges such as insider threats, strict regulatory compliance, new types of cyberattacks, and the complexities of hybrid IT environments, PAM ensures that organizations remain resilient in the face of dynamic risks.Syteca PAM empowers organizational leaders to foster security and operational efficiency. With features to combat today's challenges and meet tomorrow's needs, Syteca offers a holistic approach to protecting critical assets and streamlining access management. Book a free demo to take the next step toward a secure, future-ready IT environment.About the author: Ani Khachatryan, Syteca's Chief Technology Officer, started her journey in Syteca as a test manager. In this role, she successfully renovated the testing processes and helped integrate development best practices across the company. Her strong background in testing and striving for perfection helps Ani come up with unconventional solutions to technical and operational issues, while her deep expertise in cybersecurity establishes her as an expert in the industry.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Carrie Pallardy, Contributing ReporterFebruary 6, 20256 Min ReadTithi Luadthong via Alamy StockWeve been here before. A new, exciting technology emerges with the promise of transforming business. Enterprises race to adopt it. Vendors clamor to create the most enticing use cases. Business first, security second. We saw this with the cloud, and now we are in the early stages with a new technology: AI. A survey conducted by IBM found that just 24% of GenAI projects include a security element.Now, boards are much more savvy about the necessity of cybersecurity. CEOs understand the reputational risk, says Akiba Saeedi, vice president of product management at global technology company IBM Security.That awareness means more enterprise leaders are thinking about AI in the context of security, even if the business case is winning out over security at the moment. What security costs does AI introduce into the enterprise environment? How do budgets need to adapt to handle these costs?Data SecurityData security is not a new concept, or cost, for enterprises. But it is essential to maintaining AI security.Before you can really do good AI security you really have to have good data security because at the heart of the AI is really the data, and a lot of the companies and folks that we talked to are still having trouble with the basic data layer, John Giglio, director of cloud security at cloud solutions provider SADA, an Insight company, tells InformationWeek.Related:For organizations that have not prioritized data security already, the budgeting conversation around AI security can be a difficult one. There can be very hidden costs. It can be very difficult to understand how to go about fixing those problems and identifying those hidden costs, says Giglio.Model SecurityAI models themselves need to be secured. A lot of these generative AI platforms are really just black boxes. So, were having to create new paradigms as we look at, How do we pen test these types of solutions? says Matti Pearce, vice president of information security, risk, and compliance at cybersecurity company Absolute Security.Model manipulation is also a concern. It is possible to trick the models into giving information that they shouldn't, divulging sensitive data [getting] the model to do something that [its] not necessarily meant to do, says Saeedi.What tools and processes do an enterprise need to invest in to prevent that from happening?Shadow AIAI is readily available to employees, and enterprise leaders might not know what tools are already in use throughout their organization. Shadow IT is not a new challenge; shadow AI simply compounds it.Related:If employees are feeding enterprise data to various unknown AI tools, the risk of exposure increases. Breaches that involve shadow data can be more difficult to identify and contain, ultimately resulting in more cost. Breaches involving shadow data cost an average of $5.27 million, according to IBM.Employee TrainingAny time an enterprise introduces a new technology, it comes with a learning curve. Do the employees building new AI capabilities understand the security implications?If you think about the people who are building the AI models, they are data scientists. They are researchers. Their expertise is not necessarily security, Saeedi points out.They need the time and resources to learn how to secure AI models. Enterprises also need to invest in education for end users. How can they use AI tools with security in mind? You can't secure something if you dont understand how it works, says Giglio.Employee education also needs to address the new attack capabilities AI gives to threat actors. Our awareness programs have to start really focusing on the fact that attackers can now impersonate people, says Pearce. Weve got deep fakes that are actually, really scary and can be done on video calls. We need to make sure that our staff and our organizations are ready for that.Related:Governance and ComplianceEnterprise leaders need strong governance and policies to reduce the risk of potentially costly consequences of AI use: data exposure, shadow AI, model manipulation, AI-fueled attacks, safety lapses, model discrimination.While there are not yet detailed regulations on exactly how you have to prove to auditors your compliance around the security controls you have around data or your AI models, we know that will come, says Saeedi. That will drive spending.Cyber InsuranceGenAI introduces new security capabilities and risks for enterprises, which could mean changes in the cyber insurance space. Could the right defensive tools actually reduce an enterprises risk profile and premiums? Could more sophisticated threats drive up insurance costs?It may be a little early to understand what the actual implications of GenAI are going to be on the insurance risk profile, says Giglio. It may be early, but insurance costs are an important part of the security costs conversation.Building a BudgetThe cost of AI and its security needs is going to be an ongoing conversation for enterprise leaders.Its still so early in the cycle that most security organizations are trying to get their arms around what they need to protect, whats actually different. What do [they] already have in place that can be leveraged? says Saeedi.Who is a part of these evolving conversations? CISOs, naturally, have a leading role in defining the security controls applied to an enterprises AI tools, but given the growing ubiquity of AI a multistakeholder approach is necessary. Other C-suite leaders, the legal team, and the compliance team often have a voice. Saeedi is seeing cross-functional committees forming to assess AI risks, implementation, governance, and budgeting.As these teams within enterprises begin to wrap their heads around various AI security costs, the conversation needs to include AI vendors.The really key part for any security or IT organization, when [were] talking with the vendor is to understand, Were going to use your AI platform but what are you going to do with our data?Is that vendor going to use an enterprises data for model training? How is that enterprises data secured? How does an AI vendor address the potential security risks associated with the implementation of its tool?AI vendors are increasingly prepared to have these security conversations with their customers. Major players like Microsoft and Google theyre starting to lead with those security answers in their pitch as opposed to just the GenAI capabilities because they know its coming, says Giglio.The budgeting conversation for AI features a familiar tug-of-war: innovation versus security. Allocating those dollars isnt easy, and it is early enough in the implementation process that there is plenty of room for mistakes. But there are new frameworks designed to help enterprises understand their risk, like the OWASP Top 10 for Large Language Model Applications and the AI Risk Management Framework from the National Institute of Standards and Technology (NIST). A clearer picture of risk helps enterprise leaders determine where dollars need to go.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

All jobs Demand Generation Manager Posted 2 hours agoUpdated 0 hours ago Toggl Track is an easy to use and flexible time tracking tool that helps 3+ million users see where their work time goes, so they can focus on the projects that really matter. It also works on all your devices, and integrates with over a 100 tools.Lovely to look at and easy-to-use, Toggl Plan gives teams a visual overview of whos doing what, and whats coming up next. That means less stress and better results.Toggl Hire's smart skills tests help you screen and hire the best candidates faster. Stop wasting hundreds of hours scanning resumes, and start screening for skills that really matter. Apply now We are seeking a highly motivated and experienced Demand Generation Manager to join our team. This role is critical in leading our newly created Demand Generation function, and will be responsible for generating Sales opportunities from our Mid-Market and Enterprise audience segments.The salary for this position is 60,000 plus uncapped variable with on-target earnings estimated at 75,000 annually.You can work from anywhere in the world as long as your main location is between UTC-4 and UTC+4.About the TeamWe are a global team of 130+ awesome people working from over 40 countries around the globe. We hire globally, you work locally - in the heart of London, a beach outside of So Paulo, or a quiet village near Florence, the choice is yours. Every few months we travel to meet up somewhere in the world and spend some quality time together. We place a huge amount of trust in our people, and we measure the outcomes rather than the work itself. Our values fuel our results.The RoleWhilst we have been generating Sales opportunities for years thanks to our established brand and strong marketing engine, this role is our first step into dedicate activity focused on Sales-driving opportunity generation. As such, this role will define the strategy and lead execution of always-on demand generation campaigns and lead nurturing programs.This pivotal role will own Sales opportunities generated, initially for Toggls primary product, Toggl Track. And will be responsible for crafting and implementing campaigns whilst working with Partnerships, Sales, RevOps and the broader marketing team.You thrive in a fast-paced environment with a passion for testing, learning, and iterating. You are data-driven with deep expertise in measuring, tracking, and reporting on demand generation programs.Your main responsibilities will include:Develop and implement always-on demand generation: Craft and execute an always-on campaign and targets to our Mid-Market to Enterprise audience segments. Spearhead pipeline growth initiatives.Partnering closely with Sales: Sync inbound and outbound activity to drive targeted pipeline generating work, and quality of opportunities.Develop and implement always-on lead nurturing programs: Create and execute continuous lead nurturing programs to engage prospects throughout their buyer journey and drive them into the sales funnel.Develop measurement models: Work with RevOp and Sales, create and implement measurement models that reflect the contributions of your activity and the different channels and touch points used. Provide insights into revenue drivers to inform strategic decisions.About YouWe are looking for candidates withAt least 3 years of experience in lead and demand generation in a B2B SaaS companyProven experience designing and leading the execution of successful demand generation strategies.Deep expertise in at least 1 tactical vertical of Demand Gen (i.e. virtual events, content production, writing, CRM management, etc.)Mandatory hands-on experience with Hubspot, with experience in other CRMs a plusStrong project management skills, with the ability to manage multiple projects and priorities simultaneouslyExcellent communication and collaboration skills, with the ability to work effectively with cross-functional teamsStrong analytical skills, with the ability to analyze data and use insights to optimize campaignsExperience with lead scoring and qualificationExcellent writing skillsBenefitsFreedom to choose when and how much you work - we only measure results24 days of paid time off a year, plus your local holidaysUnlimited sick leaveIn-person meetups for team-building (expenses covered)4-6 weeks paid sabbatical (depending on the tenure)Laptop budget up to 2,500 and it renews every 3 years2,000 budget to set up your home office, and additional 300 every year after 3 years of tenure3,000 per year for co-working space membership and/or internet service at home4,000 per year contribution to use for training, workshops, and conferences2,400 per year contribution for any equipment or services to improve and/or maintain your physical and mental healthSupport for buying tools you need for doing your best work (even eyeglasses if you need a new pair)Apply NowLet's start your dream job Apply now Toggl View company Jobs posted: 167 Related Jobs See more Sales and Marketing jobs

This is our lateststoryto be turned into a MIT Technology ReviewNarratedpodcast, whichwere publishing each week onSpotifyandApple Podcasts. Just navigate to MIT Technology ReviewNarratedon either platform, and follow us to get all our new content as its released. The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 China may pull the plug on a TikTok deal Holding out is a weapon in its arsenal as Trump ramps up the trade war. (WP$)2 Australia and South Korea are cracking down on DeepSeek Theyre restricting government use of its models due to security concerns. (Nikkei Asia)+How DeepSeek ripped up the AI playbookand why everyones going to follow its lead.(MIT Technology Review)3 A new form of bird flu has been detected in cows in NevadaThis is far from good news, and even worse timing. (NYT$)+Argentina is planning to follow the US in withdrawing from the World Health Organization.(CNN)+ This is what might happen if the US exits the WHO.(MIT Technology Review)4 The US Postal Service has resumed accepting packages from ChinaThe sudden U-turn has added to growing confusion about the impact of the new 10% tariff. (CNBC)5 What happens when DOGE starts tinkering with the nuclear agency? A break things now, fix them later mindset isnt so great when the thing youre breaking is this important. (The Atlantic$)+DOGE employees have been told to stop using Slack in order to avoid being subject to the Freedom of Information Act.(404 Media)6 Mentions of DEI and women leaders are being scrubbed from NASAs sitePersonnel have been told to drop everything and focus on doing this instead. (404 Media)+Its part of a wider data purge across loads of government websites. (The Verge)+Google is ending diversity targets for recruitment, following similar moves by Meta, Amazon and others.(BBC)+Right-wing activists have a new target in their sights: Wikipedia.(Slate$)+Is anyone going to stand up and resist any of this?(New Yorker$)7 Amazon has a plan to reduce AI hallucinationsIts pinning its hopes on a process called automated reasoning, which double checks models answers. (WSJ$)+Why does AI hallucinate?(MIT Technology Review)8 Lab-grown meat for pets is now on saleGreat news for any dog-loving vegans living in the UK. (The Verge)9 Crypto crimes have spawned a new kind of detectiveIts a cat-and-mouse game, and its only just getting started. (The Economist$)10 Meet the poetry fan who taught AI to understand DNAThis is a lovely example of how art and science often intersect. (Quanta$)

Enterprise adoption of generative AI technologies has undergone explosive growth in the last two years and counting. Powerful solutions underpinned by this new generation of large language models (LLMs) have been used to accelerate research, automate content creation, and replace clunky chatbots with AI assistants and more sophisticated AI agents that closely mimic human interaction. In 2023 and the first part of 2024, we saw enterprises experimenting, trying out new use cases to see, What can this new technology do for me? explains Arthy Krishnamurthy, senior director for business transformation at Dataiku. But while many organizations were eager to adopt and exploit these exciting new capabilities, some may have underestimated the need to thoroughly scrutinize AI-related risks and recalibrate existing frameworks and forecasts for digital transformation. DOWNLOAD THE FULL ARTICLE Now, the question is more around how fundamentally can this technology reshape our competitive landscape? says Krishnamurthy. We are no longer just talking about technological implementation but about organizational transformation. Expansion is not a linear progression but a strategic recalibration that demands deep systems thinking. Key to this strategic recalibration will be a refined approach to ROI, delivery, and governance in the context of generative AI-led digital transformation. This really has to start in the C-suite and at the board level, says Kevin Powers, director of Boston College Law Schools Master of Legal Studies program in cybersecurity, risk, and governance. Focus on AI as something that is core to your business. Have a plan of action. Download the full article

Prime minister bemoans pace of progress getting new plants out of the ground compared to overseas countriesThe government has unveiled plans to build more nuclear power plants across England and Wales by cutting red tape to make it easier to build them.Currently, nuclear development is restricted to eight sites as part of a planning statement on nuclear power generation that was made in 2011.Under reforms announced today, the government said a refreshed planning framework will help streamline the process to encourage investment and enable developers to identify the best sites for their projects.The proposals will include mini-nuclear power stations in planning rules for the first time which also see proposals to scrap the set list of eight sites and removing the expiry date on nuclear planning rules in order to prevent projects being timed out.The new nuclear power station at Hinkley will be the UKs first in more than 30 years when it opens early next decadePrime minister Keir Starmer said the reforms to planning rules will clear a path for smaller and easier to build nuclear reactors.> Also read:AtkinsRalis among consultants working on next stage of mini-nuclear reactor competitionUnder the plans, a Nuclear Regulatory Taskforce to spearhead improvements to regulations to help more companies build in the UK will be set up and report directly to the Starmer. The government said it will appoint an independent head to lead the taskforce shortly.Starmer said: This country hasnt built a nuclear power station in decades. Weve been let down and left behind.Im putting an end to it changing the rules to back the builders of this nation and saying no to the blockers who have strangled our chances of cheaper energy, growth and jobs for far too long.The last nuclear power station, Sizewell B, was built by Laing 30 years ago and Laing ORourke is currently one of the firms building the first nuclear site since at Hinkley Point C.ORourke chief executive Cathal ORourke said: This announcement is a significant step forward for the UKs nuclear industry. The clarity provided by these new planning rules, the focus on streamlining the regulatory process and the emphasis on standardising reactor designs is precisely the sort of clear, unequivocal direction the industry needs.Starmer said the Hinkley job only began after years of delay caused by unnecessary rules, pointing out that an environmental assessment required to get planning ran to 30,000 pages.He compared the UKs progress unfavourably to overseas rivals with China constructing 29 reactors, while the EU has 12 at planning stage.Source: Flickr/Number 10The prime minister has been talking up his governments plan to business to get the country building with more homes and new infrastructureBut Starmer said reactors would be not be built anywhere, saying there would be restrictions near densely populated areas and military activity.Explaining the role of the task force, energy secretary Ed Miliband said: Britain is currently considered one of the worlds most expensive countries in which to build nuclear power. The taskforce will speed up the approval of new reactor designs and streamline how developers engage with regulators.The taskforce will better align the UK with international partners so reactor designs approved abroad could be green lit more quickly, minimising expensive changes.It will also examine how to reduce duplication and simplify processes where there are multiple regulators covering overlapping issues, as well as ensuring regulatory decisions are both safe and proportionate.The new government has announced a slew of planning reforms in its first seven months of power including changes to planning rules and limiting the number of judicial reviews for infrastructure schemes.The government said the eight sites earmarked in 2011 for nuclear power stations remain attractive for future nuclear projects.The sites include Bradwell in Essex, Oldbury in Gloucestershire and Wylfa in Anglesey.