Apple has announced plans to invest more than $500 billion in the US over the next four years, including hiring 20,000 new employees and launching a new server factory in Texas. The announcement was teased after a meeting last week between CEO Tim Cook and President Donald Trump, and comes as the company tries to mitigate the business impact of Trumps trade tariffs, with a 10 percent tariff already in effect on goods imported from China, and a 25 percent tariff threatened for chips.The announcement echoes one Apple made in early 2018, during the first Trump administration. At that point Apple also promised 20,000 new jobs as part of a $350 billion spend in the US, alongside a new campus in Austin which is still under construction. The company successfully appealed for tariff exemptions for some of its products, and a new US investment may be a way to secure further protection from Trumps new charges. Apple has not confirmed how many of the new investments were already planned before Trump took office.The company announced a few concrete elements of the increased US spend. The most significant is a new factory in Houston, set to open next year, which will produce servers to power Apple Intelligence, the companys suite of AI features. Apple says that this factory alone will create thousands of jobs.In addition, Apple is doubling its $5 billion US Advanced Manufacturing Fund to $10 billion. Launched in 2017, the fund is intended to support world-class innovation and high-skilled manufacturing jobs across America. In this case, it means Apple making a multibillion-dollar order for chips from a TSMC factory in Arizona.More generally, Apple says that over the term of the Trump administration it will hire 20,000 new employees, with the majority focused on R&D, silicon engineering, software development, and AI and machine learning. It will also open an Apple Manufacturing Academy in Detroit in which Apple engineers and other experts will offer consultations to local businesses on implementing AI and smart manufacturing techniques, along with free classes for workers.We are bullish on the future of American innovation, and were proud to build on our long-standing U.S. investments with this $500 billion commitment to our countrys future, said Cook in a statement. From doubling our Advanced Manufacturing Fund, to building advanced technology in Texas, were thrilled to expand our support for American manufacturing. And well keep working with people and companies across this country to help write an extraordinary new chapter in the history of American innovation.Apples most recent announcement on US investment was a 2021 promise to spend $430 billion over the following five years, including a 3,000-employee campus in North Carolina, though development on that project has since paused.See More:

Assassins Creed Shadows has leaked online, with people streaming the game a month before its official release date.As spotted by the GamingLeaksandRumours subreddit, now-removed social posts revealed images and gameplay from someone who claimed to have bought the game from an online marketplace. Assassins Creed Shadows also appeared in now-deleted listings on a U.S. auction site, with one user selling listing multiple copies of the game sold for $100 each, according to TheGamer.Now, multiple Twitch streams showing Assassins Creed Shadows have appeared, although they are being removed according to VGC. Assassins Creed Shadows launches officially on March 20, 2025. IGN has asked Ubisoft for comment.Its an unfortunate situation for Ubisoft, which has faced a series of difficulties with Assassins Creed Shadows since it was announced. Earlier this month, Ubisoft insisted that Assassin's Creed Shadows had a strong number of preorders despite its troubled development and promotional period.The struggling publisher said in its latest financial report that "preorders for the game are tracking solidly, in line with those of Assassin's Creed Odyssey, the second most successful entry of the franchise."Ubisoft CEO Yves Guillemot maintained this confidence. "Early previews have been positive, praising its narrative and immersive experience, with both characters playing critical roles in the games storyline, as well as the quality and complementarity of the gameplay provided by the dual protagonist approach, he said."I want to commend the incredible talent and dedication of the entire Assassins Creeds team, who is working tirelessly to ensure that Shadows delivers on the promise of what is the franchises most ambitious entry yet."Assassin's Creed Shadows was originally planned for November before Ubisoft bumped it back to February 14. Another delay saw it pushed again to the current release date of March 20.A lot rests on the shoulders of Assassin's Creed Shadows as not only the long-awaited Japan-set entry and the first full Assassin's Creed since 2020, but a struggling Ubisoft needs it to perform well following recent flops and investor frustration.It's not enjoyed a particularly positive promotional period so far, however, with the development team having to apologize on separate occasions for inaccuracies in Assassin's Creed Shadows' depictions of Japan and using a historical recreation group's flag without permission.Yet another controversy came as collectible figure maker PureArts removed an Assassin's Creed Shadows statue from sale over its "insensitive" design.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Marvel has plans to see Moon Knight return to the MCU in some form, but it sounds like a Season 2 wont happen.Speaking to ComicBook, Marvel Television head Brad Winderbaum said fans can expect more from Oscar Isaacs MCU character, but not as part of a second season of the Disney+ show.Thats because Marvel Television, the division responsible for Marvels TV shows, has changed direction since Moon Knight came out in 2022. Previously, Marvel planned to establish characters with their own TV shows before tie-ins with future projects. For example, Ms. Marvel introduced Kamala Khan into the MCU via the Disney+ show before she starred in The Marvels.Now, Marvel Television is taking a more traditional TV approach, with shows that have annual releases.So I think Marvel Television has happened in waves, and I think Moon Knight happened in a wave of shows that were going to establish characters that would tie-in to the future, Winderbaum explained.And moving forward our priorities have shifted. Were making shows as shows that can exist as annual releases, more like television. I would love to see a Moon Knight Season 2, but there are plans for Moon Knight down the road.Every Marvel TV Show in the Disney+ Era RankedWhile Isaac voiced Moon Knight during the third and final season of Disney+ animated show Marvels What If?, theres no news yet on his return in live action form.MCUs confirmed upcoming TV show slate includes Daredevil: Born Again, out in March, Ironheart, out in June, Eyes of Wakanda, out in August, Marvel Zombies, out in October, and Wonder Man in December.Last week, Marvel Television reportedly paused work on three shows: Nova, Strange Academy and Terror, Inc., but Winderbaum revealed the company is exploring the opportunity of reuniting the street level heroes of Daredevil, Luke Cage, Jessica Jones, and Iron Fist, better known as The Defenders.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

A technicality had previously given the impression that Apple approved of a porn app being made available to iPhone users in the EU via a third-party app store.That lead to some misleading headlines, but Apple has now solved the problem by changing three words in the email sent to developers The porn app controversyThe EUs Digital Markets Act (DMA) last year required Apple to allow third-party app stores on the iPhone, and the companybegrudgingly complied though did its best to deter iPhone owners from using them, and made the installation process as clunky as possible.One of Apples stated objections was that it would no longer be able to keep certain types of apps off the platform, with pornography one of the categories the company has always rejected.Apple retained the right to vet apps for safety before they were cleared to be made available in third-party stores, and it did this with the porn-browsing app Hot Tub. AltStore subsequently said that Apple approved the app for inclusion.This was technically true, because once Apple has found that an apps code is compliant with security and privacy requirements, the developer was sent an email saying so. The wording of that email said that it was approved for release.The following app has been approved for distributionApple was quick to note that this did not mean that it approved of the app.Contrary to the false statements made by the marketplace developer, we certainly do not approve of this app and would never offer it in our App Store. The truth is that we are required by the European Commission to allow it to be distributed by marketplace operators like AltStore and Epic who may not share our concerns for user safety.Apple has now changed three wordsAltStores Riley Testut has now shared a change of wording by Apple.Before: The following app has been approved for distributionNow: The following app is now ready for distributionLooks like Apple changed the wording of Notarization emails to no longer say approved, wonder what caused that!As John Gruber notes, this is a clever way to handle it, the meaning clear to developers while in no way conveying approval.Photo byScott GrahamonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple has today announced that it is committed to invest more than $500 billion in the United States over the next four years, including 20,000 U.S. jobs and a new factory in Houston, Texas.The $500 billion headline figure is not all new, with much of what is promised in the announcement having been pledged before. The news is clearly aimed at satiating the Trump administration, with Apple perhaps hoping it will be enough to get tariff exemptions on its products.Apple described the sum as its largest-ever spending commitment. The announcements follows comments from President Trump over the weekend, who said he had met with Apple CEO Tim Cook and hes investing hundreds of billions of dollars. A new facility in Houston, Texas will manufacture servers that will help power Apple Intelligence. The servers will form part of the Private Cloud Compute infrastructure. The new factory will open in 2026, with a footprint of more than 250,000 square feet. Apple says these servers were previously assembled outside of the United States. It will also continue to expand data center capacity in North Carolina, Iowa, Oregon, Arizona, and Nevada.Apple is also doubling the U.S. Advanced Manufacturing Fund, which it says supports world-class innovation and high-skilled manufacturing jobs across America. The fund will increase from $5 billion to $10 billion. The fund incorporates Apple investments such as supporting the new TSMC fab in Arizona, which will manufacture some Apple silicon chips.Apple will also hire more than 20,000 people over the next four years, an increase of several thousand from its previously-pledged figure. The jobs will revolve around R&D, silicon, software development and artificial intelligence.Apple is also opening a new Apple Manufacturing Academy in Detroit. Experts from Apple and top universities will work with small and medium-sized businesses on how to implement AI and smart manufacturing methods in their supply chains. The academy will also free in-person and online courses. Tariffs threaten to increase the price of Apple products, ultimately hurting sales through lower demand. During the last Trump administration in 2016, Apple managed to mostly escape the impact of tariffs by getting exemptions on most of its products, especially the iPhone. It is clearly hoping to garner favor and get Trump to agree to similar exemptions this time around. Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection.Let these stories spark your interest and help you understand the changing threats in our digital world. Threat of the WeekLazarus Group Linked to Record-Setting $1.5 Billion Crypto Theft The North Korean Lazarus Group has been linked to a "sophisticated" attack that led to the theft of over $1.5 billion worth of cryptocurrency from one of Bybit's cold wallets, making it the largest ever single crypto heist in history. Bybit said it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 p.m. UTC. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).Download Report Top NewsOpenAI Bans ChatGPT Accounts for Malicious Activities OpenAI has revealed that it banned several clusters of accounts that used its ChatGPT tool for a wide range of malicious purposes. This included a network likely originating from China that used its artificial intelligence (AI) models to develop a suspected surveillance tool that's designed to ingest and analyze posts and comments from platforms such as X, Facebook, YouTube, Instagram, Telegram, and Reddit. Other instances of ChatGPT abuse consisted of creating social media content and long-form articles critical of the U.S., generating comments for propagating romance-baiting scams on social media, and assisting with malware development.Apple Drops iCloud's Advanced Data Protection in the U.K. Apple has stopped offering its Advanced Data Protection (ADP) feature for iCloud in the United Kingdom with immediate effect, rather than complying with government demands for backdoor access to encrypted user data. "We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," the company said. The development comes shortly after reports emerged that the U.K. government had ordered Apple to build a backdoor that grants blanket access to any Apple user's iCloud content.Salt Typhoon Leverages Years-Old Cisco Flaw for Initial Access The China-linked hacking group called Salt Typhoon leveraged a now-patched security flaw impacting Cisco devices (CVE-2018-0171) and obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. Besides relying extensively on living-off-the-land (LOTL) techniques to evade detection, the attacks have led to the deployment of a bespoke utility called JumbledPath that allows them to execute a packet capture on a remote Cisco device through an actor-defined jump-host. Cisco described the threat actor as highly sophisticated and well-funded, consistent with state-sponsored hacking activity.Russian Hackers Exploit Signal's Linking Feature Multiple Russia-aligned threat actors have been observed targeting individuals of interest via malicious QR codes that exploit the privacy-focused messaging app Signal's "linked devices" feature to gain unauthorized access to their accounts and eavesdrop on the messages. The attacks have been attributed to two clusters tracked as UNC5792 and UNC4221. The development comes as similar attacks have also been recorded against WhatsApp.Winnti Stages RevivalStone Campaign Targeting Japan Winnti, a subgroup with the APT41 Chinese threat activity cluster, targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 that delivered a wide range of malware, including a rootkit that's capable of intercepting TCP/IP Network Interface, as well as creating covert channels with infected endpoints within the intranet. The activity has been codenamed RevivalStone. Trending CVEsYour go-to software could be hiding dangerous security flawsdon't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.This week's list includes CVE-2025-24989 (Microsoft Power Pages), CVE-2025-23209 (Craft CMS), CVE-2024-12284 (Citrix NetScaler Console and NetScaler Agent), CVE-2025-26465, CVE-2025-26466 (OpenSSH), CVE-2025-21589 (Juniper Networks Session Smart Router), CVE-2024-12510, CVE-2024-12511 (Xerox VersaLink C7025 Multifunction printer), CVE-2025-0366 (Jupiter X Core plugin), CVE-2024-50379, CVE-2024-56337, CVE-2024-52316, CVE-2024-50379, CVE-2024-56337 (Atlassian), CVE-2024-53900, CVE-2025-23061 (Mongoose library), CVE-2025-26776 (NotFound Chaty Pro plugin), CVE-2025-26763 (MetaSlider Responsive Slider by MetaSlider plugin), CVE-2024-54756 (ZDoom Team GZDoom), CVE-2024-57401 (Uniclare Student Portal), CVE-2025-20059 (Ping Identity PingAM Java Policy Agent), CVE-2025-0868 (DocsGPT), CVE-2025-1023, CVE-2025-1132, CVE-2025-1133, CVE-2025-1134, CVE-2025-1135 (ChurchCRM), CVE-2024-57045 (D-Link DIR-859 router), CVE-2024-57050 (TP-Link WR840N v6 router), CVE-2024-57049 (TP-Link Archer c20 router), CVE 2025-26794 (Exim), CVE-2024-50608, CVE-2024-50609 (Fluent Bit), CVE-2024-54961 (Nagios XI), CVE-2025-23115, and CVE-2025-23116 (Ubiquiti UniFi Protect Camera). Around the Cyber WorldU.S. Army Soldier Pleads Guilty to AT&T and Verizon Hacks Cameron John Wagenius (aka Kiberphant0m), a 20-year-old U.S. Army soldier, who was arrested early last month over AT&T and Verizon hacking, has pleaded guilty to two counts of unlawful transfer of confidential phone records information in 2024. He faces up to 10 years of prison for each count. Wagenius is also believed to have collaborated with Connor Riley Moucka (aka Judische) and John Binns, both of whom have been accused of stealing data from and extorting dozens of companies by breaking into their Snowflake instances.Two Estonian Nationals Plead Guilty in $577M Cryptocurrency Fraud Scheme Two Estonian nationals, Sergei Potapenko and Ivan Turgin, both 40, have pleaded guilty for the operation of a massive, multi-faceted cryptocurrency Ponzi scheme that claimed hundreds of thousands of people from across the world, including in the U.S. They have also agreed to forfeit assets valued over $400 million obtained during the operation of the illicit scheme. The defendants "sold contracts to customers entitling them to a share of cryptocurrency mined by the defendants' purported cryptocurrency mining service, HashFlare," the Justice Department said. "Between 2015 and 2019, Hashflare's sales totaled more than $577 million, but HashFlare did not possess the requisite computing capacity to perform the vast majority of the mining the defendants told HashFlare customers it performed." Potapenko and Turgin each pleaded guilty to one count of conspiracy to commit wire fraud. If convicted, they each face a maximum penalty of 20 years in prison. The disclosure comes as Indian law enforcement authorities seized nearly $190 million in cryptocurrency tied to the BitConnect scam. BitConnect is estimated to have defrauded over 4,000 investors across 95 countries, amassing $2.4 billion before its collapse in 2018. Its founder Satish Kumbhani was charged by the U.S. in 2022, but he remained a fugitive until his whereabouts were traced to Ahmedabad.Thailand Rescues 7,000 People from Myanmar Call Centers Thailand Prime Minister Paetongtarn Shinawatra said some 7,000 people have been rescued from illegal call center operations in Myanmar, and are waiting to be transferred to the country. In recent years, Myanmar, Cambodia, and Laos have become hotspots for illicit romance baiting scams, with most of them run by organized cybercrime syndicates and staffed by people who were illegally trafficked into the region under the promise of high-paying jobs. They are then tortured and enslaved into running scams such as romance fraud and fake investment schemes online. "We are facing an epidemic in the growth of financial fraud, leading to individuals, often vulnerable people, and companies being defrauded on a massive and global scale," INTERPOL noted last year. The United Nations estimated that scams targeting victims across East and Southeast Asia caused financial losses between $18 billion and $37 billion in 2023.Sanctioned Entities Fueled $16 billion in Crypto Activity Sanctioned entities and jurisdictions were responsible for nearly $115.8 billion in cryptocurrency activity last year, accounting for about 39% of all illicit crypto transactions. "In a departure from prior years, sanctioned jurisdictions accounted for a record share of total sanctions-related activity compared to individual entities, commanding nearly 60% of value by the end of 2024," Chainalysis said. This is driven by the continued emergence of no-KYC exchanges despite enforcement actions, as well as the resurgence of Tornado Cash, which has been the target of sanctions and arrests. "The increase in Tornado Cash usage in 2024 was largely driven by stolen funds, which reached a three-year high, accounting for 24.4% of total inflows," the blockchain intelligence firm said. Another notable factor is the increasing use of digital currencies by Iranian services for sanctions-related crypto activity. Cryptocurrency outflows from Iran reached $4.18 billion in 2024, up about 70% year-over-year.U.S. Releases Russian Cybercriminal in Prison Swap Alexander Vinnik, who pleaded guilty last year to money laundering charges in connection with operating the now-dismantled BTC-e cryptocurrency exchange, has been handed over by the U.S. government to Russia in exchange for Marc Fogel, a school teacher sentenced to 14 years in prison for drug trafficking charges. He was originally arrested in Greece in 2017. His sentencing was scheduled to take place in June 2025.Black Hat SEO Campaign Targets Indian Sites Threat actors have infiltrated Indian government, educational, and financial services websites, using malicious JavaScript code that leverage search engine optimization (SEO) poisoning techniques to redirect users to sketchy websites promoting online betting and other investment-focused games that claim to offer referral bonus. "Targets of interest include websites with .gov.in , .ac.in TLDs and the usage of keyword stuffing mentioning well known financial brands in India," CloudSEK said. "Over 150 government portals, most belonging to state governments, have been affected at scale." It's currently not known how these websites are being compromised. A similar campaign targeting Malaysian government websites has also been reported in the past.Sky ECC Distributors Arrested in Spain, Netherlands Four distributors of the encrypted communications service Sky ECC, which was used extensively by criminals, have been arrested in Spain and the Netherlands. The two suspects arrested in Spain are said to be the leading global distributors of the service, generating over 13.5 million ($14 million) in profits. In March 2021, Europol announced that it was able to crack open Sky ECC's encryption, thereby allowing law enforcement to monitor the communications of 70,000 users and expose the criminal activity occurring on the platform.In late January, the Dutch Police announced the arrest of two men from Amsterdam and Arnhem for allegedly selling Sky ECC phones in the country. Italian Spyware Maker Linked to Malicious WhatsApp Clones An Italian spyware company named SIO, which offers solutions for monitoring suspect activities, gathering intelligence, or conducting covert operations, has been attributed as behind malicious Android apps that impersonate WhatsApp and other popular apps and are designed to steal private data from a target's device. The findings, reported by TechCrunch, demonstrate the various methods used to deploy such invasive software against individuals of interest. The spyware, codenamed Spyrtacus, can steal text messages, instant messaging chats, contacts, call logs, ambient audio, and images, among others. It's currently not known who was targeted with the spyware. The oldest artifact, per Lookout, dates back to 2019 and the most recent sample was discovered in mid-October 2024. Interestingly, Kaspersky revealed in May 2024 that it observed Spyrtacus being used to target individuals in Italy, stating it shared similarities with another stalkerware malware named HelloSpy. "The threat actor first started distributing the malicious APK via Google Play in 2018, but switched to malicious web pages forged to imitate legitimate resources relating to the most common Italian internet service providers in 2019," the company said. The development comes as iVerify said it discovered 11 new cases of Pegasus spyware infection in December 2024 that go beyond politicians and activists. "The new confirmed detections, involving known variants of Pegasus from 2021-2023, include attacks against users across government, finance, logistics, and real estate industries," iVerify said, adding in about half the cases, the victims did not receive any Threat Notifications from Apple.CryptoBytes Unleashes UxCryptor Malware The financially motivated Russian threat actor known as CryptoBytes has been linked to a new ransomware called UxCryptor that uses leaked builders to create and distribute their malware. The group is active since at least 2023. "UxCryptor is part of a broader trend of ransomware families that use leaked builders, making it accessible to less technically skilled malware operators," the SonicWall Capture Labs threat research team said. "It is often delivered alongside other malware types, such as Remote Access Trojans (RATs) or information stealers, to maximize the impact of an attack. The malware is designed to encrypt files on the victim's system, demanding payment in cryptocurrency for decryption."Threat Actors Take a Mere 48 Minutes to Go From Initial Access to Lateral Movement Cybersecurity company ReliaQuest, which recently responded to a manufacturing sector breach involving phishing and data exfiltration, said the attack achieved a breakout time of just 48 minutes, indicating that adversaries are moving faster than defenders can respond. The attack involved the use of email bombing techniques reminiscent of Black Basta ransomware, followed by sending a Microsoft Teams message to trick victims into granting them remote access via Quick Assist. "One user granted the threat actor control of their machine for over 10 minutes, giving the threat actor ample time to progress their attack," ReliaQuest said.Russia Plans New Measures to Tackle Cybercrime The Russian government is said to have approved a series of measures aimed at combating cyber fraud. This includes tougher punishments for attackers, longer prison terms, and strengthening international cooperation by allowing the extradition of criminals hiding abroad to Russia for trial and punishment. Expert WebinarWebinar 1: Build Resilient Identity: Learn to Reduce Security Debt Before It Costs You Join our exclusive webinar with Karl Henrik Smith and Adam Boucher as they reveal the Secure Identity Assessmenta clear roadmap to close identity gaps, cut security debt, and future-proof your defenses in 2025. Learn practical steps to streamline workflows, mitigate risks, and optimize resource allocation, ensuring your organization stays one step ahead of cyber threats. Secure your spot now and transform your identity security strategy.Webinar 2: Transform Your Code Security with One Smart Engine Join our exclusive webinar with Palo Alto Networks' Amir Kaushansky to explore ASPMthe unified, smarter approach to application security. Learn how merging code insights with runtime data bridges gaps in traditional AppSec, prioritizes risks, and shifts your strategy from reactive patching to proactive prevention. Reserve your seat today.P.S. Know someone who could use these? Share it. Cybersecurity ToolsGhidra 11.3 It makes your cybersecurity work easier and faster. With built-in Python3 support and new tools to connect source code to binaries, it helps you find problems in software quickly. Built by experts at the NSA, this update works on Windows, macOS, and Linux, giving you a smart and simple way to tackle even the toughest challenges in reverse engineering.RansomWhen It is an easy-to-use open-source tool designed to help you protect your data in the cloud. It works by scanning your CloudTrail logs to spot unusual activity that might signal a ransomware attack using AWS KMS. By identifying which identities have risky permissions, RansomWhen alerts you before an attacker can lock your S3 buckets and hold your data for ransom. This tool gives you a simple, proactive way to defend against sophisticated cyber threats. Tip of the WeekEasy Steps to Supercharge Your Password Manager In today's digital world, using an advanced password manager isn't just about storing passwordsit's about creating a secure digital fortress. First, enable two-factor authentication (2FA) for your password manager to ensure that even if someone gets hold of your master password, they'll need an extra code to gain access. Use the built-in password generator to create long, unique passwords for every account, mixing letters, numbers, and symbols to make them nearly impossible to guess. Regularly run security audits within your manager to spot weak or repeated passwords, and take advantage of breach monitoring features that alert you if any of your credentials show up in data breaches. When you need to share a password, use the manager's secure sharing option to keep the data encrypted. Finally, ensure your password database is backed up in an encrypted format so you can safely restore your data if needed. These simple yet advanced steps turn your password manager into a powerful tool for keeping your online life secure.ConclusionWe've seen a lot of action in the cyber world this week, with criminals facing charges and new scams coming to light. These stories remind us that keeping informed is key to online safety. Thanks for joining us, and we look forward to keeping you updated next week.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Feb 24, 2025Ravie LakshmananCloud Security / EncryptionGoogle Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers.The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, the final versions of which were formalized in August 2024."Our Cloud KMS PQC roadmap includes support for the NIST post-quantum cryptography standards (FIPS 203, FIPS 204, FIPS 205, and future standards), in both software (Cloud KMS) and hardware (Cloud HSM)," the company's cloud division noted."This can help customers perform quantum-safe key import and key exchange, encryption and decryption operations, and digital signature creation."The tech giant said its underlying software implementations of these standards FIPS 203 (aka ML-KEM), FIPS 204 (aka CRYSTALS-Dilithium or ML-DSA), and FIPS 205 (aka Sphincs+ or SLH-DSA) would be available as open-source software.Furthermore, it's working with Hardware Security Module (HSM) vendors and Google Cloud External Key Manager (EKM) partners to enable quantum-safe cryptography across the platform.By adopting PQC early on, the idea is to secure systems against a threat called Harvest Now, Decrypt Later (HNDL) that involves threat actors harvesting encrypted sensitive data today with the goal of decrypting them at some point in the future when a quantum computer powerful enough to break existing key exchange protocols and algorithms become a reality."While that future may be years away, those deploying long-lived roots-of-trust or signing firmware for devices managing critical infrastructure should consider mitigation options against this threat vector now," Google Cloud's Jennifer Fernick and Andrew Foster said."The sooner we're able to secure these signatures, the more resilient the digital world's foundation of trust becomes."Quantum-safe digital signatures in Cloud KMS is available in preview for both ML-DSA-65 (FIPS 204) and SLH-DSA-SHA2-128S (FIPS 205), with API support for hybridization schemes planned for future rollout if the cryptographic community arrives at a broader consensus.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Lisa Morgan, Freelance WriterFebruary 24, 20256 Min ReadAleksia via Alamy StockSome companies are born cloud-first. Others are trying to become it. The latter takes adjustment and a smart strategy. A cloud-first approach is becoming more popular in an increasingly digital world where more data, analytics, and AI are becoming commonplace.A good cloud-first strategy should be deliberate. It should be clear that the cloud is the goal and the reason for the decision should be easy for its makers to defend. It should involve some process and culture change on the part of the impacted business units. Nobody should migrate to the cloud and expect things to operate the same as they always have, says Jeremy Roberts, senior research director at Info-Tech Research Group. If we wanted more of the same, why would we move to the cloud? This is a question every CIO should ask.The transition also must be iterative because what works in phase one wont work in phase two and beyond. Organizations should anticipate this. In addition, the transition from plan, to build, to run, to operate must be accounted for when resourcing the cloud transition.Cloud first means assuming that technology services will be delivered via cloud by default. The question isnt, Why the cloud? but Why not the cloud? says Roberts. For established organizations, this usually means transitioning services to the cloud as they reach the end of life, but for new organizations this can mean growing up in the cloud and eschewing traditional infrastructure wholesale.Related:Becoming cloud-first also means designing systems, applications, and processes to be inherently cloud native, with an emphasis on scalability, resilience and adaptability. According to Jeremy Ung, CTO at CFO software company BlackLine, it involves rethinking traditional engineering and IT silos, embracing a DevOps culture and harnessing cloud technologies such as elasticity, artificial intelligence, machine learning, and real-time data analytics at large scale to drive meaningful business outcomes.A successful cloud-first strategy requires a clear and actionable roadmap, prioritized workloads and a strong focus on security and compliance to protect organizational assets, says Ung. It is crucial to understand key metrics or KPIs that determine strategies, success and iterative milestones. Continuous learning, feedback loops, and customer-driven innovation are equally important to ensure sustained success and adaptability in an ever-evolving technological landscape.Herb Hogue, chief technology, solutions, and innovation officer at global systems integrator Myriad360, says becoming cloud first involves a deliberate shift in strategy to prioritize cloud technologies over traditional on-premises infrastructure.Related:This transition requires a comprehensive reassessment of existing systems and identifying areas where cloud solutions can provide superior agility, scalability, and cost efficiency. It includes planning for a phased migration of workloads, data, and applications to the cloud while establishing processes for optimization and performance monitoring, says Hogue. Additionally, adopting a cloud-first strategy entails fostering a cultural shift within the organization, where teams embrace collaboration, innovation and the flexibility of cloud-native operations.Challenges With Becoming Cloud-FirstIt can be difficult to change old ways when moving to cloud and becoming cloud-first, however. For example, organizations often face resistance to change and skill gaps as they adapt to a cloud-first model, particularly among teams unfamiliar with cloud technologies. According to Blacklines Ung, managing cloud costs effectively and not replicating anti-patterns or bad practices in the cloud and ensuring robust security during data migration are significant challenges that must be addressed to avoid disruptions. At the same time, its not just about technology.Related:A common mistake is treating the transition to cloud first as purely a technical shift, without addressing the cultural changes and upskilling required to make it successful, says Ung. Another frequent error is failing to engage key stakeholders early in the process, which can lead to misaligned goals, poor communication and delays in execution. The cloud-first train cant come back around to pick people up along the way, [so] everyone should be on board at the start.InfoTechs Roberts says the cloud can be expensive, complicated, difficult to recruit for and it can introduce compliance challenges. Therefore, it can ultimately fail to provide a net benefit.Common mistakes include letting vendors dictate the cloud transition timeline and end state, assuming the cloud is good merely because it is the cloud and offering optimistic timelines or value projections to the business and not effectively managing expectations around them, says Roberts.To avoid that fate, its important to have an articulable end state. In other words, its important to express what good looks like in defensible terms.Dont be afraid to take a big swing but be clear on what youre hoping to achieve and have an exit strategy. Its easier said than done, but effective cloud strategists steer the ship, says Roberts. They dont let others like vendors, or consultants, or internal stakeholders with limited portfolios make sweeping decisions. They take different perspectives into account but bring a holism that nobody else can. If done right, executing a cloud strategy can make a career. If done poorly, it can definitely be a setback."Myiad360s Hogue warns that legacy systems, which may carry technical debt, usually lack compatibility with cloud platforms, requiring extensive updates or replacements. Additionally, skill gaps within IT and other teams can impede the effective management of cloud solutions.Cost management is another challenge, as organizations may face uncontrolled expenses without proper planning and monitoring. And, ensuring compliance with regulatory standards and maintaining robust data security during and after migration can be complex and resource intensive.A common mistake is over-engineering their cloud solutions, customizing platforms excessively, and creating unnecessary complexity and cost, says Hogue. Rushed migrations without adequate planning can lead to data loss, operational disruptions or inefficiencies. Neglecting to establish governance frameworks for resource allocation, security protocols and access management can result in vulnerabilities and diminishing returns on investment. Additionally, attempting to make one tool handle all business processes instead of leveraging specialized SaaS platforms often results in suboptimal performance and higher expenses.How To Increase Chances for SuccessTo succeed with a cloud-first strategy, organizations should adopt a flexible approach that evolves with rapidly changing cloud technologies.Establishing a strong security framework with features like encryption, access controls and continuous monitoring is critical to safeguarding data and systems. Its also vital to monitor return on investment by using cost-management dashboards to ensure expenditures align with value creation, saysHogue. Collaborating with experienced cloud providers can provide access to best practices and scalable solutions. Lastly, incorporating robust training and support ensures that employees and systems remain effective in leveraging cloud capabilities.Its also important to realize that no one person or department can ensure a successful implementation. A successful cloud-first strategy requires involvement from various organizational stakeholders. IT teams are crucial for handling technical execution, system integration and ensuring robust security frameworks, says Hogue. Finance teams must assess cost models to ensure the transition aligns with budgetary constraints and financial objectives. Input from business units is essential to tailor cloud solutions to operational needs, ensuring the tools and processes chosen enhance productivity and functionality. Adequate resource allocation for ongoing management and support is also critical, with teams trained to address the complexities of cloud environments.CIOs or CTOs must take a step back, analyze and prioritize cross-functional collaboration, particularly with engineering and product teams, to create a unified vision and drive the initiative forward rather than creating an unnecessary obstacle.My best advice is to trust your people and give them ownership of the process. When individuals feel empowered, they take accountability, which fuels results and most importantly innovation, says Hogue. By allowing your teams the freedom to make decisions, youll cultivate a high-performing culture and deliver meaningful outcomes that align with business goals.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Tiago Miyaoka, Head of AI and Data Practice, AndelaFebruary 24, 20254 Min ReadAndrii Yalanskyi via Alamy StockA wave of IT job losses doesnt make bleak reading for 2025 -- quite the contrary, as the reality of AI kicks in and accelerates demand for IT pros.In 2024, the number of unemployed IT workers reached its highest point since the dot-com collapse of the early 2000s.Layoffs coincided with peak pessimism that generative AI would take developers jobs as enthusiasm for LLMs surged and the C-suite bought into automation.But dont misread the signs: Many tech layoffs hit business staff rather than frontline tech staff at companies repositioned for AI, cloud, and cybersecurity.While 2025 promises uncertainty, and businesses should expect the unexpected, two things will remain constant: demand for digital and the tech skills shortage.As a result, professionals with the right skills will command large and growing salaries. The only question is, which skills?Foundational ApproachRecruitment specialist Harvey Nash capped a gloomy 2024 with some chilling data, which expects the increase in recruitment will be at its lowest level since 2011. But theres a silver lining to these findings: recruitment is still happening. Analyst firm IDC predicts hiring will vary by sector, and recruitment in the UK will bounce back, with nearly half of IT and tech hiring managers planning to increase headcounts.Related:Digitalization is real, and CIOs and CTOs need skills and experience in AI, cloud and cybersecurity to deliver.After experimenting with AI, the focus for 2025 will be delivery: large-scale, day-to-day production to win and retain customers. And IT pros can expect to experience sharp growing pains as AI has proved difficult to deliver outside pilots or limited deployments. For all the recent AI successes, just as many systems failed to deliver as expected, produced inaccurate and unreliable returns, or introduced risk.This opens up opportunities for those with the skills and experience to design, build, and train models and for those capable of taking systems from pilot to production.But AI has broad applications, so what skills should IT pros be homing in on? According to one industry-backed report, foundational skills in AI literacy, especially in data analysis and prompt engineering, will be key.The hiring data and trends from Andelas talent marketplace align with this report, saying generalists are in huge demand. As such, it is important to build a solid grounding before plunging into the AI jobs market. A good example is Python.Getting ahead in a foundational technology such as Python means technologists can apply the mechanics of the possible to solve problems at a practical level. Python pre-dates AI so it has something akin to universal applicability in the world of programming. But AI and data mining have taken it to a whole new level, with libraries, like PyTorch, TensorFlow and Langchain, building the foundation in AI. Its ease of use and the growing set of libraries have seen the language rated most popular during the past year.Related:Six of the BestBut tech skill demand isnt limited to AI. Hidden in Andelas marketplace data were revealing insights on roles being sought by hiring managers -- and the salaries on offer. Our survey of more than 150,000 individuals identified the six highest-paid technology posts:Technical architectPrincipal software engineerAzure DevOps leadSenior DevOps engineerLead software engineerSenior back-end engineer (Java)We have seen clients pay $144,000 for a technical architect, making this the highest-paid position going into 2025. Interest in digital will mean salaries for those with foundational skills will remain steady or even increase.Behind these skills, however, lies a set of deeper capabilities sought by teams hiring global talent.Related:Take a principal software engineer. Recruiters are looking for experience with Java, Ruby on Rails, Python or Golang, knowledge of the three main cloud providers platforms, a firm grasp of containerization, and expertise in microservices and CI/CD.Senior back-end engineers should have these skills plus expertise in design patterns, data structures and algorithms, and unit testing.And technical architect -- one of the best-paid jobs this year? Familiarity of cloud computing technologies and providers platforms, an understanding of how CRM systems operate in the cloud, and a solid understanding of cybersecurity principles are prerequisites.AI and business uncertainty are influencing hiring -- just not for the worst.For anyone changing jobs in 2025, the advice is simple: Stay up to speed on new technologies while remaining well-grounded on foundational skills so employers can build the talent needed to get ahead on digital -- and you can land the salary you want.About the AuthorTiago MiyaokaHead of AI and Data Practice, AndelaTiago Miyaokais the head of AI and data practice at Andela, with more than five years of experience in data, cloud, machine learning, and AI. Holding a PhD. in applied math, Tiago has a technical background and during his professional career has contributed to the development and deployment of AI solutions in various organizations and industries, such as telecom, consulting and healthcare. At Andela, Tiago is dedicated to guiding companies on their data and AI journeys, ensuring that global technologists find their rightful place within these enterprises.See more from Tiago MiyaokaNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Teams selected for the 2025-to-2029 agreement will have the opportunity to work on a range of technical studies, light touch refurbishments, complex stand-alone renewals, the refurbishment and creation of new galleries, and the re-masterplanning of existing spaces within the landmark Grade I-listed Bloomsbury complex which boasts around 3,500 different rooms.The framework is divided into seven lots covering project management; quantity surveying; mechanical, electrical, public health and fire engineering; architecture and interior design; structural and civil engineering; fire safety; and surveying. Up to 11.5 million is expected to be spent on architectural services during the frameworks four-year lifetime.The framework launch comes just a week after Lina Ghotmeh was named winner of the British Museums high-profile Western Range renewal competition. Studio Weavewith Wright & Wright Architects, Webb Yates Engineers, Tom Massey Studio and Daisy Froud won a seeprate contest to renew the museums north and south entrances in December.AdvertisementAccording to the brief: The British Museum is seeking professional, highly skilled and experienced suppliers who are willing and able to work across a full range of projects in terms of complexity and value to ensure that the Framework provides a reliable and efficient source of expertise and delivers value for money.The types of projects and related planning and design activity likely to be delivered under the Framework are broad and could be classified under one of the following categories, covering both front-of-house and back-of-house spaces.'Originally founded in 1753 to document human history, art and culture the British Museum is based inside a large Robert Smirke-designed complex which was constructed during the early to mid-nineteenth century.The 100,000m2 museum features more than eight million items in its permanent collection, many of which were sourced during the era of the British Empire. Stanton Williams completed a new Albukhary Foundation Gallery of the Islamic World at the British Museum six years ago.In 2017, the museums World Conservation and Exhibitions Centre extension by Rogers Stirk Harbour + Partners was shortlisted for the Stirling Prize. While in 2003 Foster + Partners transformation of the museums Great Court was also among the contenders for the prize.AdvertisementThe latest procurement comes four years after the museum named four architects on its previous 45 million construction consultancy services framework: Avanti Architects, Dannatt Johnson Architects, Nex Architecture and Wright & Wright Architects.It also comes shortly after the appointment of Ghotmeh to overhaul the museums Western Range involving the upgrade of more than a third of the gallery spaces and behind-the-scenes areas.The Western Range job will be the museums biggest building project since the 1820s when work began on Robert Smirkes original Greek Revival-style quadrangle. The 100,000m museum has around 3,500 different rooms and features more than eight million items in its permanent collection.Bids for inclusion on the latest framework will be evaluated 70 per cent on quality and 30 per cent on price. Applicants must hold employers liability insurance of 10 million, public liability insurance of 5 million and professional indemnity insurance of 5 million.Competition detailsProject title British Museum Construction Professional Services Consultancy FrameworkClientContract value 46.1 millionFirst round deadline 24 March 2025Restrictions TbcMore information https://www.find-tender.service.gov.uk/Notice/006559-2025