Room 8 Group said it is strengthening its business structure by combining a couple of gaming brands and hiring new game development and technology leaders.Read More

Today is the third anniversary of Valves Steam Deck, the handheld gaming PC that all but created the market for handheld gaming PCs. It was a mess to start! But three years later, The Verge has data showing how it has dominated the nascent market. While Valve told us in November 2023 that it had sold multiple millions of the AMD-powered handheld, weve never had a good glimpse at how big it is or how Windows competitors stack up till now. It seems the Steam Deck, so far, has been bigger than all its competitors combined.Market research firm IDC uses supply chains to estimate just how many handheld gaming systems have shipped around the world, and creates spending forecasts. When I asked IDC market research analyst Lewis Ward if hed be willing to isolate SteamOS and Windows gaming handhelds from that data, he said yes.So here are the estimated combined shipments of the Steam Deck, and the Windows-based Asus ROG Ally, Lenovo Legion Go, and MSI Claw from 2022 through 2024, and an estimate for 2025:2022202320242025 (Estimate)1,620,0002,867,0001,485,0001,926,000Combined Valve Steam Deck, Asus ROG Ally, Lenovo Legion Go, and MSI Claw. Figures include all SKUs in associated hardware families.Add it up, and thats just under 6 million shipments in three years. One way to view that: its small and its not really growing. IDCs forecasting under 2 million shipments in 2025, rather than any major expansion.Another is that its simply early days for the category: Metas Ray-Bans only sold 2 million pairs between October 2023 and February 2025, but its maker is taking that as a sign it could soon sell 10 million each year.I think its amazing, AMD gaming marketing boss Frank Azor tells me, discussing IDCs numbers for handheld gaming PCs. This didnt exist three years ago; we went from nothing, zero, to incremental category creation in the millions of units.But out of those 6 million shipments, the lions share have been the Steam Deck itself, according to IDCs estimates. All of the 2022 shipments are the Steam Deck, and Ward tells me upwards of 50 percent of the 2023 shipments and 48 percent of the 2024 shipments are the Deck as well. Doing the math, Valve has now shipped upwards of 3.7 million Steam Decks and has quite possibly crossed 4 million by now.The Lenovo Legion Go S will come in an official $499 SteamOS version in May, but the Steam Deck OLED will likely still be better. Read my review to find out why! Photo by Antonio G. Di Benedetto / The Verge(Note: IDCs numbers do not currently include Chinese handhelds from companies like GPD, Ayaneo and OneXPlayer, though it seems possible they are small players based on their public backer numbers on Indiegogo.)With as few as 2 million Windows handhelds shipping in two years, its not a huge surprise that AMD and Intel arent spending big on more custom chips like the one thats still working perfectly well for the Steam Deck particularly if the rumors are true that early Windows handheld buyers returned their purchases at unusually high rates. (Anecdotally, Ive seen lots of open-box stock of the Asus ROG Ally when Ive looked at Best Buy online and in-person.)But I hope AMD will invest in making that Steam Deck lightning strike again. Because when every other low-power gaming chip is originally aimed at laptops rather than handhelds, we get disappointments like the new Lenovo Legion Go S, which couldnt stand up to the three-year-old Steam Decks one-year-old OLED revision in my review, or the original MSI Claw. Or, we get pretty good handhelds like the ROG Ally X that offset power hungry chips with a bigass battery, but cost $800 or more.Not that chips are the only reason the Steam Deck has come this far, not by a long shot! Its the combination of Valves pick-up-and-play SteamOS which lets you simply press a button to easily sleep and resume and its Proton compatibility layer and precompiled shaders that, incredibly, often make Windows games run on Linux better than they run on Windows. Then theres its infinitely customizable and comfortable controls that make decades of older games playable.The Steam Deck has been big enough for accessory companies to ride its coattails read our story about Jsaux. Photo by Antonio G. Di Benedetto / The VergeIts also the price think console, not gaming laptop and how incredibly easy Valve makes it to temporarily tweak performance in exchange for more battery life, and how many additional things you can do with a Steam Deck if you try. (Epic Games Store and Ubisoft and even Blizzard games are playable if you jump through a couple hoops; it can easily stream your PlayStation with the Chiaki app you can find in the Linux desktop app browser, letting the handheld double as a PlayStation Portal.)No other shipping handheld has come close, and while a combination of the Asus ROG Ally X and the SteamOS not-quite-a-fork Bazzite can feel like the best of both worlds, youll pay twice the price of an entry level Steam Deck to get it.I mistakenly thought the most important handheld at CES 2025 was the Lenovo Legion Go S, because Valves Steam Deck designers had given it their blessing to become the first authorized third-party SteamOS handheld, but I was wrong. Heres how I ended my Legion Go S review: If youre waiting for a $499 Legion Go S with SteamOS, heres my advice: just buy a $530 Steam Deck OLED instead.RelatedWhile its true that new triple-A PC games now require more power than the Steam Deck can comfortably give you, Valve has consistently said that it will wait until it can provide a leap in performance without sacrificing battery life before it introduces a Steam Deck 2, and that it wont be using this years AMD Z2 chips.Between that promise, the many excellent new games that do target Steam Deck, the high prices of new Nvidia GPUs, and the idea that new Microsoft and Sony handhelds are likely a few years away, I dont think there are all that many reasons to wait to buy todays Steam Deck unless the Nintendo Switch 2 somehow supplants the Steam Deck as the handheld that game developers prefer to target with games.See More:

A free version of Gemini Code Assist, Googles enterprise-focused AI coding tool, is now available globally for solo developers. Google announced today that Gemini Code Assist for individuals is launching in public preview, aiming to make coding assistants with the latest AI capabilities more accessible for students, hobbyists, freelancers, and startups.Now anyone can more conveniently learn, create code snippets, debug, and modify their existing applications all without needing to toggle between different windows for help or to copy and paste information from disconnected sources, said Ryan J. Salva, Googles senior director of product management. While other popular free coding assistants have restrictive usage limits, with usually only 2,000 code completions per month, we wanted to offer something more generous.That feels particularly targeted at GitHub Copilot, the most direct competitor to Gemini Code Assist, which also provides a free user tier thats limited to 2,000 code completions and 50 Copilot Chat messages each month. Google is offering up to 180,000 code completions per month by contrast, which it describes as a ceiling so high that even todays most dedicated professional developers would be hard-pressed to exceed it.Heres a quick demo of Gemini Code Assist in action. GIF: GoogleLike the enterprise version, Gemini Code Assist for individuals is powered by Googles Gemini 2.0 artificial intelligence model and can generate entire code blocks, complete code as you write, and provide general coding assistance via a chatbot interface. The free coding tool can be installed in Visual Studio Code, GitHub, and JetBrains developer environments and supports all programming languages in the public domain.Developers can instruct Gemini Code Assist using natural language, such as asking the coding chatbot to build me a simple HTML form with fields for name, email, and message, and then add a submit button. It currently supports 38 languages and up to 128,000 chat input tokens in the token context window, which is the amount of text (tokens) that can be processed or remembered when generating a response.The free Individual tier seems pretty expansive, but it doesnt include all of the advanced business-focused features available in the Standard and Enterprise versions of Gemini Code Assist. If you want productivity metrics, integrations with Google Cloud services like BigQuery, or to customize responses using private code data sources then youll need to use Googles paid tiers.See More:

In this tutorial, we will build an interactive web scraping project in Google Colab! This guide will walk you through extracting live weather forecast data from the U.S. National Weather Service. Youll learn to set up your environment, write a Python script using BeautifulSoup and requests, and integrate an interactive UI with ipywidgets. This tutorial provides a step-by-step approach to collecting, displaying, and saving weather data, all within a single, self-contained Colab notebook.!pip install beautifulsoup4 ipywidgets pandasFirst, we install three essential libraries: BeautifulSoup4 for parsing HTML content, ipywidgets for creating interactive elements, and pandas for data manipulation and analysis. Running it in your Colab notebook ensures your environment is fully prepared for the web scraping project.import requestsfrom bs4 import BeautifulSoupimport csvfrom google.colab import filesimport ipywidgets as widgetsfrom IPython.display import display, clear_output, FileLinkimport pandas as pdWe import all the necessary libraries to build an interactive web scraping project in Colab. It includes requests for handling HTTP requests, BeautifulSoup from bs4 for parsing HTML, and csv for managing CSV file operations. Also, it brings in files from google.colab for file downloads, ipywidgets and IPythons display tools for creating an interactive UI, and pandas for data manipulation and display.def scrape_weather(): """ Scrapes weather forecast data for San Francisco from the National Weather Service. Returns a list of dictionaries containing the period, short description, and temperature. """ url = 'https://forecast.weather.gov/MapClick.php?lat=37.7772&lon=-122.4168' print("Scraping weather data from:", url) response = requests.get(url) if response.status_code != 200: print("Error fetching page:", url) return None soup = BeautifulSoup(response.text, 'html.parser') seven_day = soup.find(id="seven-day-forecast") forecast_items = seven_day.find_all(class_="tombstone-container") weather_data = [] for forecast in forecast_items: period = forecast.find(class_="period-name").get_text() if forecast.find(class_="period-name") else '' short_desc = forecast.find(class_="short-desc").get_text() if forecast.find(class_="short-desc") else '' temp = forecast.find(class_="temp").get_text() if forecast.find(class_="temp") else '' weather_data.append({ "period": period, "short_desc": short_desc, "temp": temp }) print(f"Scraped {len(weather_data)} forecast entries.") return weather_dataWith the above function, we retrieve the weather forecast for San Francisco from the National Weather Service. It makes an HTTP request to the forecast page, parses the HTML with BeautifulSoup, and extracts details like the forecast period, description, and temperature from each entry. The collected data is then stored as a list of dictionaries and returned.def save_to_csv(data, filename="weather.csv"): """ Saves the provided data (a list of dictionaries) to a CSV file. """ with open(filename, "w", newline='', encoding='utf-8') as f: writer = csv.DictWriter(f, fieldnames=["period", "short_desc", "temp"]) writer.writeheader() writer.writerows(data) print(f"Data saved to {filename}") return filenameNow, this function takes the scraped weather data from a list of dictionaries and writes it into a CSV file using Pythons CSV module. It opens the file in write mode with UTF-8 encoding, initializes a DictWriter with predefined fieldnames (period, short_desc, and temp), writes the header row, and then writes all the rows of data.out = widgets.Output()def on_button_click(b): """ Callback function that gets executed when the "Scrape Weather Data" button is clicked. It scrapes the weather data, saves it to CSV, displays the data in a table, and shows a download link for the CSV file. """ with out: clear_output() print("Starting weather data scrape...") data = scrape_weather() if data is None: print("Failed to scrape weather data.") return csv_filename = save_to_csv(data) df = pd.DataFrame(data) print("\nWeather Forecast Data:") display(df) print("\nDownload CSV file:") display(FileLink(csv_filename))button = widgets.Button(description="Scrape Weather Data", button_style='success')button.on_click(on_button_click)display(button, out)Finally, the last snippet sets up an interactive UI in Colab using ipywidgets that, when triggered, scrapes weather data, displays it in a table, and provides a CSV download link. It efficiently combines web scraping and user interaction in a compact notebook setup.Output SampleIn this tutorial, we demonstrated how to combine web scraping with an interactive UI in a Google Colab environment. We built a complete project that fetches real-time weather data, processes it using BeautifulSoup, and displays the results in an interactive table while offering a CSV download option.Here is the Colab Notebook for the above project. Also,dont forget to follow us onTwitterand join ourTelegram ChannelandLinkedIn Group. Dont Forget to join our80k+ ML SubReddit. Asif RazzaqWebsite| + postsBioAsif Razzaq is the CEO of Marktechpost Media Inc.. As a visionary entrepreneur and engineer, Asif is committed to harnessing the potential of Artificial Intelligence for social good. His most recent endeavor is the launch of an Artificial Intelligence Media Platform, Marktechpost, which stands out for its in-depth coverage of machine learning and deep learning news that is both technically sound and easily understandable by a wide audience. The platform boasts of over 2 million monthly views, illustrating its popularity among audiences.Asif Razzaqhttps://www.marktechpost.com/author/6flvq/DeepSeek AI Releases DeepEP: An Open-Source EP Communication Library for MoE Model Training and InferenceAsif Razzaqhttps://www.marktechpost.com/author/6flvq/Building a Legal AI Chatbot: A Step-by-Step Guide Using bigscience/T0pp LLM, Open-Source NLP Models, Streamlit, PyTorch, and Hugging Face TransformersAsif Razzaqhttps://www.marktechpost.com/author/6flvq/Moonshot AI and UCLA Researchers ReleaseMoonlight: A 3B/16B-Parameter Mixture-of-Expert (MoE) Model Trained with 5.7T Tokens Using Muon OptimizerAsif Razzaqhttps://www.marktechpost.com/author/6flvq/Fine-Tuning NVIDIA NV-Embed-v1 on Amazon Polarity Dataset Using LoRA and PEFT: A Memory-Efficient Approach with Transformers and Hugging Face Recommended Open-Source AI Platform: IntellAgent is a An Open-Source Multi-Agent Framework to Evaluate Complex Conversational AI System' (Promoted)

Apple famously likes to take its time with most forms of new tech, preferring to be best rather than first, and thats been true of a folding iPhone.The company reportedly hasnt been impressed with the quality of Android models to date, with one issue in particular most bothering the iPhone maker The biggest barrier to a folding iPhoneOne of the biggest complaints about folding phones in general has been a very visible crease in the center of the display when its unfolded. Apple was said to have been particularly unhappy with the aesthetics of this, and has been calling on its display partners to minimize its visibility.That was no small task, given that Samsung is Apples most advanced display supplier, and the Korean company hasnt yet managed to achieve that with its own folding phones.Apple was reportedly so dissatisfied with early samples that it told its suppliers to go back to the drawing board around a year ago.The crease issue has now reportedly been solvedETNews suggests that the problem has finally been solved, with Apple satisfied with the latest display samples received from Samsung.Apple put forward a difficult technical requirement to overcome the weakness of a foldable phone with wrinkles on the folded screen, and it is said that it is close to the desired level.Another industry official said, In order to differentiate itself from the existing foldable phone, Apple decided to eliminate wrinkles regardless of price, and I understand that wrinkles have disappeared with [the latest design].The solution was said to have been achieved through close cooperation between Samsung and Apple hinge supplier Amphenol. The company currently makes MacBook hinges.Oppos latest folding phone lends credibilityLending weight to the idea of a dramatic breakthrough in this area is this months launch of the Oppo Find N5. Our sister site 9to5Google described the crease as a night-and-day difference from even last years Samsung folding displays.The inner screen is a truly massive canvas, and one that goes mostly uninterrupted by the display crease. Its not invisible, but its also hard to see, even at off-angles.It also makes going back to my Galaxy Z Fold 6, the foldable I personally purchased last year, look like a cheap knock-off by comparison. Samsungs deep crease and thick hardware arent inherently terrible, but they feel like a ripoff when you see what foldable technology is actually capable of today.You can see this on the right, with Samsungs Fold 6 on the left:2026 launch now looks likelyThere have been conflicting reports about when the first folding iPhone will launch, with some suggesting 2026 and others 2027.TrendForce said last summer that it was unlikely to launch before 2027, some other sources suggesting the same. However, there appears to be growing consensus that the device may launch next year, including the most recent Bloomberg report.ETNews shares this view, indicating that Apple is aiming to finalize its supply chain by April of this year, a step it generally takes 12-18 months ahead of the scheduled product launch. That suggests a launch in the second half of next year.9to5Macs TakeWe always have to take supply chain sources with a pinch (or larger quantity) of salt, especially at earlier stages, before test production is underway.However, it makes perfect sense that Apple would want to solve one of the ugliest elements of folding phones before its own launch, and Oppo has just demonstrated that the tech has now reached a whole new level.Given that, a 2026 launch now seems entirely credible, as part of the iPhone 18 line-up the iPhone 18 Fold, perhaps.The device is likely to be the most expensive iPhone yet, so may be a relatively niche product by iPhone standards. Would you pay substantially more for a folding iPhone? Please let us know in the comments.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple @ Work is exclusively brought to you by Mosyle,the only Apple Unified Platform. Mosyle is the only solution that...

Feb 25, 2025The Hacker NewsMalware / CybercrimeThe first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods.Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments.NetSupport RAT Exploiting the ClickFix TechniqueIn early 2025, threat actors began exploiting a technique known as ClickFix to distribute the NetSupport Remote Access Trojan (RAT). This method involves injecting fake CAPTCHA pages into compromised websites, prompting users to execute malicious PowerShell commands that download and run the NetSupport RAT. Once installed, this RAT grants attackers full control over the victim's system, allowing activities such as real-time screen monitoring, file manipulation, and execution of arbitrary commands.Main technical characteristics of NetSupport RATAttackers can view and control the victim's screen in real time.Uploads, downloads, modifies, and deletes files on the infected system.Runs system commands and PowerShell scripts remotely.Captures copied text, including passwords and sensitive data.Records user keystrokes for credential theft.Starts, stops, and modifies system processes and services.Installs itself in startup folders, registry keys, or scheduled tasks to survive reboots.Uses process injection and code obfuscation to evade detection.Maintains a stealthy connection with attackers using encrypted traffic.After running the NetSupport RAT payload inside ANY.RUN's Interactive Sandbox, we can see several activities. View NetSupport RAT analysis sessionMalicious archive opened inside ANY.RUN sandboxWhen NetSupport RAT infects a system, it immediately establishes a connection with a command-and-control (C2) server, allowing attackers to operate the compromised machine remotely.CnC connection detected by ANY.RUN sandboxThrough this connection, attackers can execute system commands, deploy additional malware, and modify system settings.Equip your team with ANY.RUN's Interactive Sandbox to analyze unlimited malware in real time, uncover threats faster, and strengthen your defenses. Start your free trial today!NetSupport RAT employs multiple Tactics, Techniques, and Procedures (TTPs) to maintain persistence, evade detection, and gather system data. Key TTPs include:Persistence & Execution: Modifies registry startup keys, executes scripts via wscript.exe.Discovery: Reads computer name, checks system language, and accesses environment variables.Defense Evasion & C2 Communication: Drops legitimate Windows executables, creates internet connection objects for remote control.These techniques demonstrate how NetSupport RAT establishes control while avoiding detection, all of which are visible in ANY.RUN's ATT&CK mapping.Main TTPs used by NetSupport RATLynx RansomwareThe Lynx Ransomware-as-a-Service (RaaS) group is known as a highly organized entity, offering a structured affiliate program and robust encryption methods. Building upon the foundation of the earlier INC ransomware, Lynx has enhanced its capabilities and expanded its reach, targeting a diverse range of industries across multiple countries.Lynx's affiliate panel allows its affiliates to configure victim profiles, generate custom ransomware samples, and manage data-leak schedules within a user-friendly interface. Because of its structured approach, it becomes one of the most accessible ransomware even for those with limited technical expertise.To incentivize participation, Lynx offers affiliates an 80% share of ransom proceeds. The group maintains a leak site where stolen data is published if victims fail to pay the ransom.Major attacks of Lynx in Q1In the first quarter of 2025, the Lynx Ransomware-as-a-Service (RaaS) group has intensified its operations, targeting various industries with sophisticated attacks. Particularly, in February 2025, Lynx claimed responsibility for breaching Brown and Hurley, a prominent Australian truck dealership. The group alleged the theft of approximately 170 gigabytes of sensitive data, including human resources documents, business contracts, customer information, and financial records.In January 2025, Lynx also breached Hunter Taubman Fischer & Li LLC, a U.S.-based law firm specializing in corporate and securities law.Main technical characteristics of Lynx ransomwareEncrypts all files by default, including local drives, network shares, and removable media.Configurable via RaaS to target specific file types, folders, or extensions. Steals sensitive data before encryption, exfiltrating documents, credentials, and financial information.Transfers stolen data over encrypted channels, such as HTTPS or custom communication protocols.Deletes Volume Shadow Copies and disables Windows recovery features to prevent restoration.Closes applications that may block encryption using RestartManager.Utilizes credential dumping techniques to extract stored passwords from browsers, Windows Credential Manager, and networked devices.Maintains a C2 connection with DGA-based domains and anonymized traffic via Tor.Detects VMs and sandboxes, altering behavior to evade analysis.Runs in memory without writing files to disk, avoiding detection.We can observe Lynx Ransomware's behavior firsthand in a controlled environment. In the ANY.RUN sandbox analysis, after executing the Lynx payload, the infected system undergoes several noticeable changes. View Lynx ransomware analysis sessionDesktop background changed inside ANY.RUN sandboxThe desktop background is replaced with a ransom message, and the attackers leave a note warning that all data has been stolen and encrypted. Victims are instructed to download Tor to contact them.Ransomware message left by attackersThe sandbox also detects how Lynx systematically renames files, appending its extension. For example, C:\Users\admin\Desktop\academicroad.rtf becomes C:\Users\admin\Desktop\academicroad.rtf.LYNX. Files renaming with .lynx detected by ANY.RUNDozens of files across the system are modified this way, further confirming its encryption process. These are just a few of the many destructive actions Lynx carries out once inside a compromised system.Modification of files by Lynx ransomwareAsyncRAT: Leveraging Python Payloads and TryCloudflare TunnelsIn early 2025, cybersecurity researchers uncovered a sophisticated malware campaign deploying AsyncRAT, a remote access trojan known for its efficient, asynchronous communication capabilities. This campaign stands out due to its use of Python-based payloads and the exploitation of TryCloudflare tunnels to enhance stealth and persistence.Infection Chain OverviewThe attack initiates with a phishing email containing a Dropbox URL. When recipients click the link, they download a ZIP archive housing an internet shortcut (URL) file. This file, in turn, retrieves a Windows shortcut (LNK) file via a TryCloudflare URL. Executing the LNK file triggers a series of scripts, PowerShell, JavaScript, and batch scripts, that download and execute a Python payload. This payload is responsible for deploying multiple malware families, including AsyncRAT, Venom RAT, and XWorm.Technical Characteristics of AsyncRATAllows attackers to execute commands, monitor user activity, and manage files on the compromised system.Capable of stealing sensitive information, including credentials and personal data.Employs techniques to maintain long-term access, such as modifying system registries and utilizing startup folders.Uses obfuscation and encryption to evade detection by security solutions.Inside ANY.RUN's analysis session, we can open the MalConf section to reveal the malicious configurations used by AsyncRAT.View AsyncRAT analysis sessionMalicious configurations analyzed inside controlled environmentAs we can see, AsyncRAT connects to masterpoldo02[.]kozow[.]com over port 7575, allowing remote attackers to control infected machines. Blocking this domain and monitoring traffic to this port can help prevent infections.Besides, AsyncRAT installs itself in %AppData% to blend in with legitimate applications and uses a mutex (AsyncMutex_alosh) to prevent multiple instances from running.The malware also uses AES encryption with a hardcoded key and salt, making it difficult for security tools to analyze its communications.AES encryption used by AsyncRATLumma Stealer: GitHub-Based Distribution In early 2025, cybersecurity experts uncovered a sophisticated campaign involving Lumma Stealer, an information-stealing malware. Attackers used GitHub's release infrastructure to distribute this malware, exploiting the platform's trustworthiness to bypass security measures. Once executed, Lumma Stealer initiates additional malicious activities, including downloading and running other threats like SectopRAT, Vidar, Cobeacon, and additional Lumma Stealer variants.Technical Characteristics of Lumma StealerDistributed through GitHub releases, leveraging trusted infrastructure to evade security detection.Steals browser credentials, cookies, cryptocurrency wallets, and system information.Sends stolen data to remote servers, enabling real-time exfiltration.Can download and execute additional malware, including SectopRAT, Vidar, and Cobeacon.Uses registry modifications and startup entries to maintain access.Detectable through network-based security monitoring tools, revealing malicious communication patterns.View Lumma analysis sessionLumma Stealer analyzed inside ANY.RUN virtual machineA detailed examination using the ANY.RUN sandbox demonstrates Lumma Stealer's behavior.Upon execution, the malware connects to its command-and-control server, facilitating the exfiltration of sensitive data. The analysis also reveals the triggering of specific Suricata rules:Suricata rule triggered by Lumma StealerThe analysis session also reveals how Lumma steals credentials from web browsers and exfiltrates personal data:Credentials and personal data theft by Lumma StealerInvisibleFerret: The Silent Threat Lurking in Fake Job OffersIn a wave of social engineering attacks, cybercriminals have been leveraging InvisibleFerret, a stealthy Python-based malware, to compromise unsuspecting victims. Disguised as legitimate software in fake job interview processes, this malware has been actively used in the fake interview campaign, where attackers pose as recruiters to trick professionals into downloading malicious tools.Technical Characteristics of InvisibleFerretThe malware employs disorganized and obfuscated Python scripts, making analysis and detection challenging. InvisibleFerret actively searches for and exfiltrates sensitive information, including source code, cryptocurrency wallets, and personal files. Often delivered as a secondary payload by another malware called BeaverTail, which is an obfuscated JavaScript-based infostealer and loader. The malware establishes persistence on the infected system, ensuring continued access and control.A key element of the InvisibleFerret attack is the deployment of BeaverTail, a malicious NPM module that delivers a portable Python environment (p.zip) to execute the malware. Acting as the first stage in a multi-layered attack chain, BeaverTail sets up InvisibleFerret, a stealthy backdoor with advanced obfuscation and persistence mechanisms, making detection difficult.By submitting InvisibleFerret to ANY.RUN's Interactive Sandbox, we can analyze its behavior in real time:View InvisibleFerret analysis sessionInvisibleFerret behavior analyzed by ANY.RUN sandboxThe malware starts by collecting system information, such as OS version, hostname, username, and geolocation, using services like ip-api.com, a method also used by cryptocurrency drainers.Exfiltrated information analyzed inside ANY.RUN sandboxMalicious requests blend with normal traffic, making detection challenging. ANY.RUN's interface highlights these activities, showing network requests in orange and red beneath the virtual machine.Malicious requests are blended with legitimate traffic, all directed by the same scriptClicking on the ATT&CK button in ANY.RUN's sandbox provides a breakdown of InvisibleFerret's TTPs. One key detection is T1016 ("System Network Configuration Discovery"), which highlights how the malware gathers geolocation and system data.Main TTPs used by InvisibleFerretDon't Let Threats Go Unnoticed - Detect Them with ANY.RUNThe first quarter of 2025 has been filled with stealthy and aggressive cyber threats, from ransomware operations to silent data stealers. But attackers don't have to win.ANY.RUN's Interactive Sandbox gives businesses the power to analyze malware in real time, uncover hidden behaviors, and strengthen defenses before an attack escalates.With ANY.RUN, security teams can:Gather IOCs instantly to speed up threat hunting and incident response.Get structured, in-depth reports for better visibility into malware behavior.Map threats to the ATT&CK framework to understand tactics and techniques used by attackers.Collaborate seamlessly, sharing real-time analysis across teams.Sign up for a free ANY.RUN trial today and experience it for yourself!Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Feb 25, 2025Ravie LakshmananWindows Security / VulnerabilityA large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware."To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point said in a new report published Monday.The cybersecurity company said the malicious activity involved thousands of first-stage malicious samples that are used to deploy a program capable of terminating endpoint detection and response (EDR) software by means of what's called a bring your own vulnerable driver (BYOVD) attack.As many as 2,500 distinct variants of the legacy version 2.0.2 of the vulnerable RogueKiller Antirootkit Driver, truesight.sys, have been identified on the VirusTotal platform, although the number is believed to be likely higher. The EDR-killer module was first detected and recorded in June 2024.The issue with the Truesight driver, an arbitrary process termination bug affecting all versions below 3.4.0, has been previously weaponized to devise proof-of-concept (PoC) exploits such as Darkside and TrueSightKiller that are publicly available since at least November 2023.In March 2024, SonicWall revealed details of a loader called DBatLoader that was found to have utilized the truesight.sys driver to kill security solutions before delivering the Remcos RAT malware.There is some evidence to suggest that the campaign could be the work of a threat actor called the Silver Fox APT due to some level of overlaps in the execution chain and the tradecraft employed, including the "infection vector, execution chain, similarities in initial-stage samples [...], and historical targeting patterns."The attack sequences involve the distribution of first-stage artifacts that are often disguised as legitimate applications and propagated via deceptive websites offering deals on luxury products and fraudulent channels in popular messaging apps like Telegram.The samples act as a downloader, dropping the legacy version of the Truesight driver, as well as the next-stage payload that mimics common file types, such as PNG, JPG, and GIF. The second-stage malware then proceeds to retrieve another malware that, in turn, loads the EDR-killer module and the Gh0st RAT malware."While the variants of the legacy Truesight driver (version 2.0.2) are typically downloaded and installed by the initial-stage samples, they can also be deployed directly by the EDR/AV killer module if the driver is not already present on the system," Check Point explained."This indicates that although the EDR/AV killer module is fully integrated into the campaign, it is capable of operating independently of the earlier stages."The module employs the BYOVD technique to abuse the susceptible driver for the purpose of terminating processes related to certain security software. In doing so, the attack offers an advantage in that it bypasses the Microsoft Vulnerable Driver Blocklist, a hash value-based Windows mechanism designed to protect the system against known vulnerable drivers.The attacks culminated with the deployment of a variant of Gh0st RAT called HiddenGh0st, which is designed to remotely control compromised systems, giving attackers a way to conduct data theft, surveillance, and system manipulation.As of December 17, 2024, Microsoft has updated the driver blocklist to include the driver in question, effectively blocking the exploitation vector."By modifying specific parts of the driver while preserving its digital signature, the attackers bypassed common detection methods, including the latest Microsoft Vulnerable Driver Blocklist and LOLDrivers detection mechanisms, allowing them to evade detection for months," Check Point said."Exploiting Arbitrary Process Termination vulnerability allowed the EDR/AV killer module to target and disable processes commonly associated with security solutions, further enhancing the campaign's stealth."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Samuel Greengard, Contributing ReporterFebruary 25, 20255 Min ReadDenys Rudyi via Alamy StockOver the last decade, software as a service (SaaS) has reshaped the face of business. Low-cost and highly flexible applications have become the norm, and more agile and scalable IT frameworks have followed. Today, organizations large and small use powerful software that would have once been out of reach.Now, as artificial intelligence takes hold, the concept is evolving. Service as software is rapidly taking shape. It promises to add powerful capabilities. Service as software uses the core principles of both SaaS and business process outsourcing (BPO) delivery models. It blends them into a new, AI-powered framework, explains Fred Giron, senior research director at Forrester Research.Service as software, also referred to as SaaS 2.0, goes beyond layering AI atop existing applications. It centers on the concept of automating business processes through intelligent APIs and autonomous services. The framework aims to eliminate human input and involvement through AI agents that act and react to conditions based on events, behavioral changes, and feedback.The result is autonomous software. Traditional SaaS provides cloud-based tools where staff still do the work. Service as software flips that script. Instead of having staff do the work, you're making calls to an API or using software that does the work for you, says Mark Strefford, founder of TimelapseAI, a UK-based consulting firm.Related:The approach is particularly promising for handling niche, well-defined processes. This includes financial reviews, legal analysis, IT reporting, marketing and public relations reviews, and general research. Although service as software remains in its infancy -- and there are caveats about deploying it -- its likely to introduce further change to the enterprise. Giron believes that it could surpass the SaaS revolution.Beyond BotsDialing up productivity is at the foundation of any successful business. Yet, despite waves of software automation and increasingly sophisticated AI tools, manual processes still flourish within most organizations. Service as software aims to fill critical gaps by expanding the concept of cloud-based platform delivery.A growing number of vendors are stepping into the service as software space. The list includes Klarna, Moonhub, Thoughtful Automation, Crescendo AI, Converzai, Adept and Inflection AI. These firms typically provide pre-engineered agents designed to handle discreet tasks. Some include voice-enabled interfaces and interactions.Early adopters are already using these tools to tackle niche tasks that typically revolve around document processing, medical transcription, and automated invoice processing, Strefford says. These use cases frequently harness unstructured data that resides in documents, messages, images, and various types of forms and build it into structured, actionable information.Related:In other words, service as software does the work itself rather than providing tools for humans. It goes beyond simply scanning data and looking for matches or patterns. It determines what to do with the information, Strefford explains.For example, AI-driven accounting software can automatically categorize transactions, file taxes, and monitor compliance. AI-powered marketing and sales can identify leads, craft personalized messages, and autonomously schedule calls or demos with interested prospects. AI-enabled content creation can draft market research reports, legal summaries, or product descriptions based on raw data.SaaS 2.0 is possible because AI systems have advanced and converged in recent years. Although generative AI and large language models have grabbed recent headlines, machine learning and deep learning have also advanced. LLMs have enabled service as software, says Strefford, but traditional machine learning algorithms are still massively valuable, especially for predictive analytics and workflow optimization.Related:Not surprisingly, combining these separate AI components produces a sum greater than the individual parts. As Giron explains, AI continuously analyzes interactions, learns from successes and failures, and refines its performance over time. This continuous learning loop ensures that service delivery becomes more intelligent, personalized, and effective.Smarter AIA key benefit of a service as software model is that it can greatly simplify AI adoption -- while automating 50 to 70% or more of interactions, Giron says. Rather than building complex AI models in-house, an organization can turn to a pre-packaged solution that delivers pre-designed AI-driven workflows. As with conventional SaaS, updates and patches occur continuously.The result is an ability to access new features and capabilities as the service as software provider introduces them. This creates a continuous learning and optimization loop that promotes a more intelligent, personalized, and effective work model, Giron says. SaaS 2.0 also supports a strategic framework that prioritizes measurable business outcomes and performance metrics.Nevertheless, human oversight remains vital -- at least for now. Strefford promotes a three-tiered model, particularly as organizations become acquainted with the space and launch pilot projects. He recommends fully automating low-risk tasks; using human-AI collaboration for medium-risk activities; and maintaining human-led processes for high-value or high-risk operations.It all comes down to trust, Strefford states. You have to understand what the possible costs and repercussions are if a system makes an incorrect prediction or takes an incorrect action? Not surprisingly, these considerations vary by organization and industry, and business and IT leaders should factor in regulatory requirements, board confidence, geopolitical events, and overall risk tolerance.CIOs and IT leaders should start small and iterate, experts say. As an organization gains confidence and trust, it can expand the autonomy of a SaaS 2.0 component. More AI initiatives have failed from starting too big than too small, Strefford notes. Consequently, its critical to understand the entire workflow, build in oversight and protections, establish measurement and validation tools, and stay focused on outcomes.A few factors can make or break an initiative, Giron says. Data quality and the ability to integrate across systems is crucial. A framework for standardization is critical. This includes cleaning, standardizing, and preparing legacy data. Data labeling and annotation can be a time-consuming and resource-intensive task. It can demand specialized expertise and tools, he says. At the same time, its important to identify and address potential biases in data and focus on security and regulatory risks.Over the next few years, Giron says that service as software will reach into contact centers, IT services, human resources, supply chain, and other operational domains where service quality and cost efficiency matter. The business world, he says, will fully embrace SaaS 2.0. It will lead to managed services that arent merely offshored or outsourced but, instead, are continuously optimized, AI-infused, and laser-focused on business results.About the AuthorSamuel GreengardContributing ReporterSamuel Greengard writes about business, technology, and cybersecurity for numerous magazines and websites. He is author of the books "The Internet of Things" and "Virtual Reality" (MIT Press).See more from Samuel GreengardNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

As companies seek to realize the promise of generative AI, effective collaboration between CEOs and CIOs has become an unheralded, but critical driver of technological transformation.Artificial intelligence is revolutionizing work across almost every industry. Leaders are facing immense pressure to substantiate the value of GenAI and effectively measure outcomes that demonstrate its impact to their people, boards and shareholders. To do so, they are aggressively moving from pilots to transformational programs to unlock new revenue streams, maximize ROI and cement their competitive advantage. KPMGs latest AI & Digital Innovation Quarterly pulse survey found that 79% of business leaders are prioritizing productivity gains, and that more than half are exploring the use of AI agents. Those tools can work independently to perform tasks and adapt in real time. To successfully implement GenAI or AI agents within an organization, it is crucial for the CEO and the CIO to work together to establish a shared vision and strategy to meet business objectives and maximize the return on their investment.The CEO should have a clear understanding of the potential benefits that GenAI can bring and how it aligns with the long-term goals of the organization. The CEO should set the agenda and drive a culture of collaboration, cross-functional strategy and integration because siloed efforts are unlikely to yield the game changing transformation needed for a sustainable, competitive advantage.Related:Responsibilities for GenAI strategies are increasingly being shared across the C-suite as organizations adopt longer-term strategies. CIOs are also deeply involved in developing the strategy, and they have great influence over the technology investments. They also bring technical expertise to the table and provide insights into the feasibility of implementing the technology and the potential risks associated with it. The CIO should have an ecosystem strategy for their AI program that evaluates the compatibility of GenAI solutions with existing systems and considers the potential impact on the organization's IT infrastructure.CIOs must also spearhead efforts to break down functional siloes that can hinder enterprise-wide transformation. It is common for companies to prioritize digital transformation in certain functions over others, resulting in a capability gap that can be noticeable to customers, stakeholders and employees.Effective communication between the CEO and the CIO is crucial for a successful GenAI implementation at scale. Regular touchpoints and open dialogue allow both parties to exchange ideas, address concerns, while aligning their expectations and initiatives with the organization's goals.Related:When I speak with executives, many of their experiences are similar -- they are looking to close the gap between their aspirations and the everyday habits of their workforce. They want to understand how to put AI into production beyond writing drafts so they can see transformational change. Theyve invested their own time in experimenting with GenAI and believe in its transformative potential for their organization. Looking at clients across industries, what is most effective is when they prioritize modernizing their data strategies and systems to ensure the quality and integrity of their AI tools.Successful organizations also are reimagining their workforces and considering how to future-proof their talent strategy. They are excited about the early successes theyve seen with GenAI across different corporate functions like finance, sales and IT, and they want to translate those lessons into bigger opportunities.It's also no secret that GenAI implementation comes with inherent risks, such as data privacy, cyber and ethical concerns. Collaboration between the CEO and CIO helps mitigate these risks by having a robust risk management framework in place, which includes data encryption, access controls and compliance with the evolving regulatory landscape. Other areas that are ripe for collaboration include the establishment of ethical guidelines and changes to workflows and job roles.Related:Many also may not have fully considered the long-term costs, which is crucial for informed decision making. Understanding and managing the costs of AI adoption is vital, and organizations must establish comprehensive total cost of ownership models, with cross-functional governance, and standard procedures to track and manage the success.Working together, the CEO and CIO can push forward these changes faster and more effectively. Findings from the 2024 KPMG Global Technology survey showed that 80% of C-suite technology leaders say senior leaderships risk aversion makes them slower than competitors to embrace new technology. This makes it crucial to have a strong change-management strategy in place so organizations not only can have a smooth adoption but also a faster and more efficient one. The CEO should communicate the benefits of GenAI to employees, emphasizing how it can enhance productivity and create new opportunities while the CIO can work with other leaders to embed the technology into existing workflows, and reduce barriers to adoption.The CEO/CIO dynamic plays a pivotal role in the successful implementation of GenAI in organizations. Collaboration, shared vision, effective decision-making, risk and change management, and measuring success need to be top of mind. By working together, they can fully leverage the benefits of GenAI to drive innovation, improve efficiency, and stay competitive in the market.