Anyone familiar with the work of Luis Buel or John Waters knows that shocking images are nothing new to cinema. But anyone who has been on the internet for more than a day also realizes that art and curated choices have nothing on the world wide web. So how does the film American Sweatshop, in which Riverdale star Lili Reinhart plays a content moderator, portray a video so shocking that it leaves her character Daisy visibly shaken? By emphasizing the human aspect.Theres a shot of my characters eyes, with the image being burned into her brain and retinas, Reinhart says while visiting the Den of Geek studio at SXSW. Its more interesting to see a video thats traumatizing someone from a different point-of-view than just seeing it on a computer screen. Youre actually seeing how theyre processing it through their eyes.Written by Matthew Nemeth and directed by Uta Briesewitz, American Sweatshop follows social media moderator Daisy Moriarty, who at the fictional company of Paladin endures what might be the worst job on the planet: watching, reviewing, and debating whether flagged social media content that has offended someone should be deleted. And when she finds a video that seems to depict a real violent crime, the image becomes imprinted on her mind.Like many, Reinhart admits she didnt spend a lot of time considering the daily horrors an online content moderator would face: I was vaguely familiar with content moderation, but then I found out that actually a friend of mine does that as a part-time job. People walk away feeling fascinated that this job exists, that people sit at a desk and watch videos that youre not supposed to see, and the horrible effects it can have on their well-being and mental health. Its not a job that you have forever and I think a lot of people walk away from it due to the mental downside of watching disturbing videos all day long.That surreality of that human element also drove the creatives as they developed the film.A lot of the anecdotes in the film are based on real events, Briesewitz tells us during the conversation. Matthew Nemeth did research and used articles for the script, I did research and watched a documentary about content moderation called The Cleaners. However, she also was wary of letting these sources override her own voice as a filmmaker. I didnt want to take it much further than that because I felt like I knew what the world was. I wanted to stay focused on our story as well. It gets set in motion at this office, but then theres a whole other story to it where Daisy goes into the world and tries to do something.Reinhart had a bit easier job maintaining that balance because she grew up on the internet and didnt need to do much research to play someone disturbed by anonymous strangers posts.I grew up watching a lot of things that I shouldnt have just from being exposed to the internet, Reinhart admits. I was on Reddit way too young, saw things on there that a 13-year-old girl shouldnt see, or no one should see, to be honest. I think we all have that kind of a story and we all have a video or an image or something that weve seen that stuck with us, which is sad, but kind of the whole point of the film.For both filmmakers, the process of making the film was a reminder for how the innovation of hte internet has seemingly corresponded with folks feeling more isolated and detached from their world.Social media has given us permission to get away with not having human connection, Reinhart observes. You can go a whole day without talking to someone in-person because you have connection online. Not that online is a false sense of community, but its very different from having an actual community. Culture has shifted where you feel this false sense of closeness because youre friends with people on Facebook and Instagram, thinking you dont need to see them in-person anymore because we can just DM every now and then.Even though shes never been much of a social media user, director Briesewitzs experience of making American Sweatshop has changed even how she interacts with the internet.Join our mailing listGet the best of Den of Geek delivered right to your inbox!The movie reminded me that we cant really rely on anybody policing the internet in a right way, the helmer says. While art can use disturbing images to create a story or a point, the choices are are handled with discretion. Consider the aforementioned image of something being burned into Reinharts eyes in one scene. To Briesewitz it would have been easy for us to make our point by choosing the horrible videos that we are commenting on. I didnt want people to go and see the movie and think, I wish Id had a warning that I would watch a beheading, because now I cant unsee it. If we just hinted at the videos via title or just the sound, people will fill in their own horrors.Its the difference between suggesting trauma and inflicting it, which is a very thin line to rely on a small office of entry-level workers to navigate for us. That line has also become sharper and more defined in the minds eye of American Sweatshops star.Ive tried to just limit the exposure I have to socials in general, says Reinhart. I am trying to make sure what Im engaging with is positive content and not horrific. [And] the movie has encouraged me to want to connect with my real-world rather than try and rely on social to be connected with human beings. Id rather keep the in-person connection alive than foster or cater to an online relationship.American Sweatshop premiered at SXSW on March 8.

Read McKendreeBetween soaring prices, import fees, and long lead times, scoring the perfect brand-new chairs for your home isn't always a possibility. Shopping secondhand at antique and vintage shops for the ideal chair is great (and earth-friendly!) but if you don't have the eyeor imaginationfor a makeover, you may find yourself leaving frustrated and empty-handed. That would be a shame, because a chair with good bones but upholstery that doesn't thrill you could be an invitation to create just the right custom piece for your home. All it takes is a little vision to imagine the end result, then the know-how to make it happen. That's where we come in. We asked the experts to outline their favorite ways to makeover vintage chairs and turn them into the perfect pieces for your any space. (In the image above, note how these Erinn V. chairs set the tone for a San Francisco dining room designed by Palmer Weiss after the designer covered them in Schumacher (seat) and Fortuny (back) fabrics.)According to pros, the key to a great chair makeover is as much about the fabric and upholstery treatment you choose as it is about the bones of the chair. You want to choose a piece that has a reliable origin and sturdy frame, as well as an item that, for lack of a better phrase, speaks to you. "For me, every piece has potential, but there are a few key factors I always consider before committing to a makeover," says design creator Geneva Vanderzeil. "Things like the structural integrity of the piece, its shape and style, and how easy the existing materials will be to makeover all factor into the decision. At the end of the day, I love giving pieces a second chance, whether they have a personal history, a unique backstory, or simply deserve to be saved from a landfill."Ready for a '90s movie-montage-worthy makeover? Below, we're rounding up 11 inspiring chair reinventions, straight from the pros who know a thing or two about uncovering beauty. From faux painting techniques and quirky patchwork to mix-and-match patterns, these makeover ideas are sure to get your wheels turningall the way to the secondhand store.For More Furniture Makeover Inspiration:1Pair Complementary PrintsWendy ConklinChairs that have designated sections, like a framed back and plush seat, offer the perfect opportunity to incorporate several of your favorite prints at once. In this dining room, "the wallpaper set the stage for these chairs," says Wendy Conklin of Chair Whimsy. "I carefully selected fabrics with textures and patterns that would complement it beautifully; the embroidered floral fabric paired seamlessly with a green-and-white stripe, while the polka dot print and blue velvet on the end chairs added layers of visual interest. Even though I mixed three different chair styles, I created a cohesive look by painting all the frames in the same soft off-white."See the Entire Project2Add a Playful PopWendy ConklinMuch like a fun fabric lampshade or peek of wallpaper on the back of a shelving unit, upholstery projects can offer a little wink and nod that makes your entire design scheme feel thoughtful and nuanced. For these wood-framed chairs, "my client fell in love with the floral fabric but wanted an unexpected touch on the back," says Conklin. "I always love a good surprise element, so I curated a selection of coordinating fabrics for her to choose from. We landed on the yellow animal-print dot, which echoed the yellow tones in the floral fabric. To complete the look, I painted the frames a bold, bright gold, which gives the chairs a modern, luxurious twist."Advertisement - Continue Reading Below3Look for Unexpected "Fabric"Geneva VanderzeilThere's no end to how creative you can get when recovering a chair, even going so far as skipping the fabric aisle entirely in pursuit of your new print. Geneva Vanderzeil, a DIY expert, best-selling author, and founder of Collective Gen did just that when covering a chair with a rug, rather than upholstery fabric. "Id seen high-end furniture pieces that embraced woven elements and rich fabrics, and I wanted to see if I could create that same warmth and coziness with an upcycled approach," she explains. "I was drawn to the idea of incorporating texture in an unexpected way. And I also wanted to push the boundaries of traditional upholstery by using a rug, a material not usually associated with chairsgiving new life to something that might otherwise be discarded. " See the Entire Project4Up the ComfortGeneva VanderzeilRemaking a chair isn't just an opportunity to tweak the aesthetic to your preferences; you can also use it as a chance to boost the comfort, too. Case in point? This upgraded lounge chair, which Vanderzeil used as an opportunity to add some plushness. "This lounge chair was all about embracing the sculptural beauty of its shape," she says. "Even though the original chair was in rough condition, I saw the potential in its unique curved design. Rather than looking at what it was, I focused on what it could bea cozy piece with a fresh, modern aesthetic. The softness of the fabric, paired with the generous shape, makes it feel like a cloud. I wanted to create something that looked as inviting as it feels, and I think that really came through in the end result."See the Entire ProjectAdvertisement - Continue Reading Below5Fake a Fancy FinishDrew Michael ScottGenerally speaking, recovering or reimagining furniture is a pretty thrifty process compared to buying new, but it will still cost you a pretty penny both for the fabric and the skilled trade work. If you're looking to tackle a DIY from scratch, consider breaking out your paintbrushes instead of your needle and thread. "Theres a technique Ive been wanting to try for a while, which is using paint to turn the surface of a piece of furniture into a faux leather finish," said design creator and founder of Lone Fox, Drew Michael Scott, describing how he transformed this upholstered armchair. "I looked for a piece that already had super smooth fabric, then worked with varying shades of paint mixed with fabric softener to get that quintessential distressed leather look." See The Entire Project6Tie on a SlipcoverHouses and PartiesNervous about permanently altering family heirlooms? Forgo more invasive makeovers in favor of a slipcover that grants an instant upgrade to a well-loved piece, and can "dress up" your chairs for special occasions or any time you want. This three-piece collection from Houses and Parties is sized to perfectly fit a standard ballroom chair, with a seat cushion, ruffle apron, and back piece all made in a punchy, playful print. There are three different patterns available on site to choose from, or, if you're handy with a sewing machine, you might try whipping up a slipcover of any style yourself.Advertisement - Continue Reading Below7Piece Together PatchesThe Upholstery ProjectMost passionate DIYers and design fans have an assortment of fabric scraps around just waiting for their moment in the spotlight. Instead of trashing your remnants (or worse, full-sized samples), consider combining them together for an eclectic upholstery project. "The patchwork chair has elegant lines and timeless design, which provided the perfect canvas for reinvention," says Hepzabeth Evans of The Upholstery Studio. "The reupholstering process featured Christopher Farr Cloths latest luxury fabric, Dodoma, beautifully blended with an eclectic mix of discontinued fabric scraps. By combining these high-quality remnants, we transformed what might have been waste into a striking design statement, highlighting the art of reuse and sustainable craftsmanship." See The Entire Project8Decoupage-It-YourselfCamila PavoneNot every chair recovering project requires a trip to the upholsterer. For this cheeky piece, designer Camila Pavone relied on a craft aisle stapleMod Podge decoupage pasteto reinvigorate a timeless bentwood chair. "This was such a classic-looking chair that I felt like painting it wouldn't make a huge impact," says the designer behind Effortless Style Interiors. "I'm a 'more is more' sort of girl, and when I looked at my fabric stash I realized I could easily decoupage it by wrapping fabric strips around the frame."See The Entire ProjectAdvertisement - Continue Reading Below9Let the Chairs Lead the WayDustin HalleckSometimes, you can just tell what kind of makeover a chair is asking for, and its form will lead the way in dictating how exactly you recover it. For this collection of vintage dining chairs, that meant something bold and graphic. Designer Elizabeth Mollen of Stone Textile Studio turned to a nubby blue stripe to accent the unique angles seen on the polished black frames. "We fell in love with this set of Memphis-style dining chairs from 1st Dibs, but they needed a lot of help," she explains. "We refinished the frames in black and reupholstered the chairs with a heavy jewel toned stripe fabric as a fun way to give them new life." 10Choose an Era-Specific FabricTrevor Parker PhotographyYour recovering and reupholstery projects will always look their best when you marry a fabric option with the DNA of your piece. A perfect example? These MCM chairs that designer Samantha Stathis Lynch of Samantha Ware Designs revived for her own New Jersey loft. "I came across a pair of mid-century chairs on Instagram a few years back and instantly knew I had to have them," she says. "I drove all the way out to the tip of Long Island to the antique store Beal and Bell just to pick them up, and had them reupholstered in a beautiful tapestry-like Pierre Frey fabric. The combination of the modern silhouette alongside the traditional yet bold fabric achieved the sense of contrast that I'm always looking for." Advertisement - Continue Reading Below11Team Up Complimentary FabricsAlice MarnsIf you're looking to embrace a more eclectic, mix-and-match look, aim for an assortment of fabrics that have a distinct commonality, such as color. "This particular chair was for a customer who had collected various fabrics over the years and wanted a statement piece," says Alice Marns of Marns Makes. "What made it work so well was that all the fabrics came from the same supplier and sat within a cohesive color palette, which ensured the piece felt intentional rather than random. I used one fabric for all the piping and added orange accent buttons to balance the color across the chair. These small details helped tie everything together, creating a harmonious look despite the mix of patterns and textures."12Incorporate Another Crafting StyleSally WilsonAfter seeing this genius chair makeover, you'll never see a cane the same way again. Pro cross stitcher Sally Wilson treated the perforated back and seat of this chair like it was cross-stitch cloth, weaving in a granny-chic floral pattern that feels fresh and unexpected. "I had seen these chairs before, and after 10 years in the cross-stitch world, every item with a grid or holes screams 'Stitch me please!'" says Wilson. "Instead of cotton thread, I used wool that I chose from my local haberdashery store. I was inspired by vintage roses and thought that theme would work perfectly on this chair with the juxtaposition of the black, modern frame, which offsets the colors beautifully."

President Trump last month attacked the bipartisan CHIPS Act, seeking to dismantle it, and a new reports says that the White House now appears to have started work on doing so.A chipmakers industry association whose members include TSMC held a call in which they expressed concerns about the impact on their plans for new US plants Made in America Apple chipsApple first announced its planfor Made in America chips back in 2022, with the news hailed as one of the success stories of the US CHIPS Act. This is a government subsidy program intended to free the US from dependence on foreign countries for advanced chip supplies and to generate jobs for US workers.The initiative will see a series of TSMC chipmaking plants built in Arizona, with some of the production reserved for Apple chips for older devices. Mass production is expected to begin soon at the first of these plants.Trumps attacks on the CHIPS ActWe noted last month that Trump is unhappy with the deal, and has indicated that the White House might renege on it.Trump wants to tax imported semiconductors and dismantle an incentive scheme under which Washington agreed to subsidise TSMCs pledged $65bn investment in US production capacity with grants worth $6.6bn.While TSMC appeared to have reached an uneasy truce with the administration, announcing a $100M investment in return for continued support, this has now been thrown into doubt by a new speech by Trump.Chipmakers held a conference call to discussThe administration has already made layoffs in the team managing CHIPS Act grants, and The New York Times reports that chipmakers held a conference call to discuss Trumps latest remarks, in which he went off-script in a speech and called on Congress to reverse the Act.Republican lawmakers had sought and received reassurances over the past few months that the Trump administration would support the program Congress created. But halfway through Mr. Trumps remarks, he called the law a horrible, horrible thing.You should get rid of the CHIP Act, he told Speaker Mike Johnson []The day after Mr. Trumps speech, the Semiconductor Industry Association organized a call with member companies, said three people familiar with the discussion. During the call, people chalked up Mr. Trumps frustration with the law to personal animus with Mr. Biden []Chip company executives, worried that funding could be clawed back, are calling lawyers to ask what wiggle room the administration has to terminate signed contracts, said eight people familiar with the requests.SIA members include AMD, ARM, Intel, Nvidia, Qualcomm, and TSMC.If CHIPS Act funding is placed at risk, its unclear what impact this would have on TSMCs plans for future plants including the $100M investment recently announced.Stock meeting photo bycharlesdeluvioonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

If theres one piece of advice that bears repeating about AI chatbots its Dont use them to seek factual information they absolutely cannot be trusted to be right.A new study demonstrated the extent of the problem but did show that Apple made a good choice in partnering with OpenAIs ChatGPT for queries Siri cant answer There are two well-known problems with trying to use LLMs like ChatGPT, Gemini, and Grok as a substitute for web searches:They are very often wrongThey are very often very confident about their incorrect informationA study cited by the Columbia Journalism Review found that, even when you prompt a chatbot with an exact quote from a piece of journalism and ask for more details, most of them are wrong most of the time.The Tow Center for Digital Journalism carried out tests of eight AI chatbots which claim to carry out live web searches to get their facts:ChatGPTPerplexityPerplexity ProDeepSeekMicrosofts CopilotGrok-2Grok-3GeminiThe simple task given to the chatbotsThe study presented each of the systems with a quote from an article, and asked it to carry out a simple task: find that article online and provide a link to it, together with the headline, original publisher, and publication date.To ensure that this was an achievable task, the studys authors deliberately chose excerpts that could be easily found in Google, with the original source in the first three results.The chatbots were rated by whether they were completely correct, correct but with some of the requested information missing, partly incorrect, completely incorrect, or could not answer.They also noted how confidently the chatbots presented their results. For example, did they just present their answers as fact, or did they use qualifying phrases like it appears or include an admission that they couldnt find an exact match for the quote?The results were not goodFirst, most of the chatbots were partly or wholly incorrect most of the time!As an average, the AI systems were correct less than 40% of the time. The most accurate was Perplexity, at 63%, and the worst was Xs Grok-3, at just 6%.Other key findings were:Chatbots were generally bad at declining to answer questions they couldnt answer accurately, offering incorrect or speculative answers instead.Premium chatbots provided more confidently incorrect answers than their free counterparts.Multiple chatbots seemed to bypass Robot Exclusion Protocol preferences.Generative search tools fabricated links and cited syndicated and copied versions of articles.Content licensing deals with news sources provided no guarantee of accurate citation in chatbot responses.But Apple made a good choiceWhile Perplexitys performance was best, this appears to be because it cheats. Web publishers can use a robots.txt file on their sites to tell AI chatbots whether or not they should access the site. National Geographic is a publisher which tells them not to search its site, and yet the report says Perplexity correctly found all 10 quotes despite the fact that the articles were paywalled and the company had no licensing deal in place.Of the rest, ChatGPT delivered the best results or, more accurately, the least-worst ones.All the same, the study certainly demonstrates what we already knew: use chatbots for inspiration and ideas, but never to get answers to factual questions.Highlighted accessoriesImage: AppleAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV), the essential strategy that's still missing from most security frameworks.The Danger of False ConfidenceConventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the necessary compliance audits, you're "secure." But being in compliance isn't the same thing as actually being secure. In fact, these assumptions often create blind spots and a dangerous sense of false security. The uncomfortable truth is that CVE scores, EPSS probabilities, and compliance checklists only catalog theoretical issues, they don't actually confirm real resilience. Attackers don't care if you're proudly compliant; they care where your organization's cracks are, especially those cracks that often go unnoticed in day-to-day operations.In many ways, relying solely on standard controls or a once-a-year test is like standing on a sturdy-seeming pier without knowing if it can withstand that hurricane when it makes landfall. . And you know the storm is coming, you just don't know when, or if your defenses are strong enough. Adversarial Exposure Validation puts these assumptions under the microscope. Not content to t just list your potential weak points, AEV relentlessly pushes against those weak points until you see which ones matter, and which ones don't. At Picus, we know that true security demands validation over faith.The Problem with Traditional Exposure AssessmentsWhy aren't traditional measures up to the task of assessing actual cyber exposure? Here are three main reasons.Vulnerability scores only tell half the story. A critical CVSS 9.8 vulnerability might look terrifying on paper, but if it can't actually be exploited in your environment, should fixing it really be your top priority? Gartner's recent analysis highlights a startling reality: "In 2023, only 9.7% of all vulnerabilities disclosed were known to be exploited roughly 89% each year for the last decade." In contrast, a "moderate" severity flaw might be easily chained with another exploit, making it just as dangerous as that 9.8 in practice. The counter-intuitive truth is that not all high-score vulnerabilities translate to real risk, and some lower-score ones can be exceptionally damaging.Overwhelmed without clarity. Security teams continue to drown in a sea of CVEs, risk scores, and hypothetical attack paths. When everything is flagged as critical, how can your people possibly separate the signal from the noise? Again, it's important to remember that not all exposures carry the same weight, and treating every alert equally ends up being as bad as ignoring them altogether. Too often the real threats get lost in the deluge of irrelevant data. However, knowing which weaknesses adversaries can actually exploit changes everything; it lets you focus onand intelligently triagethe real risks hiding in the dark.The gap between theory and practice. Traditional scans and once-a-quarter penetration tests literally provide a snapshot in time. But snapshots age quickly, and poorly, in cybersecurity. A report from last quarter doesn't reflect what's happening right now. This gap between assessment and reality means organizations often discover their organization isn't actually secure only after a breach.Adversarial Exposure Validation: The Ultimate Cybersecurity Stress TestAdversarial Exposure Validation (AEV) is the logical evolution for security teams ready to move beyond assumptions and wishful thinking. AEV functions as a continuous "cybersecurity stress test" for your organization and its defenses. Gartner's 2024 Hype Cycle for Security Operations consolidated BAS and automated pentesting/red teaming into the single category of Adversarial Exposure Validation, underscoring that these previously siloed tools are more powerful together. Let's take a closer look: Breach and Attack Simulation (BAS): You can think of BAS as an automated, continuous sparring partner that safely emulates known cyber threats and attacker behaviors in your environment. BAS continuously tests how well your controls are detecting and preventing malicious actions, providing ongoing evidence of which attacks get caught and which ones slip through.Automated Penetration Testing: A methodical probe that doesn't just scan for vulnerabilities but actively attempts exploitation, step-by-step, just as an actual attacker would. These automated pentests (sometimes called continuous or autonomous pentesting) launch targeted attacks to find real weaknesses, chaining exploits and probing your systems' reactions.Crucially, AEV isn't just about technology it's a mindset shift as well. Leading CISOs are now advocating for an "assume breach" approach: by assuming the enemy will penetrate your initial defenses, you can then focus on validating your readiness for that eventuality. In practice, this means constantly emulating adversary tactics across your full kill-chainfrom initial access, to lateral movement, to data exfiltrationand ensuring your people and tools are detecting, and ideally stopping, each step. This is the goal: truly proactive defense.Gartner predicts that by 2028, continuous exposure validation will be accepted as an alternative to traditional pentest requirements in regulatory frameworks. Forward-thinking security leaders are already moving this way, why fortify that pier just once a year and hope for the best, when you can continually test and reinforce it to adapt to a rising tide of constantly evolving threats?From Noise to Precision: Focus on What MattersOne of the biggest challenges across industries for security teams is the inability to cut through the noise. This is why Adversarial Exposure Validation is so important: it refocuses your teams on what actually matters to your organization by:Eliminating guesswork by showing you which vulnerabilities can actually be exploited and how. Instead of sweating over dozens of scary CVSS 9+ vulns that attackers might exploit, you'll know which ones they can exploit in your environment, and in what sequence. This lets you prioritize defenses based on actual risk, not hypothetical severity.Streamlining remediation. Rather than an endless backlog of "critical" findings that never seems to shrink, AEV gives a clear, structured view of which exposures are truly exploitable in your environment, often in dangerous combinations that wouldn't be obvious from isolated scan results. This means teams can finally break out of reacting and proactively fix what really needs fixing, dramatically reducing risk, and saving time and effort.Instilling confidence (the good kind). When AEV testing fails to breach a particular control when an attack can't get past your endpoint protection or lateral movement is stopped cold you gain confidence that that defense is holding the line. You can then focus your attention elsewhere. In short, you and your teams will get credit for doing things right, not blamed for fixing the wrong things.This shift to validation-centric defense has a tangible payoff: Gartner projects that by 2026, organizations who prioritize investments based on continuous threat exposure management (including AEV) will suffer two-thirds fewer breaches. That's a massive reduction in risk, achieved by zeroing in on the right problems.Picus Security: A Leading Force in Adversarial Exposure Validation (AEV)At Picus, we've been at the forefront of security validation since 2013, pioneering Breach and Attack Simulation and now integrating it with automated penetration testing to help organizations really understand the effectiveness of their defenses. With the Picus Security Validation Platform, security teams get the clarity they need to act decisively. No more blind spots, no more assumptions, just real-world testing that ensures your controls are ready for today's and tomorrow's threats.Ready to move from cybersecurity illusion to reality? Learn more about how AEV can transform your security program by downloading our free "Introduction to Exposure Validation" eBook.Note: This article has been expertly written and contributed by Dr. Suleyman Ozarslan, co-founder of Picus and VP of Picus Labs, where we believe that true security is earned, not assumed.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Mar 11, 2025The Hacker NewsThreat Intelligence / Network SecurityInside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike.No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace.This is steganography, a cybercriminal's secret weapon for concealing malicious code inside harmless-looking files. By embedding data within images, attackers evade detection, relying on separate scripts or processes to extract and execute the hidden payload.Let's break down how this works, why it's so dangerous, and most importantly, how to stop it before it's too late.What is Steganography in Cybersecurity?Steganography is the practice of concealing data within another file or medium. Unlike encryption, which scrambles data to make it unreadable, steganography disguises malicious code inside harmless-looking images, videos, or audio files, making it nearly invisible to traditional security tools.In cyberattacks, adversaries embed payloads into image files, which are later extracted and executed on the victim's system.Why cybercriminals use steganography:Evasion of security tools: Hidden code inside images bypasses antivirus and firewalls.No suspicious files: Attackers don't need obvious executable files.Low detection rate: Traditional security scans rarely inspect images for malware.Stealthy payload delivery: Malware stays hidden until extracted and executed.Bypasses email filters: Malicious images don't trigger standard phishing detections.Versatile attack method: Can be used in phishing, malware delivery, and data exfiltration.How XWorm Uses Steganography to Evade DetectionLet's have a look at a malware campaign analyzed inside the ANY.RUN Interactive Sandbox that showcases exactly how steganography can be used in a multi-stage malware infection.View analysis session with XWorm Steganography campaign starting with a phishing PDFStep 1: The Attack Starts with a Phishing PDFWe see inside ANY.RUN's sandbox session that it all begins with a PDF attachment. The document includes a malicious link that tricks users into downloading a .REG file (Windows Registry file).Explore ANY.RUN's advanced features to uncover hidden threats, enhance threat detection, and proactively defend your business against sophisticated attacks.Try ANY.RUN nowAt first glance, this might not seem dangerous. But opening the file modifies the system registry, planting a hidden script that executes automatically when the computer restarts..REG file used to modify registy inside ANY.RUN sandboxStep 2: The Registry Script Adds a Hidden Startup ProcessOnce the .REG file is executed, it silently injects a script into the Windows Autorun registry key. This makes sure that the malware launches the next time the system reboots.At this stage, no actual malware has been downloaded yet, just a dormant script waiting for activation. This is what makes the attack so sneaky.Autorun value change in the registry detected by ANY.RUNStep 3: PowerShell Execution After a system reboot, the registry script triggers PowerShell, which downloads a VBS file from a remote server. Inside the ANY.RUN sandbox, this process is visible on the right side of the screen. Clicking on powershell.exe reveals the file name being downloaded.Powershell.exe downloading a VBS file inside a secure environmentAt this stage, there is no obvious malware, just a script fetching what appears to be a harmless file. However, the real threat is concealed within the next step, where steganography is used to hide the payload inside an image.Step 4: Steganography ActivationInstead of downloading an executable file, the VBS script retrieves an image file. But hidden inside that image is a malicious DLL payload.Image with malicious DLL payload detected by ANY.RUNUsing offset 000d3d80 inside ANY.RUN, we can pinpoint where the malicious DLL is embedded in the image file.Static analysis of the malicious imageUpon static analysis, the image appears legitimate, but when we inspect the HEX tab and scroll down, we find the <<BASE64_START>> flag.Directly after this flag, we see "TVq," the Base64-encoded MZ signature of an executable file. This confirms that steganography was used to conceal the XWorm payload inside the image, allowing it to bypass security detection until extracted and executed.Step 5: XWorm is Deployed Inside the SystemThe final step of the attack involves executing the extracted DLL, which injects XWorm into the AddInProcess32 system process.XWorm malware detected by ANY.RUN sandboxAt this point, the attacker gains remote access to the infected machine, allowing them to:Steal sensitive dataExecute commands remotelyDeploy additional malwareUse the infected system as a launching point for further attacksUncover Hidden Threats Before They StrikeSteganography-based attacks are a growing challenge for businesses, as traditional security tools often overlook hidden malware inside images and other media files. This allows cybercriminals to bypass detection, steal data, and infiltrate systems without triggering alarms.With tools like ANY.RUN's interactive sandbox, security teams can visually track every stage of an attack, uncover hidden payloads, and analyze suspicious files in real time:Save time with fast threat analysis: Get initial results in just 10 seconds and streamline your threat assessment process.Collaborate efficiently: Share results instantly and work together in real-time sessions to accelerate team tasks.Simplify investigations: Utilize ANY.RUN's intuitive interface and real-time flagging to reduce workload and enhance productivity.Gain actionable insights: Leverage extracted IOCs and MITRE ATT&CK mapping for effective triage, response, and threat hunting.Enhance response: Improve data transfer from SOC Tier 1 to SOC Tier 2 with comprehensive reports for more effective escalation.Proactively monitoring suspicious activity and testing potential threats in a controlled environment is key to strengthening your cybersecurity posture.Try ANY.RUN's advanced features and gain deeper visibility into threats, and make faster, data-driven decisions to protect your business.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Lisa Morgan, Freelance WriterMarch 11, 20258 Min Read Cagkan Sayin via Alamy StockAccording to Pitchbook News, 35.7% of venture capital investments in 2024 were made in AI and ML startups, which isnt surprising given Big Techs investment in the same space. Meanwhile, EY reported that in Q4 2024, AI startups represented 60% of investments. While AI will continue to be a major focus area, under the Trump administration, theres a more bullish attitude about crypto, so some VCs are adding those companies to their portfolios while others are investing in space tech and ESG.If you increasingly think about agents interacting with one another without necessarily humans in the loop, you need to have a payment layer that is as scalable as millions of agents. [This is] the biggest promise in what's happening on the crypto front, says Pascal Unger, managing partner of pre-seed VC firm focal.He also says software is moving from, or has moved from, a system of engagement to a system of intelligence. That system of intelligence enables AI-powered automation that is accelerating the pace of business.One of the ways that weve added to our diligence is trying to understand the current AI tech stack that founders are leveraging, what all theyve tried and how much people lean into constantly getting better and trying experimenting. Understanding why [founders] chose a certain tech stack says a lot about peoples willingness to lean into these things, which will eventually, at least we believe, translate into faster speed.Related:Execution speed is critical, so software abstraction enables founders and their teams to get to market faster with solutions.You move from incredibly in the weeds into a manager and orchestrator of different tools, and you spend a lot more time on oversight and thinking and structuring things so thats changed, says firms Unger. I won't be surprised if we get a useful warm up period for new products where it needs to get to know us, basically, and it gets better over the first three to six months. That will become a normal thing down the road. We [also] believe in the importance of nailing distribution. If you want to build a differentiator product from the start, you now need to nail the distribution even earlier.Pascal Unger, focalPascal Unger, focalThat approach results in faster early-stage growth, such as going from zero to more than $10 million in less than a year. Unger says that just three years ago, that sort of company performance would have been an outlier.Hemant Mohapatra, partner at Lightspeed Venture Partners, expects 2025 to be a lot like 2024, but the target segments will shift. As AI foundational layers stabilize and the winners become more apparent, the next phase will focus more on middleware and application startups.Related:At Lightspeed we have been very active globally across the AI stack -- foundation models, data, middleware, both horizontal and vertical apps, as well as AI enabled services, says Mohapatra. Our investment strategy remains the same: Find the most compelling founders with clear right to win in their categories and find and back them no matter which part of the world they come from.Mohapatra sees a lot of potential in AI and gaming in terms of creating immersive worlds dynamically, non-player characterswith advanced conversational capabilities and personalized gameplay.We are also very early in LLMs controlling various software tools to get complex jobs done and we will see a few mind-boggling demos here in 2025, says Mohapatra. I also expect consolidation across the middleware layer -- LLMs or scaled out AI companies looking to vertically integrate across data, tool orchestration or memory infrastructure.Daniel Kang, CEO and co-founder of Y-Combinator backed startup Flowbo and former VC at SoftBank Vision Fund expects the proportion of VC investments in AI to likely increase over time for a few reasonsRelated:Most of the AI discussion is not just about the technology, but its position as a platform. Foundational model companies like Anthropic and OpenAI have made it easy for anyone to use their technology to build on top of it, says Kang. Its akin to Apple creating a mobile platform powered through the iOS for others to build apps, shifting the platform from desktop to mobile. Thats why many wrapper companies will continue to emerge.Meanwhile, models are improving by the day, which is creating more opportunities for startups. However, the complexities will likely require greater precision, which is probably why many middle layers already exist between the foundational models and applications.On top of that, intense competition among model providers like OpenAI and Anthropic is creating a downward pricing pressure to provide compute at cost, says Kang. APIs costs have already been revised several times to be cheaper, while their app products, ChatGPT and Claude, have remained the same.He expects general purpose application as wrappers to lose their edge as models improve and companies require more specialized solutions for specific tasks or functions. That probably will mean verticalization and the middle layers adapting general models for specific requirements.For apps specifically, the primary differentiation will likely be around distribution and brand more than technology, as the models improve and costs fall, says Kang. Foundational models and middle layers will probably continue to differentiate through tech. While the timing is unclear, the rise of middle layers seems imminent.Where Else Money Is FlowingViktor Shpakovsky, general partner at the Beyond Earth Technologies VC firm thinks space tech is a smarter bet than AI or crypto.AI and crypto have dominated headlines, but both sectors are showing signs of overinflation and speculative hype. Meanwhile, space tech is emerging as the most promising industrial growth sector, driven by government backing, geopolitical competition and technological breakthroughs, says Shpakovsky. With Trump [in] office, defense and space budgets are set to increase dramatically. Elon Musk and SpaceX continue to push commercial space forward at an unprecedented pace. At the same time, the US-China space race is accelerating, forcing the US government to invest aggressively in private space companies. These factors make 2025 the defining moment to bet on space tech over speculative software trends.He further reasons that AI and crypto are overcrowded and over-valued. While AI has become VCs latest gold rush, he says inflated values and copycat startups are challenges. Moreover, every startup claims that they have AI, but few have defensible technology or clear revenue models.As for crypto, he says the boom-and-bust cycle is predictable, because the crypto industry follows a well-known pattern: hype-driven speculation, price surges, regulatory crackdowns, and mass failures.Both AI and crypto sectors are flooded with startups, leading to undifferentiated competition and thinning margins, says Shpakovsky. Meanwhile, space tech remains an underinvested frontier with clear industrial demand. Unlike AI and crypto, space tech is a government-backed industrial growth sector. This isnt just about launching rockets -- its about building trillion-dollar infrastructure for the next era of human civilization.Viktor Shpakovsky, Beyond Earth TechnologiesViktor Shpakovsky, Beyond Earth TechnologiesInstead of chasing the next overhyped AI startup, Beyond Earth Technologies focuses on industries where AI is just a tool, not the entire business model. Its portfolio is built around lunar infrastructure, space robotics, next-gen energy and propulsion, in-space manufacturing, satellite intelligence, and space situational awareness.Benson Chang managing partner at Epipelagic Ventures expects a shift in 2025 -- not away from AI -- but toward infrastructure, cybersecurity and pragmatic applications with clear revenue models.Crypto may regain traction, particularly where blockchain solves real inefficiencies, says Chang. Weve refined our investment playbook to prioritize capital efficiency, durable moats and execution over hype. We need more than cutting-edge tech -- we must show defensibility, go-to-market traction and strategic innovation. The bar for funding is higher, and investors are backing leaner, more resilient teams.Anton Chashchin, founder and CEO at private fintech group N7 Capital, expects AI to remain a dominant investment theme attracting major inflow, but he warns that VCs should not overlook macroeconomic factors including persistent inflation and high interest rates.The global economic forecast is not as positive as we would like it to be. A predicted slowdown in global economic growth will make VCs more selective, prioritizing more sustainable startups with clear paths to profitability and not just AI use, says Chashchin.He also expects a greater focus on crypto because the Trump Administration strongly emphasizes it, which has fueled market growth and optimism.Considering that the total crypto market cap is projected to exceed $4 trillion, digital assets are no longer a speculative thing but an asset class attracting capital, says Chashchin. The institutionalization of the sector is also accelerating, meaning VCs should not ignore this opportunity.He also sees greater investments in renewables and ESG.As alternative types of energy become cheaper and more competitive, more companies operating in this field will receive funding from VCs, says Chashchin. The ongoing surge in ESG investment, projected to reach $50 trillion in assets under management this year, also highlights the growing demand for climate-focused solutions. With governments worldwide prioritizing clean energy, venture capital is shifting towards startups that are developing clean energy technologies or building infrastructure for their construction.Bottom LineAI investments are expected to remain high in 2025, with greater emphasis on the middle and application layers. Meanwhile, VC firms are making other investments, such as in crypto, space tech, renewable energy, and ESG.Read more about:Technology StartupsAbout the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

As I was writing this article, it was perhaps not so coincidental that I took a break and made a phone call to a home appliance customer support line for a microwave that we owned.I soon found myself trapped in an automated agentic AI phone system with no way out and no way to reach a human agent. I finally gave up, and called a local appliance company, where a human salesman gave me the answer that I needed.The experience is common. There are millions of consumers who experience frustration with automated phone systems and chat services that have no way of routing them to the person (or function) that can help them resolve their issues.Companies know this, but its not stopping them from adopting agentic AI at breakneck speeds, as evidenced by a projected market growth for agentic AI of 43.8% CAGR (compound annual growth rate) between now and 2034. Its all the more reason for CIOs to get involved early with agentic AI to make sure that it works for people as well as for systems.Just What Is Agentic AI and How Does it Work?In a 2024 interview with the Harvard Business Review, Enver Cetin, an AI expert at global experience engineering firm Ciklum, said, [Agentic AI] refers to AI systems and models that can act autonomously to achieve goals without the need for constant human guidance. The agentic AI system understands what the goal or vision of the user is and the context to the problem they are trying to solve.Related:Agentic AI uses a combination of machine learning (ML), natural language processing (NLP) and automation to do this. Its mission to make decisions and act on them.Companies can design agentic AI systems that require a final human authorization for some decisions, or they can make the agentic AI completely autonomous, so it makes decisions on its own.Most agentic AI adoptions are being sponsored and funded by end-user departments, which suggests that IT may or may not be in on the initial evaluations and buy decisions.Gartner cites an early example of how agentic AI can be deployed in retail.AI-enabled machine customers -- or nonhuman economic actors that obtain goods and services in exchange for payment --are examples of increasingly common intelligent agents. In the near future, they will make optimized decisions on behalf of human customers based on preset rules and will quickly evolve toward greater autonomy and inferring of needs.So, knowing that agentic AI is coming, and that IT might also be the last to know about an agentic AI buy decision, what should CIOs be doing?Related:Key CIO Points for Agentic AIWork up ITs agentic AI strategy now. Agentic AI has enormous potential. It can automate rote business operations and decision making, and IT needs to strategize for it.In a sense, agentic AI and what it can do has already been known in previous incarnations, such as automated loan decisioning software that has existed and functioned capably in bank lending departments for decades. However, now the needle is moving toward more autonomy. Business users will decide where they want to use agentic AI, but it will be ITs responsibility to ask the questions about system and process integration, governance and security that will enable agentic AI to be used safely and to best advantage.In this environment, an immediate CIO goal should be to participate with users in agentic AI strategy discussions so that best use business cases can be identified. Then, there should be a collaborative strategy with users and IT that takes into account not only business process streamlining and automation, but process exception handling, process and system integration. Plus, they should address user and IT training, security and governance. Although agentic AI will be driven by users, this is no time for IT to take a back seat.Related:Discuss security and failover. Your sales department might fund and adopt agentic AI to autonomously execute the mechanisms of product ordering, but what happens if a bad actor penetrates the agentic AI and locks it down for ransom or, what if that bad actor invades agentic AI software and injects malware or faulty algorithms that compromise and endanger the function?The sales team will quickly pivot to IT to fix these issues, so CIOs should be proactively querying sales and agentic AI vendors about the types of security that come with the agentic AI. There should be a company review of the AI to ensure that it complies with corporate security and governance standards. Questions should also be asked as to whether there is a failover to a human agent if the agentic AI fails or sputters. There should be a defined failover procedure in the company disaster recovery plan that provides for human ability to override or take over from agentic AI if that becomes necessary.Be prepared for project inclusion, whether you want it or not! IT may not be involved in initial agentic AI purchase decisions, but it will surely be pulled into agentic AI projects, because the AI wont get very far if it isnt integrated with other corporate systems.Accordingly, IT should ensure that user-IT agentic AI project discussions focus on system integration, and on the clear definition of a project test bed for agentic AI integration into business processes themselves.A successful business process integration addresses user training and readiness for a new technology, and what will happen if the agentic AI fails or begins to make poor decisions.CIOs shouldnt shy away from insisting that these process-oriented elements are tasked in agentic AI projects, because if anything goes wrong after the technology is placed into production, it will likely be blamed on the system.

The stadium will be flanked by three 200m-tall towers and covered with an umbrella-like nettingManchester United FC has unveiled plans to replace Old Trafford with the UKs largest stadium and confirmed Foster & Partners as the 2bn schemes lead architect.The club has published the first images of the much-anticipated scheme this morning, showing a 100,000-seat stadium surrounded by three 200m-tall spires and sitting at the centre of a sprawling mixed-use development.It comes after a lengthy consultation period during which the club has been weighing up whether to refurbish the existing 115-year-old Old Trafford ground or build an entirely new one.The announcement confirms the club has chosen the latter option, with the clubs co-owner Jim Ratcliffe promising the scheme would create the worlds greatest football stadium.Our current stadium has served us brilliantly for the past 115 years but it has fallen behind the best arenas in world sport, he said.By building next to the existing site, we will be able to preserve the essence of Old Trafford, while creating a truly state-of-the-art stadium that transforms the fan experience, only footsteps from our historic home.Designs by Foster & Partners, which has also masterplanned the district around the stadium, show the stadium building topped by an umbrella-like netting and facing a public square which would by double the size of Trafalgar Square.The three spires, known as the trident, will be visible from more than 25 miles away, according to the firm.The building will be visible from 25 miles away, according to Foster & PartnersPractice founder Norman Foster said: This has to be one of the most exciting projects in the world today, with incredible regional and national significance. It all starts with the fans experience, bringing them closer than ever to the pitch and acoustically cultivating a huge roar.He said the site would be the beating heart of a new sustainable district, expected to contain around 15,000 homes, which would be a mixed-use miniature city of the future driving a new wave of growth and creating a global destination that Mancunians can be proud of.>> See also:As Manchester Uniteds new investor looks at Old Trafford rebuild, questions begin over who would do it>> See also:To refurb or rebuild: what next for Old Trafford?Former Manchester United manager Alex Ferguson added: Manchester United should always strive for the best in everything it does, on and off the pitch, and that includes the stadium we play in.Jim Ratcliffe said the building would be the greatest football stadium in the worldOld Trafford holds so many special memories for me personally, but we must be brave and seize this opportunity to build a new home, fit for the future, where new history can be made.Feasibility work for the scheme was completed in January by the Old Trafford Regeneration Taskforce, a group consisting of Ratcliffe, Gary Neville, Manchester mayor Andy Burnham and chaired by Sebastian Coe.The seating layout aims to get spectators as close as possible to the pitchCoe said the new stadium would be the biggest and most exciting urban regeneration project in the UK since the 2012 London Olympic Games, for which he had played a leading role as chair of its organising committee.Burnham added: If we get this right, the regeneration impact could be bigger and better than London 2012. Manchester United could, and indeed should, have the best football stadium in the world.To me, that means a stadium that is true to the traditions of the club, affordable to all, with nobody priced out, and a stadium that sets new standards in the game globally. I believe this vision can be realised, and if so, the benefits for Greater Manchester, the north west and the country will be huge.Jim Ratcliffe said the building would be the greatest football stadium in the worldCriticism of the existing Old Trafford, which has not seen any new development since 2006, has grown in recent years despite the buildings heritage and symbolic value for the club.One source told Building three years ago, when plans were first mooted about rebuilding the stadium: I worked on Old Trafford, it is a cheap nasty series of buildings. It looked cheap then and looks embarrassing now.The architecture is horrific. There is nothing that can be done to refurbish this stadium in my view, it is a complete rebuild job.Not on this site, it is too close to the railway. Build it close by.

Hartwell Plc has revealed plans for a 100 million mixed-use regeneration scheme in Digbeth, Birmingham. The Phoenix Yard proposals seek to transform a 2.8-acre brownfield site into a development incorporating commercial and retail space, as well as 240 new homesSource: HartwellThe proposed Phoenix Yard, designed by AHMMAutomotive and property development company Hartwell Plc has launched a public consultation on AHMMs plans for Phoenix Yard, a scheme intended to provide 260,000 sq ft of media, retail, commercial and educational space, as well as 240 homes.The development is proposed for a site bordered by Coventry Street, Oxford Street, Meriden Street, and Digbeth High Street, adjacent to the forthcoming Midland Metro extension and within walking distance of HS2s Curzon Street Station.The scheme forms part of wider regeneration plans in Digbeth, where major projects include the BBCs forthcoming headquarters at Typhoo Wharf and the 1.9 billion Smithfield Market masterplan.Joanne Churchill, group property manager at Hartwell Plc, said: Through unlocking the potential of this site, our plans promise to positively contribute to the areas ongoing transformation into a thriving and vibrant part of Birmingham, delivering an exciting range of new opportunities and living space for the future.The proposed Phoenix Yard, designed by AHMMSource: HartwellThe proposed Phoenix Yard, designed by AHMMSource: Hartwell1/2show captionThe consultation closes on31 March and will be followed bya hybrid planning application to Birmingham City Council.The scheme aims to achieve BREEAM Excellent certification, WELL certification, and a minimum 10% biodiversity net gain.The project team includes Ridge, Cundall, Hoare Lea, Macfarlane + Associates, and Newmark.