Edward “Big Balls” Coristine’s placement at the SSA comes after a White House official told WIRED on Tuesday that the 19-year-old had resigned from his position in government.

## Introduction La scène politique aux États-Unis est souvent marquée par des symboles puissants qui évoquent des émotions intenses et des croyances profondes. Récemment, le drapeau "Appel au Ciel", un emblème prisé par les nationalistes chrétiens, a été hissé au-dessus du siège de la Small Business Administration (SBA) à Washington, D.C. Cet événement a suscité de vives réactions au sein de...

Take the Speakers, Headphones, and Earphones SurveyTake other PCMag surveys. Each completed survey is a chance to win a $250 Amazon gift card. OFFICIAL SWEEPSTAKES RULESNO PURCHASE NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING. VOID WHERE PROHIBITED. Readers' Choice Sweepstakes (the "Sweepstakes") is governed by these official rules (the "Sweepstakes Rules"). The Sweepstakes begins on May 9, 2025, at 12:00 AM ET and ends on July 27, 2025, at 11:59 PM ET (the "Sweepstakes Period").SPONSOR: Ziff Davis, LLC, with an address of 360 Park Ave South, Floor 17, New York, NY 10010 (the "Sponsor").ELIGIBILITY: This Sweepstakes is open to individuals who are eighteen (18) years of age or older at the time of entry who are legal residents of the fifty (50) United States of America or the District of Columbia. By entering the Sweepstakes as described in these Sweepstakes Rules, entrants represent and warrant that they are complying with these Sweepstakes Rules (including, without limitation, all eligibility requirements), and that they agree to abide by and be bound by all the rules and terms and conditions stated herein and all decisions of Sponsor, which shall be final and binding.All previous winners of any sweepstakes sponsored by Sponsor during the nine (9) month period prior to the Selection Date are not eligible to enter. Any individuals (including, but not limited to, employees, consultants, independent contractors and interns) who have, within the past six (6) months, held employment with or performed services for Sponsor or any organizations affiliated with the sponsorship, fulfillment, administration, prize support, advertisement or promotion of the Sweepstakes ("Employees") are not eligible to enter or win. Immediate Family Members and Household Members are also not eligible to enter or win. "Immediate Family Members" means parents, step-parents, legal guardians, children, step-children, siblings, step-siblings, or spouses of an Employee. "Household Members" means those individuals who share the same residence with an Employee at least three (3) months a year.HOW TO ENTER: There are two methods to enter the Sweepstakes: (1) fill out the online survey, or (2) enter by mail.1. Survey Entry: To enter the Sweepstakes through the online survey, go to the survey page and complete the current survey during the Sweepstakes Period.2. Mail Entry: To enter the Sweepstakes by mail, on a 3" x 5" card, print your first and last name, street address, city, state, zip code, phone number, and email address. Mail your completed entry to:Readers' Choice Sweepstakes - Audio 2025c/o E. Griffith 624 Elm St. Ext.Ithaca, NY 14850-8786Mail Entries must be postmarked by July 28, 2025, and received by Aug. 4, 2025.Only one (1) entry per person is permitted, regardless of the entry method used. Subsequent attempts made by the same individual to submit multiple entries may result in the disqualification of the entrant.Only contributions submitted during the Sweepstakes Period will be eligible for entry into the Sweepstakes. No other methods of entry will be accepted. All entries become the property of Sponsor and will not be returned. Entries are limited to individuals only; commercial enterprises and business entities are not eligible. Use of a false account will disqualify an entry. Sponsor is not responsible for entries not received due to difficulty accessing the internet, service outage or delays, computer difficulties, and other technological problems.Entries are subject to any applicable restrictions or eligibility requirements listed herein. Entries will be deemed to have been made by the authorized account holder of the email or telephone phone number submitted at the time of entry and qualification. Multiple participants are not permitted to share the same email address. Should multiple users of the same e-mail account or mobile phone number, as applicable, enter the Sweepstakes and a dispute thereafter arises regarding the identity of the entrant, the Authorized Account Holder of said e-mail account or mobile phone account at the time of entry will be considered the entrant. "Authorized Account Holder" is defined as the natural person who is assigned an e-mail address or mobile phone number by an Internet access provider, online service provider, telephone service provider or other organization that is responsible for assigned e-mail addresses, phone numbers or the domain associated with the submitted e-mail address. Proof of submission of an entry shall not be deemed proof of receipt by the website administrator for online entries. When applicable, the website administrator's computer will be deemed the official time-keeping device for the Sweepstakes promotion. Entries will be disqualified if found to be incomplete and/or if Sponsor determines, in its sole discretion, that multiple entries were submitted by the same entrant in violation of the Sweepstakes Rules.Entries that are late, lost, stolen, mutilated, tampered with, illegible, incomplete, mechanically reproduced, inaccurate, postage-due, forged, irregular in any way or otherwise not in compliance with these Official Rules will be disqualified. All entries become the property of the Sponsor and will not be acknowledged or returned.WINNER SELECTION AND NOTIFICATION: Sponsor shall select the prize winner(s) (collectively, the "Winner") on or about Aug. 11, 2025, ("Selection Date") by random drawing or from among all eligible entries. The Winner will be notified via email to the contact information provided in the entry. Notification of the Winner shall be deemed to have occurred immediately upon sending of the notification by Sponsor. Selected winner(s) will be required to respond (as directed) to the notification within seven (7) days of attempted notification. The only entries that will be considered eligible entries are entries received by Sponsor within the Sweepstakes Period. The odds of winning depend on the number of eligible entries received. The Sponsor reserves the right, in its sole discretion, to choose an alternative winner in the event that a possible winner has been disqualified or is deemed ineligible for any reason.Recommended by Our EditorsPRIZE: One (1) winner will receive the following prize (collectively, the "Prize"):One (1) $250 Amazon.com gift code via email, valued at approximately two hundred fifty dollars ($250).No more than the stated number of prize(s) will be awarded, and all prize(s) listed above will be awarded. Actual retail value of the Prize may vary due to market conditions. The difference in value of the Prize as stated above and value at time of notification of the Winner, if any, will not be awarded. No cash or prize substitution is permitted, except at the discretion of Sponsor. The Prize is non-transferable. If the Prize cannot be awarded due to circumstances beyond the control of Sponsor, a substitute Prize of equal or greater retail value will be awarded; provided, however, that if a Prize is awarded but remains unclaimed or is forfeited by the Winner, the Prize may not be re-awarded, in Sponsor's sole discretion. In the event that more than the stated number of prize(s) becomes available for any reason, Sponsor reserves the right to award only the stated number of prize(s) by a random drawing among all legitimate, un-awarded, eligible prize claims.ACCEPTANCE AND DELIVERY OF THE PRIZE: The Winner will be required to verify his or her address and may be required to execute the following document(s) before a notary public and return them within seven (7) days (or a shorter time if required by exigencies) of receipt of such documents: an affidavit of eligibility, a liability release, and (where imposing such condition is legal) a publicity release covering eligibility, liability, advertising, publicity and media appearance issues (collectively, the "Prize Claim Documents"). If an entrant is unable to verify the information submitted with their entry, the entrant will automatically be disqualified and their prize, if any, will be forfeited. The Prize will not be awarded until all such properly executed and notarized Prize Claim Documents are returned to Sponsor. Prize(s) won by an eligible entrant who is a minor in his or her state of residence will be awarded to minor's parent or legal guardian, who must sign and return all required Prize Claim Documents. In the event the Prize Claim Documents are not returned within the specified period, an alternate Winner may be selected by Sponsor for such Prize. The Prize will be shipped to the Winner within 7 days of Sponsor's receipt of a signed Affidavit and Release from the Winner. The Winner is responsible for all taxes and fees related to the Prize received, if any.OTHER RULES: This sweepstakes is subject to all applicable laws and is void where prohibited. All submissions by entrants in connection with the sweepstakes become the sole property of the sponsor and will not be acknowledged or returned. Winner assumes all liability for any injuries or damage caused or claimed to be caused by participation in this sweepstakes or by the use or misuse of any prize.By entering the sweepstakes, each winner grants the SPONSOR permission to use his or her name, city, state/province, e-mail address and, to the extent submitted as part of the sweepstakes entry, his or her photograph, voice, and/or likeness for advertising, publicity or other purposes OR ON A WINNER'S LIST, IF APPLICABLE, IN ANY and all MEDIA WHETHER NOW KNOWN OR HEREINAFTER DEVELOPED, worldwide, without additional consent OR compensation, except where prohibited by law. By submitting an entry, entrants also grant the Sponsor a perpetual, fully-paid, irrevocable, non-exclusive license to reproduce, prepare derivative works of, distribute, display, exhibit, transmit, broadcast, televise, digitize, perform and otherwise use and permit others to use, and throughout the world, their entry materials in any manner, form, or format now known or hereinafter created, including on the internet, and for any purpose, including, but not limited to, advertising or promotion of the Sweepstakes, the Sponsor and/or its products and services, without further consent from or compensation to the entrant. By entering the Sweepstakes, entrants consent to receive notification of future promotions, advertisements or solicitations by or from Sponsor and/or Sponsor's parent companies, affiliates, subsidiaries, and business partners, via email or other means of communication.If, in the Sponsor's opinion, there is any suspected or actual evidence of fraud, electronic or non-electronic tampering or unauthorized intervention with any portion of this Sweepstakes, or if fraud or technical difficulties of any sort (e.g., computer viruses, bugs) compromise the integrity of the Sweepstakes, the Sponsor reserves the right to void suspect entries and/or terminate the Sweepstakes and award the Prize in its sole discretion. Any attempt to deliberately damage the Sponsor's website(s) or undermine the legitimate operation of the Sweepstakes may be in violation of U.S. criminal and civil laws and will result in disqualification from participation in the Sweepstakes. Should such an attempt be made, the Sponsor reserves the right to seek remedies and damages (including attorney's fees) to the fullest extent of the law, including pursuing criminal prosecution.DISCLAIMER: EXCLUDING ONLY APPLICABLE MANUFACTURERS' WARRANTIES, THE PRIZE IS PROVIDED TO THE WINNER ON AN "AS IS" BASIS, WITHOUT FURTHER WARRANTY OF ANY KIND. SPONSOR HEREBY DISCLAIMS ALL FURTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE PRIZE.LIMITATION OF LIABILITY: BY ENTERING THE SWEEPSTAKES, ENTRANTS, ON BEHALF OF THEMSELVES AND THEIR HEIRS, EXECUTORS, ASSIGNS AND REPRESENTATIVES, RELEASE AND HOLD THE SPONSOR its PARENT COMPANIES, SUBSIDIARIES, AFFILIATED COMPANIES, UNITS AND DIVISIONS, AND THE CURRENT AND FORMER OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS, SUCCESSORS AND ASSIGNS OF EACH OF THE FOREGOING, AND ALL THOSE ACTING UNDER THE AUTHORITY OF THE FOREGOING, OR ANY OF THEM (INCLUDING, BUT NOT LIMITED TO, ADVERTISING AND PROMOTIONAL AGENCIES AND PRIZE SUPPLIERS) (EACH A "RELEASED PARTY"), HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, ACTIONS, INJURY, LOSS, DAMAGES, LIABILITIES AND OBLIGATIONS OF ANY KIND WHATSOEVER (COLLECTIVELY, THE "CLAIMS") WHETHER KNOWN OR UNKNOWN, SUSPECTED OR UNSUSPECTED, WHICH ENTRANT EVER HAD, NOW HAVE, OR HEREAFTER CAN, SHALL OR MAY HAVE, AGAINST THE RELEASED PARTIES (OR ANY OF THEM), INCLUDING, BUT NOT LIMITED TO, CLAIMS ARISING FROM OR RELATED TO THE SWEEPSTAKES OR ENTRANT'S PARTICIPATION IN THE SWEEPSTAKES (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR LIBEL, DEFAMATION, INVASION OF PRIVACY, VIOLATION OF THE RIGHT OF PUBLICITY, COMMERCIAL APPROPRIATION OF NAME AND LIKENESS, INFRINGEMENT OF COPYRIGHT OR VIOLATION OF ANY OTHER PERSONAL OR PROPRIETARY RIGHT), AND THE RECEIPT, OWNERSHIP, USE, MISUSE, TRANSFER, SALE OR OTHER DISPOSITION OF THE PRIZE (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR PERSONAL INJURY, DEATH, AND/OR PROPERTY DAMAGE). All matters relating to the interpretation and application of these Sweepstakes Rules shall be decided by Sponsor in its sole discretion.DISPUTES: If, for any reason (including infection by computer virus, bugs, tampering, unauthorized intervention, fraud, technical failures, or any other causes beyond the control of the Sponsor which corrupt or affect the administration, security, fairness, integrity, or proper conduct of this Sweepstakes), the Sweepstakes is not capable of being conducted as described in these Sweepstakes Rules, Sponsor shall have the right, in its sole discretion, to disqualify any individual who tampers with the entry process, and/or to cancel, terminate, modify or suspend the Sweepstakes. The Sponsor assumes no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, entries. The Sponsor is not responsible for any problems or technical malfunction of any telephone network or lines, computer online systems, servers, providers, computer equipment, software, or failure of any e-mail or entry to be received by Sponsor on account of technical problems or traffic congestion on the Internet or at any website, or any combination thereof, including, without limitation, any injury or damage to any entrant's or any other person's computer related to or resulting from participating or downloading any materials in this Sweepstakes. Because of the unique nature and scope of the Sweepstakes, Sponsor reserves the right, in addition to those other rights reserved herein, to modify any date(s) or deadline(s) set forth in these Sweepstakes Rules or otherwise governing the Sweepstakes, and any such changes will be posted here in the Sweepstakes Rules. Any attempt by any person to deliberately undermine the legitimate operation of the Sweepstakes may be a violation of criminal and civil law, and, should such an attempt be made, Sponsor reserves the right to seek damages to the fullest extent permitted by law. Sponsor's failure to enforce any term of these Sweepstakes Rules shall not constitute a waiver of any provision.As a condition of participating in the Sweepstakes, entrant agrees that any and all disputes that cannot be resolved between entrant and Sponsor, and causes of action arising out of or connected with the Sweepstakes or these Sweepstakes Rules, shall be resolved individually, without resort to any form of class action, exclusively before a court of competent jurisdiction located in New York, New York, and entrant irrevocably consents to the jurisdiction of the federal and state courts located in New York, New York with respect to any such dispute, cause of action, or other matter. All disputes will be governed and controlled by the laws of the State of New York (without regard for its conflicts-of-laws principles). Further, in any such dispute, under no circumstances will entrant be permitted to obtain awards for, and hereby irrevocably waives all rights to claim, punitive, incidental, or consequential damages, or any other damages, including attorneys' fees, other than entrant's actual out-of-pocket expenses (i.e., costs incurred directly in connection with entrant's participation in the Sweepstakes), and entrant further irrevocably waives all rights to have damages multiplied or increased, if any. EACH PARTY EXPRESSLY WAIVES ANY RIGHT TO A TRIAL BY JURY. All federal, state, and local laws and regulations apply.PRIVACY: Information collected from entrants in connection with the Sweepstakes is subject to Sponsor's privacy policy, which may be found here.SOCIAL MEDIA PROMOTION: Although the Sweepstakes may be featured on Twitter, Facebook, and/or other social media platforms, the Sweepstakes is in no way sponsored, endorsed, administered by, or in association with Twitter, Facebook, and/or such other social media platforms and you agree that Twitter, Facebook, and all other social media platforms are not liable in any way for any claims, damages or losses associated with the Sweepstakes.WINNER(S) LIST: For a list of name(s) of prizewinner(s), after the Selection Date, please send a stamped, self-addressed No. 10/standard business envelope to Ziff Davis, LLC, Attn: Legal Department, 360 Park Ave South, Floor 17, New York, NY 10010 (VT residents may omit return postage).BY ENTERING, YOU AGREE THAT YOU HAVE READ AND AGREE TO ALL OF THESE SWEEPSTAKES RULES.

Key Takeaways Meta and Yandex have been found guilty of secretly listening to localhost ports and using them to transfer sensitive data from Android devices. The corporations use Meta Pixel and Yandex Metrica scripts to transfer cookies from browsers to local apps. Using incognito mode or a VPN can’t fully protect users against it. A Meta spokesperson has called this a ‘miscommunication,’ which seems to be an attempt to underplay the situation. Denmark’s Ministry of Digitalization has recently announced that it will leave the Microsoft ecosystem in favor of Linux and other open-source software. Minister Caroline Stage Olsen revealed this in an interview with Politiken, the country’s leading newspaper. According to Olsen, the Ministry plans to switch half of its employees to Linux and LibreOffice by summer, and the rest by fall. The announcement comes after Denmark’s largest cities – Copenhagen and Aarhus – made similar moves earlier this month. Why the Danish Ministry of Digitalization Switched to Open-Source Software The three main reasons Denmark is moving away from Microsoft are costs, politics, and security. In the case of Aarhus, the city was able to slash its annual costs from 800K kroner to just 225K by replacing Microsoft with a German service provider.  The same is a pain point for Copenhagen, which saw its costs on Microsoft balloon from 313M kroner in 2018 to 538M kroner in 2023. It’s also part of a broader move to increase its digital sovereignty. In her LinkedIn post, Olsen further explained that the strategy is not about isolation or digital nationalism, adding that they should not turn their backs completely on global tech companies like Microsoft.  Instead, it’s about avoiding being too dependent on these companies, which could prevent them from acting freely. Then there’s politics. Since his reelection earlier this year, US President Donald Trump has repeatedly threatened to take over Greenland, an autonomous territory of Denmark.  In May, the Danish Foreign Minister Lars Løkke Rasmussen summoned the US ambassador regarding news that US spy agencies have been told to focus on the territory. If the relationship between the two countries continues to erode, Trump can order Microsoft and other US tech companies to cut off Denmark from their services. After all, Microsoft and Facebook’s parent company Meta, have close ties to the US president after contributing $1M each for his inauguration in January. Denmark Isn’t Alone: Other EU Countries Are Making Similar Moves Denmark is only one of the growing number of European Union (EU) countries taking measures to become more digitally independent. Germany’s Federal Digital Minister Karsten Wildberger emphasized the need to be more independent of global tech companies during the re:publica internet conference in May. He added that IT companies in the EU have the opportunity to create tech that is based on the region’s values. Meanwhile, Bert Hubert, a technical advisor to the Dutch Electoral Council, wrote in February that ‘it is no longer safe to move our governments and societies to US clouds.’ He said that America is no longer a ‘reliable partner,’ making it risky to have the data of European governments and businesses at the mercy of US-based cloud providers. Earlier this month, the chief prosecutor of the International Criminal Court (ICC), Karim Khan, experienced a disconnection from his Microsoft-based email account, sparking uproar across the region.  Speculation quickly arose that the incident was linked to sanctions previously imposed on the ICC by the Trump administration, an assertion Microsoft has denied. Earlier this month, the chief prosecutor of the International Criminal Court (ICC), Karim Khan, disconnection from his Microsoft-based email account caused an uproar in the region. Some speculated that this was connected to sanctions imposed by Trump against the ICC, which Microsoft denied. Weaning the EU Away from US Tech is Possible, But Challenges Lie Ahead Change like this doesn’t happen overnight. Just finding, let alone developing, reliable alternatives to tools that have been part of daily workflows for decades, is a massive undertaking. It will also take time for users to adapt to these new tools, especially when transitioning to an entirely new ecosystem. In Aarhus, for example, municipal staff initially viewed the shift to open source as a step down from the familiarity and functionality of Microsoft products. Overall, these are only temporary hurdles. Momentum is building, with growing calls for digital independence from leaders like Ministers Olsen and Wildberger.  Initiatives such as the Digital Europe Programme, which seeks to reduce reliance on foreign systems and solutions, further accelerate this push. As a result, the EU’s transition could arrive sooner rather than later As technology continues to evolve—from the return of 'dumbphones' to faster and sleeker computers—seasoned tech journalist, Cedric Solidon, continues to dedicate himself to writing stories that inform, empower, and connect with readers across all levels of digital literacy. With 20 years of professional writing experience, this University of the Philippines Journalism graduate has carved out a niche as a trusted voice in tech media. Whether he's breaking down the latest advancements in cybersecurity or explaining how silicon-carbon batteries can extend your phone’s battery life, his writing remains rooted in clarity, curiosity, and utility. Long before he was writing for Techreport, HP, Citrix, SAP, Globe Telecom, CyberGhost VPN, and ExpressVPN, Cedric's love for technology began at home courtesy of a Nintendo Family Computer and a stack of tech magazines. Growing up, his days were often filled with sessions of Contra, Bomberman, Red Alert 2, and the criminally underrated Crusader: No Regret. But gaming wasn't his only gateway to tech.  He devoured every T3, PCMag, and PC Gamer issue he could get his hands on, often reading them cover to cover. It wasn’t long before he explored the early web in IRC chatrooms, online forums, and fledgling tech blogs, soaking in every byte of knowledge from the late '90s and early 2000s internet boom. That fascination with tech didn’t just stick. It evolved into a full-blown calling. After graduating with a degree in Journalism, he began his writing career at the dawn of Web 2.0. What started with small editorial roles and freelance gigs soon grew into a full-fledged career. He has since collaborated with global tech leaders, lending his voice to content that bridges technical expertise with everyday usability. He’s also written annual reports for Globe Telecom and consumer-friendly guides for VPN companies like CyberGhost and ExpressVPN, empowering readers to understand the importance of digital privacy. His versatility spans not just tech journalism but also technical writing. He once worked with a local tech company developing web and mobile apps for logistics firms, crafting documentation and communication materials that brought together user-friendliness with deep technical understanding. That experience sharpened his ability to break down dense, often jargon-heavy material into content that speaks clearly to both developers and decision-makers. At the heart of his work lies a simple belief: technology should feel empowering, not intimidating. Even if the likes of smartphones and AI are now commonplace, he understands that there's still a knowledge gap, especially when it comes to hardware or the real-world benefits of new tools. His writing hopes to help close that gap. Cedric’s writing style reflects that mission. It’s friendly without being fluffy and informative without being overwhelming. Whether writing for seasoned IT professionals or casual readers curious about the latest gadgets, he focuses on how a piece of technology can improve our lives, boost our productivity, or make our work more efficient. That human-first approach makes his content feel more like a conversation than a technical manual. As his writing career progresses, his passion for tech journalism remains as strong as ever. With the growing need for accessible, responsible tech communication, he sees his role not just as a journalist but as a guide who helps readers navigate a digital world that’s often as confusing as it is exciting. From reviewing the latest devices to unpacking global tech trends, Cedric isn’t just reporting on the future; he’s helping to write it. View all articles by Cedric Solidon Our editorial process The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Apple’s Worldwide Developers Conference 2025 saw a range of announcements that offered a glimpse into the future of Apple’s software design and artificial intelligence (AI) strategy, highlighted by a new design language called  Liquid Glass and by Apple Intelligence news. Liquid Glass is designed to add translucency and dynamic movement to Apple’s user interface across iPhones, iPads, Macs, Apple Watches, and Apple TVs. The overhaul aims to make interactions with elements like buttons and sidebars adapt contextually. However, the real news of WWDC could be what we didn’t see.  Analysts had high expectations for Apple’s AI strategy, and while Apple Intelligence was talked about, many market watchers reported that it lacked the innovation that have come from Google’s and Microsoft’s generative AI (genAI) rollouts. The question of whether Apple is playing catch-up lingered at WWDC 2025, and comments from Apple execs about delays to a significant AI overhaul for Siri were apparently interpreted as a setback by investors, leading to a negative reaction and drop in stock price. Follow this page for Computerworld‘s coverage of WWDC25. WWDC25 news and analysis Apple’s AI Revolution: Insights from WWDC June 13, 2025: At Apple’s big developer event, developers were served a feast of AI-related updates, including APIs that let them use Apple Intelligence in their apps and ChatGPT-augmentation from within Xcode. As a development environment, Apple has secured its future, with Macs forming the most computationally performant systems you can affordably purchase for the job. For developers, Apple’s tools get a lot better for AI June 12, 2025: Apple announced one important AI update at WWDC this week, the introduction of support for third-party large language models (LLM) such as ChatGPT from within Xcode. It’s a big step that should benefit developers, accelerating app development. WWDC 25: What’s new for Apple and the enterprise? June 11, 2025: Beyond its new Liquid Glass UI and other major improvements across its operating systems, Apple introduced a hoard of changes, tweaks, and enhancements for IT admins at WWDC 2025. What we know so far about Apple’s Liquid Glass UI June 10, 2025: What Apple has tried to achieve with Liquid Glass is to bring together the optical quality of glass and the fluidity of liquid to emphasize transparency and lighting when using your devices.  WWDC first look: How Apple is improving its ecosystem June 9, 2025: While the new user interface design Apple execs highlighted at this year’s Worldwide Developers Conference (WWDC) might have been a bit of an eye-candy distraction, Apple’s enterprise users were not forgotten. Apple infuses AI into the Vision Pro June 8, 2025: Sluggish sales of Apple’s Vision Pro mixed reality headset haven’t dampened the company’s enthusiasm for advancing the device’s 3D computing experience, which now incorporates AI to deliver richer context and experiences. WWDC: Apple is about to unlock international business June 4, 2025: One of the more exciting pre-WWDC rumors is that Apple is preparing to make language problems go away by implementing focused artificial intelligence in Messages, which will apparently be able to translate incoming and outgoing messages on the fly. 

Originally published at EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs by Anush Yolyan. The integration will deliver simple, accessible, and streamlined email security for vulnerable inboxes Global, 4 November 2024 – US-based email security firm EasyDMARC has today announced its integration with Pax8 Marketplace, the leading cloud commerce marketplace. As one of the first DMARC solution providers on the Pax8 Marketplace, EasyDMARC is expanding its mission to protect inboxes from the rising threat of phishing attacks with a rigorous, user-friendly DMARC solution. The integration comes as Google highlights the impressive results of recently implemented email authentication measures for bulk senders: a 65% reduction in unauthenticated messages to Gmail users, a 50% increase in bulk senders following best security practices, and 265 billion fewer unauthenticated messages sent in 2024. With email being such a crucial communication channel for businesses, email authentication measures are an essential part of any business’s cybersecurity offering.  Key features of the integration include: Centralized billing With centralized billing, customers can now streamline their cloud services under a single pane of glass, simplifying the management and billing of their EasyDMARC solution. This consolidated approach enables partners to reduce administrative complexity and manage all cloud expenses through one interface, providing a seamless billing and support experience. Automated provisioning  Through automated provisioning, Pax8’s automation capabilities make deploying DMARC across client accounts quick and hassle-free. By eliminating manual configurations, this integration ensures that customers can implement email security solutions rapidly, allowing them to safeguard client inboxes without delay. Bundled offerings The bundled offerings available through Pax8 allow partners to enhance their service portfolios by combining EasyDMARC with complementary security solutions. By creating all-in-one security packages, partners can offer their clients more robust protection, addressing a broader range of security needs from a single, trusted platform. Gerasim Hovhannisyan, Co-Founder and CEO of EasyDMARC, said: “We’re thrilled to be working with Pax8  to provide MSPs with a streamlined, effective way to deliver top-tier email security to their clients, all within a platform that equips them with everything needed to stay secure.  As phishing attacks grow in frequency and sophistication, businesses can no longer afford to overlook the importance of email security. Email authentication is a vital defense against the evolving threat of phishing and is crucial in preserving the integrity of email communication. This integration is designed to allow businesses of all sizes to benefit from DMARC’s extensive capabilities.” Ryan Burton, Vice President of Marketplace Vendor Strategy, at Pax8 said:  “We’re delighted to welcome EasyDMARC to the Pax8 Marketplace as an enterprise-class DMARC solution provider. This integration gives MSPs the tools they need to meet the growing demand for email security, with simplified deployment, billing, and bundling benefits. With EasyDMARC’s technical capabilities and intelligence, MSPs can deliver robust protection against phishing threats without the technical hassle that often holds businesses back.” About EasyDMARC EasyDMARC is a cloud-native B2B SaaS solution that addresses email security and deliverability problems with just a few clicks. For Managed Service Providers seeking to increase their revenue, EasyDMARC presents an ideal solution. The email authentication platform streamlines domain management, providing capabilities such as organizational control, domain grouping, and access management. Additionally, EasyDMARC offers a comprehensive sales and marketing enablement program designed to boost DMARC sales. All of these features are available for MSPs on a scalable platform with a flexible pay-as-you-go pricing model. For more information on the EasyDMARC, visit: https://easydmarc.com/ About Pax8  Pax8 is the technology marketplace of the future, linking partners, vendors, and small to midsized businesses (SMBs) through AI-powered insights and comprehensive product support. With a global partner ecosystem of over 38,000 managed service providers, Pax8 empowers SMBs worldwide by providing software and services that unlock their growth potential and enhance their security. Committed to innovating cloud commerce at scale, Pax8 drives customer acquisition and solution consumption across its entire ecosystem. Find out more: https://www.pax8.com/en-us/ The post EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs appeared first on EasyDMARC.

In Brief Posted: 10:54 AM PDT · June 14, 2025 Image Credits:Mario Tama / Getty Images Waymo limits service ahead of today’s ‘No Kings’ protests Alphabet-owned robotaxi company Waymo is limiting service due to Saturday’s scheduled nationwide “No Kings” protests against President Donald Trump and his policies. A Waymo spokesperson confirmed the changes to Wired on Friday. Service is reportedly affected in San Francisco, Austin, Atlanta, and Phoenix, and is entirely suspended in Los Angeles. It’s not clear how long the limited service will last. As part of protests last weekend in Los Angeles against the Trump administration’s immigration crackdown, five Waymo vehicles were set on fire and spray painted with anti-Immigration and Customs Enforcement (ICE) messages. In response, Waymo suspended service in downtown LA. While it’s not entirely clear why protestors targeted the vehicles, they may be seen as a surveillance tool, as police departments have requested robotaxi footage for their investigations in the past. (Waymo says it challenges requests that it sees as overly broad or lacking a legal basis.) According to the San Francisco Chronicle, the city’s fire chief told officials Wednesday that “in a period of civil unrest, we will not try to extinguish those fires unless they are up against a building.” Topics