The post أبل تكشف عن نظام رسوم معقد لتفادي غرامة أوروبية ضخمة appeared first on عرب هاردوير.

The Swiss architects first submitted controversial plans to overhaul the Grade II-listed terminus in the City of London in May 2023 on behalf of Sellar and Network Rail. Now the AJ understands the practice is drawing up a rival scheme, separate to its original proposal, which is effectively a third but as yet unseen design for the station and a development above it. ACME, on behalf of Network Rail, submitted its own proposals in April after Network Rail appointed the Shoreditch practice to draw up plans last year. This put the brakes on Herzog & de Meuron’s 2023 scheme, which had been updated with amendments in 2024 in response to criticism over heritage harm – though the application was never withdrawn and remains live on the City of London’s planning portal.Advertisement According to sources, Herzog & de Meuron – still with Sellar’s backing – is actively working on a fresh scheme with ‘much less demolition’, which could rival ACME’s plans as well as its own 2023 scheme. SAVE Britain’s Heritage, which the AJ understands is among several bodies to have been consulted on the ‘third’ scheme for Liverpool Street station, told the AJ: ‘There are now potentially three live schemes for the same site. ‘However, what is interesting about Sellar’s latest proposal is that it involves much less demolition of the station. Network Rail and their current favoured architect, ACME, would do well to take note.’ Historic England, which strongly opposed the original Herzog & de Meuron scheme, is understood to have been shown the Swiss architects’ latest proposals in March. The heritage body’s official response to the ACME scheme has not yet been made public. A spokesperson for the government’s heritage watchdog told the AJ of the emerging third proposal: ‘We have seen a revised scheme designed by Herzog & de Meuron, but it has not been submitted as a formal proposal and we have not provided advice on it.’Advertisement The C20 Society added that it ‘can confirm that it has been in pre-app consultation with both ACME and Herzog & de Meuron regarding the various schemes in development for Liverpool Street Station’. The body, which campaigns to protect 20th century buildings, added: ‘We will provide a full statement once all plans have been scrutinised.’ In November, the Tate Modern architects appeared to be off the job following the appointment by Network Rail of Shoreditch-based ACME, which came up with an alternative scheme featuring slightly smaller office towers as part of the planned above-station development. The ACME plan for Liverpool Street includes an above-station office development that would rise to 18 storeys, with balcony spaces on the 10th to 17th storeys and outdoor garden terraces from the 14th to 17th storeys. These proposals are marginally shorter than Herzog & de Meuron’s original 15 and 21-storey designs. However, despite these changes, ACME and Network Rail’s scheme has recently seen criticism by the Victorian Society, which told the AJ last month that it would object to the ACME scheme, claiming the above-station development ‘would be hugely damaging to Liverpool Street Station and the wider historic environment of the City of London’. In September last year, Sellar confirmed that that Herzog & de Meuron was working on an amended proposal, as the AJ revealed at the time. However, it is unclear if the latest, third option is related to that work. While both applications introduce more escalators down to platform level and accessibility improvements, the Herzog & de Meuron scheme proved controversial because of planned changes to the inside of the Grade II*-listed former Great Eastern Hotel building above the concourse, which would have seen the hotel relocate to new-build elements. The Swiss architect’s original proposals would have also removed much of the 1992 additions to the concourse by British Rail’s last chief architect, Nick Derbyshire – which had not been included in the original 1975 listing for Liverpool Street station. Historic England listed that part of the station in late 2022 after a first consultation on the Herzog & de Meuron plans. Network Rail told the AJ that it remains ‘fully committed’ to the ACME plan, which was validated only last month. Herzog & de Meuron referred the AJ to Sellar for comment. Sellar declined to comment. ACME has been approached for comment.

Taurine supplements have been considered promising for delaying ageing, but that may not be the caseShutterstock / Eugeniusz Dudzinski The amino acid taurine was once thought to decline with age, and animal research suggested that taurine supplements could delay ageing. But a new study shows that the decline doesn’t happen consistently. In fact, taurine levels tend to increase in people over time, suggesting that low levels of the nutrient aren’t a driver of ageing. Previous research has shown that taurine concentrations decline in men as they age and that people with higher taurine levels at 60 years old tend to have better health outcomes. This, along with evidence that taurine supplements extend lifespan in mice and monkeys, suggested that low taurine contributes to ageing.Advertisement The trouble is that taurine fluctuates in response to other factors too, such as illness, stress and diet – therefore, declines in this key amino acid may not be due to ageing. Maria Emilia Fernandez at the National Institute on Aging in Maryland and her colleagues analysed taurine levels in 742 people between 26 and 100 years old. The participants, about half of whom were women, didn’t have underlying health conditions and provided three to five blood samples between January 2006 and October 2018. On average, taurine levels were almost 27 per cent higher in women at 100 years old than at 26 years old and rose about 6 per cent in men between the ages of 30 and 97. Similar results were seen in 32 monkeys that underwent three to seven blood draws between 3 and 32 years of age. Between 5 and 30 years of age, taurine levels rose 72 per cent in female monkeys and 27 per cent in male monkeys, on average. Together, these findings indicate that taurine levels are not a reliable indication of ageing. What’s more, taurine levels also varied widely between people and even within individuals over time, suggesting that other environmental factors influence them, says Fernandez. Get the most essential health and fitness news in your inbox every Saturday. Sign up to newsletter However, some people may still benefit from taurine supplementation, says Fernandez, pointing to studies that show it helps regulate blood sugar in people with type 2 diabetes or obesity. But whether it can delay ageing in otherwise healthy people is an open question. Vijay Yadav at Rutgers University in New Jersey says he and his colleagues are currently conducting a clinical trial of taurine supplementation in middle-aged adults. “We hope to finish the trial by the end of 2025,” he says. “Hopefully it will generate sufficiently rigorous data to show whether or not taurine supplementation delays the pace of ageing in humans or increases health and fitness.” Journal reference:Science DOI: 10.1126/science.adl2116 Article amended on 5 June 2025We corrected Vijay Yadav's affiliationTopics:

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

In a move Democrats warned would have disastrous consequences for the economy, the environment, and public health, the Republican-led Senate Thursday voted to block California’s electric-vehicle mandates, revoking the state’s right to implement the nation’s toughest emissions standards.    Republicans used the Congressional Review Act, or CRA, to overturn California’s long-standing authority under the Clean Air Act to request waivers from the Environmental Protection Agency to pass emissions standards stricter than federal rules and protect residents from dangerous air pollution. The move affects 17 other states and Washington, D.C., which have voluntarily adopted one or more of California’s stricter standards.  The CRA allows Congress to quickly rescind a rule within a limited time after it’s issued by a federal agency, allowing a simple majority vote rather than the 60 votes needed to advance legislation under the filibuster rule.  An aerial view of traffic on a smoggy day in Los Angeles in January 1985. [Photo: Ernst Haas/Getty Images] But both the Senate parliamentarian, the chamber’s official nonpartisan adviser, and the Government Accountability Office, the nonpartisan congressional referee, said the waivers are not rules and so are not subject to the Congressional Review Act. In defying the Senate parliamentarian, Democrats charged, the vote endangers not just the health of children and the climate but also decades of legal precedent and the integrity of the Senate itself. “Today, the Senate has done something unprecedented,” said Sen. Sheldon Whitehouse of Rhode Island late Wednesday night, after he and his Democratic colleagues spent the past several days urging Republicans to respect not just California’s authority under the law, but also Senate rules.  “Our actions and the ones that will follow from the procedural steps taken here today, over the next day or so will change the Clean Air Act, will change the Congressional Review Act, will change the rules of the Senate, and will do so by overruling the parliamentarian and breaking the filibuster—in effect, going nuclear,” Whitehouse said, referring to attempts to subvert the filibuster. “This isn’t just about California’s climate policies, and this isn’t just about the scope of the Congressional Review Act, and this isn’t just about eliminating the legislative filibuster,” said California Sen. Alex Padilla on the Senate floor Tuesday. The Trump administration’s EPA submitted California’s waivers for review by Congress “with full knowledge that they are not actually rules” subject to the CRA, Padilla said, opening the door for any agency to ask Congress to revoke regulations a new administration doesn’t like.  By mid-afternoon Thursday, Republicans moved to overturn California’s waivers through a procedural maneuver—giving the Senate the authority to determine what constitutes a rule for fast-track voting. They overturned waivers behind California’s rules to reduce tailpipe emissions from passenger vehicles and trucks, those regulating medium- and heavy-duty trucks, and the rule for heavy-duty smog-producing diesel and gas trucks. Senate Majority Leader John Thune (R-SD) mocked Democrats’ objections to using the CRA, saying they were “throwing a tantrum over a supposed procedural problem.”Thune insisted that having a waiver submitted to Congress “is all that Congress has ever needed to decide to consider something under the Congressional Review Act.” He called the GAO’s ruling that the waiver is not a rule “an extraordinary deviation from precedent,” saying it was the first time the office “has decided to insert itself into the process and affirmatively declare that an agency rule submitted to Congress as a rule is not a rule.”  Despite Thune’s claim, since the CRA was passed in 1996 the GAO has offered 26 legal opinions about whether an agency action was a rule in response to inquiries from members of Congress. And EPA never submitted California Clean Air Act waivers to Congress before the Trump administration, Padilla and his Democratic colleagues say. They contend that Republicans chose this route because they don’t have the votes to withdraw the waivers through legislation. “The CRA has never been used to go after emission waivers like the ones in question today,” Senate Minority Leader Chuck Schumer of New York said on the floor Tuesday. “The waiver is so important to the health of our country, and particularly to our children; to go nuclear on something as significant as this and to do the bidding of the fossil fuel industry is outrageous.” The first waiver was granted to California on July 11, 1968, Whitehouse told his colleagues in a last-ditch effort to change their minds late Wednesday night. Waivers have either been granted or amended or modified repeatedly since then, he said. “The score on whether the California clean air rule is treated by EPA as a waiver or a rule? It’s 131 to zero.” The use of the Congressional Review Act resolution is inconsistent with past precedent and violates the plain language of the act itself, said John Swanton, a spokesperson for California’s Air Resources Board, which regulates emissions.  “The vote does not change CARB’s authority,” Swanton said, adding that the agency will continue its mission to protect the public health of Californians impacted by harmful air pollution. Ten million Californians live in areas that are under distinct, elevated threats from air pollution, said Adam Schiff, California’s junior senator. That has led to higher rates of respiratory issues like asthma and chronic lung disease, and increased the risk of heart disease, cancer, chronic headaches, and immune system issues, he said.  Sen. Adam Schiff (D-CA) speaks about the importance of the Clean Air Act in California during a Senate meeting on May 8. [Image: U.S. Senate floor webcast] “And that is multiplied by us living now on the front lines of the climate crisis. We have devastating and year-round fire dangers that put millions of other pollutants into our air,” Schiff said. “We need, deserve, and reserve the right as Californians to do something about our air.” Yet earlier this month, House Republicans, joined by 35 Democrats, including two from California, voted to rescind the waivers, sending the issue to the Senate. A “Compelling and Extraordinary” Need California’s legal authority to implement stricter air quality standards than federal rules comes from having already implemented its own tailpipe-emission regulations before Congress passed national standards in 1967. California officials developed the regulations to deal with the “compelling and extraordinary” air-pollution problems caused by the Golden State’s unique geography, climate, and abundance of people and vehicles. Recognizing these unique conditions, Congress gave California the authority to ask the Environmental Protection Agency for a waiver from rules barring states from passing air and climate pollution rules that are more protective than federal rules.  Only one waiver was denied, an action that was quickly reversed, according to CARB. And though the Trump administration in 2019 withdrew a waiver, a move legal scholars say has no basis in the law, the Biden administration restored the state’s authority to set its own vehicle-emission standards within a few years. Republicans argued that California’s rules amount to de facto national standards, given the state’s size and the fact that other states have signed on.  But California can’t force its emission standards on other states, Padilla said. “Yes, over a dozen other states have voluntarily followed in California’s footsteps, not because they were forced to, but because they chose to, in order to protect their constituents, their residents, and protect our planet.” California’s standards also represent ambitious but achievable steps to cut carbon emissions and fight the climate crisis, Padilla said. “Transportation is the single largest contributor to greenhouse gas emissions, and California has been proud to set the example for other states who may choose to follow suit.” Sen. Alex Padilla (D-CA) told his Republican colleagues late Wednesday night why his state’s unique geography and climate create particularly hazardous air-quality problems. [Image: U.S. Senate floor webcast] Padilla, who grew up in California’s chronically polluted San Fernando Valley, recalled being sent home from grade school “on a pretty regular basis” when throat-burning smog settled over the valley. “It appears that Republicans want to overturn half a century of precedent in order to undermine California’s ability to protect the health of our residents,” Padilla said. “Republicans seem to be putting the wealth of the big oil industry over the health of our constituents.” “For Their Fossil Fuel Donors” Rhode Island’s Whitehouse, who has long schooled his colleagues on the perils of carbon pollution, took to the floor Tuesday to school them on the Congressional Review Act. Under the American legal system, administrative agencies can make rules through “a very robust process” that follows the Administrative Procedure Act, Whitehouse said. A rule could be contested in court, but years ago Congress decided there also could be a period of review when congressional members could reject the rule.  And for all the decades since the CRA was passed, he said, it’s been used to address rules under the APA within the specified 60 days.Other states, including Rhode Island, follow California’s emissions standards because it’s good for public health to have clean air, Whitehouse said. “Efficient cars may mean lower cost for consumers, but those lower costs for consumers are lower sales for the fossil fuel industry.” Whitehouse told his colleagues they had legitimate pathways to change laws they didn’t like. They could pass a joint resolution or a simple Senate resolution. But those approaches would require 60 votes to end debate. “They don’t want to do that,” he said. “They want to ram this thing through for their fossil fuel donors.” Republicans, by contrast, argued they had the authority to protect consumers from what they call California’s “electric vehicle mandate,” which they say would endanger consumers, the economy, and the nation’s energy supply. “And our already shaky electric grid would quickly face huge new burdens from the surge in new electric vehicles,” argued Thune.  Congress had approved $5 billion to build electric vehicle charging infrastructure across the country, but the Trump administration withheld that funding, triggering a lawsuit from a coalition of attorneys to reverse what they said was a clearly illegal action. Republicans’ attacks on electric vehicles could disrupt a burgeoning industry built around the transition to renewable energy. “The repeal of these waivers will dramatically destabilize the regulatory landscape at a time when industry needs certainty to invest in the future and compete on a global scale,” said Jamie Hall, policy director for EV Realty, which develops EV-charging hubs. Thune also argued that California’s waiver rules are an improper expansion of a limited Clean Air Act authority, echoing an argument in Project 2025, a policy blueprint for the second Trump administration produced by the conservative Heritage Foundation, which has long battled efforts to combat climate change. In a chapter on transportation asserts, Project 2025 claims that California has no valid basis under the Clean Air Act to claim an extraordinary or unique air quality impact from carbon dioxide emissions. Its recommendation? “Revoke the special waiver granted to California by the Biden administration.” On Wednesday, a clearly frustrated Whitehouse argued that Republicans were helping the fossil fuel industry create a shortcut for itself so it can sell more gasoline and ignore all the states that joined California to demand cleaner air for their constituents. “The fossil fuel industry essentially runs the Republican Party right now,” he said. Last year, the oil and gas industry spent more than $153 million on lobbying, led by the American Fuel and Petrochemical Manufacturers, which spent $27.6 million to influence Congress on bills including those designed to repeal vehicle-emission standards. The trade group also donated $178,750 to congressional candidates, 96% of which went to Republicans.  The American Petroleum Institute, the largest U.S. oil and gas industry trade association, spent $6.25 million on lobbying last year to influence some of the same bills. Of nearly $400,000 donated to congressional candidates last year, 78% went to Republicans.  Ninety-five percent of the $21,000 the Heritage Foundation donated to congressional candidates last year went to Republicans. “We Believe That You Can Do It” The week before Donald Trump returned to office, the American Petroleum Institute held its biggest annual meeting in Washington, D.C. API promoted the event as an opportunity to urge the incoming Trump administration and Congress to “seize the American energy opportunity” by advancing commonsense energy policies. Thune joined API Chief Executive Mike Sommers onstage, where they reminisced about starting their careers in adjacent offices in the same congressional office building 30 years ago.  “It is a huge opportunity, having an administration that actually is pro-energy development working with the Congress,” Thune told his old friend. “We want to be supportive in any way that we can in ensuring that the president and his team have success in making America energy dominant.” Sommers suggested that one of the “big, powerful tools” Congress can use when one party controls both chambers is the Congressional Review Act, which he said offers fast-track authority to reverse “midnight regulations” passed by the Biden administration. Thune said he wouldn’t be able to use the CRA for one of California’s tailpipe emissions standards because it doesn’t fit within the required time window. But he was arguing with the parliamentarian and others, he said, “about the whole California waiver issue and how to reverse that because that was such a radical regulatory overreach.”Both California’s Clean Cars and Clean Trucks rules require an increasing percentage of vehicles sold in the state to be zero-emissions by 2035, with the cars rule, the so-called “EV mandate,” requiring that 100% of passenger cars and trucks be zero emissions by that date. “What California did was completely radical,” Sommers said at the meeting. “The fact that 17 other states who’ve waived into this are going to be subject to it could completely change the vehicle market.” “So we would highly encourage you to look at that as an option for the CRA,” Sommers told Thune. “And we believe that you can do it.” Thune assured Sommers that his committee chairs and team were looking at ways to fit repeal of California’s waivers “within the parameters of a CRA action” to fix what they saw as a shared problem. The oil and gas industry appreciated the efforts of Thune; John Barrasso of Wyoming, the Senate Majority Whip; and West Virginia Sen. Shelley Moore Capito, who pledged to overturn California’s clean cars rule and introduced the measure to do so last month.  “Today, the United States Senate delivered a victory for American consumers, manufacturers, and U.S. energy security by voting to overturn the prior administration’s EPA rule authorizing California’s gas car ban and preventing its spread across our country,” said the American Petroleum Institute and the American Fuel and Petrochemical Manufacturers in a joint statement. “We cannot thank Senators John Barrasso, Shelley Moore Capito, and Leader John Thune enough for their leadership on this important issue.” Back on the Senate floor, Democrats warned their Republican colleagues that they may live to regret their decision to override the parliamentarian and flout legislative rules. “It won’t be long before Democrats are once again in the driver’s seat here, in the majority once again,” Padilla said. When that happens, he warned, every agency action that Democrats don’t like, whether it’s a rule or not, and no matter how much time has passed, would be fair game with this new precedent.  “I suggest that we all think long and hard and be very careful about this,” he implored, in vain. “I would urge my colleagues, all my colleagues, to join me, not just in defending California’s rights to protect the health of our residents, not just in combating the existential threat of climate change, but in maintaining order in this chamber.” This article originally appeared on Inside Climate News. It is republished with permission. Sign up for their newsletter here.

On Tuesday, the Senate unanimously passed the No Tax on Tips Act, pushing one of President Donald Trump’s campaign promises one step closer to becoming law. The pledge to eliminate federal taxes on service and hospitality workers’ tips rallied voters in the 2024 election, so much so that even former Vice President Kamala Harris endorsed the idea in her campaign against Trump. Now, both Democrats and Republicans on Capitol Hill seem to want to make it a reality. It’s easy to see why “no tax on tips” has broad bipartisan support: It looks like a populist policy that gives lower-wage workers much-needed relief, and opposing it might make you seem out of touch with the working class. But as I wrote last year, “no tax on tips” would actually be more of a tax break for businesses that would cost the federal government an estimated $10 billion to $15 billion a year in tax revenue. In short, the policy incentivizes businesses to lower workers’ wages and make them rely more on tips. But that’s exactly the opposite of what workers — and tipped workers in particular — need. Tipped workers are underpaid. Some of them would certainly see their take-home pay increase if the federal government stops taxing them on tips, assuming that their wages stay the same. But tips can be volatile, and often vary by season, and a “no tax on tips” policy would make offseasons worse for tipped workers, who will likely be stuck with lower base pay. The reality is that the problem for tipped workers isn’t that their taxes are too high — it’s that their wages are far too low. Plus, not having their taxes tipped means workers might end up accruing less credit toward their Social Security. In fact, many underpaid workers won’t even see a difference from the policy. Some tipped workers — by some estimates more than a third of them — earn so little that they are already exempt from income taxes, which means that a “no tax on tips” law would do nothing to boost their take-home pay. More than that, “no tax on tips” doesn’t help out most low-wage workers: More than 95 percent of low- and moderate-wage workers don’t receive tips on a regular basis. So while Congress busies itself with flashy tax cuts that won’t go too far in helping low-wage workers, it might be better to focus on the root cause of tipped workers’ problem: the subminimum wage.What is the subminimum wage and why is it so low? The last federal minimum wage increase was in 2009, and it’s been the same since: $7.25 per hour. Many states have minimum wages that are higher than the federal level — but most also have a subminimum wage for tipped workers. That’s a carveout that allows employers to pay their workers less so long as they make up the difference in tips, and that wage is just $2.13 per hour. If a subminimum wage worker doesn’t make enough tips to reach the full minimum wage, the employer is required to pay the difference. These tiered minimum wages date back to the Fair Labor Standards Act (FLSA), passed in 1938. The legislation created a subminimum wage with the intention of encouraging employers to hire people “whose earning capacity is impaired by age or physical or mental deficiency or injury.” The idea was to ensure that job opportunities and work training programs would still be available for people with disabilities. But in 1966, Congress amended the FLSA to include a subminimum wage for workers who regularly receive tips, hoping this would lower payroll costs for service-sector businesses. This change fundamentally changed the culture around tipping: While customers used to give workers tips as a show of gratitude, tips became a necessity for workers in order to make ends meet. Since then, workers in the service and hospitality sectors in most places have been subject to a subminimum wage that has not increased since 1991. While tipped wages are often sold to workers as a benefit — in theory, there’s no limit to how much they can make if customers are generous — the reality is that their overall take-home pay, even including tips, is often not enough. For example, the median wage for waiters in 2024 was $33,760, according to the Bureau of Labor Statistics, and the bottom 10 percent of waiters earned about $18,000. For context, the standard deduction — that is, the portion of your income that is untaxed — is $29,200 for a married couple and $14,600 for an individual. “No tax on tips” might give waiters a small tax break, but it’s hardly enough to work as a meaningful solution to low wages.The movement to abolish the subminimum wageMany workers have grown frustrated with the tiered minimum wage system, leading to the creation of organizations like One Fair Wage, which advocates for getting rid of the subminimum wage — a measure that would likely help alleviate poverty. (At least eight states have eliminated the subminimum wage for tipped workers.) And because a handful of states have already abolished the subminimum wage in favor of one equal minimum wage for tipped and non-tipped workers alike, we can see how the former holds workers back.According to an analysis by the Center for American Progress, tipped workers have a higher poverty rate in states with a subminimum wage compared to states that have abolished it. In states with the subminimum wage, 14.8 percent of tipped workers live in poverty. By contrast, those same workers have a poverty rate of 11 percent in states that have gotten rid of the subminimum wage. The biggest problem with the “no tax on tips” idea is that it will likely only suppress wages, which will ultimately hurt workers in the long run. There are better ways Congress can help low-wage workers than eliminating taxes on tips, including by expanding the standard deduction — giving a meaningful tax cut to all low-wage workers, not just those who receive tips — or by finally getting rid of the subminimum wage. And they might consider increasing the minimum wage while they’re at it. After all, a raise is long overdue. This story is written for the Within Our Means newsletter. Sign up here.See More:

We're just weeks from the release date of Nintendo Switch 2, and the company has issued a clarification on a big feature change after fans probed the console's tech specsTech10:43, 19 May 2025The console launches on June 5The Nintendo Switch 2 and Mario Kart World arrive in just a few weeks, and while we might not have reviews from outlets such as Daily Star until launch, we do have the console's full tech specs.Still, there's one big change from what Nintendo originally released, and it's to do with variable refresh rate on external displays when the console is docked.‌We know the Switch 2 will support frame rates of up to 120Hz in handheld mode, but the console was originally tipped for supporting variable refresh rates on supported TVs which would have allowed for smoother motion on compatible screens.‌Just weeks before launch, the company has issued an apology via Nintendo Life, confirming VRR is only available in handheld.You will need to act fast to get a Switch 2(Image: Nintendo)"Nintendo Switch 2 supports VRR in handheld mode only. The incorrect information was initially published on the Nintendo Switch 2 website, and we apologise for the error," Nintendo told the outlet, but were cagey on whether the functionality could come later.Article continues below"We have nothing to announce on this topic," it asked about the possibility of it coming in the future.The change was spotted after Nintendo amended its product site to remove mentions of VRR, as per Digital Foundry's Oliver MacKenzie on X (formerly Twitter).Content cannot be displayed without consent‌Over on Reddit, one fan said "that's such a strange thing", with the prevailing theory that the console's use of USB-C to transfer video to HDMI could be what prevents a variable refresh rate."This is a huge bummer. VRR is pretty damn game changing and for it not to be enabled in docked mode is definitely unfortunate," one added, while another said "that's pretty dumb, considering this is a 2025 console."It's the latest in a long line of clarifications fans have been asking for, including knowing how much of a game is on a cartridge, the cumbersome rollout of Switch 1 game upgrade information, and even knowing which peripherals will or won't work with the new system.Article continues belowAll this prompted former Nintendo marketing staff to suggest the company release a whole host of information about the console and let fans "read to their hearts' content".For more on Nintendo Switch 2, be sure to check out our favourite Switch 1 games, as well as our most-wanted Switch 2 ports.For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.‌‌‌

An initiative led by Brazil will pay countries to preserve tropical forestsLuiz Claudio Marigo/Nature Picture Library/Alamy At the COP30 climate summit in November, a group of countries led by Brazil will launch a bold new initiative that will pay tropical countries to maintain forest cover. Instead of relying on donations or selling carbon credits, the Tropical Forests Forever Facility (TFFF) will raise money from investments, a radical approach that could generate billions in additional funding for nature, its proponents say. “We need new ways to raise funds for… Article amended on 16 May 2025We corrected details of the TFFF’s funding, areas of investment and penalty payments.

The British automaker and US-based iPhone maker are collaborating on the new generation of CarPlay. Apple 2025-05-15T22:03:22Z Save Saved Read in app This story is available exclusively to Business Insider subscribers. Become an Insider and start reading now. Have an account? Apple partnered with Aston Martin to launch CarPlay Ultra for its luxury vehicles. CarPlay Ultra integrates iPhone functions into the dashboard with customizable features and Siri. Available in Aston Martin's Vantage sports car, starting at $194,000, and additional models. Apple's CarPlay just got a James Bond-esque makeover.The tech giant partnered with luxury car brand Aston Martin for the initial rollout of CarPlay Ultra, the next generation of the program that allows iPhone owners to bring the Apple ecosystem to their car.Unlike its older sibling, which is restricted to the infotainment system in the center console, CarPlay Ultra gives your full dashboard the Apple treatment, including customizable features. The new program is like putting Siri in the passenger seat: It allows the voice-controlled assistant to manage functions like the radio, climate, and performance settings depending on the vehicle. Drivers can tailor what they see on their screens in the car using their iPhone, mixing information from the vehicle itself with widgets powered by Apple. CarPlay Ultra will span multiple screens, Apple said. Apple "With CarPlay Ultra, together with automakers, we are reimagining the in-car experience, making it even more unified and consistent," Bob Borchers, Apple's vice president of worldwide product marketing, said in a press release.CarPlay Ultra is available with US or Canada-based orders for Aston Martin's DBX SUV, Vantage, DB12, and Vanquish as of Thursday, with plans to expand to more of its lineup through a software update on compatible vehicles. If you're hoping for instant access to the new program, it'll likely be a six-figure splurge.A 2025 Aston Martin Vantage starts at $194,000, and the "Supercar of SUV's" DBX retails for $256,000 to start, according to Car and Driver magazine.company's first quarter earnings report.Apple first announced its plan for a second generation of CarPlay in 2022. In January, it amended the CarPlay webpage to remove its 2024 timeline without an updated launch date, according to MacRumors.Eventually, Apple said, CarPlay Ultra will roll out to other automakers, like Hyundai, Kia, and Genesis, which have already committed to launching the new program. Recommended video