May 23, 2025Ravie LakshmananCryptocurrency / Malware The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security tools to detect or block the malware." Latrodectus, believed to be a successor to IcedID, is the name given to a malware that acts as a downloader for other payloads, such as ransomware. It was first documented by Proofpoint and Team Cymru in April 2024. Incidentally, the malware is one among the many malicious software to suffer an operational setback as part of Operation Endgame, which took down 300 servers worldwide and neutralized 650 domains related to Bumblebee, Lactrodectus, QakBot, HijackLoader, DanaBot, TrickBot, and WARMCOOKIE between May 19 and 22, 2025. In the latest set of Latrodectus attacks observed by Expel in May 2025, unsuspecting users are tricked into copying and executing a PowerShell command from an infected website, a tactic that has become a prevalent method to distribute a wide range of malware. "When run by a user, these commands will attempt to install a file located at the remote URL using MSIExec, and then execute it in memory," Expel said. "This keeps the attacker from having to write the file to the computer and risk being detected by the browser or an antivirus that might detect it on disk." The MSI installer contains a legitimate application from NVIDIA, which is used to sideload a malicious DLL, which then uses curl to download the main payload. To mitigate attacks of this type, it's advised to disable the Windows Run program using Group Policy Objects (GPOs) or turn off the "Windows + R" hot key via a Windows Registry change. From ClickFix to TikTok The disclosure comes as Trend Micro revealed details of a new engineering campaign that instead of relying on fake CAPTCHA pages employs TikTok videos likely generated using artificial intelligence (AI) tools to deliver the Vidar and StealC information stealers by instructing users to run malicious commands on their systems to activate Windows, Microsoft Office, CapCut, and Spotify. These videos have been posted from various TikTok accounts such as @gitallowed, @zane.houghton, @allaivo2, @sysglow.wow, @alexfixpc, and @digitaldreams771. These accounts are no longer active. One of the videos claiming to provide instructions on how to "boost your Spotify experience instantly" has amassed nearly 500,000 views, with over 20,000 likes and more than 100 comments. The campaign marks a new escalation of ClickFix in that users searching for ways to activate pirated apps are verbally and visually guided to open the Windows Run dialog by pressing the "Windows + R" hot key, launch PowerShell, and run the command highlighted in the video, ultimately compromising their own systems. "Threat actors are now using TikTok videos that are potentially generated using AI-powered tools to socially engineer users into executing PowerShell commands under the guise of guiding them to activate legitimate software or unlock premium features," security researcher Junestherry Dela Cruz said. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware." Fake Ledger Apps Used to Steal Mac Users' Seed Phrases The findings also follow the discovery of four different malware campaigns that leverage a cloned version of the Ledger Live app to steal sensitive data, including seed phrases, with the goal of draining victims' cryptocurrency wallets. The activity has been ongoing since August 2024. The attacks make use of the malicious DMG files that, when launched, launches AppleScript to exfiltrate passwords and Apple Notes data, and then download a trojanized version of Ledger Live. Once the app is opened, it warns users of a supposed account problem and that it requires their seed phrase for recovery. The entered seed phrase is sent to an attacker-controlled server. Moonlock Lab, which shed light on the campaign, said the rogue apps make use of macOS stealer malware like Atomic macOS Stealer (AMOS) and Odyssey, the latter of which introduced the novel phishing scheme in March 2025. It's worth noting that the activity overlaps with a macOS infostealer campaign that targets Ledger Live users through PyInstaller-packed binaries, as revealed by Jamf this month. "On dark web forums, chatter around anti-Ledger schemes is growing. The next wave is already taking shape," MacPaw's cybersecurity division noted. "Hackers will continue to exploit the trust crypto owners place in Ledger Live." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Iran and the United States prepared for a fifth round of negotiations over Tehran’s rapidly advancing nuclear program Friday in Rome, with enrichment emerging as the key issue.U.S. officials up to President Donald Trump insist Iran cannot continue to enrich uranium at all in any deal that could see sanctions lifted on Tehran’s struggling economy. Iran’s Foreign Minister Abbas Araghchi early Friday insisted online that no enrichment would mean “we do NOT have a deal.” “Figuring out the path to a deal is not rocket science,” Araghchi wrote on the social platform X. “Time to decide.”The U.S. will be again represented in the talks by Mideast envoy Steve Witkoff and Michael Anton, the State Department’s policy planning director. Oman’s Foreign Minister Badr al-Busaidi is mediating the negotiations as the sultanate on the Arabian Peninsula has been a trusted interlocutor by both Tehran and Washington in the talks.A car carrying Araghchi arrived at the Omani Embassy in Rome’s Camilluccia neighborhood around 12:30 p.m. Witkoff had yet to be seen, but the embassy previously served as the site of another round of talks. Enrichment remains key in negotiations The talks seek to limit Iran’s nuclear program in exchange for the lifting of some of the crushing economic sanctions the U.S. has imposed on the Islamic Republic, closing in on half a century of enmity.Trump has repeatedly threatened to unleash airstrikes targeting Iran’s program if a deal isn’t reached. Iranian officials increasingly warn they could pursue a nuclear weapon with their stockpile of uranium enriched to near weapons-grade levels.“Iran almost certainly is not producing nuclear weapons, but Iran has undertaken activities in recent years that better position it to produce them, if it chooses to do so,” a new report from the U.S. Defense Intelligence Agency said. “These actions reduce the time required to produce sufficient weapons-grade uranium for a first nuclear device to probably less than one week.”However, it likely still would take Iran months to make a working bomb, experts say.Enrichment remains the key point of contention. Witkoff at one point suggested Iran could enrich uranium at 3.67%, then later began saying all Iranian enrichment must stop. That position on the American side has hardened over time.Asked about the negotiations, State Department spokesperson Tammy Bruce said “we believe that we are going to succeed” in the talks and on Washington’s push for no enrichment.“The Iranians are at that table, so they also understand what our position is, and they continue to go,” Bruce said Thursday.One idea floated so far that might allow Iran to stop enrichment in the Islamic Republic but maintain a supply of uranium could be a consortium in the Mideast backed by regional countries and the U.S. There also are multiple countries and the International Atomic Energy Agency offering low-enriched uranium that can be used for peaceful purposes by countries.However, Iran’s Foreign Ministry has maintained enrichment must continue within the country’s borders and a similar fuel-swap proposal failed to gain traction in negotiations in 2010.Meanwhile, Israel has threatened to strike Iran’s nuclear facilities on their own if it feels threatened, further complicating tensions in the Mideast already spiked by the Israel-Hamas war in the Gaza Strip.Araghchi warned Thursday that Iran would take “special measures” to defend its nuclear facilities if Israel continues to threaten them, while also warning the U.S. it would view it as being complicit in any Israeli attack. Authorities allowed a group of Iranian students to form a human chain Thursday at its underground enrichment site at Fordo, an area with incredibly tight security built into a mountain to defend against possible airstrikes. Talks come as U.S. pressure on Iran increases Yet despite the tough talk from Iran, the Islamic Republic needs a deal. Its internal politics are inflamed over the mandatory hijab, or headscarf, with women still ignoring the law on the streets of Tehran. Rumors also persist over the government potentially increasing the cost of subsidized gasoline in the country, which has sparked nationwide protests in the past.Iran’s rial currency plunged to over one million to a U.S. dollar in April. The currency has improved with the talks, however, something Tehran hopes will continue as a further collapse in the rial could spark further economic unrest.Meanwhile, its self-described “Axis of Resistance” sits in tatters after Iran’s regional allies in the region have faced repeated attacks by Israel during its war against Hamas in the Gaza Strip. The collapse of Syrian President Bashar Assad’s government during a rebel advance in December also stripped Iran of a key ally.The Trump administration also has continued to levy new sanctions on Iran, including this week, which saw the U.S. specifically target any sale of sodium perchlorate to the Islamic Republic. Iran reportedly received that chemical in shipments from China at its Shahid Rajaei port near Bandar Abbas. A major, unexplained explosion there killed dozens and wounded over 1,000 others in April during one round of the talks. Gambrell reported from Dubai, United Arab Emirates. Associated Press writer Nasser Karimi in Tehran, Iran, contributed to this report. —Jon Gambrell and Giada Zampano, Associated Press

Hinge Health, a digital physical therapy company, closed its first day of trading on the New York Stock Exchange on Thursday at $37.56, up about 17% over the $32 IPO price it set the previous day. That’s a good first-day result. But even with the pop, Hinge’s public valuation is significantly less than its last private market one. The 11-year-old company’s approximate market capitalization, excluding employee options, was about $3 billion, which is less than half of the $6.2 billion Hinge attained in its October 2021 Series E funding round, which was led by Tiger Global Management. Until recently, companies went to great lengths to avoid down-round IPOs. However, the stigma associated with going public below the last private valuation has lessened significantly if that valuation was during the heady 2020-2021 era. Companies whose IPOs are priced lower than their last private valuation by VCs include Reddit, which debuted last year at about $5.4 billion, roughly half its $10 billion valuation from 2021. Another example is ServiceTitan, whose IPO valued it at about $6.3 billion, below the $7.6 billion valuation it secured in a Series H round two years earlier. Hinge Health’s IPO raised $437 million, with about $237 million in proceeds going directly to the company and the remainder to its existing investors. The company’s largest outside shareholders are Insight Partners, which holds 19% of all stock, and Atomico, which has 15% of all shares. Other venture capital firms that own approximately 8% of Hinge’s shares include 11.2 Capital, Coatue, Tiger Global, and Bessemer Venture Partners, according to the company’s latest S-1 filing. Co-founders Daniel Perez and Gabriel Mecklenburg own 18.9% and 8.2%, respectively. The company aims to reduce musculoskeletal pain with the help of wearable sensors and computer vision technology remotely monitored by a clinical care team of physical therapists, physicians, and board-certified health coaches. Techcrunch event Join us at TechCrunch Sessions: AI Secure your spot for our leading AI industry event with speakers from OpenAI, Anthropic, and Cohere. For a limited time, tickets are just $292 for an entire day of expert talks, workshops, and potent networking. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 REGISTER NOW Omada Health, another digital health company, filed to go public earlier this month. The 13-year-old startup offers virtual care between doctors’ visits for chronic conditions like diabetes and hypertension, and competes with Hinge Health in the musculoskeletal pain reduction space. Omada’s biggest shareholders include U.S. Venture Partners and Andreessen Horowitz, and was last valued in 2022 at just above $1 billion. Hinge Health’s primary competitor is Sword Health, which was valued at $3 billion about a year ago. At that time, Sword Health’s CEO, Virgilio Bento, told TechCrunch that the company might also pursue an IPO in 2025 if it grows as expected and the macroeconomic environment is favorable. 

Save this picture!© Ugo Carmeni, 2025A pavilion in a Biennale serves as a platform for cultural expression, allowing a nation to articulate its architectural identity while responding to global challenges. These national exhibitions reflect how each country interprets the event's central theme through the lens of its own landscapes, histories, and future aspirations, reinforcing architecture's ability to act not only as a built discipline, but also as a catalyst for reflection, transformation, and dialogue. In this context, Montenegro's contribution resonates with particular force. Titled Terram Intelligere: INTERSTITIUM, the pavilion draws on the concept of a newly understood anatomical system of fluid-filled spaces running throughout the human body, facilitating connection and exchange. Once considered dense and inert, the interstitium is now revealed to be a network of dynamic interrelation — a metaphor that the curators use to reframe architecture as an active, living inquiry into natural, artificial, and collective intelligence, in tune with this edition's theme: Natural. Artificial. Collective.Curated by Prof. Dr. Miljana Zeković, with contributors Ivan Šuković, Dejan Todorović, and Emir Šehanović, transforms the newly inaugurated Arte Nova space in Venice's Campo San Lorenzo into a dynamic laboratory. The project treats the interstitium not only as a biological metaphor, but as an architectural strategy, and the pavilion becomes a mediating membrane, connecting biology, tradition, and speculative futures. As Zeković explains, "Architecture naturally occupies a space between disciplines — not only between art and science, but also engineering. Here, it becomes a form of mediation between species, materials, and temporalities."Floating polycarbonate forms, infused with soil-derived bacterial cultures, are suspended by cables and arranged in a carefully orchestrated constellation. These transparent volumes are not inert, but biologically active. Over the six months of the Biennale, the microorganisms within them will grow, mutate, and generate bio-pigments in response to environmental stimuli such as light and temperature. This expanded view of architecture revisits the suvomeđa, a traditional Montenegrin dry-stone boundary wall built without mortar. More than a marker of property, the međa embodies ecological coexistence and cultural memory. In the pavilion, its principles are reinterpreted through these structures, each evoking the porosity, modularity, and autonomy of this vernacular tradition. "The međa is present in the pavilion both as a metaphor and as a symbol," observes Zeković. "Stones traditionally assembled without binding material are now reimagined in a collective, organic form — each floating, yet interconnected." Save this picture!Save this picture!Rethinking Intelligence (and Color) Through Soil and Slow TransformationDeveloped in collaboration with the Institute of Molecular Genetics and Genetic Engineering at the University of Belgrade, the project demonstrates how soil bacteria collected from Durmitor National Park, Skadar Lake, Bukumirsko Lake, and villages near Virpazar produce bio-pigments under UV exposure. These vibrant and resilient pigments suggest a future in which ecological coloring could replace synthetic and toxic dyes in the construction industry. "The bacteria developed fascinating spatial systems," says Zeković, "which could easily be envisioned, in some modified form, applied in construction." For Zeković, this convergence between science and design reflects a deeper ambition: It is entirely realistic to expect that many industrial materials containing hazardous components will be replaced by natural, sustainable alternatives. (...) Science, art, and architecture can help create a better, more stable, and sustainable world. The Montenegrin pavilion offers more than a visual encounter — it invites participation. As Zeković states: Visitors can engage with the space in multiple ways. The first is as a passive observer, taking in the installation from afar. The second is for the curious — those who step closer, who examine the bacterial worlds, who enter the 'boundary' and explore this unexpected potential from multiple angles. Save this picture!Inside these floating forms, visitors discover not only living microbial ecosystems, but also narrative templates, abstract representations of Montenegrin terrains, and even living bacterial nanocellulose. It is a multisensory and educational journey — one that encourages slow observation and critical reflection.Rather than offering a definitive solution, Terram Intelligere: INTERSTITIUM invites us to rethink how we define intelligence, materiality, and boundaries. The project asks: what can we learn from soil, from tradition, from microorganisms? In doing so, Montenegro's contribution rejects immediate spectacle in favor of slow, cellular, and continuous transformation — proposing an architecture that adapts, and grows. As the curator affirms, "The theme of intelligence and future hybrid intelligent systems demands far more than mere interpretation; it requires deep engagement on multiple levels."Save this picture!Save this picture!And she reminds us that the Biennale is more than a platform for display: "The Architecture Biennale is indeed a showcase of nations and entities, but — and this is particularly important to me — it is also a place of education. Visitors come primarily to see and to learn, and therefore, the innovations and insights presented through the exhibitions are of great significance."Just as the međa quietly delineates space while sustaining complex and invisible ecologies, the systems explored in the Montenegro Pavilion suggest that resilience does not begin with grand gestures, but with subtle, intelligent adaptation. Rooted in the soil, microorganisms model complex cooperation and environmental responsiveness, constructing spatial networks, generating living pigments, and embodying an architecture that grows from within — silently, incrementally, collectively. As the text presented in the pavilion reminds us, "Through this quiet evolution, the city of the future may rise upon a living, ever-evolving foundation – one shaped by continuous growth, shared intelligence, and the subtle emergence of hybrid systems rooted in nature."Save this picture!Commissioner: Mirjana ĐurišićCurator: dr Miljana ZekovićExhibitors: Ivan Šuković, Dejan Todorović, Emir ŠehanovićProfessional collaborators and project partners: Institute of Molecular Genetics and Genetic Engineering (IMGGE), University of Belgrade - Dr Jasmina Nikodinović-Runić, Vukašin Janković, Dr Tatjana Ilić-Tomić, Dr Ivana Aleksić, Dr Dušan MilivojevićCreative team: Tamara Marović, Maja RadonjićProducer: Jelena BožovićProject technical director: Aleksandar JevtovićTechnical production assistants: Miloš Jevtović, Branislav DragojlovićLighting – technical implementation: Boris Butorac, Jovan Vanja MarjanovićSound design: Miloš HadžićPublication design and visual identity of the exhibition: Igor MilanovićOrganizer: Ministry of Spatial Planning, Urbanism and State Property of Montenegro

In February 2024, CNN reported, “A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call.” In Europe, a second firm experienced a multimillion-dollar fraud when a deepfake emulated a board member in a video allegedly approving a fraudulent transfer of funds. “Banks and financial institutions are particularly at risk,” said The Hack Academy. “A study by Deloitte found that over 50% of senior executives expect deepfake scams to target their organizations soon. These attacks can undermine trust and lead to significant financial loss.”  Hack Academy went on to say that AI-inspired security attacks weren’t confined to deepfakes. These attacks were also beginning to occur with increased regularity in the form of corporate espionage and misinformation campaigns. AI brings new, more dangerous tactics to traditional security attack methods like phishing, social engineering and the insertion of malware into systems. For CIOs, enterprise AI system developers, data scientists and IT network professionals, AI changes the rules and the tactics for security, given AI’s limitless potential for both good and bad. This is forcing a reset in how IT thinks about security against malicious actors and intruders. Related:How Bad Actors are Exploiting AI What exactly is IT up against? The AI tools that are available on the dark web and in public cyber marketplaces give security perpetrators a wide choice of AI weaponry. Also, IoT and edge networks now present much broader enterprise attack surfaces. Security threats can come in videos, phone calls, social media sites, corporate systems and networks, vendor clouds, IoT devices, network end points, and virtually any entry point into a corporate IT environment that electronic communications can penetrate. Here are some of the current AI-embellished security attacks that companies are seeing: Convincing deepfake videos of corporate executives and stakeholders that are intended to dupe companies in pursuing certain actions or transferring certain assets or funds. This deep faking also extends to voice simulations of key personnel that are left as voicemails in corporate phone systems.  Phishing and spearfishing attacks that send convincing emails (some with malicious attachments) to employees, who mistakenly open them because they think the sender is their boss, the CEO or someone else they perceive as trusted. AI supercharges these attacks because it can automate and send out a large volume of emails that hit many employee email accounts. That AI continues to “learn” with the help of machine learning so it can discover new trusted sender candidates for future attacks.   Related:Adaptive messaging that uses generative AI to craft messages to users that correct grammar and that “learn” from corporate communication styles so they can more closely emulate corporate communications that make them seem legitimate. Mutating code that uses AI to change malware signatures on the fly so antivirus detection mechanisms can be evaded. Data poisoning that occurs when a corporate or cloud provider’s AI data repository is injected by malware that alters (“poisons”) so the data produces erroneous and misleading results.  Fighting Back With Tech To combat these supercharged AI-based security threats, IT has number of tools, techniques and strategies it can consider. Fighting deepfakes. Deepfakes can come in the form of videos, voicemails and photos. Since deepfakes are unstructured data objects that can’t be parsed in their native forms like real data, there are new tools on the market that can convert these objects into graphical representations that can be analyzed to evaluate whether there is something in an object that should or shouldn’t be there. The goal is to confirm authenticity.  Related:Fighting phishing and spear phishing. A combination of policy and practice works best to combat phishing and spear phishing attacks. Both types of attacks are predicated on users being tricked into opening an email attachment that they believe is from a trusted sender, so the first line of defense is educating (and repeat-educating) users on how to handle their email. For instance, a user should notify IT if they receive an email that seems unusual or unexpected, and they should never open it. IT should also review its current security tools. Is it still using older security monitoring software that doesn’t include more modern technologies like observability, which can check for security intrusions or malware at more atomic levels?  Is IT still using IAM (identity access management) software to track user identities and activities at a top level in the cloud and on top and atomic levels on premises, or has it also added cloud identity entitlements management (CIEM), which gives it an atomic level view of  user accesses and activities in the cloud? Better yet, has IT moved to identity governance administration (IGA), which can serve as an over-arching umbrella for IAM and CIEM plugins, plus provide detailed audit reports and automated compliance across all platforms? Fighting embedded malware code. Malware can lie dormant in systems for months, giving a bad actor the option to activate it whenever the timing is right. It’s all the more reason for IT to augment its security staff with new skillsets, such as that of the “threat hunter,” whose job is to examine networks, data and systems on a daily basis, hunting down malware that might be lurking within, and destroying it before it activates. Fighting with zero-trust networks. Internet of Things (IoT) devices come into companies with little or no security because IoT suppliers don’t pay much attention to it and there is a general expectation that corporate IT will configure devices to the appropriate security settings. The problem is, IT often forgets to do this. There are also times when users purchase their own IoT gear, and IT doesn’t know about it. Zero-trust networks help manage this, because they detect and report on everything that is added, subtracted or modified on the network. This gives IT visibility into new, potential security breach points. A second step is to formalize IT procedures for IoT devices so that no IoT device is deployed without the device’s security first being set to corporate standards.  Fighting AI data poisoning. AI models, systems and data should be continuously monitored for accuracy. As soon as they show lowered levels of accuracy or produce unusual conclusions, the data repository, inflows and outflows should be examined for quality and non-bias of data. If contamination is found, the system should be taken down, the data sanitized, and the sources of the contamination traced, tracked and disabled. Fighting AI with AI. Most every security tool on the market today contains AI functionality to detect anomalies, abnormal data patterns and user activities. Additionally, forensics AI can dissect a security breach that does occur, isolating how it happened, where it originated from and what caused it. Since most sites don’t have on-staff forensics experts, IT will have to train staff in forensics skills. Fighting with regular audits and vulnerability testing. Minimally, IT vulnerability testing should be performed on a quarterly basis, and full security audits on an annual basis. If sites use cloud providers, they should request each provider’s latest security audit for review. An outside auditor can also help sites prepare for future AI-driven security threats, because auditors stay on top of the industry, visit many different companies, and see many different situations. An advanced knowledge of threats that loom in the future helps sites prepare for new battles. Summary AI technology is moving faster than legal rulings and regulations. This leaves most IT departments “on their own” to develop security defenses against bad actors who use AI against them.  The good news is that IT already has insights into how bad actors intend to use AI, and there are tools on the market that can help defensive efforts. What’s been missing is a proactive and aggressive battle plan from IT. That has to start now. 

In February 2024, CNN reported, “A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call.” In Europe, a second firm experienced a multimillion-dollar fraud when a deepfake emulated a board member in a video allegedly approving a fraudulent transfer of funds. “Banks and financial institutions are particularly at risk,” said The Hack Academy. “A study by Deloitte found that over 50% of senior executives expect deepfake scams to target their organizations soon. These attacks can undermine trust and lead to significant financial loss.”  Hack Academy went on to say that AI-inspired security attacks weren’t confined to deepfakes. These attacks were also beginning to occur with increased regularity in the form of corporate espionage and misinformation campaigns. AI brings new, more dangerous tactics to traditional security attack methods like phishing, social engineering and the insertion of malware into systems. For CIOs, enterprise AI system developers, data scientists and IT network professionals, AI changes the rules and the tactics for security, given AI’s limitless potential for both good and bad. This is forcing a reset in how IT thinks about security against malicious actors and intruders. Related:How Bad Actors are Exploiting AI What exactly is IT up against? The AI tools that are available on the dark web and in public cyber marketplaces give security perpetrators a wide choice of AI weaponry. Also, IoT and edge networks now present much broader enterprise attack surfaces. Security threats can come in videos, phone calls, social media sites, corporate systems and networks, vendor clouds, IoT devices, network end points, and virtually any entry point into a corporate IT environment that electronic communications can penetrate. Here are some of the current AI-embellished security attacks that companies are seeing: Convincing deepfake videos of corporate executives and stakeholders that are intended to dupe companies in pursuing certain actions or transferring certain assets or funds. This deep faking also extends to voice simulations of key personnel that are left as voicemails in corporate phone systems.  Phishing and spearfishing attacks that send convincing emails (some with malicious attachments) to employees, who mistakenly open them because they think the sender is their boss, the CEO or someone else they perceive as trusted. AI supercharges these attacks because it can automate and send out a large volume of emails that hit many employee email accounts. That AI continues to “learn” with the help of machine learning so it can discover new trusted sender candidates for future attacks.   Related:Adaptive messaging that uses generative AI to craft messages to users that correct grammar and that “learn” from corporate communication styles so they can more closely emulate corporate communications that make them seem legitimate. Mutating code that uses AI to change malware signatures on the fly so antivirus detection mechanisms can be evaded. Data poisoning that occurs when a corporate or cloud provider’s AI data repository is injected by malware that alters (“poisons”) so the data produces erroneous and misleading results.  Fighting Back With Tech To combat these supercharged AI-based security threats, IT has number of tools, techniques and strategies it can consider. Fighting deepfakes. Deepfakes can come in the form of videos, voicemails and photos. Since deepfakes are unstructured data objects that can’t be parsed in their native forms like real data, there are new tools on the market that can convert these objects into graphical representations that can be analyzed to evaluate whether there is something in an object that should or shouldn’t be there. The goal is to confirm authenticity.  Related:Fighting phishing and spear phishing. A combination of policy and practice works best to combat phishing and spear phishing attacks. Both types of attacks are predicated on users being tricked into opening an email attachment that they believe is from a trusted sender, so the first line of defense is educating (and repeat-educating) users on how to handle their email. For instance, a user should notify IT if they receive an email that seems unusual or unexpected, and they should never open it. IT should also review its current security tools. Is it still using older security monitoring software that doesn’t include more modern technologies like observability, which can check for security intrusions or malware at more atomic levels?  Is IT still using IAM (identity access management) software to track user identities and activities at a top level in the cloud and on top and atomic levels on premises, or has it also added cloud identity entitlements management (CIEM), which gives it an atomic level view of  user accesses and activities in the cloud? Better yet, has IT moved to identity governance administration (IGA), which can serve as an over-arching umbrella for IAM and CIEM plugins, plus provide detailed audit reports and automated compliance across all platforms? Fighting embedded malware code. Malware can lie dormant in systems for months, giving a bad actor the option to activate it whenever the timing is right. It’s all the more reason for IT to augment its security staff with new skillsets, such as that of the “threat hunter,” whose job is to examine networks, data and systems on a daily basis, hunting down malware that might be lurking within, and destroying it before it activates. Fighting with zero-trust networks. Internet of Things (IoT) devices come into companies with little or no security because IoT suppliers don’t pay much attention to it and there is a general expectation that corporate IT will configure devices to the appropriate security settings. The problem is, IT often forgets to do this. There are also times when users purchase their own IoT gear, and IT doesn’t know about it. Zero-trust networks help manage this, because they detect and report on everything that is added, subtracted or modified on the network. This gives IT visibility into new, potential security breach points. A second step is to formalize IT procedures for IoT devices so that no IoT device is deployed without the device’s security first being set to corporate standards.  Fighting AI data poisoning. AI models, systems and data should be continuously monitored for accuracy. As soon as they show lowered levels of accuracy or produce unusual conclusions, the data repository, inflows and outflows should be examined for quality and non-bias of data. If contamination is found, the system should be taken down, the data sanitized, and the sources of the contamination traced, tracked and disabled. Fighting AI with AI. Most every security tool on the market today contains AI functionality to detect anomalies, abnormal data patterns and user activities. Additionally, forensics AI can dissect a security breach that does occur, isolating how it happened, where it originated from and what caused it. Since most sites don’t have on-staff forensics experts, IT will have to train staff in forensics skills. Fighting with regular audits and vulnerability testing. Minimally, IT vulnerability testing should be performed on a quarterly basis, and full security audits on an annual basis. If sites use cloud providers, they should request each provider’s latest security audit for review. An outside auditor can also help sites prepare for future AI-driven security threats, because auditors stay on top of the industry, visit many different companies, and see many different situations. An advanced knowledge of threats that loom in the future helps sites prepare for new battles. Summary AI technology is moving faster than legal rulings and regulations. This leaves most IT departments “on their own” to develop security defenses against bad actors who use AI against them.  The good news is that IT already has insights into how bad actors intend to use AI, and there are tools on the market that can help defensive efforts. What’s been missing is a proactive and aggressive battle plan from IT. That has to start now. 

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. The data center boom in the desert In the high desert east of Reno, Nevada, construction crews are flattening the golden foothills of the Virginia Range, laying the foundations of a data center city.Google, Tract, Switch, EdgeCore, Novva, Vantage, and PowerHouse are all operating, building, or expanding huge facilities nearby. Meanwhile, Microsoft has acquired more than 225 acres of undeveloped property, and Apple is expanding its existing data center just across the Truckee River from the industrial park. The corporate race to amass computing resources to train and run artificial intelligence models and store information in the cloud has sparked a data center boom in the desert—and it’s just far enough away from Nevada’s communities to elude wide notice and, some fear, adequate scrutiny. Read the full story. —James Temple This story is part of Power Hungry: AI and our energy future—our new series shining a light on the energy demands and carbon costs of the artificial intelligence revolution. Check out the rest of the package here. A new atomic clock in space could help us measure elevations on Earth In 2003, engineers from Germany and Switzerland began building a bridge across the Rhine River simultaneously from both sides. Months into construction, they found that the two sides did not meet. The German side hovered 54 centimeters above the Swiss one. The misalignment happened because they measured elevation from sea level differently. To prevent such costly construction errors, in 2015 scientists in the International Association of Geodesy voted to adopt the International Height Reference Frame, or IHRF, a worldwide standard for elevation.Now, a decade after its adoption, scientists are looking to update the standard—by using the most precise clock ever to fly in space. Read the full story. —Sophia Chen Three takeaways about AI’s energy use and climate impacts —Casey CrownhartThis week, we published Power Hungry, a package all about AI and energy. At the center of this package is the most comprehensive look yet at AI’s growing power demand, if I do say so myself. This data-heavy story is the result of over six months of reporting by me and my colleague James O’Donnell (and the work of many others on our team). Over that time, with the help of leading researchers, we quantified the energy and emissions impacts of individual queries to AI models and tallied what it all adds up to, both right now and for the years ahead. There’s a lot of data to dig through, and I hope you’ll take the time to explore the whole story. But in the meantime, here are three of my biggest takeaways from working on this project. Read the full story.This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here. MIT Technology Review Narrated: Congress used to evaluate emerging technologies. Let’s do it again. Artificial intelligence comes with a shimmer and a sheen of magical thinking. And if we’re not careful, politicians, employers, and other decision-makers may accept at face value the idea that machines can and should replace human judgment and discretion. One way to combat that might be resurrecting the Office of Technology Assessment, a Congressional think tank that detected lies and tested tech until it was shuttered in 1995. This is our latest story to be turned into a MIT Technology Review Narrated podcast, which we’re publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as it’s released. The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 OpenAI is buying Jony Ive’s AI startupThe former Apple design guru will work with Sam Altman to design an entirely new range of devices. (NYT $)+ The deal is worth a whopping $6.5 billion. (Bloomberg $)+ Altman gave OpenAI staff a preview of its AI ‘companion’ devices. (WSJ $)+ AI products to date have failed to set the world alight. (The Atlantic $) 2 Microsoft has blocked employee emails containing ‘Gaza’ or ‘Palestine’Although the term ‘Israel’ does not trigger such a block. (The Verge)+ Protest group No Azure for Apartheid has accused the company of censorship. (Fortune $) 3 DOGE needs to do its work in secretThat’s what the Trump administration is claiming to the Supreme Court, at least. (Ars Technica)+ It’s trying to avoid being forced to hand over internal documents. (NYT $)+ DOGE’s tech takeover threatens the safety and stability of our critical data. (MIT Technology Review) 4 US banks are racing to embrace cryptocurrencyAhead of new stablecoin legislation. (The Information $)+ Attendees at Trump’s crypto dinner paid over $1 million for the privilege. (NBC News)+ Bitcoin has surged to an all-time peak yet again. (Reuters) 5 China is making huge technological leapsThanks to the billions it’s poured into narrowing the gap between it and the US. (WSJ $)+ Nvidia’s CEO has branded America’s chip curbs on China ‘a failure.’ (FT $)+ There can be no winners in a US-China AI arms race. (MIT Technology Review) 6 Disordered eating content is rife on TikTokBut a pocket of creators are dedicated to debunking the worst of it. (Wired $) 7 The US military is interested in the world’s largest aircraftThe gigantic WindRunner plane will have an 80-metre wingspan. (New Scientist $)+ Phase two of military AI has arrived. (MIT Technology Review) 8 How AI is shaking up animationNew tools are slashing the costs of creating episodes by up to 90%. (NYT $)+ Generative AI is reshaping South Korea’s webcomics industry. (MIT Technology Review) 9 Tesla’s Cybertruck is a flopSorry, Elon. (Fast Company $)+ The vehicles’ resale value is plummeting. (The Daily Beast) 10 Google’s new AI video generator loves this terrible jokeWhich appears to originate from a Reddit post. (404 Media)+ What happened when 20 comedians got AI to write their routines. (MIT Technology Review) Quote of the day “It feels like we are marching off a cliff.” —An unnamed software engineering vice president jokes that future developers conferences will be attended by the AI agents companies like Microsoft are racing to deploy, Semafor reports. One more thing What does GPT-3 “know” about me?One of the biggest stories in tech is the rise of large language models that produce text that reads like a human might have written it.These models’ power comes from being trained on troves of publicly available human-created text hoovered up from the internet. If you’ve posted anything even remotely personal in English on the internet, chances are your data might be part of some of the world’s most popular LLMs.Melissa Heikkilä, MIT Technology Review’s former AI reporter, wondered what data these models might have on her—and how it could be misused. So she put OpenAI’s GPT-3 to the test. Read about what she found. We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet ’em at me.) + Don’t shoot the messenger, but it seems like there’s a new pizza king in town ($)+ Ranked: every Final Destination film, from worst to best.+ Who knew that jelly could help to preserve coral reefs? Not I.+ A new generation of space archaeologists are beavering away to document our journeys to the stars.

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology. The data center boom in the desert In the high desert east of Reno, Nevada, construction crews are flattening the golden foothills of the Virginia Range, laying the foundations of a data center city. Google, Tract, Switch, EdgeCore, Novva, Vantage, and PowerHouse are all operating, building, or expanding huge facilities nearby. Meanwhile, Microsoft has acquired more than 225 acres of undeveloped property, and Apple is expanding its existing data center just across the Truckee River from the industrial park.The corporate race to amass computing resources to train and run artificial intelligence models and store information in the cloud has sparked a data center boom in the desert—and it’s just far enough away from Nevada’s communities to elude wide notice and, some fear, adequate scrutiny. Read the full story. —James Temple This story is part of Power Hungry: AI and our energy future—our new series shining a light on the energy demands and carbon costs of the artificial intelligence revolution. Check out the rest of the package here. A new atomic clock in space could help us measure elevations on Earth In 2003, engineers from Germany and Switzerland began building a bridge across the Rhine River simultaneously from both sides. Months into construction, they found that the two sides did not meet. The German side hovered 54 centimeters above the Swiss one. The misalignment happened because they measured elevation from sea level differently. To prevent such costly construction errors, in 2015 scientists in the International Association of Geodesy voted to adopt the International Height Reference Frame, or IHRF, a worldwide standard for elevation. Now, a decade after its adoption, scientists are looking to update the standard—by using the most precise clock ever to fly in space. Read the full story. —Sophia Chen Three takeaways about AI’s energy use and climate impacts —Casey Crownhart This week, we published Power Hungry, a package all about AI and energy. At the center of this package is the most comprehensive look yet at AI’s growing power demand, if I do say so myself. This data-heavy story is the result of over six months of reporting by me and my colleague James O’Donnell (and the work of many others on our team). Over that time, with the help of leading researchers, we quantified the energy and emissions impacts of individual queries to AI models and tallied what it all adds up to, both right now and for the years ahead. There’s a lot of data to dig through, and I hope you’ll take the time to explore the whole story. But in the meantime, here are three of my biggest takeaways from working on this project. Read the full story.This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here. MIT Technology Review Narrated: Congress used to evaluate emerging technologies. Let’s do it again. Artificial intelligence comes with a shimmer and a sheen of magical thinking. And if we’re not careful, politicians, employers, and other decision-makers may accept at face value the idea that machines can and should replace human judgment and discretion. One way to combat that might be resurrecting the Office of Technology Assessment, a Congressional think tank that detected lies and tested tech until it was shuttered in 1995. This is our latest story to be turned into a MIT Technology Review Narrated podcast, which we’re publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as it’s released. The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 OpenAI is buying Jony Ive’s AI startup The former Apple design guru will work with Sam Altman to design an entirely new range of devices. (NYT $)+ The deal is worth a whopping $6.5 billion. (Bloomberg $)+ Altman gave OpenAI staff a preview of its AI ‘companion’ devices. (WSJ $)+ AI products to date have failed to set the world alight. (The Atlantic $)2 Microsoft has blocked employee emails containing ‘Gaza’ or ‘Palestine’ Although the term ‘Israel’ does not trigger such a block. (The Verge)+ Protest group No Azure for Apartheid has accused the company of censorship. (Fortune $) 3 DOGE needs to do its work in secret That’s what the Trump administration is claiming to the Supreme Court, at least. (Ars Technica)+ It’s trying to avoid being forced to hand over internal documents. (NYT $)+ DOGE’s tech takeover threatens the safety and stability of our critical data. (MIT Technology Review)4 US banks are racing to embrace cryptocurrency Ahead of new stablecoin legislation. (The Information $)+ Attendees at Trump’s crypto dinner paid over $1 million for the privilege. (NBC News)+ Bitcoin has surged to an all-time peak yet again. (Reuters)5 China is making huge technological leaps Thanks to the billions it’s poured into narrowing the gap between it and the US. (WSJ $)+ Nvidia’s CEO has branded America’s chip curbs on China ‘a failure.’ (FT $)+ There can be no winners in a US-China AI arms race. (MIT Technology Review)6 Disordered eating content is rife on TikTokBut a pocket of creators are dedicated to debunking the worst of it. (Wired $) 7 The US military is interested in the world’s largest aircraftThe gigantic WindRunner plane will have an 80-metre wingspan. (New Scientist $) + Phase two of military AI has arrived. (MIT Technology Review)8 How AI is shaking up animationNew tools are slashing the costs of creating episodes by up to 90%. (NYT $) + Generative AI is reshaping South Korea’s webcomics industry. (MIT Technology Review)9 Tesla’s Cybertruck is a flop Sorry, Elon. (Fast Company $)+ The vehicles’ resale value is plummeting. (The Daily Beast)10 Google’s new AI video generator loves this terrible joke Which appears to originate from a Reddit post. (404 Media)+ What happened when 20 comedians got AI to write their routines. (MIT Technology Review) Quote of the day “It feels like we are marching off a cliff.” —An unnamed software engineering vice president jokes that future developers conferences will be attended by the AI agents companies like Microsoft are racing to deploy, Semafor reports. One more thing What does GPT-3 “know” about me?One of the biggest stories in tech is the rise of large language models that produce text that reads like a human might have written it. These models’ power comes from being trained on troves of publicly available human-created text hoovered up from the internet. If you’ve posted anything even remotely personal in English on the internet, chances are your data might be part of some of the world’s most popular LLMs.Melissa Heikkilä, MIT Technology Review’s former AI reporter, wondered what data these models might have on her—and how it could be misused. So she put OpenAI’s GPT-3 to the test. Read about what she found.We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet 'em at me.) + Don’t shoot the messenger, but it seems like there’s a new pizza king in town 🍕 ($)+ Ranked: every Final Destination film, from worst to best.+ Who knew that jelly could help to preserve coral reefs? Not I.+ A new generation of space archaeologists are beavering away to document our journeys to the stars.

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology. The data center boom in the desert In the high desert east of Reno, Nevada, construction crews are flattening the golden foothills of the Virginia Range, laying the foundations of a data center city. Google, Tract, Switch, EdgeCore, Novva, Vantage, and PowerHouse are all operating, building, or expanding huge facilities nearby. Meanwhile, Microsoft has acquired more than 225 acres of undeveloped property, and Apple is expanding its existing data center just across the Truckee River from the industrial park.The corporate race to amass computing resources to train and run artificial intelligence models and store information in the cloud has sparked a data center boom in the desert—and it’s just far enough away from Nevada’s communities to elude wide notice and, some fear, adequate scrutiny. Read the full story. —James Temple This story is part of Power Hungry: AI and our energy future—our new series shining a light on the energy demands and carbon costs of the artificial intelligence revolution. Check out the rest of the package here. A new atomic clock in space could help us measure elevations on Earth In 2003, engineers from Germany and Switzerland began building a bridge across the Rhine River simultaneously from both sides. Months into construction, they found that the two sides did not meet. The German side hovered 54 centimeters above the Swiss one. The misalignment happened because they measured elevation from sea level differently. To prevent such costly construction errors, in 2015 scientists in the International Association of Geodesy voted to adopt the International Height Reference Frame, or IHRF, a worldwide standard for elevation. Now, a decade after its adoption, scientists are looking to update the standard—by using the most precise clock ever to fly in space. Read the full story. —Sophia Chen Three takeaways about AI’s energy use and climate impacts —Casey Crownhart This week, we published Power Hungry, a package all about AI and energy. At the center of this package is the most comprehensive look yet at AI’s growing power demand, if I do say so myself. This data-heavy story is the result of over six months of reporting by me and my colleague James O’Donnell (and the work of many others on our team). Over that time, with the help of leading researchers, we quantified the energy and emissions impacts of individual queries to AI models and tallied what it all adds up to, both right now and for the years ahead. There’s a lot of data to dig through, and I hope you’ll take the time to explore the whole story. But in the meantime, here are three of my biggest takeaways from working on this project. Read the full story.This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here. MIT Technology Review Narrated: Congress used to evaluate emerging technologies. Let’s do it again. Artificial intelligence comes with a shimmer and a sheen of magical thinking. And if we’re not careful, politicians, employers, and other decision-makers may accept at face value the idea that machines can and should replace human judgment and discretion. One way to combat that might be resurrecting the Office of Technology Assessment, a Congressional think tank that detected lies and tested tech until it was shuttered in 1995. This is our latest story to be turned into a MIT Technology Review Narrated podcast, which we’re publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as it’s released. The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 OpenAI is buying Jony Ive’s AI startup The former Apple design guru will work with Sam Altman to design an entirely new range of devices. (NYT $)+ The deal is worth a whopping $6.5 billion. (Bloomberg $)+ Altman gave OpenAI staff a preview of its AI ‘companion’ devices. (WSJ $)+ AI products to date have failed to set the world alight. (The Atlantic $)2 Microsoft has blocked employee emails containing ‘Gaza’ or ‘Palestine’ Although the term ‘Israel’ does not trigger such a block. (The Verge)+ Protest group No Azure for Apartheid has accused the company of censorship. (Fortune $) 3 DOGE needs to do its work in secret That’s what the Trump administration is claiming to the Supreme Court, at least. (Ars Technica)+ It’s trying to avoid being forced to hand over internal documents. (NYT $)+ DOGE’s tech takeover threatens the safety and stability of our critical data. (MIT Technology Review)4 US banks are racing to embrace cryptocurrency Ahead of new stablecoin legislation. (The Information $)+ Attendees at Trump’s crypto dinner paid over $1 million for the privilege. (NBC News)+ Bitcoin has surged to an all-time peak yet again. (Reuters)5 China is making huge technological leaps Thanks to the billions it’s poured into narrowing the gap between it and the US. (WSJ $)+ Nvidia’s CEO has branded America’s chip curbs on China ‘a failure.’ (FT $)+ There can be no winners in a US-China AI arms race. (MIT Technology Review)6 Disordered eating content is rife on TikTokBut a pocket of creators are dedicated to debunking the worst of it. (Wired $) 7 The US military is interested in the world’s largest aircraftThe gigantic WindRunner plane will have an 80-metre wingspan. (New Scientist $) + Phase two of military AI has arrived. (MIT Technology Review)8 How AI is shaking up animationNew tools are slashing the costs of creating episodes by up to 90%. (NYT $) + Generative AI is reshaping South Korea’s webcomics industry. (MIT Technology Review)9 Tesla’s Cybertruck is a flop Sorry, Elon. (Fast Company $)+ The vehicles’ resale value is plummeting. (The Daily Beast)10 Google’s new AI video generator loves this terrible joke Which appears to originate from a Reddit post. (404 Media)+ What happened when 20 comedians got AI to write their routines. (MIT Technology Review) Quote of the day “It feels like we are marching off a cliff.” —An unnamed software engineering vice president jokes that future developers conferences will be attended by the AI agents companies like Microsoft are racing to deploy, Semafor reports. One more thing What does GPT-3 “know” about me?One of the biggest stories in tech is the rise of large language models that produce text that reads like a human might have written it. These models’ power comes from being trained on troves of publicly available human-created text hoovered up from the internet. If you’ve posted anything even remotely personal in English on the internet, chances are your data might be part of some of the world’s most popular LLMs.Melissa Heikkilä, MIT Technology Review’s former AI reporter, wondered what data these models might have on her—and how it could be misused. So she put OpenAI’s GPT-3 to the test. Read about what she found.We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet 'em at me.) + Don’t shoot the messenger, but it seems like there’s a new pizza king in town 🍕 ($)+ Ranked: every Final Destination film, from worst to best.+ Who knew that jelly could help to preserve coral reefs? Not I.+ A new generation of space archaeologists are beavering away to document our journeys to the stars.