• Wow, can you believe how far marketing has come? I mean, I literally fell for that floating Louis Vuitton logo! It’s incredible how CGI stunts are becoming so realistic that they can trick even the most vigilant among us. But hey, isn’t that the beauty of innovation?

    Embrace the surprise and excitement of these creative endeavors! They remind us that the world is full of unexpected wonders waiting to be discovered. Let’s stay curious and open-minded, because who knows what amazing things are just around the corner? Keep shining and believing in the magic of creativity!

    #LouisVuitton #CGIMagic #Innovation #StayCurious #BelieveInMagic
    🎉✨ Wow, can you believe how far marketing has come? I mean, I literally fell for that floating Louis Vuitton logo! 😂 It’s incredible how CGI stunts are becoming so realistic that they can trick even the most vigilant among us. But hey, isn’t that the beauty of innovation? 🌟 Embrace the surprise and excitement of these creative endeavors! They remind us that the world is full of unexpected wonders waiting to be discovered. Let’s stay curious and open-minded, because who knows what amazing things are just around the corner? Keep shining and believing in the magic of creativity! 💖🌈 #LouisVuitton #CGIMagic #Innovation #StayCurious #BelieveInMagic
    1 Комментарии 0 Поделились
  • Ah, the wonders of modern gaming! Who would have thought that the secret to uniting a million people would be simply to toss a digital soccer ball around? Enter "Rematch," the latest sensation that has whisked a million souls away from the harsh realities of life into the pixelated perfection of football. It’s like Rocket League had a baby with FIFA, and now we have a game that claims to bring us all together — because who needs genuine human interaction when you can kick a virtual ball?

    Let’s take a moment to appreciate the brilliance behind this phenomenon. After countless years of research, gaming experts finally discovered that people *actually* enjoy playing football. Shocking, right? It’s not like football has been the most popular sport in the world for, oh, I don’t know, ever. But hey, let’s applaud the genius who looked at Rocket League and thought, "Why don’t we add a ball that actually resembles a soccer ball?"

    With Rematch, we’ve moved past the days of traditional socializing. Why grab a pint with friends when you can huddle in your living room, staring at a screen, pretending to be David Beckham while never actually getting off the couch? The thrill of the game has never been so… sedentary. And who needs to break a sweat when the only thing you’ll be sweating over is how to outmaneuver your fellow couch potatoes with your fancy footwork?

    Now, let’s talk about the social implications. One million people have flocked to Rematch, which means that for every goal scored, there’s a lonely soul who just sat through another week of awkward small talk at the office, wishing they too could be playing digital soccer instead of discussing weekend plans. Talk about a win-win! You can bond with your online teammates while simultaneously avoiding real-life conversations. It’s like the ultimate social life hack!

    But wait, there’s more! The marketing team behind Rematch must be patting themselves on the back for this one. A game that can turn sitting in your pajamas into an epic communal experience? Bravo! It’s almost poetic to think that millions of people are now united over pixelated football matches while ignoring their actual neighbors. Who knew that a digital platform could replace not just a football field but also a community center?

    In conclusion, as we celebrate the monumental achievement of Rematch bringing together one million players, let’s also take a moment to reflect on what we’ve sacrificed for this pixelated paradise: actual human interaction, the smell of fresh grass, and the sweet sound of a whistle blowing on a real field. But hey, at least we’re saving the planet one digital kick at a time, right?

    #Rematch #DigitalSoccer #GamingCommunity #PixelatedFootball #SoccerRevolution
    Ah, the wonders of modern gaming! Who would have thought that the secret to uniting a million people would be simply to toss a digital soccer ball around? Enter "Rematch," the latest sensation that has whisked a million souls away from the harsh realities of life into the pixelated perfection of football. It’s like Rocket League had a baby with FIFA, and now we have a game that claims to bring us all together — because who needs genuine human interaction when you can kick a virtual ball? Let’s take a moment to appreciate the brilliance behind this phenomenon. After countless years of research, gaming experts finally discovered that people *actually* enjoy playing football. Shocking, right? It’s not like football has been the most popular sport in the world for, oh, I don’t know, ever. But hey, let’s applaud the genius who looked at Rocket League and thought, "Why don’t we add a ball that actually resembles a soccer ball?" With Rematch, we’ve moved past the days of traditional socializing. Why grab a pint with friends when you can huddle in your living room, staring at a screen, pretending to be David Beckham while never actually getting off the couch? The thrill of the game has never been so… sedentary. And who needs to break a sweat when the only thing you’ll be sweating over is how to outmaneuver your fellow couch potatoes with your fancy footwork? Now, let’s talk about the social implications. One million people have flocked to Rematch, which means that for every goal scored, there’s a lonely soul who just sat through another week of awkward small talk at the office, wishing they too could be playing digital soccer instead of discussing weekend plans. Talk about a win-win! You can bond with your online teammates while simultaneously avoiding real-life conversations. It’s like the ultimate social life hack! But wait, there’s more! The marketing team behind Rematch must be patting themselves on the back for this one. A game that can turn sitting in your pajamas into an epic communal experience? Bravo! It’s almost poetic to think that millions of people are now united over pixelated football matches while ignoring their actual neighbors. Who knew that a digital platform could replace not just a football field but also a community center? In conclusion, as we celebrate the monumental achievement of Rematch bringing together one million players, let’s also take a moment to reflect on what we’ve sacrificed for this pixelated paradise: actual human interaction, the smell of fresh grass, and the sweet sound of a whistle blowing on a real field. But hey, at least we’re saving the planet one digital kick at a time, right? #Rematch #DigitalSoccer #GamingCommunity #PixelatedFootball #SoccerRevolution
    Déjà 1 million de personnes sur Rematch, le jeu de foot rassemble beaucoup de monde
    ActuGaming.net Déjà 1 million de personnes sur Rematch, le jeu de foot rassemble beaucoup de monde Rematch part d’une idée si bonne et pourtant si évidente après le succès de Rocket […] L'article Déjà 1 million de personnes sur Rematch,
    Like
    Love
    Wow
    Sad
    Angry
    160
    1 Комментарии 0 Поделились
  • Microsoft 365 security in the spotlight after Washington Post hack

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    Microsoft 365 security in the spotlight after Washington Post hack

    Paul Hill

    Neowin
    @ziks_99 ·

    Jun 16, 2025 03:36 EDT

    The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access.
    The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers.
    Microsoft's enterprise security offerings and challenges

    As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe.
    One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post.
    Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used.
    While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security.
    Lessons for organizations using Microsoft 365
    The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authenticationfor all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner.
    Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time.

    Tags

    Report a problem with article

    Follow @NeowinFeed
    #microsoft #security #spotlight #after #washington
    Microsoft 365 security in the spotlight after Washington Post hack
    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authenticationfor all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed #microsoft #security #spotlight #after #washington
    WWW.NEOWIN.NET
    Microsoft 365 security in the spotlight after Washington Post hack
    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed
    Like
    Love
    Wow
    Sad
    Angry
    553
    0 Комментарии 0 Поделились
  • Ankur Kothari Q&A: Customer Engagement Book Interview

    Reading Time: 9 minutes
    In marketing, data isn’t a buzzword. It’s the lifeblood of all successful campaigns.
    But are you truly harnessing its power, or are you drowning in a sea of information? To answer this question, we sat down with Ankur Kothari, a seasoned Martech expert, to dive deep into this crucial topic.
    This interview, originally conducted for Chapter 6 of “The Customer Engagement Book: Adapt or Die” explores how businesses can translate raw data into actionable insights that drive real results.
    Ankur shares his wealth of knowledge on identifying valuable customer engagement data, distinguishing between signal and noise, and ultimately, shaping real-time strategies that keep companies ahead of the curve.

     
    Ankur Kothari Q&A Interview
    1. What types of customer engagement data are most valuable for making strategic business decisions?
    Primarily, there are four different buckets of customer engagement data. I would begin with behavioral data, encompassing website interaction, purchase history, and other app usage patterns.
    Second would be demographic information: age, location, income, and other relevant personal characteristics.
    Third would be sentiment analysis, where we derive information from social media interaction, customer feedback, or other customer reviews.
    Fourth would be the customer journey data.

    We track touchpoints across various channels of the customers to understand the customer journey path and conversion. Combining these four primary sources helps us understand the engagement data.

    2. How do you distinguish between data that is actionable versus data that is just noise?
    First is keeping relevant to your business objectives, making actionable data that directly relates to your specific goals or KPIs, and then taking help from statistical significance.
    Actionable data shows clear patterns or trends that are statistically valid, whereas other data consists of random fluctuations or outliers, which may not be what you are interested in.

    You also want to make sure that there is consistency across sources.
    Actionable insights are typically corroborated by multiple data points or channels, while other data or noise can be more isolated and contradictory.
    Actionable data suggests clear opportunities for improvement or decision making, whereas noise does not lead to meaningful actions or changes in strategy.

    By applying these criteria, I can effectively filter out the noise and focus on data that delivers or drives valuable business decisions.

    3. How can customer engagement data be used to identify and prioritize new business opportunities?
    First, it helps us to uncover unmet needs.

    By analyzing the customer feedback, touch points, support interactions, or usage patterns, we can identify the gaps in our current offerings or areas where customers are experiencing pain points.

    Second would be identifying emerging needs.
    Monitoring changes in customer behavior or preferences over time can reveal new market trends or shifts in demand, allowing my company to adapt their products or services accordingly.
    Third would be segmentation analysis.
    Detailed customer data analysis enables us to identify unserved or underserved segments or niche markets that may represent untapped opportunities for growth or expansion into newer areas and new geographies.
    Last is to build competitive differentiation.

    Engagement data can highlight where our companies outperform competitors, helping us to prioritize opportunities that leverage existing strengths and unique selling propositions.

    4. Can you share an example of where data insights directly influenced a critical decision?
    I will share an example from my previous organization at one of the financial services where we were very data-driven, which made a major impact on our critical decision regarding our credit card offerings.
    We analyzed the customer engagement data, and we discovered that a large segment of our millennial customers were underutilizing our traditional credit cards but showed high engagement with mobile payment platforms.
    That insight led us to develop and launch our first digital credit card product with enhanced mobile features and rewards tailored to the millennial spending habits. Since we had access to a lot of transactional data as well, we were able to build a financial product which met that specific segment’s needs.

    That data-driven decision resulted in a 40% increase in our new credit card applications from this demographic within the first quarter of the launch. Subsequently, our market share improved in that specific segment, which was very crucial.

    5. Are there any other examples of ways that you see customer engagement data being able to shape marketing strategy in real time?
    When it comes to using the engagement data in real-time, we do quite a few things. In the recent past two, three years, we are using that for dynamic content personalization, adjusting the website content, email messaging, or ad creative based on real-time user behavior and preferences.
    We automate campaign optimization using specific AI-driven tools to continuously analyze performance metrics and automatically reallocate the budget to top-performing channels or ad segments.
    Then we also build responsive social media engagement platforms like monitoring social media sentiments and trending topics to quickly adapt the messaging and create timely and relevant content.

    With one-on-one personalization, we do a lot of A/B testing as part of the overall rapid testing and market elements like subject lines, CTAs, and building various successful variants of the campaigns.

    6. How are you doing the 1:1 personalization?
    We have advanced CDP systems, and we are tracking each customer’s behavior in real-time. So the moment they move to different channels, we know what the context is, what the relevance is, and the recent interaction points, so we can cater the right offer.
    So for example, if you looked at a certain offer on the website and you came from Google, and then the next day you walk into an in-person interaction, our agent will already know that you were looking at that offer.
    That gives our customer or potential customer more one-to-one personalization instead of just segment-based or bulk interaction kind of experience.

    We have a huge team of data scientists, data analysts, and AI model creators who help us to analyze big volumes of data and bring the right insights to our marketing and sales team so that they can provide the right experience to our customers.

    7. What role does customer engagement data play in influencing cross-functional decisions, such as with product development, sales, and customer service?
    Primarily with product development — we have different products, not just the financial products or products whichever organizations sell, but also various products like mobile apps or websites they use for transactions. So that kind of product development gets improved.
    The engagement data helps our sales and marketing teams create more targeted campaigns, optimize channel selection, and refine messaging to resonate with specific customer segments.

    Customer service also gets helped by anticipating common issues, personalizing support interactions over the phone or email or chat, and proactively addressing potential problems, leading to improved customer satisfaction and retention.

    So in general, cross-functional application of engagement improves the customer-centric approach throughout the organization.

    8. What do you think some of the main challenges marketers face when trying to translate customer engagement data into actionable business insights?
    I think the huge amount of data we are dealing with. As we are getting more digitally savvy and most of the customers are moving to digital channels, we are getting a lot of data, and that sheer volume of data can be overwhelming, making it very difficult to identify truly meaningful patterns and insights.

    Because of the huge data overload, we create data silos in this process, so information often exists in separate systems across different departments. We are not able to build a holistic view of customer engagement.

    Because of data silos and overload of data, data quality issues appear. There is inconsistency, and inaccurate data can lead to incorrect insights or poor decision-making. Quality issues could also be due to the wrong format of the data, or the data is stale and no longer relevant.
    As we are growing and adding more people to help us understand customer engagement, I’ve also noticed that technical folks, especially data scientists and data analysts, lack skills to properly interpret the data or apply data insights effectively.
    So there’s a lack of understanding of marketing and sales as domains.
    It’s a huge effort and can take a lot of investment.

    Not being able to calculate the ROI of your overall investment is a big challenge that many organizations are facing.

    9. Why do you think the analysts don’t have the business acumen to properly do more than analyze the data?
    If people do not have the right idea of why we are collecting this data, we collect a lot of noise, and that brings in huge volumes of data. If you cannot stop that from step one—not bringing noise into the data system—that cannot be done by just technical folks or people who do not have business knowledge.
    Business people do not know everything about what data is being collected from which source and what data they need. It’s a gap between business domain knowledge, specifically marketing and sales needs, and technical folks who don’t have a lot of exposure to that side.

    Similarly, marketing business people do not have much exposure to the technical side — what’s possible to do with data, how much effort it takes, what’s relevant versus not relevant, and how to prioritize which data sources will be most important.

    10. Do you have any suggestions for how this can be overcome, or have you seen it in action where it has been solved before?
    First, cross-functional training: training different roles to help them understand why we’re doing this and what the business goals are, giving technical people exposure to what marketing and sales teams do.
    And giving business folks exposure to the technology side through training on different tools, strategies, and the roadmap of data integrations.
    The second is helping teams work more collaboratively. So it’s not like the technology team works in a silo and comes back when their work is done, and then marketing and sales teams act upon it.

    Now we’re making it more like one team. You work together so that you can complement each other, and we have a better strategy from day one.

    11. How do you address skepticism or resistance from stakeholders when presenting data-driven recommendations?
    We present clear business cases where we demonstrate how data-driven recommendations can directly align with business objectives and potential ROI.
    We build compelling visualizations, easy-to-understand charts and graphs that clearly illustrate the insights and the implications for business goals.

    We also do a lot of POCs and pilot projects with small-scale implementations to showcase tangible results and build confidence in the data-driven approach throughout the organization.

    12. What technologies or tools have you found most effective for gathering and analyzing customer engagement data?
    I’ve found that Customer Data Platforms help us unify customer data from various sources, providing a comprehensive view of customer interactions across touch points.
    Having advanced analytics platforms — tools with AI and machine learning capabilities that can process large volumes of data and uncover complex patterns and insights — is a great value to us.
    We always use, or many organizations use, marketing automation systems to improve marketing team productivity, helping us track and analyze customer interactions across multiple channels.
    Another thing is social media listening tools, wherever your brand is mentioned or you want to measure customer sentiment over social media, or track the engagement of your campaigns across social media platforms.

    Last is web analytical tools, which provide detailed insights into your website visitors’ behaviors and engagement metrics, for browser apps, small browser apps, various devices, and mobile apps.

    13. How do you ensure data quality and consistency across multiple channels to make these informed decisions?
    We established clear guidelines for data collection, storage, and usage across all channels to maintain consistency. Then we use data integration platforms — tools that consolidate data from various sources into a single unified view, reducing discrepancies and inconsistencies.
    While we collect data from different sources, we clean the data so it becomes cleaner with every stage of processing.
    We also conduct regular data audits — performing periodic checks to identify and rectify data quality issues, ensuring accuracy and reliability of information. We also deploy standardized data formats.

    On top of that, we have various automated data cleansing tools, specific software to detect and correct data errors, redundancies, duplicates, and inconsistencies in data sets automatically.

    14. How do you see the role of customer engagement data evolving in shaping business strategies over the next five years?
    The first thing that’s been the biggest trend from the past two years is AI-driven decision making, which I think will become more prevalent, with advanced algorithms processing vast amounts of engagement data in real-time to inform strategic choices.
    Somewhat related to this is predictive analytics, which will play an even larger role, enabling businesses to anticipate customer needs and market trends with more accuracy and better predictive capabilities.
    We also touched upon hyper-personalization. We are all trying to strive toward more hyper-personalization at scale, which is more one-on-one personalization, as we are increasingly capturing more engagement data and have bigger systems and infrastructure to support processing those large volumes of data so we can achieve those hyper-personalization use cases.
    As the world is collecting more data, privacy concerns and regulations come into play.
    I believe in the next few years there will be more innovation toward how businesses can collect data ethically and what the usage practices are, leading to more transparent and consent-based engagement data strategies.
    And lastly, I think about the integration of engagement data, which is always a big challenge. I believe as we’re solving those integration challenges, we are adding more and more complex data sources to the picture.

    So I think there will need to be more innovation or sophistication brought into data integration strategies, which will help us take a truly customer-centric approach to strategy formulation.

     
    This interview Q&A was hosted with Ankur Kothari, a previous Martech Executive, for Chapter 6 of The Customer Engagement Book: Adapt or Die.
    Download the PDF or request a physical copy of the book here.
    The post Ankur Kothari Q&A: Customer Engagement Book Interview appeared first on MoEngage.
    #ankur #kothari #qampampa #customer #engagement
    Ankur Kothari Q&A: Customer Engagement Book Interview
    Reading Time: 9 minutes In marketing, data isn’t a buzzword. It’s the lifeblood of all successful campaigns. But are you truly harnessing its power, or are you drowning in a sea of information? To answer this question, we sat down with Ankur Kothari, a seasoned Martech expert, to dive deep into this crucial topic. This interview, originally conducted for Chapter 6 of “The Customer Engagement Book: Adapt or Die” explores how businesses can translate raw data into actionable insights that drive real results. Ankur shares his wealth of knowledge on identifying valuable customer engagement data, distinguishing between signal and noise, and ultimately, shaping real-time strategies that keep companies ahead of the curve.   Ankur Kothari Q&A Interview 1. What types of customer engagement data are most valuable for making strategic business decisions? Primarily, there are four different buckets of customer engagement data. I would begin with behavioral data, encompassing website interaction, purchase history, and other app usage patterns. Second would be demographic information: age, location, income, and other relevant personal characteristics. Third would be sentiment analysis, where we derive information from social media interaction, customer feedback, or other customer reviews. Fourth would be the customer journey data. We track touchpoints across various channels of the customers to understand the customer journey path and conversion. Combining these four primary sources helps us understand the engagement data. 2. How do you distinguish between data that is actionable versus data that is just noise? First is keeping relevant to your business objectives, making actionable data that directly relates to your specific goals or KPIs, and then taking help from statistical significance. Actionable data shows clear patterns or trends that are statistically valid, whereas other data consists of random fluctuations or outliers, which may not be what you are interested in. You also want to make sure that there is consistency across sources. Actionable insights are typically corroborated by multiple data points or channels, while other data or noise can be more isolated and contradictory. Actionable data suggests clear opportunities for improvement or decision making, whereas noise does not lead to meaningful actions or changes in strategy. By applying these criteria, I can effectively filter out the noise and focus on data that delivers or drives valuable business decisions. 3. How can customer engagement data be used to identify and prioritize new business opportunities? First, it helps us to uncover unmet needs. By analyzing the customer feedback, touch points, support interactions, or usage patterns, we can identify the gaps in our current offerings or areas where customers are experiencing pain points. Second would be identifying emerging needs. Monitoring changes in customer behavior or preferences over time can reveal new market trends or shifts in demand, allowing my company to adapt their products or services accordingly. Third would be segmentation analysis. Detailed customer data analysis enables us to identify unserved or underserved segments or niche markets that may represent untapped opportunities for growth or expansion into newer areas and new geographies. Last is to build competitive differentiation. Engagement data can highlight where our companies outperform competitors, helping us to prioritize opportunities that leverage existing strengths and unique selling propositions. 4. Can you share an example of where data insights directly influenced a critical decision? I will share an example from my previous organization at one of the financial services where we were very data-driven, which made a major impact on our critical decision regarding our credit card offerings. We analyzed the customer engagement data, and we discovered that a large segment of our millennial customers were underutilizing our traditional credit cards but showed high engagement with mobile payment platforms. That insight led us to develop and launch our first digital credit card product with enhanced mobile features and rewards tailored to the millennial spending habits. Since we had access to a lot of transactional data as well, we were able to build a financial product which met that specific segment’s needs. That data-driven decision resulted in a 40% increase in our new credit card applications from this demographic within the first quarter of the launch. Subsequently, our market share improved in that specific segment, which was very crucial. 5. Are there any other examples of ways that you see customer engagement data being able to shape marketing strategy in real time? When it comes to using the engagement data in real-time, we do quite a few things. In the recent past two, three years, we are using that for dynamic content personalization, adjusting the website content, email messaging, or ad creative based on real-time user behavior and preferences. We automate campaign optimization using specific AI-driven tools to continuously analyze performance metrics and automatically reallocate the budget to top-performing channels or ad segments. Then we also build responsive social media engagement platforms like monitoring social media sentiments and trending topics to quickly adapt the messaging and create timely and relevant content. With one-on-one personalization, we do a lot of A/B testing as part of the overall rapid testing and market elements like subject lines, CTAs, and building various successful variants of the campaigns. 6. How are you doing the 1:1 personalization? We have advanced CDP systems, and we are tracking each customer’s behavior in real-time. So the moment they move to different channels, we know what the context is, what the relevance is, and the recent interaction points, so we can cater the right offer. So for example, if you looked at a certain offer on the website and you came from Google, and then the next day you walk into an in-person interaction, our agent will already know that you were looking at that offer. That gives our customer or potential customer more one-to-one personalization instead of just segment-based or bulk interaction kind of experience. We have a huge team of data scientists, data analysts, and AI model creators who help us to analyze big volumes of data and bring the right insights to our marketing and sales team so that they can provide the right experience to our customers. 7. What role does customer engagement data play in influencing cross-functional decisions, such as with product development, sales, and customer service? Primarily with product development — we have different products, not just the financial products or products whichever organizations sell, but also various products like mobile apps or websites they use for transactions. So that kind of product development gets improved. The engagement data helps our sales and marketing teams create more targeted campaigns, optimize channel selection, and refine messaging to resonate with specific customer segments. Customer service also gets helped by anticipating common issues, personalizing support interactions over the phone or email or chat, and proactively addressing potential problems, leading to improved customer satisfaction and retention. So in general, cross-functional application of engagement improves the customer-centric approach throughout the organization. 8. What do you think some of the main challenges marketers face when trying to translate customer engagement data into actionable business insights? I think the huge amount of data we are dealing with. As we are getting more digitally savvy and most of the customers are moving to digital channels, we are getting a lot of data, and that sheer volume of data can be overwhelming, making it very difficult to identify truly meaningful patterns and insights. Because of the huge data overload, we create data silos in this process, so information often exists in separate systems across different departments. We are not able to build a holistic view of customer engagement. Because of data silos and overload of data, data quality issues appear. There is inconsistency, and inaccurate data can lead to incorrect insights or poor decision-making. Quality issues could also be due to the wrong format of the data, or the data is stale and no longer relevant. As we are growing and adding more people to help us understand customer engagement, I’ve also noticed that technical folks, especially data scientists and data analysts, lack skills to properly interpret the data or apply data insights effectively. So there’s a lack of understanding of marketing and sales as domains. It’s a huge effort and can take a lot of investment. Not being able to calculate the ROI of your overall investment is a big challenge that many organizations are facing. 9. Why do you think the analysts don’t have the business acumen to properly do more than analyze the data? If people do not have the right idea of why we are collecting this data, we collect a lot of noise, and that brings in huge volumes of data. If you cannot stop that from step one—not bringing noise into the data system—that cannot be done by just technical folks or people who do not have business knowledge. Business people do not know everything about what data is being collected from which source and what data they need. It’s a gap between business domain knowledge, specifically marketing and sales needs, and technical folks who don’t have a lot of exposure to that side. Similarly, marketing business people do not have much exposure to the technical side — what’s possible to do with data, how much effort it takes, what’s relevant versus not relevant, and how to prioritize which data sources will be most important. 10. Do you have any suggestions for how this can be overcome, or have you seen it in action where it has been solved before? First, cross-functional training: training different roles to help them understand why we’re doing this and what the business goals are, giving technical people exposure to what marketing and sales teams do. And giving business folks exposure to the technology side through training on different tools, strategies, and the roadmap of data integrations. The second is helping teams work more collaboratively. So it’s not like the technology team works in a silo and comes back when their work is done, and then marketing and sales teams act upon it. Now we’re making it more like one team. You work together so that you can complement each other, and we have a better strategy from day one. 11. How do you address skepticism or resistance from stakeholders when presenting data-driven recommendations? We present clear business cases where we demonstrate how data-driven recommendations can directly align with business objectives and potential ROI. We build compelling visualizations, easy-to-understand charts and graphs that clearly illustrate the insights and the implications for business goals. We also do a lot of POCs and pilot projects with small-scale implementations to showcase tangible results and build confidence in the data-driven approach throughout the organization. 12. What technologies or tools have you found most effective for gathering and analyzing customer engagement data? I’ve found that Customer Data Platforms help us unify customer data from various sources, providing a comprehensive view of customer interactions across touch points. Having advanced analytics platforms — tools with AI and machine learning capabilities that can process large volumes of data and uncover complex patterns and insights — is a great value to us. We always use, or many organizations use, marketing automation systems to improve marketing team productivity, helping us track and analyze customer interactions across multiple channels. Another thing is social media listening tools, wherever your brand is mentioned or you want to measure customer sentiment over social media, or track the engagement of your campaigns across social media platforms. Last is web analytical tools, which provide detailed insights into your website visitors’ behaviors and engagement metrics, for browser apps, small browser apps, various devices, and mobile apps. 13. How do you ensure data quality and consistency across multiple channels to make these informed decisions? We established clear guidelines for data collection, storage, and usage across all channels to maintain consistency. Then we use data integration platforms — tools that consolidate data from various sources into a single unified view, reducing discrepancies and inconsistencies. While we collect data from different sources, we clean the data so it becomes cleaner with every stage of processing. We also conduct regular data audits — performing periodic checks to identify and rectify data quality issues, ensuring accuracy and reliability of information. We also deploy standardized data formats. On top of that, we have various automated data cleansing tools, specific software to detect and correct data errors, redundancies, duplicates, and inconsistencies in data sets automatically. 14. How do you see the role of customer engagement data evolving in shaping business strategies over the next five years? The first thing that’s been the biggest trend from the past two years is AI-driven decision making, which I think will become more prevalent, with advanced algorithms processing vast amounts of engagement data in real-time to inform strategic choices. Somewhat related to this is predictive analytics, which will play an even larger role, enabling businesses to anticipate customer needs and market trends with more accuracy and better predictive capabilities. We also touched upon hyper-personalization. We are all trying to strive toward more hyper-personalization at scale, which is more one-on-one personalization, as we are increasingly capturing more engagement data and have bigger systems and infrastructure to support processing those large volumes of data so we can achieve those hyper-personalization use cases. As the world is collecting more data, privacy concerns and regulations come into play. I believe in the next few years there will be more innovation toward how businesses can collect data ethically and what the usage practices are, leading to more transparent and consent-based engagement data strategies. And lastly, I think about the integration of engagement data, which is always a big challenge. I believe as we’re solving those integration challenges, we are adding more and more complex data sources to the picture. So I think there will need to be more innovation or sophistication brought into data integration strategies, which will help us take a truly customer-centric approach to strategy formulation.   This interview Q&A was hosted with Ankur Kothari, a previous Martech Executive, for Chapter 6 of The Customer Engagement Book: Adapt or Die. Download the PDF or request a physical copy of the book here. The post Ankur Kothari Q&A: Customer Engagement Book Interview appeared first on MoEngage. #ankur #kothari #qampampa #customer #engagement
    WWW.MOENGAGE.COM
    Ankur Kothari Q&A: Customer Engagement Book Interview
    Reading Time: 9 minutes In marketing, data isn’t a buzzword. It’s the lifeblood of all successful campaigns. But are you truly harnessing its power, or are you drowning in a sea of information? To answer this question (and many others), we sat down with Ankur Kothari, a seasoned Martech expert, to dive deep into this crucial topic. This interview, originally conducted for Chapter 6 of “The Customer Engagement Book: Adapt or Die” explores how businesses can translate raw data into actionable insights that drive real results. Ankur shares his wealth of knowledge on identifying valuable customer engagement data, distinguishing between signal and noise, and ultimately, shaping real-time strategies that keep companies ahead of the curve.   Ankur Kothari Q&A Interview 1. What types of customer engagement data are most valuable for making strategic business decisions? Primarily, there are four different buckets of customer engagement data. I would begin with behavioral data, encompassing website interaction, purchase history, and other app usage patterns. Second would be demographic information: age, location, income, and other relevant personal characteristics. Third would be sentiment analysis, where we derive information from social media interaction, customer feedback, or other customer reviews. Fourth would be the customer journey data. We track touchpoints across various channels of the customers to understand the customer journey path and conversion. Combining these four primary sources helps us understand the engagement data. 2. How do you distinguish between data that is actionable versus data that is just noise? First is keeping relevant to your business objectives, making actionable data that directly relates to your specific goals or KPIs, and then taking help from statistical significance. Actionable data shows clear patterns or trends that are statistically valid, whereas other data consists of random fluctuations or outliers, which may not be what you are interested in. You also want to make sure that there is consistency across sources. Actionable insights are typically corroborated by multiple data points or channels, while other data or noise can be more isolated and contradictory. Actionable data suggests clear opportunities for improvement or decision making, whereas noise does not lead to meaningful actions or changes in strategy. By applying these criteria, I can effectively filter out the noise and focus on data that delivers or drives valuable business decisions. 3. How can customer engagement data be used to identify and prioritize new business opportunities? First, it helps us to uncover unmet needs. By analyzing the customer feedback, touch points, support interactions, or usage patterns, we can identify the gaps in our current offerings or areas where customers are experiencing pain points. Second would be identifying emerging needs. Monitoring changes in customer behavior or preferences over time can reveal new market trends or shifts in demand, allowing my company to adapt their products or services accordingly. Third would be segmentation analysis. Detailed customer data analysis enables us to identify unserved or underserved segments or niche markets that may represent untapped opportunities for growth or expansion into newer areas and new geographies. Last is to build competitive differentiation. Engagement data can highlight where our companies outperform competitors, helping us to prioritize opportunities that leverage existing strengths and unique selling propositions. 4. Can you share an example of where data insights directly influenced a critical decision? I will share an example from my previous organization at one of the financial services where we were very data-driven, which made a major impact on our critical decision regarding our credit card offerings. We analyzed the customer engagement data, and we discovered that a large segment of our millennial customers were underutilizing our traditional credit cards but showed high engagement with mobile payment platforms. That insight led us to develop and launch our first digital credit card product with enhanced mobile features and rewards tailored to the millennial spending habits. Since we had access to a lot of transactional data as well, we were able to build a financial product which met that specific segment’s needs. That data-driven decision resulted in a 40% increase in our new credit card applications from this demographic within the first quarter of the launch. Subsequently, our market share improved in that specific segment, which was very crucial. 5. Are there any other examples of ways that you see customer engagement data being able to shape marketing strategy in real time? When it comes to using the engagement data in real-time, we do quite a few things. In the recent past two, three years, we are using that for dynamic content personalization, adjusting the website content, email messaging, or ad creative based on real-time user behavior and preferences. We automate campaign optimization using specific AI-driven tools to continuously analyze performance metrics and automatically reallocate the budget to top-performing channels or ad segments. Then we also build responsive social media engagement platforms like monitoring social media sentiments and trending topics to quickly adapt the messaging and create timely and relevant content. With one-on-one personalization, we do a lot of A/B testing as part of the overall rapid testing and market elements like subject lines, CTAs, and building various successful variants of the campaigns. 6. How are you doing the 1:1 personalization? We have advanced CDP systems, and we are tracking each customer’s behavior in real-time. So the moment they move to different channels, we know what the context is, what the relevance is, and the recent interaction points, so we can cater the right offer. So for example, if you looked at a certain offer on the website and you came from Google, and then the next day you walk into an in-person interaction, our agent will already know that you were looking at that offer. That gives our customer or potential customer more one-to-one personalization instead of just segment-based or bulk interaction kind of experience. We have a huge team of data scientists, data analysts, and AI model creators who help us to analyze big volumes of data and bring the right insights to our marketing and sales team so that they can provide the right experience to our customers. 7. What role does customer engagement data play in influencing cross-functional decisions, such as with product development, sales, and customer service? Primarily with product development — we have different products, not just the financial products or products whichever organizations sell, but also various products like mobile apps or websites they use for transactions. So that kind of product development gets improved. The engagement data helps our sales and marketing teams create more targeted campaigns, optimize channel selection, and refine messaging to resonate with specific customer segments. Customer service also gets helped by anticipating common issues, personalizing support interactions over the phone or email or chat, and proactively addressing potential problems, leading to improved customer satisfaction and retention. So in general, cross-functional application of engagement improves the customer-centric approach throughout the organization. 8. What do you think some of the main challenges marketers face when trying to translate customer engagement data into actionable business insights? I think the huge amount of data we are dealing with. As we are getting more digitally savvy and most of the customers are moving to digital channels, we are getting a lot of data, and that sheer volume of data can be overwhelming, making it very difficult to identify truly meaningful patterns and insights. Because of the huge data overload, we create data silos in this process, so information often exists in separate systems across different departments. We are not able to build a holistic view of customer engagement. Because of data silos and overload of data, data quality issues appear. There is inconsistency, and inaccurate data can lead to incorrect insights or poor decision-making. Quality issues could also be due to the wrong format of the data, or the data is stale and no longer relevant. As we are growing and adding more people to help us understand customer engagement, I’ve also noticed that technical folks, especially data scientists and data analysts, lack skills to properly interpret the data or apply data insights effectively. So there’s a lack of understanding of marketing and sales as domains. It’s a huge effort and can take a lot of investment. Not being able to calculate the ROI of your overall investment is a big challenge that many organizations are facing. 9. Why do you think the analysts don’t have the business acumen to properly do more than analyze the data? If people do not have the right idea of why we are collecting this data, we collect a lot of noise, and that brings in huge volumes of data. If you cannot stop that from step one—not bringing noise into the data system—that cannot be done by just technical folks or people who do not have business knowledge. Business people do not know everything about what data is being collected from which source and what data they need. It’s a gap between business domain knowledge, specifically marketing and sales needs, and technical folks who don’t have a lot of exposure to that side. Similarly, marketing business people do not have much exposure to the technical side — what’s possible to do with data, how much effort it takes, what’s relevant versus not relevant, and how to prioritize which data sources will be most important. 10. Do you have any suggestions for how this can be overcome, or have you seen it in action where it has been solved before? First, cross-functional training: training different roles to help them understand why we’re doing this and what the business goals are, giving technical people exposure to what marketing and sales teams do. And giving business folks exposure to the technology side through training on different tools, strategies, and the roadmap of data integrations. The second is helping teams work more collaboratively. So it’s not like the technology team works in a silo and comes back when their work is done, and then marketing and sales teams act upon it. Now we’re making it more like one team. You work together so that you can complement each other, and we have a better strategy from day one. 11. How do you address skepticism or resistance from stakeholders when presenting data-driven recommendations? We present clear business cases where we demonstrate how data-driven recommendations can directly align with business objectives and potential ROI. We build compelling visualizations, easy-to-understand charts and graphs that clearly illustrate the insights and the implications for business goals. We also do a lot of POCs and pilot projects with small-scale implementations to showcase tangible results and build confidence in the data-driven approach throughout the organization. 12. What technologies or tools have you found most effective for gathering and analyzing customer engagement data? I’ve found that Customer Data Platforms help us unify customer data from various sources, providing a comprehensive view of customer interactions across touch points. Having advanced analytics platforms — tools with AI and machine learning capabilities that can process large volumes of data and uncover complex patterns and insights — is a great value to us. We always use, or many organizations use, marketing automation systems to improve marketing team productivity, helping us track and analyze customer interactions across multiple channels. Another thing is social media listening tools, wherever your brand is mentioned or you want to measure customer sentiment over social media, or track the engagement of your campaigns across social media platforms. Last is web analytical tools, which provide detailed insights into your website visitors’ behaviors and engagement metrics, for browser apps, small browser apps, various devices, and mobile apps. 13. How do you ensure data quality and consistency across multiple channels to make these informed decisions? We established clear guidelines for data collection, storage, and usage across all channels to maintain consistency. Then we use data integration platforms — tools that consolidate data from various sources into a single unified view, reducing discrepancies and inconsistencies. While we collect data from different sources, we clean the data so it becomes cleaner with every stage of processing. We also conduct regular data audits — performing periodic checks to identify and rectify data quality issues, ensuring accuracy and reliability of information. We also deploy standardized data formats. On top of that, we have various automated data cleansing tools, specific software to detect and correct data errors, redundancies, duplicates, and inconsistencies in data sets automatically. 14. How do you see the role of customer engagement data evolving in shaping business strategies over the next five years? The first thing that’s been the biggest trend from the past two years is AI-driven decision making, which I think will become more prevalent, with advanced algorithms processing vast amounts of engagement data in real-time to inform strategic choices. Somewhat related to this is predictive analytics, which will play an even larger role, enabling businesses to anticipate customer needs and market trends with more accuracy and better predictive capabilities. We also touched upon hyper-personalization. We are all trying to strive toward more hyper-personalization at scale, which is more one-on-one personalization, as we are increasingly capturing more engagement data and have bigger systems and infrastructure to support processing those large volumes of data so we can achieve those hyper-personalization use cases. As the world is collecting more data, privacy concerns and regulations come into play. I believe in the next few years there will be more innovation toward how businesses can collect data ethically and what the usage practices are, leading to more transparent and consent-based engagement data strategies. And lastly, I think about the integration of engagement data, which is always a big challenge. I believe as we’re solving those integration challenges, we are adding more and more complex data sources to the picture. So I think there will need to be more innovation or sophistication brought into data integration strategies, which will help us take a truly customer-centric approach to strategy formulation.   This interview Q&A was hosted with Ankur Kothari, a previous Martech Executive, for Chapter 6 of The Customer Engagement Book: Adapt or Die. Download the PDF or request a physical copy of the book here. The post Ankur Kothari Q&A: Customer Engagement Book Interview appeared first on MoEngage.
    Like
    Love
    Wow
    Angry
    Sad
    478
    0 Комментарии 0 Поделились
  • This Week's Tips For Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, And More

    Start SlideshowStart SlideshowImage: The Pokémon Company, Arrowhead Game Studios, Blizzard, The Pokémon Company, Screenshot: Capcom / Samuel Moreno / Kotaku, Bethesda / Brandon Morgan / Kotaku, Nintendo, Bethesda / Brandon Morgan / Kotaku, Capcom / Samuel Moreno / KotakuYou know what we all need sometimes? A little advice. How do I plan for a future that’s so uncertain? Will AI take my job? If I go back to school and use AI to cheat, will I graduate and work for an AI boss? We can’t help you with any of that. But what we can do is provide some tips for Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, and other great games. So, read on for that stuff, and maybe ask ChatGPT about those other things.Previous SlideNext SlideList slidesDon’t Rely On Ex Pokémon In Pokémon TCG Pocket AnymoreImage: The Pokémon CompanyDuring the initial months of Pokémon TCG Pocket, ex monsters dominated the competitive landscape. These monsters arestronger than their non-ex counterparts, and they can come with game-changing abilities that determine how your entire deck plays. In the past, players could create frustratingly fearsome decks consisting of two ex Pokémon supported by trainer and item cards. However, unless you pair together very specific ex Pokémon, you’ll now find yourself losing nearly every game you play. - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesPlease, For The Love Of God, Defeat All Illuminate Stingrays In Helldivers 2Image: Arrowhead Game StudiosYou know what? Screw the Illuminate. I played round after round trying to get the Stingrays, also known as an Interloper, to spawn at least once, and those damn Overseers and Harvesters kept walking up and rocking me. In the end, I was victorious. A Stingray approached the airspace with reckless abandon, swooping in with practiced ease as it unloaded a barrage of molten death beams upon my head, and you know what happened? I died. A few times. But eventually, I managed to pop a shot off and I quickly discovered how to defeat Illuminate Stingrays in Helldivers 2. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDefeating Monster Hunter Wilds’ Demi Elder Dragon Might Be The Game’s Hardest Challenge So FarScreenshot: Capcom / Samuel Moreno / KotakuAlthough Zoh Shia is the thematic boss of Monster Hunter Wilds, other beasts can put up a tougher fight. Gore Magalaare easily in contention for being the most deadly enemies in the game. Not much is more threatening than their high mobility, powerful attacks, and unique Frenzy ailment that forms the basis for your Corrupted Mantle. - Samuel Moreno Read MorePrevious SlideNext SlideList slidesDon’t Forget To Play ‘The Shivering Isles’ Expansion In Oblivion RemasteredScreenshot: Bethesda / Brandon Morgan / KotakuWhether you’ve played the original Oblivion or not, chances are you’ve heard tales of the oddities awaiting you in the Shivering Isles. This expansion—the largest one for the open-world RPG—features a land of madness under the unyielding control of Sheogorath. It’s a beautiful world, yet so immensely wrong. But that’s why this DLC is one of the best in the franchise, so no matter how many hours you may have already put into the main story and the main world, you don’t want to miss this expansion. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesHow Long Of A Ride Is Mario Kart World?Screenshot: NintendoThe Mario Kart franchise has been entertaining us all for decades—even with sibling fights and fits of rage over losing a race from a blue shell at the last second—but Mario Kart World is the first game to go open world. There hasn’t been a truly new entry in the series since 2014's Mario Kart 8, so being stoked to dive into this exciting adventure is perfectly reasonable. Equally reasonable, especially given the game’s controversial price tag, is to wonder how long it’ll take to beat and what type of replayability it offers. Let’s talk about it. - Billy Givens Read MorePrevious SlideNext SlideList slidesMario Kart World Players Are Exploiting Free Roam To Quickly Farm CoinsGif: Nintendo / FannaWuck / KotakuMario Kart World is full of cool stunts and lots of things to unlock, like new characters, costumes, and vehicles. The last of those requires accumulating a certain number of coins during your time with the Switch 2 exclusive, and while you could do that the normal way by just playing tons of races, you can also use the latest entry’s open world to farm coins faster or even while being completely AFK. - Ethan Gach Read MorePrevious SlideNext SlideList slidesOblivion Remastered’s Best Side Quest Is A World Within A WorldScreenshot: Bethesda / Brandon Morgan / KotakuIt’s been a long time since I kept a spreadsheet for a video game, or even notes beyond what I need for work. I had one for the original Oblivion run back in my school days. Back then, I knew where to find every side quest in the game. There were over 250. Still are, but now they’re enhanced, beautified for the modern gamer. One side quest retains its crown as the best, despite the game’s age. “A Brush With Death” is Oblivion Remastered’s best side quest by far, and here’s how to find and beat it! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDiablo IV: How To Power Level Your Way To Season 8's EndgameImage: BlizzardWhether you’re running a new build, trying out a new class, or returning to Diablo IV after an extended break,Whatever the case, learning how to level up fast in Diablo IV should help you check out everything new this season, along with hitting endgame so that your friends don’t cruelly make fun of you! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesThe 5 Strongest Non-Ex Pokémon To Use In Pokémon TCG PocketImage: The Pokémon CompanyIt’s official: ex Pokémon no longer rule unchallenged Pokémon TCG Pocket. While these powerful cards are still prevalent in the competitive landscape, the rise of ex-specific counters have made many of these monsters risky to bring. It’s never been more vital to find strong Pokémon that are unburdened by the ex label, but who should you use? - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesSome Of The Coolest Monster Hunter Wilds Armor Can Be Yours If You Collect Enough CoinsScreenshot: Capcom / Samuel Moreno / KotakuIt goes without saying that Monster Hunter Wilds has a lot of equipment materials to keep track of. The Title 1 Update increased the amount with the likes of Mizutsune parts and the somewhat obscurely named Pinnacle Coins. While it’s easy to know what the monster parts can be used for, the same can’t be said for a coin. Making things more complicated is that the related equipment isn’t unlocked all at once. - Samuel Moreno Read More
    #this #week039s #tips #helldivers #monster
    This Week's Tips For Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, And More
    Start SlideshowStart SlideshowImage: The Pokémon Company, Arrowhead Game Studios, Blizzard, The Pokémon Company, Screenshot: Capcom / Samuel Moreno / Kotaku, Bethesda / Brandon Morgan / Kotaku, Nintendo, Bethesda / Brandon Morgan / Kotaku, Capcom / Samuel Moreno / KotakuYou know what we all need sometimes? A little advice. How do I plan for a future that’s so uncertain? Will AI take my job? If I go back to school and use AI to cheat, will I graduate and work for an AI boss? We can’t help you with any of that. But what we can do is provide some tips for Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, and other great games. So, read on for that stuff, and maybe ask ChatGPT about those other things.Previous SlideNext SlideList slidesDon’t Rely On Ex Pokémon In Pokémon TCG Pocket AnymoreImage: The Pokémon CompanyDuring the initial months of Pokémon TCG Pocket, ex monsters dominated the competitive landscape. These monsters arestronger than their non-ex counterparts, and they can come with game-changing abilities that determine how your entire deck plays. In the past, players could create frustratingly fearsome decks consisting of two ex Pokémon supported by trainer and item cards. However, unless you pair together very specific ex Pokémon, you’ll now find yourself losing nearly every game you play. - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesPlease, For The Love Of God, Defeat All Illuminate Stingrays In Helldivers 2Image: Arrowhead Game StudiosYou know what? Screw the Illuminate. I played round after round trying to get the Stingrays, also known as an Interloper, to spawn at least once, and those damn Overseers and Harvesters kept walking up and rocking me. In the end, I was victorious. A Stingray approached the airspace with reckless abandon, swooping in with practiced ease as it unloaded a barrage of molten death beams upon my head, and you know what happened? I died. A few times. But eventually, I managed to pop a shot off and I quickly discovered how to defeat Illuminate Stingrays in Helldivers 2. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDefeating Monster Hunter Wilds’ Demi Elder Dragon Might Be The Game’s Hardest Challenge So FarScreenshot: Capcom / Samuel Moreno / KotakuAlthough Zoh Shia is the thematic boss of Monster Hunter Wilds, other beasts can put up a tougher fight. Gore Magalaare easily in contention for being the most deadly enemies in the game. Not much is more threatening than their high mobility, powerful attacks, and unique Frenzy ailment that forms the basis for your Corrupted Mantle. - Samuel Moreno Read MorePrevious SlideNext SlideList slidesDon’t Forget To Play ‘The Shivering Isles’ Expansion In Oblivion RemasteredScreenshot: Bethesda / Brandon Morgan / KotakuWhether you’ve played the original Oblivion or not, chances are you’ve heard tales of the oddities awaiting you in the Shivering Isles. This expansion—the largest one for the open-world RPG—features a land of madness under the unyielding control of Sheogorath. It’s a beautiful world, yet so immensely wrong. But that’s why this DLC is one of the best in the franchise, so no matter how many hours you may have already put into the main story and the main world, you don’t want to miss this expansion. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesHow Long Of A Ride Is Mario Kart World?Screenshot: NintendoThe Mario Kart franchise has been entertaining us all for decades—even with sibling fights and fits of rage over losing a race from a blue shell at the last second—but Mario Kart World is the first game to go open world. There hasn’t been a truly new entry in the series since 2014's Mario Kart 8, so being stoked to dive into this exciting adventure is perfectly reasonable. Equally reasonable, especially given the game’s controversial price tag, is to wonder how long it’ll take to beat and what type of replayability it offers. Let’s talk about it. - Billy Givens Read MorePrevious SlideNext SlideList slidesMario Kart World Players Are Exploiting Free Roam To Quickly Farm CoinsGif: Nintendo / FannaWuck / KotakuMario Kart World is full of cool stunts and lots of things to unlock, like new characters, costumes, and vehicles. The last of those requires accumulating a certain number of coins during your time with the Switch 2 exclusive, and while you could do that the normal way by just playing tons of races, you can also use the latest entry’s open world to farm coins faster or even while being completely AFK. - Ethan Gach Read MorePrevious SlideNext SlideList slidesOblivion Remastered’s Best Side Quest Is A World Within A WorldScreenshot: Bethesda / Brandon Morgan / KotakuIt’s been a long time since I kept a spreadsheet for a video game, or even notes beyond what I need for work. I had one for the original Oblivion run back in my school days. Back then, I knew where to find every side quest in the game. There were over 250. Still are, but now they’re enhanced, beautified for the modern gamer. One side quest retains its crown as the best, despite the game’s age. “A Brush With Death” is Oblivion Remastered’s best side quest by far, and here’s how to find and beat it! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDiablo IV: How To Power Level Your Way To Season 8's EndgameImage: BlizzardWhether you’re running a new build, trying out a new class, or returning to Diablo IV after an extended break,Whatever the case, learning how to level up fast in Diablo IV should help you check out everything new this season, along with hitting endgame so that your friends don’t cruelly make fun of you! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesThe 5 Strongest Non-Ex Pokémon To Use In Pokémon TCG PocketImage: The Pokémon CompanyIt’s official: ex Pokémon no longer rule unchallenged Pokémon TCG Pocket. While these powerful cards are still prevalent in the competitive landscape, the rise of ex-specific counters have made many of these monsters risky to bring. It’s never been more vital to find strong Pokémon that are unburdened by the ex label, but who should you use? - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesSome Of The Coolest Monster Hunter Wilds Armor Can Be Yours If You Collect Enough CoinsScreenshot: Capcom / Samuel Moreno / KotakuIt goes without saying that Monster Hunter Wilds has a lot of equipment materials to keep track of. The Title 1 Update increased the amount with the likes of Mizutsune parts and the somewhat obscurely named Pinnacle Coins. While it’s easy to know what the monster parts can be used for, the same can’t be said for a coin. Making things more complicated is that the related equipment isn’t unlocked all at once. - Samuel Moreno Read More #this #week039s #tips #helldivers #monster
    KOTAKU.COM
    This Week's Tips For Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, And More
    Start SlideshowStart SlideshowImage: The Pokémon Company, Arrowhead Game Studios, Blizzard, The Pokémon Company, Screenshot: Capcom / Samuel Moreno / Kotaku, Bethesda / Brandon Morgan / Kotaku, Nintendo, Bethesda / Brandon Morgan / Kotaku, Capcom / Samuel Moreno / KotakuYou know what we all need sometimes? A little advice. How do I plan for a future that’s so uncertain? Will AI take my job? If I go back to school and use AI to cheat, will I graduate and work for an AI boss? We can’t help you with any of that. But what we can do is provide some tips for Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, and other great games. So, read on for that stuff, and maybe ask ChatGPT about those other things.Previous SlideNext SlideList slidesDon’t Rely On Ex Pokémon In Pokémon TCG Pocket AnymoreImage: The Pokémon CompanyDuring the initial months of Pokémon TCG Pocket, ex monsters dominated the competitive landscape. These monsters are (usually) stronger than their non-ex counterparts, and they can come with game-changing abilities that determine how your entire deck plays. In the past, players could create frustratingly fearsome decks consisting of two ex Pokémon supported by trainer and item cards. However, unless you pair together very specific ex Pokémon, you’ll now find yourself losing nearly every game you play. - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesPlease, For The Love Of God, Defeat All Illuminate Stingrays In Helldivers 2Image: Arrowhead Game StudiosYou know what? Screw the Illuminate. I played round after round trying to get the Stingrays, also known as an Interloper, to spawn at least once, and those damn Overseers and Harvesters kept walking up and rocking me. In the end, I was victorious. A Stingray approached the airspace with reckless abandon, swooping in with practiced ease as it unloaded a barrage of molten death beams upon my head, and you know what happened? I died. A few times. But eventually, I managed to pop a shot off and I quickly discovered how to defeat Illuminate Stingrays in Helldivers 2. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDefeating Monster Hunter Wilds’ Demi Elder Dragon Might Be The Game’s Hardest Challenge So FarScreenshot: Capcom / Samuel Moreno / KotakuAlthough Zoh Shia is the thematic boss of Monster Hunter Wilds, other beasts can put up a tougher fight. Gore Magala (and especially its Tempered version) are easily in contention for being the most deadly enemies in the game. Not much is more threatening than their high mobility, powerful attacks, and unique Frenzy ailment that forms the basis for your Corrupted Mantle. - Samuel Moreno Read MorePrevious SlideNext SlideList slidesDon’t Forget To Play ‘The Shivering Isles’ Expansion In Oblivion RemasteredScreenshot: Bethesda / Brandon Morgan / KotakuWhether you’ve played the original Oblivion or not, chances are you’ve heard tales of the oddities awaiting you in the Shivering Isles. This expansion—the largest one for the open-world RPG—features a land of madness under the unyielding control of Sheogorath. It’s a beautiful world, yet so immensely wrong. But that’s why this DLC is one of the best in the franchise, so no matter how many hours you may have already put into the main story and the main world, you don’t want to miss this expansion. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesHow Long Of A Ride Is Mario Kart World?Screenshot: NintendoThe Mario Kart franchise has been entertaining us all for decades—even with sibling fights and fits of rage over losing a race from a blue shell at the last second—but Mario Kart World is the first game to go open world. There hasn’t been a truly new entry in the series since 2014's Mario Kart 8, so being stoked to dive into this exciting adventure is perfectly reasonable. Equally reasonable, especially given the game’s controversial price tag, is to wonder how long it’ll take to beat and what type of replayability it offers. Let’s talk about it. - Billy Givens Read MorePrevious SlideNext SlideList slidesMario Kart World Players Are Exploiting Free Roam To Quickly Farm CoinsGif: Nintendo / FannaWuck / KotakuMario Kart World is full of cool stunts and lots of things to unlock, like new characters, costumes, and vehicles. The last of those requires accumulating a certain number of coins during your time with the Switch 2 exclusive, and while you could do that the normal way by just playing tons of races, you can also use the latest entry’s open world to farm coins faster or even while being completely AFK. - Ethan Gach Read MorePrevious SlideNext SlideList slidesOblivion Remastered’s Best Side Quest Is A World Within A WorldScreenshot: Bethesda / Brandon Morgan / KotakuIt’s been a long time since I kept a spreadsheet for a video game, or even notes beyond what I need for work. I had one for the original Oblivion run back in my school days. Back then, I knew where to find every side quest in the game. There were over 250. Still are, but now they’re enhanced, beautified for the modern gamer. One side quest retains its crown as the best, despite the game’s age. “A Brush With Death” is Oblivion Remastered’s best side quest by far, and here’s how to find and beat it! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDiablo IV: How To Power Level Your Way To Season 8's EndgameImage: BlizzardWhether you’re running a new build, trying out a new class, or returning to Diablo IV after an extended break, (a break in which you were likely playing Path of Exile 2, right? I know I wasn’t alone in farming Exalted Orbs!) Whatever the case, learning how to level up fast in Diablo IV should help you check out everything new this season, along with hitting endgame so that your friends don’t cruelly make fun of you! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesThe 5 Strongest Non-Ex Pokémon To Use In Pokémon TCG PocketImage: The Pokémon CompanyIt’s official: ex Pokémon no longer rule unchallenged Pokémon TCG Pocket. While these powerful cards are still prevalent in the competitive landscape, the rise of ex-specific counters have made many of these monsters risky to bring. It’s never been more vital to find strong Pokémon that are unburdened by the ex label, but who should you use? - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesSome Of The Coolest Monster Hunter Wilds Armor Can Be Yours If You Collect Enough CoinsScreenshot: Capcom / Samuel Moreno / KotakuIt goes without saying that Monster Hunter Wilds has a lot of equipment materials to keep track of. The Title 1 Update increased the amount with the likes of Mizutsune parts and the somewhat obscurely named Pinnacle Coins. While it’s easy to know what the monster parts can be used for, the same can’t be said for a coin. Making things more complicated is that the related equipment isn’t unlocked all at once. - Samuel Moreno Read More
    Like
    Love
    Wow
    Sad
    Angry
    391
    0 Комментарии 0 Поделились
  • Stolen iPhones disabled by Apple's anti-theft tech after Los Angeles looting

    What just happened? As protests against federal immigration enforcement swept through downtown Los Angeles last week, a wave of looting left several major retailers, including Apple, T-Mobile, and Adidas, counting the cost of smashed windows and stolen goods. Yet for those who made off with iPhones from Apple's flagship store, the thrill of the heist quickly turned into a lesson in high-tech security.
    Apple's retail locations are equipped with advanced anti-theft technology that renders display devices useless once they leave the premises. The moment a demonstration iPhone is taken beyond the store's Wi-Fi network, it is instantly disabled by proximity software and a remote "kill switch."
    Instead of a functioning smartphone, thieves were met with a stark message on the screen: "Please return to Apple Tower Theatre. This device has been disabled and is being tracked. Local authorities will be alerted." The phone simultaneously sounds an alarm and flashes the warning, ensuring it cannot be resold or activated elsewhere.
    This system is not new. During the nationwide unrest of 2020, similar scenes played out as looters discovered that Apple's security measures turned their stolen goods into little more than expensive paperweights.
    The technology relies on a combination of location tracking and network monitoring. As soon as a device is separated from the store's secure environment, it is remotely locked, its location is tracked, and law enforcement is notified.
    // Related Stories

    Videos circulating online show stolen iPhones blaring alarms and displaying tracking messages, making them impossible to ignore and virtually worthless on the black market.
    According to the Los Angeles Police Department, at least three individuals were arrested in connection with the Apple Store burglary, including one suspect apprehended at the scene and two others detained for looting.
    The crackdown on looting comes amid a broader shift in California's approach to retail crime. In response to public outcry over rising thefts, state and local officials have moved away from previously lenient policies. The passage of Proposition 36 has empowered prosecutors to file felony charges against repeat offenders, regardless of the value of stolen goods, and to impose harsher penalties for organized group theft.
    Under these new measures, those caught looting face the prospect of significant prison time, a marked departure from the misdemeanor charges that were common under earlier laws.
    District attorneys in Southern California have called for even harsher penalties, particularly for crimes committed during states of emergency. Proposals include making looting a felony offense, increasing prison sentences, and ensuring that suspects are not released without judicial review. The goal, officials say, is to deter opportunistic criminals who exploit moments of crisis, whether during protests or natural disasters.
    #stolen #iphones #disabled #apple039s #antitheft
    Stolen iPhones disabled by Apple's anti-theft tech after Los Angeles looting
    What just happened? As protests against federal immigration enforcement swept through downtown Los Angeles last week, a wave of looting left several major retailers, including Apple, T-Mobile, and Adidas, counting the cost of smashed windows and stolen goods. Yet for those who made off with iPhones from Apple's flagship store, the thrill of the heist quickly turned into a lesson in high-tech security. Apple's retail locations are equipped with advanced anti-theft technology that renders display devices useless once they leave the premises. The moment a demonstration iPhone is taken beyond the store's Wi-Fi network, it is instantly disabled by proximity software and a remote "kill switch." Instead of a functioning smartphone, thieves were met with a stark message on the screen: "Please return to Apple Tower Theatre. This device has been disabled and is being tracked. Local authorities will be alerted." The phone simultaneously sounds an alarm and flashes the warning, ensuring it cannot be resold or activated elsewhere. This system is not new. During the nationwide unrest of 2020, similar scenes played out as looters discovered that Apple's security measures turned their stolen goods into little more than expensive paperweights. The technology relies on a combination of location tracking and network monitoring. As soon as a device is separated from the store's secure environment, it is remotely locked, its location is tracked, and law enforcement is notified. // Related Stories Videos circulating online show stolen iPhones blaring alarms and displaying tracking messages, making them impossible to ignore and virtually worthless on the black market. According to the Los Angeles Police Department, at least three individuals were arrested in connection with the Apple Store burglary, including one suspect apprehended at the scene and two others detained for looting. The crackdown on looting comes amid a broader shift in California's approach to retail crime. In response to public outcry over rising thefts, state and local officials have moved away from previously lenient policies. The passage of Proposition 36 has empowered prosecutors to file felony charges against repeat offenders, regardless of the value of stolen goods, and to impose harsher penalties for organized group theft. Under these new measures, those caught looting face the prospect of significant prison time, a marked departure from the misdemeanor charges that were common under earlier laws. District attorneys in Southern California have called for even harsher penalties, particularly for crimes committed during states of emergency. Proposals include making looting a felony offense, increasing prison sentences, and ensuring that suspects are not released without judicial review. The goal, officials say, is to deter opportunistic criminals who exploit moments of crisis, whether during protests or natural disasters. #stolen #iphones #disabled #apple039s #antitheft
    WWW.TECHSPOT.COM
    Stolen iPhones disabled by Apple's anti-theft tech after Los Angeles looting
    What just happened? As protests against federal immigration enforcement swept through downtown Los Angeles last week, a wave of looting left several major retailers, including Apple, T-Mobile, and Adidas, counting the cost of smashed windows and stolen goods. Yet for those who made off with iPhones from Apple's flagship store, the thrill of the heist quickly turned into a lesson in high-tech security. Apple's retail locations are equipped with advanced anti-theft technology that renders display devices useless once they leave the premises. The moment a demonstration iPhone is taken beyond the store's Wi-Fi network, it is instantly disabled by proximity software and a remote "kill switch." Instead of a functioning smartphone, thieves were met with a stark message on the screen: "Please return to Apple Tower Theatre. This device has been disabled and is being tracked. Local authorities will be alerted." The phone simultaneously sounds an alarm and flashes the warning, ensuring it cannot be resold or activated elsewhere. This system is not new. During the nationwide unrest of 2020, similar scenes played out as looters discovered that Apple's security measures turned their stolen goods into little more than expensive paperweights. The technology relies on a combination of location tracking and network monitoring. As soon as a device is separated from the store's secure environment, it is remotely locked, its location is tracked, and law enforcement is notified. // Related Stories Videos circulating online show stolen iPhones blaring alarms and displaying tracking messages, making them impossible to ignore and virtually worthless on the black market. According to the Los Angeles Police Department, at least three individuals were arrested in connection with the Apple Store burglary, including one suspect apprehended at the scene and two others detained for looting. The crackdown on looting comes amid a broader shift in California's approach to retail crime. In response to public outcry over rising thefts, state and local officials have moved away from previously lenient policies. The passage of Proposition 36 has empowered prosecutors to file felony charges against repeat offenders, regardless of the value of stolen goods, and to impose harsher penalties for organized group theft. Under these new measures, those caught looting face the prospect of significant prison time, a marked departure from the misdemeanor charges that were common under earlier laws. District attorneys in Southern California have called for even harsher penalties, particularly for crimes committed during states of emergency. Proposals include making looting a felony offense, increasing prison sentences, and ensuring that suspects are not released without judicial review. The goal, officials say, is to deter opportunistic criminals who exploit moments of crisis, whether during protests or natural disasters.
    Like
    Love
    Wow
    Sad
    Angry
    575
    2 Комментарии 0 Поделились
  • Over 8M patient records leaked in healthcare data breach

    Published
    June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles!
    In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work  Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data     How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop  5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication. It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
    #over #patient #records #leaked #healthcare
    Over 8M patient records leaked in healthcare data breach
    Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work  Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data     How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop  5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication. It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com. #over #patient #records #leaked #healthcare
    WWW.FOXNEWS.COM
    Over 8M patient records leaked in healthcare data breach
    Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
    Like
    Love
    Wow
    Sad
    Angry
    507
    0 Комментарии 0 Поделились
  • Scientists Detect Unusual Airborne Toxin in the United States for the First Time

    Researchers unexpectedly discovered toxic airborne pollutants in Oklahoma. The image above depicts a field in Oklahoma. Credit: Shutterstock
    University of Colorado Boulder researchers made the first-ever airborne detection of Medium Chain Chlorinated Paraffinsin the Western Hemisphere.
    Sometimes, scientific research feels a lot like solving a mystery. Scientists head into the field with a clear goal and a solid hypothesis, but then the data reveals something surprising. That’s when the real detective work begins.
    This is exactly what happened to a team from the University of Colorado Boulder during a recent field study in rural Oklahoma. They were using a state-of-the-art instrument to track how tiny particles form and grow in the air. But instead of just collecting expected data, they uncovered something completely new: the first-ever airborne detection of Medium Chain Chlorinated Paraffins, a kind of toxic organic pollutant, in the Western Hemisphere. The teams findings were published in ACS Environmental Au.
    “It’s very exciting as a scientist to find something unexpected like this that we weren’t looking for,” said Daniel Katz, CU Boulder chemistry PhD student and lead author of the study. “We’re starting to learn more about this toxic, organic pollutant that we know is out there, and which we need to understand better.”
    MCCPs are currently under consideration for regulation by the Stockholm Convention, a global treaty to protect human health from long-standing and widespread chemicals. While the toxic pollutants have been measured in Antarctica and Asia, researchers haven’t been sure how to document them in the Western Hemisphere’s atmosphere until now.
    From Wastewater to Farmlands
    MCCPs are used in fluids for metal working and in the construction of PVC and textiles. They are often found in wastewater and as a result, can end up in biosolid fertilizer, also called sewage sludge, which is created when liquid is removed from wastewater in a treatment plant. In Oklahoma, researchers suspect the MCCPs they identified came from biosolid fertilizer in the fields near where they set up their instrument.
    “When sewage sludges are spread across the fields, those toxic compounds could be released into the air,” Katz said. “We can’t show directly that that’s happening, but we think it’s a reasonable way that they could be winding up in the air. Sewage sludge fertilizers have been shown to release similar compounds.”
    MCCPs little cousins, Short Chain Chlorinated Paraffins, are currently regulated by the Stockholm Convention, and since 2009, by the EPA here in the United States. Regulation came after studies found the toxic pollutants, which travel far and last a long time in the atmosphere, were harmful to human health. But researchers hypothesize that the regulation of SCCPs may have increased MCCPs in the environment.
    “We always have these unintended consequences of regulation, where you regulate something, and then there’s still a need for the products that those were in,” said Ellie Browne, CU Boulder chemistry professor, CIRES Fellow, and co-author of the study. “So they get replaced by something.”
    Measurement of aerosols led to a new and surprising discovery
    Using a nitrate chemical ionization mass spectrometer, which allows scientists to identify chemical compounds in the air, the team measured air at the agricultural site 24 hours a day for one month. As Katz cataloged the data, he documented the different isotopic patterns in the compounds. The compounds measured by the team had distinct patterns, and he noticed new patterns that he immediately identified as different from the known chemical compounds. With some additional research, he identified them as chlorinated paraffins found in MCCPs.
    Katz says the makeup of MCCPs are similar to PFAS, long-lasting toxic chemicals that break down slowly over time. Known as “forever chemicals,” their presence in soils recently led the Oklahoma Senate to ban biosolid fertilizer.
    Now that researchers know how to measure MCCPs, the next step might be to measure the pollutants at different times throughout the year to understand how levels change each season. Many unknowns surrounding MCCPs remain, and there’s much more to learn about their environmental impacts.
    “We identified them, but we still don’t know exactly what they do when they are in the atmosphere, and they need to be investigated further,” Katz said. “I think it’s important that we continue to have governmental agencies that are capable of evaluating the science and regulating these chemicals as necessary for public health and safety.”
    Reference: “Real-Time Measurements of Gas-Phase Medium-Chain Chlorinated Paraffins Reveal Daily Changes in Gas-Particle Partitioning Controlled by Ambient Temperature” by Daniel John Katz, Bri Dobson, Mitchell Alton, Harald Stark, Douglas R. Worsnop, Manjula R. Canagaratna and Eleanor C. Browne, 5 June 2025, ACS Environmental Au.
    DOI: 10.1021/acsenvironau.5c00038
    Never miss a breakthrough: Join the SciTechDaily newsletter.
    #scientists #detect #unusual #airborne #toxin
    Scientists Detect Unusual Airborne Toxin in the United States for the First Time
    Researchers unexpectedly discovered toxic airborne pollutants in Oklahoma. The image above depicts a field in Oklahoma. Credit: Shutterstock University of Colorado Boulder researchers made the first-ever airborne detection of Medium Chain Chlorinated Paraffinsin the Western Hemisphere. Sometimes, scientific research feels a lot like solving a mystery. Scientists head into the field with a clear goal and a solid hypothesis, but then the data reveals something surprising. That’s when the real detective work begins. This is exactly what happened to a team from the University of Colorado Boulder during a recent field study in rural Oklahoma. They were using a state-of-the-art instrument to track how tiny particles form and grow in the air. But instead of just collecting expected data, they uncovered something completely new: the first-ever airborne detection of Medium Chain Chlorinated Paraffins, a kind of toxic organic pollutant, in the Western Hemisphere. The teams findings were published in ACS Environmental Au. “It’s very exciting as a scientist to find something unexpected like this that we weren’t looking for,” said Daniel Katz, CU Boulder chemistry PhD student and lead author of the study. “We’re starting to learn more about this toxic, organic pollutant that we know is out there, and which we need to understand better.” MCCPs are currently under consideration for regulation by the Stockholm Convention, a global treaty to protect human health from long-standing and widespread chemicals. While the toxic pollutants have been measured in Antarctica and Asia, researchers haven’t been sure how to document them in the Western Hemisphere’s atmosphere until now. From Wastewater to Farmlands MCCPs are used in fluids for metal working and in the construction of PVC and textiles. They are often found in wastewater and as a result, can end up in biosolid fertilizer, also called sewage sludge, which is created when liquid is removed from wastewater in a treatment plant. In Oklahoma, researchers suspect the MCCPs they identified came from biosolid fertilizer in the fields near where they set up their instrument. “When sewage sludges are spread across the fields, those toxic compounds could be released into the air,” Katz said. “We can’t show directly that that’s happening, but we think it’s a reasonable way that they could be winding up in the air. Sewage sludge fertilizers have been shown to release similar compounds.” MCCPs little cousins, Short Chain Chlorinated Paraffins, are currently regulated by the Stockholm Convention, and since 2009, by the EPA here in the United States. Regulation came after studies found the toxic pollutants, which travel far and last a long time in the atmosphere, were harmful to human health. But researchers hypothesize that the regulation of SCCPs may have increased MCCPs in the environment. “We always have these unintended consequences of regulation, where you regulate something, and then there’s still a need for the products that those were in,” said Ellie Browne, CU Boulder chemistry professor, CIRES Fellow, and co-author of the study. “So they get replaced by something.” Measurement of aerosols led to a new and surprising discovery Using a nitrate chemical ionization mass spectrometer, which allows scientists to identify chemical compounds in the air, the team measured air at the agricultural site 24 hours a day for one month. As Katz cataloged the data, he documented the different isotopic patterns in the compounds. The compounds measured by the team had distinct patterns, and he noticed new patterns that he immediately identified as different from the known chemical compounds. With some additional research, he identified them as chlorinated paraffins found in MCCPs. Katz says the makeup of MCCPs are similar to PFAS, long-lasting toxic chemicals that break down slowly over time. Known as “forever chemicals,” their presence in soils recently led the Oklahoma Senate to ban biosolid fertilizer. Now that researchers know how to measure MCCPs, the next step might be to measure the pollutants at different times throughout the year to understand how levels change each season. Many unknowns surrounding MCCPs remain, and there’s much more to learn about their environmental impacts. “We identified them, but we still don’t know exactly what they do when they are in the atmosphere, and they need to be investigated further,” Katz said. “I think it’s important that we continue to have governmental agencies that are capable of evaluating the science and regulating these chemicals as necessary for public health and safety.” Reference: “Real-Time Measurements of Gas-Phase Medium-Chain Chlorinated Paraffins Reveal Daily Changes in Gas-Particle Partitioning Controlled by Ambient Temperature” by Daniel John Katz, Bri Dobson, Mitchell Alton, Harald Stark, Douglas R. Worsnop, Manjula R. Canagaratna and Eleanor C. Browne, 5 June 2025, ACS Environmental Au. DOI: 10.1021/acsenvironau.5c00038 Never miss a breakthrough: Join the SciTechDaily newsletter. #scientists #detect #unusual #airborne #toxin
    SCITECHDAILY.COM
    Scientists Detect Unusual Airborne Toxin in the United States for the First Time
    Researchers unexpectedly discovered toxic airborne pollutants in Oklahoma. The image above depicts a field in Oklahoma. Credit: Shutterstock University of Colorado Boulder researchers made the first-ever airborne detection of Medium Chain Chlorinated Paraffins (MCCPs) in the Western Hemisphere. Sometimes, scientific research feels a lot like solving a mystery. Scientists head into the field with a clear goal and a solid hypothesis, but then the data reveals something surprising. That’s when the real detective work begins. This is exactly what happened to a team from the University of Colorado Boulder during a recent field study in rural Oklahoma. They were using a state-of-the-art instrument to track how tiny particles form and grow in the air. But instead of just collecting expected data, they uncovered something completely new: the first-ever airborne detection of Medium Chain Chlorinated Paraffins (MCCPs), a kind of toxic organic pollutant, in the Western Hemisphere. The teams findings were published in ACS Environmental Au. “It’s very exciting as a scientist to find something unexpected like this that we weren’t looking for,” said Daniel Katz, CU Boulder chemistry PhD student and lead author of the study. “We’re starting to learn more about this toxic, organic pollutant that we know is out there, and which we need to understand better.” MCCPs are currently under consideration for regulation by the Stockholm Convention, a global treaty to protect human health from long-standing and widespread chemicals. While the toxic pollutants have been measured in Antarctica and Asia, researchers haven’t been sure how to document them in the Western Hemisphere’s atmosphere until now. From Wastewater to Farmlands MCCPs are used in fluids for metal working and in the construction of PVC and textiles. They are often found in wastewater and as a result, can end up in biosolid fertilizer, also called sewage sludge, which is created when liquid is removed from wastewater in a treatment plant. In Oklahoma, researchers suspect the MCCPs they identified came from biosolid fertilizer in the fields near where they set up their instrument. “When sewage sludges are spread across the fields, those toxic compounds could be released into the air,” Katz said. “We can’t show directly that that’s happening, but we think it’s a reasonable way that they could be winding up in the air. Sewage sludge fertilizers have been shown to release similar compounds.” MCCPs little cousins, Short Chain Chlorinated Paraffins (SCCPs), are currently regulated by the Stockholm Convention, and since 2009, by the EPA here in the United States. Regulation came after studies found the toxic pollutants, which travel far and last a long time in the atmosphere, were harmful to human health. But researchers hypothesize that the regulation of SCCPs may have increased MCCPs in the environment. “We always have these unintended consequences of regulation, where you regulate something, and then there’s still a need for the products that those were in,” said Ellie Browne, CU Boulder chemistry professor, CIRES Fellow, and co-author of the study. “So they get replaced by something.” Measurement of aerosols led to a new and surprising discovery Using a nitrate chemical ionization mass spectrometer, which allows scientists to identify chemical compounds in the air, the team measured air at the agricultural site 24 hours a day for one month. As Katz cataloged the data, he documented the different isotopic patterns in the compounds. The compounds measured by the team had distinct patterns, and he noticed new patterns that he immediately identified as different from the known chemical compounds. With some additional research, he identified them as chlorinated paraffins found in MCCPs. Katz says the makeup of MCCPs are similar to PFAS, long-lasting toxic chemicals that break down slowly over time. Known as “forever chemicals,” their presence in soils recently led the Oklahoma Senate to ban biosolid fertilizer. Now that researchers know how to measure MCCPs, the next step might be to measure the pollutants at different times throughout the year to understand how levels change each season. Many unknowns surrounding MCCPs remain, and there’s much more to learn about their environmental impacts. “We identified them, but we still don’t know exactly what they do when they are in the atmosphere, and they need to be investigated further,” Katz said. “I think it’s important that we continue to have governmental agencies that are capable of evaluating the science and regulating these chemicals as necessary for public health and safety.” Reference: “Real-Time Measurements of Gas-Phase Medium-Chain Chlorinated Paraffins Reveal Daily Changes in Gas-Particle Partitioning Controlled by Ambient Temperature” by Daniel John Katz, Bri Dobson, Mitchell Alton, Harald Stark, Douglas R. Worsnop, Manjula R. Canagaratna and Eleanor C. Browne, 5 June 2025, ACS Environmental Au. DOI: 10.1021/acsenvironau.5c00038 Never miss a breakthrough: Join the SciTechDaily newsletter.
    Like
    Love
    Wow
    Sad
    Angry
    411
    2 Комментарии 0 Поделились
  • Ansys: R&D Engineer II (Remote - East Coast, US)

    Requisition #: 16890 Our Mission: Powering Innovation That Drives Human Advancement When visionary companies need to know how their world-changing ideas will perform, they close the gap between design and reality with Ansys simulation. For more than 50 years, Ansys software has enabled innovators across industries to push boundaries by using the predictive power of simulation. From sustainable transportation to advanced semiconductors, from satellite systems to life-saving medical devices, the next great leaps in human advancement will be powered by Ansys. Innovate With Ansys, Power Your Career. Summary / Role Purpose The R&D Engineer II contributes to the development of software products and supporting systems. In this role, the R&D Engineer II will collaborate with a team of expert professionals to understand customer requirements and accomplish development objectives. Key Duties and Responsibilities Performs moderately complex development activities, including the design, implementation, maintenance, testing and documentation of software modules and sub-systems Understands and employs best practices Performs moderately complex bug verification, release testing and beta support for assigned products. Researches problems discovered by QA or product support and develops solutions Understands the marketing requirements for a product, including target environment, performance criteria and competitive issues Works under the general supervision of a development manager Minimum Education/Certification Requirements and Experience BS in Computer Science, Applied Mathematics, Engineering, or other natural science disciplines with 3-5 years' experience or MS with minimum 2 years experience Working experience within technical software development proven by academic, research, or industry projects. Good understanding and skills in object-oriented programming Experience with Java and C# / .NET Role can be remote, must be based on the East Coast due to timezone Preferred Qualifications and Skills Experience with C++, Python, in addition to Java and C# / .NET Knowledge of Task-Based Asynchronous design patternExposure to model-based systems engineering concepts Working knowledge of SysML Know-how on cloud computing technologies like micro-service architectures, RPC frameworks, REST APIs, etc. Knowledge of software security best practices Experience working on an Agile software development team Technical knowledge and experience with various engineering tools and methodologies, such as Finite Element simulation, CAD modeling, and Systems Architecture modelling is a plus Ability to assist more junior developers on an as-needed basis Ability to learn quickly and to collaborate with others in a geographically distributed team Excellent communication and interpersonal skills At Ansys, we know that changing the world takes vision, skill, and each other. We fuel new ideas, build relationships, and help each other realize our greatest potential. We are ONE Ansys. We operate on three key components: our commitments to stakeholders, our values that guide how we work together, and our actions to deliver results. As ONE Ansys, we are powering innovation that drives human advancement Our Commitments:Amaze with innovative products and solutionsMake our customers incredibly successfulAct with integrityEnsure employees thrive and shareholders prosper Our Values:Adaptability: Be open, welcome what's nextCourage: Be courageous, move forward passionatelyGenerosity: Be generous, share, listen, serveAuthenticity: Be you, make us stronger Our Actions:We commit to audacious goalsWe work seamlessly as a teamWe demonstrate masteryWe deliver outstanding resultsVALUES IN ACTION Ansys is committed to powering the people who power human advancement. We believe in creating and nurturing a workplace that supports and welcomes people of all backgrounds; encouraging them to bring their talents and experience to a workplace where they are valued and can thrive. Our culture is grounded in our four core values of adaptability, courage, generosity, and authenticity. Through our behaviors and actions, these values foster higher team performance and greater innovation for our customers. We're proud to offer programs, available to all employees, to further impact innovation and business outcomes, such as employee networks and learning communities that inform solutions for our globally minded customer base. WELCOME WHAT'S NEXT IN YOUR CAREER AT ANSYS At Ansys, you will find yourself among the sharpest minds and most visionary leaders across the globe. Collectively, we strive to change the world with innovative technology and transformational solutions. With a prestigious reputation in working with well-known, world-class companies, standards at Ansys are high - met by those willing to rise to the occasion and meet those challenges head on. Our team is passionate about pushing the limits of world-class simulation technology, empowering our customers to turn their design concepts into successful, innovative products faster and at a lower cost. Ready to feel inspired? Check out some of our recent customer stories, here and here . At Ansys, it's about the learning, the discovery, and the collaboration. It's about the "what's next" as much as the "mission accomplished." And it's about the melding of disciplined intellect with strategic direction and results that have, can, and do impact real people in real ways. All this is forged within a working environment built on respect, autonomy, and ethics.CREATING A PLACE WE'RE PROUD TO BEAnsys is an S&P 500 company and a member of the NASDAQ-100. We are proud to have been recognized for the following more recent awards, although our list goes on: Newsweek's Most Loved Workplace globally and in the U.S., Gold Stevie Award Winner, America's Most Responsible Companies, Fast Company World Changing Ideas, Great Place to Work Certified.For more information, please visit us at Ansys is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics.Ansys does not accept unsolicited referrals for vacancies, and any unsolicited referral will become the property of Ansys. Upon hire, no fee will be owed to the agency, person, or entity.Apply NowLet's start your dream job Apply now Meet JobCopilot: Your Personal AI Job HunterAutomatically Apply to Remote Full-Stack Programming JobsJust set your preferences and Job Copilot will do the rest-finding, filtering, and applying while you focus on what matters. Activate JobCopilot
    #ansys #rampampd #engineer #remote #east
    Ansys: R&D Engineer II (Remote - East Coast, US)
    Requisition #: 16890 Our Mission: Powering Innovation That Drives Human Advancement When visionary companies need to know how their world-changing ideas will perform, they close the gap between design and reality with Ansys simulation. For more than 50 years, Ansys software has enabled innovators across industries to push boundaries by using the predictive power of simulation. From sustainable transportation to advanced semiconductors, from satellite systems to life-saving medical devices, the next great leaps in human advancement will be powered by Ansys. Innovate With Ansys, Power Your Career. Summary / Role Purpose The R&D Engineer II contributes to the development of software products and supporting systems. In this role, the R&D Engineer II will collaborate with a team of expert professionals to understand customer requirements and accomplish development objectives. Key Duties and Responsibilities Performs moderately complex development activities, including the design, implementation, maintenance, testing and documentation of software modules and sub-systems Understands and employs best practices Performs moderately complex bug verification, release testing and beta support for assigned products. Researches problems discovered by QA or product support and develops solutions Understands the marketing requirements for a product, including target environment, performance criteria and competitive issues Works under the general supervision of a development manager Minimum Education/Certification Requirements and Experience BS in Computer Science, Applied Mathematics, Engineering, or other natural science disciplines with 3-5 years' experience or MS with minimum 2 years experience Working experience within technical software development proven by academic, research, or industry projects. Good understanding and skills in object-oriented programming Experience with Java and C# / .NET Role can be remote, must be based on the East Coast due to timezone Preferred Qualifications and Skills Experience with C++, Python, in addition to Java and C# / .NET Knowledge of Task-Based Asynchronous design patternExposure to model-based systems engineering concepts Working knowledge of SysML Know-how on cloud computing technologies like micro-service architectures, RPC frameworks, REST APIs, etc. Knowledge of software security best practices Experience working on an Agile software development team Technical knowledge and experience with various engineering tools and methodologies, such as Finite Element simulation, CAD modeling, and Systems Architecture modelling is a plus Ability to assist more junior developers on an as-needed basis Ability to learn quickly and to collaborate with others in a geographically distributed team Excellent communication and interpersonal skills At Ansys, we know that changing the world takes vision, skill, and each other. We fuel new ideas, build relationships, and help each other realize our greatest potential. We are ONE Ansys. We operate on three key components: our commitments to stakeholders, our values that guide how we work together, and our actions to deliver results. As ONE Ansys, we are powering innovation that drives human advancement Our Commitments:Amaze with innovative products and solutionsMake our customers incredibly successfulAct with integrityEnsure employees thrive and shareholders prosper Our Values:Adaptability: Be open, welcome what's nextCourage: Be courageous, move forward passionatelyGenerosity: Be generous, share, listen, serveAuthenticity: Be you, make us stronger Our Actions:We commit to audacious goalsWe work seamlessly as a teamWe demonstrate masteryWe deliver outstanding resultsVALUES IN ACTION Ansys is committed to powering the people who power human advancement. We believe in creating and nurturing a workplace that supports and welcomes people of all backgrounds; encouraging them to bring their talents and experience to a workplace where they are valued and can thrive. Our culture is grounded in our four core values of adaptability, courage, generosity, and authenticity. Through our behaviors and actions, these values foster higher team performance and greater innovation for our customers. We're proud to offer programs, available to all employees, to further impact innovation and business outcomes, such as employee networks and learning communities that inform solutions for our globally minded customer base. WELCOME WHAT'S NEXT IN YOUR CAREER AT ANSYS At Ansys, you will find yourself among the sharpest minds and most visionary leaders across the globe. Collectively, we strive to change the world with innovative technology and transformational solutions. With a prestigious reputation in working with well-known, world-class companies, standards at Ansys are high - met by those willing to rise to the occasion and meet those challenges head on. Our team is passionate about pushing the limits of world-class simulation technology, empowering our customers to turn their design concepts into successful, innovative products faster and at a lower cost. Ready to feel inspired? Check out some of our recent customer stories, here and here . At Ansys, it's about the learning, the discovery, and the collaboration. It's about the "what's next" as much as the "mission accomplished." And it's about the melding of disciplined intellect with strategic direction and results that have, can, and do impact real people in real ways. All this is forged within a working environment built on respect, autonomy, and ethics.CREATING A PLACE WE'RE PROUD TO BEAnsys is an S&P 500 company and a member of the NASDAQ-100. We are proud to have been recognized for the following more recent awards, although our list goes on: Newsweek's Most Loved Workplace globally and in the U.S., Gold Stevie Award Winner, America's Most Responsible Companies, Fast Company World Changing Ideas, Great Place to Work Certified.For more information, please visit us at Ansys is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics.Ansys does not accept unsolicited referrals for vacancies, and any unsolicited referral will become the property of Ansys. Upon hire, no fee will be owed to the agency, person, or entity.Apply NowLet's start your dream job Apply now Meet JobCopilot: Your Personal AI Job HunterAutomatically Apply to Remote Full-Stack Programming JobsJust set your preferences and Job Copilot will do the rest-finding, filtering, and applying while you focus on what matters. Activate JobCopilot #ansys #rampampd #engineer #remote #east
    WEWORKREMOTELY.COM
    Ansys: R&D Engineer II (Remote - East Coast, US)
    Requisition #: 16890 Our Mission: Powering Innovation That Drives Human Advancement When visionary companies need to know how their world-changing ideas will perform, they close the gap between design and reality with Ansys simulation. For more than 50 years, Ansys software has enabled innovators across industries to push boundaries by using the predictive power of simulation. From sustainable transportation to advanced semiconductors, from satellite systems to life-saving medical devices, the next great leaps in human advancement will be powered by Ansys. Innovate With Ansys, Power Your Career. Summary / Role Purpose The R&D Engineer II contributes to the development of software products and supporting systems. In this role, the R&D Engineer II will collaborate with a team of expert professionals to understand customer requirements and accomplish development objectives. Key Duties and Responsibilities Performs moderately complex development activities, including the design, implementation, maintenance, testing and documentation of software modules and sub-systems Understands and employs best practices Performs moderately complex bug verification, release testing and beta support for assigned products. Researches problems discovered by QA or product support and develops solutions Understands the marketing requirements for a product, including target environment, performance criteria and competitive issues Works under the general supervision of a development manager Minimum Education/Certification Requirements and Experience BS in Computer Science, Applied Mathematics, Engineering, or other natural science disciplines with 3-5 years' experience or MS with minimum 2 years experience Working experience within technical software development proven by academic, research, or industry projects. Good understanding and skills in object-oriented programming Experience with Java and C# / .NET Role can be remote, must be based on the East Coast due to timezone Preferred Qualifications and Skills Experience with C++, Python, in addition to Java and C# / .NET Knowledge of Task-Based Asynchronous design pattern (TAP) Exposure to model-based systems engineering concepts Working knowledge of SysML Know-how on cloud computing technologies like micro-service architectures, RPC frameworks (e.g., gRPC), REST APIs, etc. Knowledge of software security best practices Experience working on an Agile software development team Technical knowledge and experience with various engineering tools and methodologies, such as Finite Element simulation, CAD modeling, and Systems Architecture modelling is a plus Ability to assist more junior developers on an as-needed basis Ability to learn quickly and to collaborate with others in a geographically distributed team Excellent communication and interpersonal skills At Ansys, we know that changing the world takes vision, skill, and each other. We fuel new ideas, build relationships, and help each other realize our greatest potential. We are ONE Ansys. We operate on three key components: our commitments to stakeholders, our values that guide how we work together, and our actions to deliver results. As ONE Ansys, we are powering innovation that drives human advancement Our Commitments:Amaze with innovative products and solutionsMake our customers incredibly successfulAct with integrityEnsure employees thrive and shareholders prosper Our Values:Adaptability: Be open, welcome what's nextCourage: Be courageous, move forward passionatelyGenerosity: Be generous, share, listen, serveAuthenticity: Be you, make us stronger Our Actions:We commit to audacious goalsWe work seamlessly as a teamWe demonstrate masteryWe deliver outstanding resultsVALUES IN ACTION Ansys is committed to powering the people who power human advancement. We believe in creating and nurturing a workplace that supports and welcomes people of all backgrounds; encouraging them to bring their talents and experience to a workplace where they are valued and can thrive. Our culture is grounded in our four core values of adaptability, courage, generosity, and authenticity. Through our behaviors and actions, these values foster higher team performance and greater innovation for our customers. We're proud to offer programs, available to all employees, to further impact innovation and business outcomes, such as employee networks and learning communities that inform solutions for our globally minded customer base. WELCOME WHAT'S NEXT IN YOUR CAREER AT ANSYS At Ansys, you will find yourself among the sharpest minds and most visionary leaders across the globe. Collectively, we strive to change the world with innovative technology and transformational solutions. With a prestigious reputation in working with well-known, world-class companies, standards at Ansys are high - met by those willing to rise to the occasion and meet those challenges head on. Our team is passionate about pushing the limits of world-class simulation technology, empowering our customers to turn their design concepts into successful, innovative products faster and at a lower cost. Ready to feel inspired? Check out some of our recent customer stories, here and here . At Ansys, it's about the learning, the discovery, and the collaboration. It's about the "what's next" as much as the "mission accomplished." And it's about the melding of disciplined intellect with strategic direction and results that have, can, and do impact real people in real ways. All this is forged within a working environment built on respect, autonomy, and ethics.CREATING A PLACE WE'RE PROUD TO BEAnsys is an S&P 500 company and a member of the NASDAQ-100. We are proud to have been recognized for the following more recent awards, although our list goes on: Newsweek's Most Loved Workplace globally and in the U.S., Gold Stevie Award Winner, America's Most Responsible Companies, Fast Company World Changing Ideas, Great Place to Work Certified (China, Greece, France, India, Japan, Korea, Spain, Sweden, Taiwan, and U.K.).For more information, please visit us at Ansys is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics.Ansys does not accept unsolicited referrals for vacancies, and any unsolicited referral will become the property of Ansys. Upon hire, no fee will be owed to the agency, person, or entity.Apply NowLet's start your dream job Apply now Meet JobCopilot: Your Personal AI Job HunterAutomatically Apply to Remote Full-Stack Programming JobsJust set your preferences and Job Copilot will do the rest-finding, filtering, and applying while you focus on what matters. Activate JobCopilot
    Like
    Love
    Wow
    Sad
    Angry
    468
    2 Комментарии 0 Поделились
  • Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

    Jun 16, 2025Ravie LakshmananMalware / DevOps

    Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
    The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions."
    The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week.
    Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload.
    Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer.

    The stealer malware is equipped to siphon a wide range of data from infected machines. This includes -

    JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers
    Pod sandbox environment authentication tokens and git information
    CI/CD information from environment variables
    Zscaler host configuration
    Amazon Web Services account information and tokens
    Public IP address
    General platform, user, and host information

    The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems.
    The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis.
    "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said.

    "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity."
    The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below -

    eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry.
    SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown.
    "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said.
    Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed.
    "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work."
    Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server.
    This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB.
    "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL."

    Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user.
    The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT.
    "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent."
    Crypto Malware in the Open-Source Supply Chain
    The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem.

    Some of the examples of these packages include -

    express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys
    bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing.
    lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers

    "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said.
    "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets."
    AI and Slopsquatting
    The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks.
    Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences.

    Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting.
    "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said.
    "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #malicious #pypi #package #masquerades #chimera
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server. This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB. "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #malicious #pypi #package #masquerades #chimera
    THEHACKERNEWS.COM
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    Like
    Love
    Wow
    Sad
    Angry
    514
    2 Комментарии 0 Поделились
Расширенные страницы