Download scan-based PBR texture sets of common interior and exterior materials at up to 8K resolution. For commercial use.

Never made a zine? Haven’t made one since 1999? We made one, and so can you.

Start crafting quality cosplay props with minimal post-processing.

In this article:See more ▼Post may contain affiliate links which give us commissions at no cost to you.Preppy fonts capture that quintessential East Coast elite vibe – think Nantucket summers, yacht clubs, and monogrammed everything. These typefaces embody the perfect balance of tradition and refinement that makes preppy design so timeless and aspirational. But here’s the thing: not all fonts can pull off that coveted preppy aesthetic. The best preppy fonts have a certain je ne sais quoi – they’re classic without being stuffy, elegant without being pretentious, and refined without being inaccessible. In this comprehensive guide, we’ll explore the most gorgeous preppy fonts that’ll have your designs looking like they belong in the pages of Town & Country magazine. So grab your pearls and let’s dive into this typographic treasure trove! 👋 Psst... Did you know you can get unlimited downloads of 59,000+ fonts and millions of other creative assets for just $16.95/mo? Learn more »The Preppiest Fonts That Define 2025 Let’s start with the crème de la crème – the fonts that truly embody that preppy spirit. I’ve curated this list based on their ability to channel that classic New England charm while remaining versatile enough for modern design needs. Gatsby Prelude Gatsby Prelude is an elegant and modern Art Deco font duo. It combines sans-serif characters with decorative elements, perfect for creating sophisticated designs with a touch of vintage glamour.Burtuqol Burtuqol is a vintage slab serif font that exudes a retro charm. Its bold, chunky serifs and aged appearance make it ideal for projects requiring a nostalgic or timeworn aesthetic.Gafler Gafler is a classy vintage serif font with decorative elements. It combines elegance with a touch of old-world charm, making it perfect for high-end branding and classic design projects.Get 300+ Fonts for FREEEnter your email to download our 100% free "Font Lover's Bundle". For commercial & personal use. No royalties. No fees. No attribution. 100% free to use anywhere. Kagnue Kagnue is a modern and classy serif font. It offers a fresh take on traditional serif typefaces, blending contemporary design with timeless elegance for versatile use in various design contexts.The Blendinroom The Blendinroom is a retro serif typeface featuring luxurious ligatures. Its vintage-inspired design and intricate details make it ideal for creating sophisticated, old-world aesthetics in design projects.MODER BULES MODER BULES is a playful sans-serif font with a fun, childlike appeal. Its quirky design makes it perfect for kids-oriented projects or Halloween-themed designs, adding a touch of whimsy to typography.Nickey Vintage Nickey Vintage is a decorative display font with a strong vintage flair. Its bold, eye-catching characters make it ideal for headlines, logos, and designs that require a striking retro aesthetic.Ladger Ladger is a casual script font that exudes luxury and elegance. Its flowing lines and graceful curves make it perfect for logo designs, high-end branding, and projects requiring a touch of sophistication.Hadnich Hadnich is a modern script font with a brush-like quality. Its versatile design makes it suitable for various applications, from signage to branding, offering a contemporary take on handwritten typography.Belly and Park Belly and Park is a condensed beauty classic font family featuring both serif and sans-serif styles. Its vintage-inspired design and narrow characters make it ideal for creating elegant, space-efficient layouts.Loubag Loubag is a modern retro font family encompassing sans-serif, serif, and decorative styles. Its bold, fashion-forward design makes it perfect for creating eye-catching headlines and trendy branding materials.Petter And Sons Petter And Sons is a romantic beauty script font with decorative elements. Its elegant, flowing design makes it ideal for wedding invitations, luxury branding, and projects requiring a touch of refined beauty.Preteoria Preteoria is a modern cursive font with a sleek, contemporary feel. Its smooth curves and clean lines make it versatile for various design applications, from branding to digital media projects.Delauney Delauney is an Art Deco-inspired sans-serif font that captures the essence of the roaring twenties. Its geometric shapes and sleek lines make it perfect for creating designs with a bold, metropolitan flair.Amadi Vintage Amadi Vintage is a chic and beautiful serif font with a timeless appeal. Its elegant design and vintage-inspired details make it ideal for creating sophisticated, classic-looking designs and branding materials.LEDERSON LEDERSON is a vintage-inspired shadow font. Its weathered look and strong character make it perfect for designs requiring an authentic, aged aesthetic.Fancyou Fancyou is a versatile serif font with alternate characters. Its elegant design and customizable options make it suitable for a wide range of projects, from formal invitations to modern branding materials.Catterpie Font Catterpie is a handwritten script font that mimics natural handlettering. Its fluid, signature-like style makes it perfect for creating personal, authentic-looking designs and branding materials.Jemmy Wonder Jemmy Wonder is a Victorian-inspired serif font with a strong vintage character. Its ornate details and old-world charm make it ideal for creating designs with a classic, nostalgic feel.Monthey Monthey is a bold, elegant vintage display serif font. Its chunky characters and 70s-inspired design make it perfect for creating eye-catching headlines and retro-themed branding materials.Madville Madville is a classy script font with a versatile design. Its elegant curves and smooth transitions make it suitable for a wide range of projects, from formal invitations to modern branding materials.Crowk Crowk is a luxury serif font with a timeless, elegant appeal. Its refined design and classic proportions make it ideal for high-end branding, editorial layouts, and sophisticated design projects.Peachy Fantasy Peachy Fantasy is an Art Nouveau-inspired display font with decorative elements. Its vintage charm and unique character make it perfect for creating eye-catching headlines and artistic design projects.Cormier Cormier is a decorative sans-serif font with a strong artistic flair. Its unique design and fashion-forward aesthetic make it ideal for creating bold, attention-grabbing headlines and branding materials.Syntage Syntage is a decorative modern luxury font with both serif and ornamental elements. Its retro-inspired design and luxurious details make it perfect for high-end branding and sophisticated design projects.Jeniffer Selfies Jeniffer Selfies is a retro-inspired bold font combining sans-serif and script styles. Its playful design and vintage feel make it ideal for creating nostalgic, fun-loving designs and branding materials.The Rilman The Rilman is a ligature-rich rounded sans-serif font with a 90s-inspired design. Its retro charm and smooth edges make it perfect for creating playful, nostalgic designs and branding materials.Milky Croffle Milky Croffle is a classic beauty elegant serif font. Its refined design and timeless appeal make it ideal for creating sophisticated layouts, high-end branding, and projects requiring a touch of traditional elegance. What Makes a Font Feel Preppy? You might be wondering what exactly gives a font that unmistakable preppy vibe. After years of working with typography, I’ve identified several key characteristics that define the preppy aesthetic: Classic Serif Structure: Most preppy fonts are serifs, drawing inspiration from traditional typography used in prestigious publications and academic institutions. These serifs aren’t just decorative – they’re a nod to centuries of refined typographic tradition. Elegant Proportions: Preppy fonts tend to have well-balanced letterforms with moderate contrast between thick and thin strokes. They’re neither too delicate nor too bold – just perfectly poised, like a well-tailored blazer. Timeless Appeal: The best preppy fonts don’t scream “trendy.” Instead, they whisper “timeless.” They’re the typography equivalent of a strand of pearls – always appropriate, never out of style. Sophisticated Details: Look for subtle refinements in letterforms – graceful curves, well-crafted terminals, and thoughtful spacing. These details separate truly preppy fonts from their more pedestrian cousins. Heritage Inspiration: Many preppy fonts draw inspiration from historical typefaces used by Ivy League universities, prestigious publishing houses, and old-money families. This connection to tradition is what gives them their authentic preppy pedigree. Where to Use Preppy Fonts (And Where Not To) Preppy fonts aren’t one-size-fits-all solutions, but when used appropriately, they’re absolutely magical. Here’s where they shine brightest: Wedding Invitations: Nothing says “elegant affair” quite like a beautifully chosen preppy serif. These fonts are perfect for formal invitations, save-the-dates, and wedding stationery that needs to feel sophisticated and timeless. Luxury Branding: Brands targeting affluent audiences or positioning themselves as premium often benefit from preppy typography. Think boutique hotels, high-end fashion, or artisanal goods. Editorial Design: Magazines, newsletters, and publications focusing on lifestyle, fashion, or culture can leverage preppy fonts to establish credibility and sophistication. Corporate Identity: Professional services, law firms, financial institutions, and consulting companies often choose preppy fonts to convey trustworthiness and establishment credibility. Academic Materials: Universities, prep schools, and educational institutions naturally gravitate toward preppy typography that reflects their traditional values and heritage. However, preppy fonts might not be the best choice for: Tech Startups: The traditional nature of preppy fonts can feel at odds with innovation and disruption. Modern sans serifs usually work better for tech companies. Children’s Brands: While elegant, preppy fonts might feel too formal for products targeting young children. Playful, rounded fonts are typically more appropriate. Casual Brands: If your brand personality is laid-back and approachable, overly formal preppy fonts might create distance between you and your audience. How to Choose the Perfect Preppy Font Selecting the right preppy font requires careful consideration of several factors. Here’s my tried-and-true process: Consider Your Audience: Are you designing for actual prep school alumni, or are you trying to capture that aspirational preppy aesthetic for a broader audience? Your target demographic should influence how traditional or accessible your font choice is. Evaluate the Context: A wedding invitation can handle more ornate details than a business card. Consider where your text will appear and how much personality the context can support. Test Readability: Preppy doesn’t mean hard to read. Always test your chosen font at various sizes to ensure it remains legible. Your typography should enhance communication, not hinder it. Think About Pairing: Will you be using this font alone or pairing it with others? Consider how your preppy serif will work alongside sans serifs for body text or script fonts for accents. Consider Your Medium: Some preppy fonts work beautifully in print but struggle on screens. Others are optimized for digital use but lose their charm in print. Choose accordingly. Pairing Preppy Fonts Like a Pro The magic of preppy typography often lies in thoughtful font pairing. Here are some winning combinations that never fail: Classic Serif + Clean Sans Serif: Pair your preppy serif headline font with a crisp, readable sans serif for body text. This creates hierarchy while maintaining sophistication. Traditional Serif + Script Accent: Use a refined script font sparingly for special elements like signatures or decorative text, balanced by a solid preppy serif for main content. Serif + Serif Variation: Sometimes pairing two serifs from the same family – perhaps a regular weight for body text and a bold condensed version for headlines – creates beautiful, cohesive designs. Remember, less is often more with preppy design. Stick to two or three fonts maximum, and let the inherent elegance of your chosen typefaces do the heavy lifting. The Psychology Behind Preppy Typography Understanding why preppy fonts work so well psychologically can help you use them more effectively. These typefaces tap into powerful associations: Trust and Reliability: The traditional nature of preppy fonts suggests stability and permanence. When people see these fonts, they subconsciously associate them with established institutions and time-tested values. Sophistication and Education: Preppy fonts are reminiscent of academic institutions and intellectual pursuits. They suggest refinement, education, and cultural awareness. Exclusivity and Status: Let’s be honest – part of the preppy aesthetic’s appeal is its association with privilege and exclusivity. These fonts can make designs feel more premium and aspirational. Quality and Craftsmanship: The careful attention to typographic detail in preppy fonts suggests similar attention to quality in whatever they’re representing. Modern Takes on Classic Preppy Style While preppy fonts are rooted in tradition, the best designers know how to give them contemporary flair. Here are some ways to modernize preppy typography: Unexpected Color Palettes: Pair traditional preppy fonts with modern colors. Think sage green and cream instead of navy and white, or soft blush tones for a fresh take. Generous White Space: Give your preppy fonts room to breathe with plenty of white space. This modern approach to layout keeps traditional fonts feeling fresh and uncluttered. Mixed Media Integration: Combine preppy typography with photography, illustrations, or graphic elements for a more contemporary feel while maintaining that sophisticated foundation. Strategic Contrast: Pair your refined preppy fonts with unexpected elements – maybe a bold geometric shape or modern photography – to create dynamic tension. Preppy Font Alternatives for Every Budget Not every preppy project has a premium font budget, and that’s okay! Here are some strategies for achieving that coveted preppy look without breaking the bank: Google Fonts Gems: Fonts like Playfair Display, Crimson Text, and Libre Baskerville offer sophisticated serif options that can work beautifully for preppy designs. Font Pairing Magic: Sometimes combining two free fonts thoughtfully can create a more expensive-looking result than using a single premium font poorly. Focus on Execution: A free font used with excellent spacing, hierarchy, and layout will always look better than an expensive font used carelessly. Common Preppy Font Mistakes to Avoid Even with the perfect preppy font, poor execution can ruin the effect. Here are the most common mistakes I see designers make: Overdoing the Decoration: Just because a font has elegant details doesn’t mean you need to add more flourishes. Let the typeface’s inherent sophistication speak for itself. Ignoring Hierarchy: Preppy design relies on clear, elegant hierarchy. Don’t make everything the same size or weight – create visual flow through thoughtful typography scaling. Poor Spacing: Cramped text kills the elegant feel of preppy fonts. Give your typography generous leading and appropriate margins. Wrong Context: Using an ultra-formal preppy font for a casual pizza restaurant’s menu will feel jarring and inappropriate. Match your font choice to your content and audience. The Future of Preppy Typography As we look ahead in 2025, preppy fonts continue to evolve while maintaining their classic appeal. We’re seeing interesting trends emerge: Variable Font Technology: Modern preppy fonts are increasingly available as variable fonts, allowing designers to fine-tune weight, width, and optical size for perfect customization. Screen Optimization: Classic preppy fonts are being redrawn and optimized for digital screens without losing their traditional charm. Inclusive Preppy: Designers are expanding the preppy aesthetic beyond its traditional boundaries, creating fonts that maintain sophistication while feeling more accessible and diverse. Sustainable Design: The timeless nature of preppy fonts aligns perfectly with sustainable design principles – these typefaces won’t look dated next year, making them environmentally responsible choices. Conclusion: Embracing Timeless Elegance Preppy fonts represent more than just letterforms – they’re a gateway to timeless elegance and sophisticated communication. Whether you’re designing wedding invitations for a Martha’s Vineyard ceremony or creating brand identity for a boutique law firm, the right preppy font can elevate your work from merely professional to genuinely distinguished. The beauty of preppy typography lies in its ability to feel both traditional and fresh, formal yet approachable. These fonts have stood the test of time because they tap into something fundamental about how we perceive quality, tradition, and sophistication. As you explore the world of preppy fonts, remember that the best typography choices support your message rather than overshadowing it. Choose fonts that enhance your content’s inherent qualities and speak to your audience’s aspirations and values. So whether you’re channeling that old-money aesthetic or simply want to add a touch of refined elegance to your designs, preppy fonts offer a wealth of possibilities. After all, good typography, like good manners, never goes out of style.

TL;DR: Turn ideas into full-length books with AI—lifetime access for just $49. Writing a book takes time—something most of us don’t have between inbox chaos and back-to-back meetings. But what if all you needed was an idea? That’s where YouBooks steps in. This AI-powered tool helps you generate full-length nonfiction books with just a few prompts, and right now, you can lock in lifetime access for $49 (reg. $540). YouBooks pulls from several top-tier AI models, like ChatGPT, Claude, and Gemini, and combines them with live web research to build out detailed, structured manuscripts up to 300,000 words. Whether you want to write about productivity, startup culture, parenting, or personal finance, feed in your topic and let the AI do the heavy lifting. Why is Youbooks for you? 150,000 credits per month (1 word = 1 credit) Downloadable formats: PDF, DOCX, EPUB Commercial rights so that you can sell, share, or publish your books Custom style options to match your tone or brand It’s a serious time-saver if you’ve been sitting on an idea forever or want to build a content empire without writing every word yourself. Plus, unlike many AI tools, YouBooks gives you full ownership of the content you create. Snag a lifetime subscription to YouBooks for $49 and start turning your thoughts into fully formed nonfiction books: no ghostwriters, no subscriptions, and no gatekeepers. Youbooks – AI Nonfiction Book Generator: Lifetime SubscriptionSee Deal StackSocial prices subject to change.

Reading Time: 9 minutes In marketing, data isn’t a buzzword. It’s the lifeblood of all successful campaigns. But are you truly harnessing its power, or are you drowning in a sea of information? To answer this question (and many others), we sat down with Ankur Kothari, a seasoned Martech expert, to dive deep into this crucial topic. This interview, originally conducted for Chapter 6 of “The Customer Engagement Book: Adapt or Die” explores how businesses can translate raw data into actionable insights that drive real results. Ankur shares his wealth of knowledge on identifying valuable customer engagement data, distinguishing between signal and noise, and ultimately, shaping real-time strategies that keep companies ahead of the curve.   Ankur Kothari Q&A Interview 1. What types of customer engagement data are most valuable for making strategic business decisions? Primarily, there are four different buckets of customer engagement data. I would begin with behavioral data, encompassing website interaction, purchase history, and other app usage patterns. Second would be demographic information: age, location, income, and other relevant personal characteristics. Third would be sentiment analysis, where we derive information from social media interaction, customer feedback, or other customer reviews. Fourth would be the customer journey data. We track touchpoints across various channels of the customers to understand the customer journey path and conversion. Combining these four primary sources helps us understand the engagement data. 2. How do you distinguish between data that is actionable versus data that is just noise? First is keeping relevant to your business objectives, making actionable data that directly relates to your specific goals or KPIs, and then taking help from statistical significance. Actionable data shows clear patterns or trends that are statistically valid, whereas other data consists of random fluctuations or outliers, which may not be what you are interested in. You also want to make sure that there is consistency across sources. Actionable insights are typically corroborated by multiple data points or channels, while other data or noise can be more isolated and contradictory. Actionable data suggests clear opportunities for improvement or decision making, whereas noise does not lead to meaningful actions or changes in strategy. By applying these criteria, I can effectively filter out the noise and focus on data that delivers or drives valuable business decisions. 3. How can customer engagement data be used to identify and prioritize new business opportunities? First, it helps us to uncover unmet needs. By analyzing the customer feedback, touch points, support interactions, or usage patterns, we can identify the gaps in our current offerings or areas where customers are experiencing pain points. Second would be identifying emerging needs. Monitoring changes in customer behavior or preferences over time can reveal new market trends or shifts in demand, allowing my company to adapt their products or services accordingly. Third would be segmentation analysis. Detailed customer data analysis enables us to identify unserved or underserved segments or niche markets that may represent untapped opportunities for growth or expansion into newer areas and new geographies. Last is to build competitive differentiation. Engagement data can highlight where our companies outperform competitors, helping us to prioritize opportunities that leverage existing strengths and unique selling propositions. 4. Can you share an example of where data insights directly influenced a critical decision? I will share an example from my previous organization at one of the financial services where we were very data-driven, which made a major impact on our critical decision regarding our credit card offerings. We analyzed the customer engagement data, and we discovered that a large segment of our millennial customers were underutilizing our traditional credit cards but showed high engagement with mobile payment platforms. That insight led us to develop and launch our first digital credit card product with enhanced mobile features and rewards tailored to the millennial spending habits. Since we had access to a lot of transactional data as well, we were able to build a financial product which met that specific segment’s needs. That data-driven decision resulted in a 40% increase in our new credit card applications from this demographic within the first quarter of the launch. Subsequently, our market share improved in that specific segment, which was very crucial. 5. Are there any other examples of ways that you see customer engagement data being able to shape marketing strategy in real time? When it comes to using the engagement data in real-time, we do quite a few things. In the recent past two, three years, we are using that for dynamic content personalization, adjusting the website content, email messaging, or ad creative based on real-time user behavior and preferences. We automate campaign optimization using specific AI-driven tools to continuously analyze performance metrics and automatically reallocate the budget to top-performing channels or ad segments. Then we also build responsive social media engagement platforms like monitoring social media sentiments and trending topics to quickly adapt the messaging and create timely and relevant content. With one-on-one personalization, we do a lot of A/B testing as part of the overall rapid testing and market elements like subject lines, CTAs, and building various successful variants of the campaigns. 6. How are you doing the 1:1 personalization? We have advanced CDP systems, and we are tracking each customer’s behavior in real-time. So the moment they move to different channels, we know what the context is, what the relevance is, and the recent interaction points, so we can cater the right offer. So for example, if you looked at a certain offer on the website and you came from Google, and then the next day you walk into an in-person interaction, our agent will already know that you were looking at that offer. That gives our customer or potential customer more one-to-one personalization instead of just segment-based or bulk interaction kind of experience. We have a huge team of data scientists, data analysts, and AI model creators who help us to analyze big volumes of data and bring the right insights to our marketing and sales team so that they can provide the right experience to our customers. 7. What role does customer engagement data play in influencing cross-functional decisions, such as with product development, sales, and customer service? Primarily with product development — we have different products, not just the financial products or products whichever organizations sell, but also various products like mobile apps or websites they use for transactions. So that kind of product development gets improved. The engagement data helps our sales and marketing teams create more targeted campaigns, optimize channel selection, and refine messaging to resonate with specific customer segments. Customer service also gets helped by anticipating common issues, personalizing support interactions over the phone or email or chat, and proactively addressing potential problems, leading to improved customer satisfaction and retention. So in general, cross-functional application of engagement improves the customer-centric approach throughout the organization. 8. What do you think some of the main challenges marketers face when trying to translate customer engagement data into actionable business insights? I think the huge amount of data we are dealing with. As we are getting more digitally savvy and most of the customers are moving to digital channels, we are getting a lot of data, and that sheer volume of data can be overwhelming, making it very difficult to identify truly meaningful patterns and insights. Because of the huge data overload, we create data silos in this process, so information often exists in separate systems across different departments. We are not able to build a holistic view of customer engagement. Because of data silos and overload of data, data quality issues appear. There is inconsistency, and inaccurate data can lead to incorrect insights or poor decision-making. Quality issues could also be due to the wrong format of the data, or the data is stale and no longer relevant. As we are growing and adding more people to help us understand customer engagement, I’ve also noticed that technical folks, especially data scientists and data analysts, lack skills to properly interpret the data or apply data insights effectively. So there’s a lack of understanding of marketing and sales as domains. It’s a huge effort and can take a lot of investment. Not being able to calculate the ROI of your overall investment is a big challenge that many organizations are facing. 9. Why do you think the analysts don’t have the business acumen to properly do more than analyze the data? If people do not have the right idea of why we are collecting this data, we collect a lot of noise, and that brings in huge volumes of data. If you cannot stop that from step one—not bringing noise into the data system—that cannot be done by just technical folks or people who do not have business knowledge. Business people do not know everything about what data is being collected from which source and what data they need. It’s a gap between business domain knowledge, specifically marketing and sales needs, and technical folks who don’t have a lot of exposure to that side. Similarly, marketing business people do not have much exposure to the technical side — what’s possible to do with data, how much effort it takes, what’s relevant versus not relevant, and how to prioritize which data sources will be most important. 10. Do you have any suggestions for how this can be overcome, or have you seen it in action where it has been solved before? First, cross-functional training: training different roles to help them understand why we’re doing this and what the business goals are, giving technical people exposure to what marketing and sales teams do. And giving business folks exposure to the technology side through training on different tools, strategies, and the roadmap of data integrations. The second is helping teams work more collaboratively. So it’s not like the technology team works in a silo and comes back when their work is done, and then marketing and sales teams act upon it. Now we’re making it more like one team. You work together so that you can complement each other, and we have a better strategy from day one. 11. How do you address skepticism or resistance from stakeholders when presenting data-driven recommendations? We present clear business cases where we demonstrate how data-driven recommendations can directly align with business objectives and potential ROI. We build compelling visualizations, easy-to-understand charts and graphs that clearly illustrate the insights and the implications for business goals. We also do a lot of POCs and pilot projects with small-scale implementations to showcase tangible results and build confidence in the data-driven approach throughout the organization. 12. What technologies or tools have you found most effective for gathering and analyzing customer engagement data? I’ve found that Customer Data Platforms help us unify customer data from various sources, providing a comprehensive view of customer interactions across touch points. Having advanced analytics platforms — tools with AI and machine learning capabilities that can process large volumes of data and uncover complex patterns and insights — is a great value to us. We always use, or many organizations use, marketing automation systems to improve marketing team productivity, helping us track and analyze customer interactions across multiple channels. Another thing is social media listening tools, wherever your brand is mentioned or you want to measure customer sentiment over social media, or track the engagement of your campaigns across social media platforms. Last is web analytical tools, which provide detailed insights into your website visitors’ behaviors and engagement metrics, for browser apps, small browser apps, various devices, and mobile apps. 13. How do you ensure data quality and consistency across multiple channels to make these informed decisions? We established clear guidelines for data collection, storage, and usage across all channels to maintain consistency. Then we use data integration platforms — tools that consolidate data from various sources into a single unified view, reducing discrepancies and inconsistencies. While we collect data from different sources, we clean the data so it becomes cleaner with every stage of processing. We also conduct regular data audits — performing periodic checks to identify and rectify data quality issues, ensuring accuracy and reliability of information. We also deploy standardized data formats. On top of that, we have various automated data cleansing tools, specific software to detect and correct data errors, redundancies, duplicates, and inconsistencies in data sets automatically. 14. How do you see the role of customer engagement data evolving in shaping business strategies over the next five years? The first thing that’s been the biggest trend from the past two years is AI-driven decision making, which I think will become more prevalent, with advanced algorithms processing vast amounts of engagement data in real-time to inform strategic choices. Somewhat related to this is predictive analytics, which will play an even larger role, enabling businesses to anticipate customer needs and market trends with more accuracy and better predictive capabilities. We also touched upon hyper-personalization. We are all trying to strive toward more hyper-personalization at scale, which is more one-on-one personalization, as we are increasingly capturing more engagement data and have bigger systems and infrastructure to support processing those large volumes of data so we can achieve those hyper-personalization use cases. As the world is collecting more data, privacy concerns and regulations come into play. I believe in the next few years there will be more innovation toward how businesses can collect data ethically and what the usage practices are, leading to more transparent and consent-based engagement data strategies. And lastly, I think about the integration of engagement data, which is always a big challenge. I believe as we’re solving those integration challenges, we are adding more and more complex data sources to the picture. So I think there will need to be more innovation or sophistication brought into data integration strategies, which will help us take a truly customer-centric approach to strategy formulation.   This interview Q&A was hosted with Ankur Kothari, a previous Martech Executive, for Chapter 6 of The Customer Engagement Book: Adapt or Die. Download the PDF or request a physical copy of the book here. The post Ankur Kothari Q&A: Customer Engagement Book Interview appeared first on MoEngage.

Take the Speakers, Headphones, and Earphones SurveyTake other PCMag surveys. Each completed survey is a chance to win a $250 Amazon gift card. OFFICIAL SWEEPSTAKES RULESNO PURCHASE NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING. VOID WHERE PROHIBITED. Readers' Choice Sweepstakes (the "Sweepstakes") is governed by these official rules (the "Sweepstakes Rules"). The Sweepstakes begins on May 9, 2025, at 12:00 AM ET and ends on July 27, 2025, at 11:59 PM ET (the "Sweepstakes Period").SPONSOR: Ziff Davis, LLC, with an address of 360 Park Ave South, Floor 17, New York, NY 10010 (the "Sponsor").ELIGIBILITY: This Sweepstakes is open to individuals who are eighteen (18) years of age or older at the time of entry who are legal residents of the fifty (50) United States of America or the District of Columbia. By entering the Sweepstakes as described in these Sweepstakes Rules, entrants represent and warrant that they are complying with these Sweepstakes Rules (including, without limitation, all eligibility requirements), and that they agree to abide by and be bound by all the rules and terms and conditions stated herein and all decisions of Sponsor, which shall be final and binding.All previous winners of any sweepstakes sponsored by Sponsor during the nine (9) month period prior to the Selection Date are not eligible to enter. Any individuals (including, but not limited to, employees, consultants, independent contractors and interns) who have, within the past six (6) months, held employment with or performed services for Sponsor or any organizations affiliated with the sponsorship, fulfillment, administration, prize support, advertisement or promotion of the Sweepstakes ("Employees") are not eligible to enter or win. Immediate Family Members and Household Members are also not eligible to enter or win. "Immediate Family Members" means parents, step-parents, legal guardians, children, step-children, siblings, step-siblings, or spouses of an Employee. "Household Members" means those individuals who share the same residence with an Employee at least three (3) months a year.HOW TO ENTER: There are two methods to enter the Sweepstakes: (1) fill out the online survey, or (2) enter by mail.1. Survey Entry: To enter the Sweepstakes through the online survey, go to the survey page and complete the current survey during the Sweepstakes Period.2. Mail Entry: To enter the Sweepstakes by mail, on a 3" x 5" card, print your first and last name, street address, city, state, zip code, phone number, and email address. Mail your completed entry to:Readers' Choice Sweepstakes - Audio 2025c/o E. Griffith 624 Elm St. Ext.Ithaca, NY 14850-8786Mail Entries must be postmarked by July 28, 2025, and received by Aug. 4, 2025.Only one (1) entry per person is permitted, regardless of the entry method used. Subsequent attempts made by the same individual to submit multiple entries may result in the disqualification of the entrant.Only contributions submitted during the Sweepstakes Period will be eligible for entry into the Sweepstakes. No other methods of entry will be accepted. All entries become the property of Sponsor and will not be returned. Entries are limited to individuals only; commercial enterprises and business entities are not eligible. Use of a false account will disqualify an entry. Sponsor is not responsible for entries not received due to difficulty accessing the internet, service outage or delays, computer difficulties, and other technological problems.Entries are subject to any applicable restrictions or eligibility requirements listed herein. Entries will be deemed to have been made by the authorized account holder of the email or telephone phone number submitted at the time of entry and qualification. Multiple participants are not permitted to share the same email address. Should multiple users of the same e-mail account or mobile phone number, as applicable, enter the Sweepstakes and a dispute thereafter arises regarding the identity of the entrant, the Authorized Account Holder of said e-mail account or mobile phone account at the time of entry will be considered the entrant. "Authorized Account Holder" is defined as the natural person who is assigned an e-mail address or mobile phone number by an Internet access provider, online service provider, telephone service provider or other organization that is responsible for assigned e-mail addresses, phone numbers or the domain associated with the submitted e-mail address. Proof of submission of an entry shall not be deemed proof of receipt by the website administrator for online entries. When applicable, the website administrator's computer will be deemed the official time-keeping device for the Sweepstakes promotion. Entries will be disqualified if found to be incomplete and/or if Sponsor determines, in its sole discretion, that multiple entries were submitted by the same entrant in violation of the Sweepstakes Rules.Entries that are late, lost, stolen, mutilated, tampered with, illegible, incomplete, mechanically reproduced, inaccurate, postage-due, forged, irregular in any way or otherwise not in compliance with these Official Rules will be disqualified. All entries become the property of the Sponsor and will not be acknowledged or returned.WINNER SELECTION AND NOTIFICATION: Sponsor shall select the prize winner(s) (collectively, the "Winner") on or about Aug. 11, 2025, ("Selection Date") by random drawing or from among all eligible entries. The Winner will be notified via email to the contact information provided in the entry. Notification of the Winner shall be deemed to have occurred immediately upon sending of the notification by Sponsor. Selected winner(s) will be required to respond (as directed) to the notification within seven (7) days of attempted notification. The only entries that will be considered eligible entries are entries received by Sponsor within the Sweepstakes Period. The odds of winning depend on the number of eligible entries received. The Sponsor reserves the right, in its sole discretion, to choose an alternative winner in the event that a possible winner has been disqualified or is deemed ineligible for any reason.Recommended by Our EditorsPRIZE: One (1) winner will receive the following prize (collectively, the "Prize"):One (1) $250 Amazon.com gift code via email, valued at approximately two hundred fifty dollars ($250).No more than the stated number of prize(s) will be awarded, and all prize(s) listed above will be awarded. Actual retail value of the Prize may vary due to market conditions. The difference in value of the Prize as stated above and value at time of notification of the Winner, if any, will not be awarded. No cash or prize substitution is permitted, except at the discretion of Sponsor. The Prize is non-transferable. If the Prize cannot be awarded due to circumstances beyond the control of Sponsor, a substitute Prize of equal or greater retail value will be awarded; provided, however, that if a Prize is awarded but remains unclaimed or is forfeited by the Winner, the Prize may not be re-awarded, in Sponsor's sole discretion. In the event that more than the stated number of prize(s) becomes available for any reason, Sponsor reserves the right to award only the stated number of prize(s) by a random drawing among all legitimate, un-awarded, eligible prize claims.ACCEPTANCE AND DELIVERY OF THE PRIZE: The Winner will be required to verify his or her address and may be required to execute the following document(s) before a notary public and return them within seven (7) days (or a shorter time if required by exigencies) of receipt of such documents: an affidavit of eligibility, a liability release, and (where imposing such condition is legal) a publicity release covering eligibility, liability, advertising, publicity and media appearance issues (collectively, the "Prize Claim Documents"). If an entrant is unable to verify the information submitted with their entry, the entrant will automatically be disqualified and their prize, if any, will be forfeited. The Prize will not be awarded until all such properly executed and notarized Prize Claim Documents are returned to Sponsor. Prize(s) won by an eligible entrant who is a minor in his or her state of residence will be awarded to minor's parent or legal guardian, who must sign and return all required Prize Claim Documents. In the event the Prize Claim Documents are not returned within the specified period, an alternate Winner may be selected by Sponsor for such Prize. The Prize will be shipped to the Winner within 7 days of Sponsor's receipt of a signed Affidavit and Release from the Winner. The Winner is responsible for all taxes and fees related to the Prize received, if any.OTHER RULES: This sweepstakes is subject to all applicable laws and is void where prohibited. All submissions by entrants in connection with the sweepstakes become the sole property of the sponsor and will not be acknowledged or returned. Winner assumes all liability for any injuries or damage caused or claimed to be caused by participation in this sweepstakes or by the use or misuse of any prize.By entering the sweepstakes, each winner grants the SPONSOR permission to use his or her name, city, state/province, e-mail address and, to the extent submitted as part of the sweepstakes entry, his or her photograph, voice, and/or likeness for advertising, publicity or other purposes OR ON A WINNER'S LIST, IF APPLICABLE, IN ANY and all MEDIA WHETHER NOW KNOWN OR HEREINAFTER DEVELOPED, worldwide, without additional consent OR compensation, except where prohibited by law. By submitting an entry, entrants also grant the Sponsor a perpetual, fully-paid, irrevocable, non-exclusive license to reproduce, prepare derivative works of, distribute, display, exhibit, transmit, broadcast, televise, digitize, perform and otherwise use and permit others to use, and throughout the world, their entry materials in any manner, form, or format now known or hereinafter created, including on the internet, and for any purpose, including, but not limited to, advertising or promotion of the Sweepstakes, the Sponsor and/or its products and services, without further consent from or compensation to the entrant. By entering the Sweepstakes, entrants consent to receive notification of future promotions, advertisements or solicitations by or from Sponsor and/or Sponsor's parent companies, affiliates, subsidiaries, and business partners, via email or other means of communication.If, in the Sponsor's opinion, there is any suspected or actual evidence of fraud, electronic or non-electronic tampering or unauthorized intervention with any portion of this Sweepstakes, or if fraud or technical difficulties of any sort (e.g., computer viruses, bugs) compromise the integrity of the Sweepstakes, the Sponsor reserves the right to void suspect entries and/or terminate the Sweepstakes and award the Prize in its sole discretion. Any attempt to deliberately damage the Sponsor's website(s) or undermine the legitimate operation of the Sweepstakes may be in violation of U.S. criminal and civil laws and will result in disqualification from participation in the Sweepstakes. Should such an attempt be made, the Sponsor reserves the right to seek remedies and damages (including attorney's fees) to the fullest extent of the law, including pursuing criminal prosecution.DISCLAIMER: EXCLUDING ONLY APPLICABLE MANUFACTURERS' WARRANTIES, THE PRIZE IS PROVIDED TO THE WINNER ON AN "AS IS" BASIS, WITHOUT FURTHER WARRANTY OF ANY KIND. SPONSOR HEREBY DISCLAIMS ALL FURTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE PRIZE.LIMITATION OF LIABILITY: BY ENTERING THE SWEEPSTAKES, ENTRANTS, ON BEHALF OF THEMSELVES AND THEIR HEIRS, EXECUTORS, ASSIGNS AND REPRESENTATIVES, RELEASE AND HOLD THE SPONSOR its PARENT COMPANIES, SUBSIDIARIES, AFFILIATED COMPANIES, UNITS AND DIVISIONS, AND THE CURRENT AND FORMER OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS, SUCCESSORS AND ASSIGNS OF EACH OF THE FOREGOING, AND ALL THOSE ACTING UNDER THE AUTHORITY OF THE FOREGOING, OR ANY OF THEM (INCLUDING, BUT NOT LIMITED TO, ADVERTISING AND PROMOTIONAL AGENCIES AND PRIZE SUPPLIERS) (EACH A "RELEASED PARTY"), HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, ACTIONS, INJURY, LOSS, DAMAGES, LIABILITIES AND OBLIGATIONS OF ANY KIND WHATSOEVER (COLLECTIVELY, THE "CLAIMS") WHETHER KNOWN OR UNKNOWN, SUSPECTED OR UNSUSPECTED, WHICH ENTRANT EVER HAD, NOW HAVE, OR HEREAFTER CAN, SHALL OR MAY HAVE, AGAINST THE RELEASED PARTIES (OR ANY OF THEM), INCLUDING, BUT NOT LIMITED TO, CLAIMS ARISING FROM OR RELATED TO THE SWEEPSTAKES OR ENTRANT'S PARTICIPATION IN THE SWEEPSTAKES (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR LIBEL, DEFAMATION, INVASION OF PRIVACY, VIOLATION OF THE RIGHT OF PUBLICITY, COMMERCIAL APPROPRIATION OF NAME AND LIKENESS, INFRINGEMENT OF COPYRIGHT OR VIOLATION OF ANY OTHER PERSONAL OR PROPRIETARY RIGHT), AND THE RECEIPT, OWNERSHIP, USE, MISUSE, TRANSFER, SALE OR OTHER DISPOSITION OF THE PRIZE (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR PERSONAL INJURY, DEATH, AND/OR PROPERTY DAMAGE). All matters relating to the interpretation and application of these Sweepstakes Rules shall be decided by Sponsor in its sole discretion.DISPUTES: If, for any reason (including infection by computer virus, bugs, tampering, unauthorized intervention, fraud, technical failures, or any other causes beyond the control of the Sponsor which corrupt or affect the administration, security, fairness, integrity, or proper conduct of this Sweepstakes), the Sweepstakes is not capable of being conducted as described in these Sweepstakes Rules, Sponsor shall have the right, in its sole discretion, to disqualify any individual who tampers with the entry process, and/or to cancel, terminate, modify or suspend the Sweepstakes. The Sponsor assumes no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, entries. The Sponsor is not responsible for any problems or technical malfunction of any telephone network or lines, computer online systems, servers, providers, computer equipment, software, or failure of any e-mail or entry to be received by Sponsor on account of technical problems or traffic congestion on the Internet or at any website, or any combination thereof, including, without limitation, any injury or damage to any entrant's or any other person's computer related to or resulting from participating or downloading any materials in this Sweepstakes. Because of the unique nature and scope of the Sweepstakes, Sponsor reserves the right, in addition to those other rights reserved herein, to modify any date(s) or deadline(s) set forth in these Sweepstakes Rules or otherwise governing the Sweepstakes, and any such changes will be posted here in the Sweepstakes Rules. Any attempt by any person to deliberately undermine the legitimate operation of the Sweepstakes may be a violation of criminal and civil law, and, should such an attempt be made, Sponsor reserves the right to seek damages to the fullest extent permitted by law. Sponsor's failure to enforce any term of these Sweepstakes Rules shall not constitute a waiver of any provision.As a condition of participating in the Sweepstakes, entrant agrees that any and all disputes that cannot be resolved between entrant and Sponsor, and causes of action arising out of or connected with the Sweepstakes or these Sweepstakes Rules, shall be resolved individually, without resort to any form of class action, exclusively before a court of competent jurisdiction located in New York, New York, and entrant irrevocably consents to the jurisdiction of the federal and state courts located in New York, New York with respect to any such dispute, cause of action, or other matter. All disputes will be governed and controlled by the laws of the State of New York (without regard for its conflicts-of-laws principles). Further, in any such dispute, under no circumstances will entrant be permitted to obtain awards for, and hereby irrevocably waives all rights to claim, punitive, incidental, or consequential damages, or any other damages, including attorneys' fees, other than entrant's actual out-of-pocket expenses (i.e., costs incurred directly in connection with entrant's participation in the Sweepstakes), and entrant further irrevocably waives all rights to have damages multiplied or increased, if any. EACH PARTY EXPRESSLY WAIVES ANY RIGHT TO A TRIAL BY JURY. All federal, state, and local laws and regulations apply.PRIVACY: Information collected from entrants in connection with the Sweepstakes is subject to Sponsor's privacy policy, which may be found here.SOCIAL MEDIA PROMOTION: Although the Sweepstakes may be featured on Twitter, Facebook, and/or other social media platforms, the Sweepstakes is in no way sponsored, endorsed, administered by, or in association with Twitter, Facebook, and/or such other social media platforms and you agree that Twitter, Facebook, and all other social media platforms are not liable in any way for any claims, damages or losses associated with the Sweepstakes.WINNER(S) LIST: For a list of name(s) of prizewinner(s), after the Selection Date, please send a stamped, self-addressed No. 10/standard business envelope to Ziff Davis, LLC, Attn: Legal Department, 360 Park Ave South, Floor 17, New York, NY 10010 (VT residents may omit return postage).BY ENTERING, YOU AGREE THAT YOU HAVE READ AND AGREE TO ALL OF THESE SWEEPSTAKES RULES.

Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    