html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd" 19 shortlisted projects for the 2025 Award cycle were revealed by the Aga Khan Award for Architecture (AKAA). A portion of the $1 million prize, one of the biggest in architecture, will be awarded to the winning proposals. Out of the 369 projects nominated for the 16th Award Cycle (2023-2025), an independent Master Jury chose the 19 shortlisted projects from 15 countries.The nine members of the Master Jury for the 16th Award cycle include Azra Akšamija, Noura Al-Sayeh Holtrop, Lucia Allais, David Basulto, Yvonne Farrell, Kabage Karanja, Yacouba Konaté, Hassan Radoine, and Mun Summ Wong.His Late Highness Prince Karim Aga Khan IV created the Aga Khan Award for Architecture in 1977 to recognize and promote architectural ideas that effectively meet the needs and goals of communities where Muslims are a major population. Nearly 10,000 construction projects have been documented since the award's inception 48 years ago, and 128 projects have been granted it. The AKAA's selection method places a strong emphasis on architecture that stimulates and responds to people's cultural ambitions in addition to meeting their physical, social, and economic demands.The Aga Khan Award for Architecture is governed by a Steering Committee chaired by His Highness the Aga Khan. The other members of the Steering Committee are Meisa Batayneh, Principal Architect, Founder, maisam architects and engineers, Amman, Jordan; Souleymane Bachir Diagne, Professor of Philosophy and Francophone Studies, Columbia University, New York, United States of America; Lesley Lokko, Founder & Director, African Futures Institute, Accra, Ghana; Gülru Necipoğlu, Director and Professor, Aga Khan Program for Islamic Architecture, Harvard University, Cambridge, United States of America; Hashim Sarkis, Founder & Principal, Hashim Sarkis Studios (HSS); Dean, School of Architecture and Planning, Massachusetts Institute of Technology, Cambridge, United States of America; and Sarah M. Whiting, Partner, WW Architecture; Dean and Josep Lluís Sert Professor of Architecture, Graduate School of Design, Harvard University, Cambridge, United States of America. Farrokh Derakhshani is the Director of the Award.Examples of outstanding architecture in the areas of modern design, social housing, community development and enhancement, historic preservation, reuse and area conservation, landscape design, and environmental enhancement are recognized by the Aga Khan Award for Architecture.Building plans that creatively utilize local resources and relevant technologies, as well as initiatives that could spur such initiatives abroad, are given special consideration. It should be mentioned that in addition to honoring architects, the Award also recognizes towns, builders, clients, master craftspeople, and engineers who have contributed significantly to the project.Projects had to be completed between January 1, 2018, and December 31, 2023, and they had to have been operational for a minimum of one year in order to be eligible for consideration in the 2025 Award cycle. The Award is not available for projects that His Highness the Aga Khan or any of the Aga Khan Development Network (AKDN) institutions have commissioned.See the 19 shortlisted projects with their short project descriptions competing for the 2025 Award Cycle:Khudi Bari. Image © Aga Khan Trust for Culture / City Syntax (F. M. Faruque Abdullah Shawon, H. M. Fozla Rabby Apurbo)BangladeshKhudi Bari, in various locations, by Marina Tabassum ArchitectsMarina Tabassum Architects' Khudi Bari, which can be readily disassembled and reassembled to suit the needs of the users, is a replicable solution for displaced communities impacted by geographic and climatic changes.West Wusutu Village Community Centre. Image © Aga Khan Trust for Culture / Dou Yujun (photographer)ChinaWest Wusutu Village Community Centre, Hohhot, Inner Mongolia, by Zhang PengjuIn addition to meeting the religious demands of the local Hui Muslims, Zhang Pengju's West Wusutu Village Community Centre in Hohhot, Inner Mongolia, offers social and cultural spaces for locals and artists. Constructed from recycled bricks, it features multipurpose indoor and outdoor areas that promote communal harmony.Revitalisation of Historic Esna. Image © Aga Khan Trust for Culture / Ahmed Salem (photographer)EgyptRevitalisation of Historic Esna, by Takween Integrated Community DevelopmentBy using physical interventions, socioeconomic projects, and creative urban planning techniques, Takween Integrated Community Development's Revitalization of Historic Esna tackles the issues of cultural tourism in Upper Egypt and turns the once-forgotten area around the Temple of Khnum into a thriving historic city.The Arc at Green School. Image © Aga Khan Trust for Culture / Andreas Perbowo Widityawan (photographer)IndonesiaThe Arc at Green School, in Bali, by IBUKU / Elora HardyAfter 15 years of bamboo experimenting at the Green School Bali, IBUKU/Elora Hardy created The Arc at Green School. The Arc is a brand-new community wellness facility built on the foundations of a temporary gym. High-precision engineering and regional handicraft are combined in this construction.Islamic Centre Nurul Yaqin Mosque. Image © Aga Khan Trust for Culture / Andreas Perbowo Widityawan (photographer)IndonesiaIslamic Centre Nurul Yaqin Mosque, in Palu, Central Sulawesi, by Dave Orlando and Fandy GunawanDave Orlando and Fandy Gunawan built the Islamic Center Nurul Yaqin Mosque in Palu, Central Sulawesi, on the location of a previous mosque that was damaged by a 2018 tsunami. There is a place for worship and assembly at the new Islamic Center. Surrounded by a shallow reflecting pool that may be drained to make room for more guests, it is open to the countryside.Microlibrary Warak Kayu. Image © Aga Khan Trust for Culture / Andreas Perbowo Widityawan (photographer)IndonesiaMicrolibraries in various cities, by SHAU / Daliana Suryawinata, Florian HeinzelmannFlorian Heinzelmann, the project's initiator, works with stakeholders at all levels to provide high-quality public spaces in a number of Indonesian parks and kampungs through microlibraries in different towns run by SHAU/Daliana Suryawinata. So far, six have been constructed, and by 2045, 100 are planned.Majara Residence. Image © Aga Khan Trust for Culture / Deed Studio (photographer)IranMajara Complex and Community Redevelopment, in Hormuz Island by ZAV Architects / Mohamadreza GhodousiThe Majara Complex and Community Redevelopment on Hormuz Island, designed by ZAV Architects and Mohamadreza Ghodousi, is well-known for its vibrant domes that offer eco-friendly lodging for visitors visiting Hormuz's distinctive scenery. In addition to providing new amenities for the islanders who visit to socialize, pray, or utilize the library, it was constructed by highly trained local laborers.Jahad Metro Plaza. Image © Aga Khan Trust for Culture / Deed Studio (photographer)IranJahad Metro Plaza in Tehran, by KA Architecture StudioKA Architecture Studio's Jahad Metro Plaza in Tehran was constructed to replace the dilapidated old buildings. It turned the location into a beloved pedestrian-friendly landmark. The arched vaults, which are covered in locally manufactured brick, vary in height to let air and light into the area they are protecting.Khan Jaljulia Restoration. Image © Aga Khan Trust for Culture / Mikaela Burstow (photographer)IsraelKhan Jaljulia Restoration in Jaljulia by Elias KhuriElias Khuri's Khan Jaljulia Restoration is a cost-effective intervention set amidst the remnants of a 14th-century Khan in Jaljulia. By converting the abandoned historical location into a bustling public area for social gatherings, it helps the locals rediscover their cultural history.Campus Startup Lions. Image © Aga Khan Trust for Culture / Christopher Wilton-Steer (photographer)KenyaCampus Startup Lions, in Turkana by Kéré ArchitectsKéré Architecture's Campus Startup Lions in Turkana is an educational and entrepreneurial center that offers a venue for community involvement, business incubation, and technology-driven education. The design incorporates solar energy, rainwater harvesting, and tall ventilation towers that resemble the nearby termite mounds, and it was constructed using local volcanic stone.Lalla Yeddouna Square. Image © Aga Khan Trust for Culture / Amine Houari (photographer)MoroccoRevitalisation of Lalla Yeddouna Square in the medina of Fez, by Mossessian Architecture and Yassir Khalil StudioMossessian Architecture and Yassir Khalil Studio's revitalization of Lalla Yeddouna Square in the Fez medina aims to improve pedestrian circulation and reestablish a connection to the waterfront. For the benefit of locals, craftspeople, and tourists from around the globe, existing buildings were maintained and new areas created.Vision Pakistan. Image © Aga Khan Trust for Culture / Usman Saqib Zuberi (photographer)PakistanVision Pakistan, in Islamabad by DB Studios / Mohammad Saifullah SiddiquiA tailoring training center run by Vision Pakistan, a nonprofit organization dedicated to empowering underprivileged adolescents, is located in Islamabad by DB Studios/Mohammad Saifullah Siddiqui. Situated in a crowded neighborhood, this multi-story building features flashy jaalis influenced by Arab and Pakistani crafts, echoing the city's 1960s design.Denso Hall Rahguzar Project. Image © Aga Khan Trust for Culture / Usman Saqib Zuberi (photographer)PakistanDenso Hall Rahguzar Project, in Karachi by Heritage Foundation Pakistan / Yasmeen LariThe Heritage Foundation of Pakistan/Yasmeen Lari's Denso Hall Rahguzar Project in Karachi is a heritage-led eco-urban enclave that was built with low-carbon materials in response to the city's severe climate, which is prone to heat waves and floods. The freshly planted "forests" are irrigated by the handcrafted terracotta cobbles, which absorb rainfall and cool and purify the air.Wonder Cabinet. Image © Aga Khan Trust for Culture / Mikaela Burstow (photographer)PalestineWonder Cabinet, in Bethlehem by AAU AnastasThe architects at AAU Anastas established Wonder Cabinet, a multifunctional, nonprofit exhibition and production venue in Bethlehem. The three-story concrete building was constructed with the help of regional contractors and artisans, and it is quickly emerging as a major center for learning, design, craft, and innovation.The Ned. Image © Aga Khan Trust for Culture / Cemal Emden (photographer)QatarThe Ned Hotel, in Doha by David Chipperfield ArchitectsThe Ministry of Interior was housed in the Ned Hotel in Doha, which was designed by David Chipperfield Architects. Its Middle Eastern brutalist building was meticulously transformed into a 90-room boutique hotel, thereby promoting architectural revitalization in the region.Shamalat Cultural Centre. Image © Aga Khan Trust for Culture / Hassan Al Shatti (photographer)Saudi ArabiaShamalat Cultural Centre, in Riyadh, by Syn Architects / Sara Alissa, Nojoud AlsudairiOn the outskirts of Diriyah, the Shamalat Cultural Centre in Riyadh was created by Syn Architects/Sara Alissa, Nojoud Alsudairi. It was created from an old mud home that artist Maha Malluh had renovated. The center, which aims to incorporate historic places into daily life, provides a sensitive viewpoint on heritage conservation in the area by contrasting the old and the contemporary.Rehabilitation and Extension of Dakar Railway Station. Image © Aga Khan Trust for Culture / Sylvain Cherkaoui (photographer)SenegalRehabilitation and Extension of Dakar Railway Station, in Dakar by Ga2DIn order to accommodate the passengers of a new express train line, Ga2D extended and renovated Dakar train Station, which purposefully contrasts the old and modern buildings. The forecourt was once again open to pedestrian traffic after vehicular traffic was limited to the rear of the property.Rami Library. Image © Aga Khan Trust for Culture / Cemal Emden (photographer)TürkiyeRami Library, by Han Tümertekin Design & ConsultancyThe largest library in Istanbul is the Rami Library, designed by Han Tümertekin Design & Consultancy. It occupied the former Rami Barracks, a sizable, single-story building with enormous volumes that was constructed in the eighteenth century. In order to accommodate new library operations while maintaining the structure's original spatial features, a minimal intervention method was used.Morocco Pavilion Expo Dubai 2020. Image © Aga Khan Trust for Culture / Deed Studio (photographer)United Arab EmiratesMorocco Pavilion Expo Dubai 2020, by Oualalou + ChoiOualalou + Choi's Morocco Pavilion Expo Dubai 2020 is intended to last beyond Expo 2020 and be transformed into a cultural center. The pavilion is a trailblazer in the development of large-scale rammed earth building techniques. Its use of passive cooling techniques, which minimize the need for mechanical air conditioning, earned it the gold LEED accreditation.At each project location, independent professionals such as architects, conservation specialists, planners, and structural engineers have conducted thorough evaluations of the nominated projects. This summer, the Master Jury convenes once more to analyze the on-site evaluations and choose the ultimate Award winners.The top image in the article: The Arc at Green School. Image © Aga Khan Trust for Culture / Andreas Perbowo Widityawan (photographer).> via Aga Khan Award for Architecture

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Sovereignty has mattered since the invention of the nation state—defined by borders, laws, and taxes that apply within and without. While many have tried to define it, the core idea remains: nations or jurisdictions seek to stay in control, usually to the benefit of those within their borders. Digital sovereignty is a relatively new concept, also difficult to define but straightforward to understand. Data and applications don’t understand borders unless they are specified in policy terms, as coded into the infrastructure. The World Wide Web had no such restrictions at its inception. Communitarian groups such as the Electronic Frontier Foundation, service providers and hyperscalers, non-profits and businesses all embraced a model that suggested data would look after itself. But data won’t look after itself, for several reasons. First, data is massively out of control. We generate more of it all the time, and for at least two or three decades (according to historical surveys I’ve run), most organizations haven’t fully understood their data assets. This creates inefficiency and risk—not least, widespread vulnerability to cyberattack. Risk is probability times impact—and right now, the probabilities have shot up. Invasions, tariffs, political tensions, and more have brought new urgency. This time last year, the idea of switching off another country’s IT systems was not on the radar. Now we’re seeing it happen—including the U.S. government blocking access to services overseas. Digital sovereignty isn’t just a European concern, though it is often framed as such. In South America for example, I am told that sovereignty is leading conversations with hyperscalers; in African countries, it is being stipulated in supplier agreements. Many jurisdictions are watching, assessing, and reviewing their stance on digital sovereignty. As the adage goes: a crisis is a problem with no time left to solve it. Digital sovereignty was a problem in waiting—but now it’s urgent. It’s gone from being an abstract ‘right to sovereignty’ to becoming a clear and present issue, in government thinking, corporate risk and how we architect and operate our computer systems. What does the digital sovereignty landscape look like today? Much has changed since this time last year. Unknowns remain, but much of what was unclear this time last year is now starting to solidify. Terminology is clearer – for example talking about classification and localisation rather than generic concepts. We’re seeing a shift from theory to practice. Governments and organizations are putting policies in place that simply didn’t exist before. For example, some countries are seeing “in-country” as a primary goal, whereas others (the UK included) are adopting a risk-based approach based on trusted locales. We’re also seeing a shift in risk priorities. From a risk standpoint, the classic triad of confidentiality, integrity, and availability are at the heart of the digital sovereignty conversation. Historically, the focus has been much more on confidentiality, driven by concerns about the US Cloud Act: essentially, can foreign governments see my data? This year however, availability is rising in prominence, due to geopolitics and very real concerns about data accessibility in third countries. Integrity is being talked about less from a sovereignty perspective, but is no less important as a cybercrime target—ransomware and fraud being two clear and present risks. Thinking more broadly, digital sovereignty is not just about data, or even intellectual property, but also the brain drain. Countries don’t want all their brightest young technologists leaving university only to end up in California or some other, more attractive country. They want to keep talent at home and innovate locally, to the benefit of their own GDP. How Are Cloud Providers Responding? Hyperscalers are playing catch-up, still looking for ways to satisfy the letter of the law whilst ignoring (in the French sense) its spirit. It’s not enough for Microsoft or AWS to say they will do everything they can to protect a jurisdiction’s data, if they are already legally obliged to do the opposite. Legislation, in this case US legislation, calls the shots—and we all know just how fragile this is right now. We see hyperscaler progress where they offer technology to be locally managed by a third party, rather than themselves. For example, Google’s partnership with Thales, or Microsoft with Orange, both in France (Microsoft has similar in Germany). However, these are point solutions, not part of a general standard. Meanwhile, AWS’ recent announcement about creating a local entity doesn’t solve for the problem of US over-reach, which remains a core issue. Non-hyperscaler providers and software vendors have an increasingly significant play: Oracle and HPE offer solutions that can be deployed and managed locally for example; Broadcom/VMware and Red Hat provide technologies that locally situated, private cloud providers can host. Digital sovereignty is thus a catalyst for a redistribution of “cloud spend” across a broader pool of players. What Can Enterprise Organizations Do About It? First, see digital sovereignty as a core element of data and application strategy. For a nation, sovereignty means having solid borders, control over IP, GDP, and so on. That’s the goal for corporations as well—control, self-determination, and resilience. If sovereignty isn’t seen as an element of strategy, it gets pushed down into the implementation layer, leading to inefficient architectures and duplicated effort. Far better to decide up front what data, applications and processes need to be treated as sovereign, and defining an architecture to support that. This sets the scene for making informed provisioning decisions. Your organization may have made some big bets on key vendors or hyperscalers, but multi-platform thinking increasingly dominates: multiple public and private cloud providers, with integrated operations and management. Sovereign cloud becomes one element of a well-structured multi-platform architecture. It is not cost-neutral to deliver on sovereignty, but the overall business value should be tangible. A sovereignty initiative should bring clear advantages, not just for itself, but through the benefits that come with better control, visibility, and efficiency. Knowing where your data is, understanding which data matters, managing it efficiently so you’re not duplicating or fragmenting it across systems—these are valuable outcomes. In addition, ignoring these questions can lead to non-compliance or be outright illegal. Even if we don’t use terms like ‘sovereignty’, organizations need a handle on their information estate. Organizations shouldn’t be thinking everything cloud-based needs to be sovereign, but should be building strategies and policies based on data classification, prioritization and risk. Build that picture and you can solve for the highest-priority items first—the data with the strongest classification and greatest risk. That process alone takes care of 80–90% of the problem space, avoiding making sovereignty another problem whilst solving nothing. Where to start? Look after your own organization first Sovereignty and systems thinking go hand in hand: it’s all about scope. In enterprise architecture or business design, the biggest mistake is boiling the ocean—trying to solve everything at once. Instead, focus on your own sovereignty. Worry about your own organization, your own jurisdiction. Know where your own borders are. Understand who your customers are, and what their requirements are. For example, if you’re a manufacturer selling into specific countries—what do those countries require? Solve for that, not for everything else. Don’t try to plan for every possible future scenario. Focus on what you have, what you’re responsible for, and what you need to address right now. Classify and prioritise your data assets based on real-world risk. Do that, and you’re already more than halfway toward solving digital sovereignty—with all the efficiency, control, and compliance benefits that come with it. Digital sovereignty isn’t just regulatory, but strategic. Organizations that act now can reduce risk, improve operational clarity, and prepare for a future based on trust, compliance, and resilience. The post Reclaiming Control: Digital Sovereignty in 2025 appeared first on Gigaom.

Red Kong XIX Member Oct 11, 2020 13,560 This is assuming that the handheld can play PS4 games natively without any issues, so they are not included in the poll. Hardware leaker Kepler said it should be able to run PS5 games, even without a patch, but with a performance impact potentially.  Hero_of_the_Day Avenger Oct 27, 2017 19,958 Isn't the rumor that games don't require patches to run on it? That would imply that support isn't mandatory, but automatic.   Homura ▲ Legend ▲ Member Aug 20, 2019 7,232 As the post above said, the rumor is the PS5 portable will be able to run natively any and all PS4/PS5 games. Of course, some games might not work properly or require specific patches, but the idea is automatic compatibility.  shadowman16 Member Oct 25, 2017 42,292 Ideally you'd want stuff to pretty much work out of the box. The more you ask devs to do, the less I imagine will want to support it... Or suddenly games get parred down so that they can run on handhelds (which considering how people hated cross gen for that reason, they'd hate it here as well). I personally would just prefer a solution where its automatic. I dont really care about a Sony handheld, dont really want devs to be forced to support the thing (considering how shit Sony is at supporting its peripherals - like the Vita or PSVR2)  Modest_Modsoul Living the Dreams Member Oct 29, 2017 28,418 🤷‍♂️   setmymindforopensky Member Apr 20, 2025 67 a lot of games have performance modes. it should run a lot of the library even without any patching. if there's multiplat im sure itll default to the PS4 ver. im not sure what theyd do for something like GTA6 but itll have a series S version so its clearly scalable enough. im guessing PSTV situation. support it or not we dont care.  reksveks Member May 17, 2022 7,628 Think Kepler is personally assuming the goal of running without patches is a goal and one that won't happen just cause it's too late to force it. It's going to be an interesting solution to an interesting problem  Servbot24 The Fallen Oct 25, 2017 47,826 Obviously not. Pretty absurd question tbh.   RivalGT Member Dec 13, 2017 7,616 This one sounds like it requires a lot of work on Sony's end, I dont think developers will need to do much for games to work. Granted moving forward Sony is likely to make it easier for devs to have a more input on this portable mode. Things working out of the box is likely the goal, and thats what Sony needs if they want this to work, but devs having more input on this mode would be a plus I think.  Callibretto Member Oct 25, 2017 10,445 Indonesia shadowman16 said: Ideally you'd want stuff to pretty much work out of the box. The more you ask devs to do, the less I imagine will want to support it... Or suddenly games get parred down so that they can run on handhelds (which considering how people hated cross gen for that reason, they'd hate it here as well). I personally would just prefer a solution where its automatic. I dont really care about a Sony handheld, dont really want devs to be forced to support the thing (considering how shit Sony is at supporting its peripherals - like the Vita or PSVR2) Click to expand... Click to shrink... depend on the game imo, asking CD Project to somehow make Witcher 4 playable on handheld might be unreasonable. but any game that can run on Switch 2 should be playable on PSPortable without much issue   Pheonix1 Member Jun 22, 2024 716 Absolutely they will. Not sure why people think it would be hard, if they hand them.the right tools most ports won't take long anyhow.   skeezx Member Oct 27, 2017 23,994 guessing there will be a "portable approved" label with the respective games going forward, regardless whether it's a PS5 or PS6 game. and when the thing is released popular past titles will be retroactively approved by sony, and up to developers if they want to patch the bigger games to be portable friendly. i guess where things could get tricky/laborious for developers is whether every game going forward is required to screen for portable performance, as it's not a PC so the portable will likely disallow for running "non-approved" games at all  AmFreak Member Oct 26, 2017 3,245 They need to give people some form of guarantee that it will get games, otherwise they greatly diminish their potential success. The best way to do this is to make it another SKU of the contemporary console. And with (close to) everything already running at 60fps and progression slowing to a crawl it's far easier than it had been in the past.  Ruck Member Oct 25, 2017 3,105 I mean, what is the handheld? PS6? Or an actual second console? If the former, then yes, if the latter then no   TitanicFall Member Nov 12, 2017 9,340 Nah. It might be incentivized though. There's not much in it for devs if it's a cross buy situation.   Callibretto Member Oct 25, 2017 10,445 Indonesia imo, PS6 will remain their main console, focusing on high fidelity visuals that Switch 2 and portable PC won't be able to run without huge compromise. PSPortable will be secondary console, something like PSPortal, but this time able to play any games that Switch2 can reasonably run. and for the high end games that it can't run, it will use streaming, either from PS6 you own, or PS+ Premium subs  bleits Member Oct 14, 2023 373 They have to if they want to be taken seriously   Vic Damone Jr. Member Oct 27, 2017 20,534 Nope Sony doesn't mandate this stuff and it's why their second product always dies.   fiendcode Member Oct 26, 2017 26,514 I think it depends on what the device really is, if it's more of a "Portal 2" or a "Series SP" or something else entirely (PSP3?). Streaming might be enough for PS6 games along with incentivized PS5/4 patches but whatever SIE does they need to make sure their inhouse teams are ALL on board this time. That was a big part of PSP/Vita's downfall, that the biggest or most important PS Studios snubbed them and the teams that did show up with support are mostly closed and gone now.   Callibretto Member Oct 25, 2017 10,445 Indonesia bleits said: They have to if they want to be taken seriously Click to expand... Click to shrink... from the last interview with PS exec about Switch 2 spec, it seems clear that PS have no plan to abandon high end console spec to switch to mobile hardware like Switch 2 and Xbox Ally. PS consider their high fidelity visual as advantage and differentiator from Nintendo. so with PS6, their top studio will eventuall make games that just won't realistically run on handheld devices. so having a mandate where all PS6 games is playable on handheld is simply unrealistic imo  danm999 Member Oct 29, 2017 19,929 Sydney Incentives, not mandates.   NSESN ▲ Legend ▲ Member Oct 25, 2017 27,729 I think people are setting themselves for disappointment in regards for how powerful this thing will be   defaltoption Plug in a controller and enter the Konami code The Fallen Oct 27, 2017 12,485 Austin Depends on what they call it. If they call it anything related to ps6, expect very bad performance, and mandates If they call it ps5 portable, expect bad performance and no mandates as it will be handled on their end If they call it a ps portable expect it to have no support from Sony and get whatever it gets just be happy it functions till they abandon it.  Metnut Member Apr 7, 2025 30 Good question OP. I voted the middle one. I think anything that ships for PS5 will need to work for the handheld. Question is whether that works automatically or will need patches.  mute ▲ Legend ▲ Member Oct 25, 2017 29,807 I think that would require a level of commitment to a secondary piece of hardware that Sony hasn't shown in a long time.   Patison Member Oct 27, 2017 761 It's difficult to say without knowing what they're planning with this device exactly. If they're fully going Switch route (or PS Vita/PS TV route) or more like a Steam Deck, which will run launch games perfectly and then, as time goes on, some titles might start looking less than ideal or be unplayable at all. Or Series S/X, just the Series S being portable — that would be preferable but also limiting but also diminishing returns between generations so might be worth it etc. And if that device happens at all and its development won't be dropped soon is another question. Lots of unknowns, but I'm interested to see what Sony comes up with, as long as they'll have games to support it this time around.  Jammerz Member Apr 29, 2023 1,579 I think it will be optional support. However sony needs to support it with their first parties to set an example and making it as easy as possible for other devs to scale down. For sony first party games maybe use nixxes to scale down so their studios aren't bogged down.  Hamchan The Fallen Oct 25, 2017 6,000 I think 99.9% of games will be crossgen between PS5 and PS6 for the entire generation, just based on how this industry is going, so it might not be much of an issue for Sony to mandate.   Advance.Wars.Sgt. Member Jun 10, 2018 10,456 Honestly, I'd worry more about Sony's 1st party teams than 3rd party developers since they were notoriously adverse making software with a handheld power profile in mind.   overthewaves Member Sep 30, 2020 1,203 Wouldn't that hamstring the games for ps6? That's PlayStation players biggest fear they don't want a series S type situation right? They treat series S like a punching bag.   Neonvisions Member Oct 27, 2017 707 overthewaves said: Wouldn't that hamstring the games for ps6? That's PlayStation players biggest fear they don't want a series S type situation right? They treat series S like a punching bag. Click to expand... Click to shrink... How would that effect PS6? Are you suggesting that the Series S hamstrings games for the X?  Gwarm Member Nov 13, 2017 2,902 I'd be shocked if Sony released a device that let's you play games that haven't been patched or confirmed to run acceptably. Imagine if certain games just hard crashed the console? This is the company that wouldn't let you play certain Vita games on the PSTV even if they actually worked.   bloopland33 Member Mar 4, 2020 3,845 I wonder if they'll just do the Steam Deck thing and do a compatibility badge. You can boot whatever software you want, but it might run at 5 fps and drain your battery. This would be in addition to whatever efforts they're doing to make things work out of the box, of course. But it's hard to imagine them mandating developers ship a PS6 profile and a PS6P profile for those heavier games 5-7 years from now… ….but it's also hard to imagine them shipping this PS6-gen device that doesn't play everything (depending on how they position it). So maybe they Steam Deck it  vivftp Member Oct 29, 2017 23,016 My guess, every PS6 game will be mandated to support it. PS5 games will support it natively for the simpler games and will require a patch as has been rumored to run on lesser specs I think next gen we get PS3 and Vita emulation so the PS6 and portable will be able to play games from PSN from every past PlayStation  Mocha Joe Member Jun 2, 2021 13,636 Really need to take the Steam Deck approach and don't make it a requirement. Just make it a complementary device where it is possible to play majority of the games available on PSN.   overthewaves Member Sep 30, 2020 1,203 Neonvisions said: How would that effect PS6? Are you suggesting that the Series S hamstrings games for the X? Click to expand... Click to shrink... I mean did you see the reaction here to the series S announcement lol. Everyone was saying it's gonna "hold back the generation".   reksveks Member May 17, 2022 7,628 Neonvisions said: How would that effect PS6? Are you suggesting that the Series S hamstrings games for the X? Click to expand... Click to shrink... Or the perception is that it does but the truth is that there is a lot of factors   Fabs Member Aug 22, 2019 2,827 I can't see the forcing handheld and pro support next gen.   level Member May 25, 2023 1,427 Definitely not Games already take too long to make. Extra time isn't something they'll want to reinforce to their developers.  gofreak Member Oct 26, 2017 8,411 I don't think support will be mandatory. I think they're bringing it into a reality where a growing portion of games can, or could, run without much change or effort on the developer's part on a next gen handheld. They'll lean on that natural trend rather than a policy - anything that is outside of that will just be streamable as now with the Portal.   Caiusto Member Oct 25, 2017 7,086 If they don't want to end up with another Vita yes they will.   mute ▲ Legend ▲ Member Oct 25, 2017 29,807 Advance.Wars.Sgt. said: Honestly, I'd worry more about Sony's 1st party teams than 3rd party developers since they were notoriously adverse making software with a handheld power profile in mind. Click to expand... Click to shrink... It does seem kinda unthinkable that Intergalactic would be made with a handheld in mind, for example.   AmFreak Member Oct 26, 2017 3,245 mute said: It does seem kinda unthinkable that Intergalactic would be made with a handheld in mind, for example. Click to expand... Click to shrink... Ratchet, Returnal, Cyberpunk, etc. also weren't made "with a handheld in mind".   Spoit Member Oct 28, 2017 5,599 Given how much of a pain the series S mandate has been, I don't see them binding even first party studios to it, especially ones that are trying to go for the cutting edge of tech. Since given AMDs timelines, is not going to be anywhere near a base PS5. I'm also skeptical of the claim that'll be able to play ps5 games without extensive patching.  Jawmuncher Crisis Dino Moderator Oct 25, 2017 45,166 Ibis Island No, I think the portable will handle portable stuff "automatically" for what it converts   knightmawk Member Dec 12, 2018 8,900 I expect they'll do everything they can to make sure no one has to think about it and it's as automatic as possible. It'll technically still be part of cert, but the goal will be for it to be rare that a game fails that part of cert and has to be sent back. That being said, I imagine there will be some games that still don't work and developers will be able to submit for that exception.  RivalGT Member Dec 13, 2017 7,616 I think the concept here is similar to how PS4 games play on PS5, the ones with patches I mean, the game will run with a different graphics preset then it would on PS4/ PS4 Pro, so in some cases this means higher resolution or higher frame rate cap. What Sony needs to work on their end is getting this to work without any patches from developers. Its the only way this can work.  Vexii Member Oct 31, 2017 3,103 UK if they don't mandate support, it'll just be a death knell for the format. I don't think they could get away with a dedicated handheld platform now when the Switch and Steam Deck exists   Mobius and Pet Octopus Member Oct 25, 2017 17,065 Just because a game can run on a handheld, doesn't mean that's all required for support. The UI alone likely requires changes for an optimal experience, sometimes necessary to be "playable". Small screen sizes usually needs changes.   SeanMN Member Oct 28, 2017 2,437 If PS6 games support is optional, that will create fragmentation of the platform and uncertain software support. If it's part of the PS6 family and support is mandatory, I can see there being concern that if would hold the generation back with a low capability sku. My thoughts are this should be a PS6 and support the same as the primary console. 

Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custom (vanity) invite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string" (i.e., the PowerShell command), and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-control (C2) server by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery network (CDN) abused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    