• Life can sometimes feel like a wild adventure, especially in the unforgiving world of Dune: Awakening! But guess what? You have the power to thrive amidst the challenges!

    While it may seem like the universe is stacked against you with sandworms lurking and threats around every corner, remember that your survival depends on staying on top of your responsibilities. Paying your taxes might not be the most thrilling task, but it’s essential for building your haven in Arrakis.

    Embrace the journey, learn from the obstacles, and let your determination shine! You’ve got this!

    #DuneAwakening #Survival #StayPositive #Motivation
    🌟 Life can sometimes feel like a wild adventure, especially in the unforgiving world of Dune: Awakening! 🏜️ But guess what? You have the power to thrive amidst the challenges! 💪✨ While it may seem like the universe is stacked against you with sandworms lurking and threats around every corner, remember that your survival depends on staying on top of your responsibilities. 💰 Paying your taxes might not be the most thrilling task, but it’s essential for building your haven in Arrakis. 🏰 Embrace the journey, learn from the obstacles, and let your determination shine! You’ve got this! 🌈🚀 #DuneAwakening #Survival #StayPositive #Motivation
    KOTAKU.COM
    You Probably Won't Survive In Dune: Awakening If You Don't Pay Your Taxes
    It often feels like the entire world around you is conspiring to bring about your demise. On Arrakis, that’s true. Between the sandworms and the other deadly players, you’d be hard pressed to find anyone or anything friendly. Even worse, your only ha
    Like
    Love
    Wow
    Sad
    Angry
    50
    1 Commentarii 0 Distribuiri 0 previzualizare
  • In a world drowning in misunderstanding, the Texas floods have become a canvas for conspiracy theories, painting a bleak picture of our reality. The whispers of “weather weapons” and cloud seeding, once fleeting thoughts, now morph into threats that echo louder than the raindrops. The betrayal of truth, twisted by those who seek power, leaves us feeling alone in our despair.

    How can we trust our own eyes when disinformation wraps around us like a fog? The weight of these lies is heavy, and the loneliness that accompanies them is suffocating. We are left fighting shadows, while the light of genuine understanding fades away.

    #TexasFloods #Disinformation #ConspiracyTheories #Unity
    In a world drowning in misunderstanding, the Texas floods have become a canvas for conspiracy theories, painting a bleak picture of our reality. 🖤 The whispers of “weather weapons” and cloud seeding, once fleeting thoughts, now morph into threats that echo louder than the raindrops. 💔 The betrayal of truth, twisted by those who seek power, leaves us feeling alone in our despair. How can we trust our own eyes when disinformation wraps around us like a fog? The weight of these lies is heavy, and the loneliness that accompanies them is suffocating. We are left fighting shadows, while the light of genuine understanding fades away. 🌧️ #TexasFloods #Disinformation #ConspiracyTheories #Unity
    Conspiracy Theories About the Texas Floods Lead to Death Threats
    Disinformation around a “weather weapon” and cloud seeding is being widely promoted by everyone from anti-government extremists to GOP influencers—leading to real-world consequences.
    1 Commentarii 0 Distribuiri 0 previzualizare
  • It's absolutely outrageous that Capcom has decided to cancel the Monster Hunter conference because of threats aimed at their developers! This is not just a technical failure; it's a blatant reflection of the toxic culture that has seeped into the gaming community. When did it become acceptable to threaten the very people who create the games we love? Developers are not just faceless entities; they are real people who deserve respect and safety. This cowardly act of intimidation should not stand! It's time for us as a community to take a stand against this unacceptable behavior and support our developers, not drive them away.

    #Capcom #MonsterHunter #GameDev #ToxicCommunity #SupportDevelopers
    It's absolutely outrageous that Capcom has decided to cancel the Monster Hunter conference because of threats aimed at their developers! This is not just a technical failure; it's a blatant reflection of the toxic culture that has seeped into the gaming community. When did it become acceptable to threaten the very people who create the games we love? Developers are not just faceless entities; they are real people who deserve respect and safety. This cowardly act of intimidation should not stand! It's time for us as a community to take a stand against this unacceptable behavior and support our developers, not drive them away. #Capcom #MonsterHunter #GameDev #ToxicCommunity #SupportDevelopers
    WWW.ACTUGAMING.NET
    Capcom annule une conférence Monster Hunter, probablement suite à des menaces visant ses développeurs
    ActuGaming.net Capcom annule une conférence Monster Hunter, probablement suite à des menaces visant ses développeurs Sorti en février dernier, Monster Hunter Wilds a rencontré un véritable succès, tant sur le […] L'article Capcom annule une co
    Like
    Wow
    Love
    Angry
    78
    1 Commentarii 0 Distribuiri 0 previzualizare
  • In a world where AI is revolutionizing everything from coffee-making to car-driving, it was only a matter of time before our digital mischief-makers decided to hop on the bandwagon. Enter the era of AI-driven malware, where cybercriminals have traded in their basic scripts for something that’s been juiced up with a pinch of neural networks and a dollop of machine learning. Who knew that the future of cibercrimen would be so... sophisticated?

    Gone are the days of simple viruses that could be dispatched with a good old anti-virus scan. Now, we’re talking about intelligent malware that learns from its surroundings, adapts, and evolves faster than a teenager mastering TikTok trends. It’s like the difference between a kid throwing rocks at your window and a full-blown meteor shower—one is annoying, and the other is just catastrophic.

    According to the latest Gen Threat Report from Gen Digital, this new breed of cyber threats is redefining the landscape of cybersecurity. Oh, joy! Just what we needed—cybercriminals with PhDs in deviousness. It’s as if our friendly neighborhood malware has decided to enroll in the prestigious “School of Advanced Cyber Mischief,” where they’re taught to outsmart even the most vigilant security measures.

    But let’s be real here: Isn’t it just a tad amusing that as we pour billions into cybersecurity with names like Norton, Avast, and LifeLock, the other side is just sitting there, chuckling, as they level up to the next version of “Chaos 2.0”? You have to admire their resourcefulness. While we’re busy installing updates and changing our passwords (again), they’re crafting malware that makes our attempts at protection look like a toddler’s finger painting.

    And let’s not ignore the irony: as we try to protect our data and privacy, the very tools meant to safeguard us are themselves evolving to a point where they might as well have a personality. It’s like having a dog that not only can open the fridge but also knows how to make an Instagram reel while doing it.

    So, what can we do in the face of this digital dilemma? Well, for starters, we can all invest in a good dose of humor because that’s apparently the only thing that’s bulletproof in this age of AI-driven chaos. Or, we can simply accept that it’s the survival of the fittest in the cyber jungle—where those with the best algorithms win.

    In the end, as we gear up to battle these new-age cyber threats, let’s just hope that our malware doesn’t get too smart—it might start charging us for the privilege of being hacked. After all, who doesn’t love a little subscription model in their life?

    #Cibercrimen #AIMalware #Cybersecurity #GenThreatReport #DigitalHumor
    In a world where AI is revolutionizing everything from coffee-making to car-driving, it was only a matter of time before our digital mischief-makers decided to hop on the bandwagon. Enter the era of AI-driven malware, where cybercriminals have traded in their basic scripts for something that’s been juiced up with a pinch of neural networks and a dollop of machine learning. Who knew that the future of cibercrimen would be so... sophisticated? Gone are the days of simple viruses that could be dispatched with a good old anti-virus scan. Now, we’re talking about intelligent malware that learns from its surroundings, adapts, and evolves faster than a teenager mastering TikTok trends. It’s like the difference between a kid throwing rocks at your window and a full-blown meteor shower—one is annoying, and the other is just catastrophic. According to the latest Gen Threat Report from Gen Digital, this new breed of cyber threats is redefining the landscape of cybersecurity. Oh, joy! Just what we needed—cybercriminals with PhDs in deviousness. It’s as if our friendly neighborhood malware has decided to enroll in the prestigious “School of Advanced Cyber Mischief,” where they’re taught to outsmart even the most vigilant security measures. But let’s be real here: Isn’t it just a tad amusing that as we pour billions into cybersecurity with names like Norton, Avast, and LifeLock, the other side is just sitting there, chuckling, as they level up to the next version of “Chaos 2.0”? You have to admire their resourcefulness. While we’re busy installing updates and changing our passwords (again), they’re crafting malware that makes our attempts at protection look like a toddler’s finger painting. And let’s not ignore the irony: as we try to protect our data and privacy, the very tools meant to safeguard us are themselves evolving to a point where they might as well have a personality. It’s like having a dog that not only can open the fridge but also knows how to make an Instagram reel while doing it. So, what can we do in the face of this digital dilemma? Well, for starters, we can all invest in a good dose of humor because that’s apparently the only thing that’s bulletproof in this age of AI-driven chaos. Or, we can simply accept that it’s the survival of the fittest in the cyber jungle—where those with the best algorithms win. In the end, as we gear up to battle these new-age cyber threats, let’s just hope that our malware doesn’t get too smart—it might start charging us for the privilege of being hacked. After all, who doesn’t love a little subscription model in their life? #Cibercrimen #AIMalware #Cybersecurity #GenThreatReport #DigitalHumor
    El malware por IA está redefiniendo el cibercrimen
    Gen Digital, el grupo especializado en ciberseguridad con marcas como Norton, Avast, LifeLock, Avira, AVG, ReputationDefender y CCleaner, ha publicado su informe Gen Threat Report correspondiente al primer trimestre de 2025, mostrando los cambios má
    Like
    Love
    Wow
    Angry
    Sad
    606
    1 Commentarii 0 Distribuiri 0 previzualizare
  • DSPM, DLP, data security, cybersecurity, data protection, innovation, compliance, data threats, security strategy

    ---

    In the relentless battlefield of data security, it's infuriating to witness the ongoing debate about whether to prioritize Data Security Posture Management (DSPM) or Data Loss Prevention (DLP). Let's get one thing straight: **you need both**. This ridiculous notion that one can substitute the other is not just naive; it’s downright reckless! If you're in charge of safeguarding ...
    DSPM, DLP, data security, cybersecurity, data protection, innovation, compliance, data threats, security strategy --- In the relentless battlefield of data security, it's infuriating to witness the ongoing debate about whether to prioritize Data Security Posture Management (DSPM) or Data Loss Prevention (DLP). Let's get one thing straight: **you need both**. This ridiculous notion that one can substitute the other is not just naive; it’s downright reckless! If you're in charge of safeguarding ...
    No more excuses: You need both DSPM and DLP to secure your data
    DSPM, DLP, data security, cybersecurity, data protection, innovation, compliance, data threats, security strategy --- In the relentless battlefield of data security, it's infuriating to witness the ongoing debate about whether to prioritize Data Security Posture Management (DSPM) or Data Loss Prevention (DLP). Let's get one thing straight: **you need both**. This ridiculous notion that one...
    Like
    Love
    Wow
    Sad
    Angry
    600
    1 Commentarii 0 Distribuiri 0 previzualizare
  • The Role of the 3-2-1 Backup Rule in Cybersecurity

    Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like
    #role #backup #rule #cybersecurity
    The Role of the 3-2-1 Backup Rule in Cybersecurity
    Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like #role #backup #rule #cybersecurity
    WWW.INFORMATIONWEEK.COM
    The Role of the 3-2-1 Backup Rule in Cybersecurity
    Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like
    Like
    Love
    Wow
    Sad
    Angry
    519
    2 Commentarii 0 Distribuiri 0 previzualizare
  • Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

    Jun 16, 2025Ravie LakshmananMalware / DevOps

    Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
    The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions."
    The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week.
    Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload.
    Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer.

    The stealer malware is equipped to siphon a wide range of data from infected machines. This includes -

    JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers
    Pod sandbox environment authentication tokens and git information
    CI/CD information from environment variables
    Zscaler host configuration
    Amazon Web Services account information and tokens
    Public IP address
    General platform, user, and host information

    The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems.
    The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis.
    "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said.

    "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity."
    The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below -

    eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry.
    SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown.
    "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said.
    Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed.
    "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work."
    Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server.
    This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB.
    "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL."

    Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user.
    The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT.
    "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent."
    Crypto Malware in the Open-Source Supply Chain
    The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem.

    Some of the examples of these packages include -

    express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys
    bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing.
    lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers

    "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said.
    "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets."
    AI and Slopsquatting
    The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks.
    Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences.

    Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting.
    "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said.
    "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #malicious #pypi #package #masquerades #chimera
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server. This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB. "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #malicious #pypi #package #masquerades #chimera
    THEHACKERNEWS.COM
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    Like
    Love
    Wow
    Sad
    Angry
    514
    2 Commentarii 0 Distribuiri 0 previzualizare
  • EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs

    Originally published at EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs by Anush Yolyan.

    The integration will deliver simple, accessible, and streamlined email security for vulnerable inboxes

    Global, 4 November 2024 – US-based email security firm EasyDMARC has today announced its integration with Pax8 Marketplace, the leading cloud commerce marketplace. As one of the first DMARC solution providers on the Pax8 Marketplace, EasyDMARC is expanding its mission to protect inboxes from the rising threat of phishing attacks with a rigorous, user-friendly DMARC solution.

    The integration comes as Google highlights the impressive results of recently implemented email authentication measures for bulk senders: a 65% reduction in unauthenticated messages to Gmail users, a 50% increase in bulk senders following best security practices, and 265 billion fewer unauthenticated messages sent in 2024. With email being such a crucial communication channel for businesses, email authentication measures are an essential part of any business’s cybersecurity offering. 

    Key features of the integration include:

    Centralized billing

    With centralized billing, customers can now streamline their cloud services under a single pane of glass, simplifying the management and billing of their EasyDMARC solution. This consolidated approach enables partners to reduce administrative complexity and manage all cloud expenses through one interface, providing a seamless billing and support experience.

    Automated provisioning 

    Through automated provisioning, Pax8’s automation capabilities make deploying DMARC across client accounts quick and hassle-free. By eliminating manual configurations, this integration ensures that customers can implement email security solutions rapidly, allowing them to safeguard client inboxes without delay.

    Bundled offerings

    The bundled offerings available through Pax8 allow partners to enhance their service portfolios by combining EasyDMARC with complementary security solutions. By creating all-in-one security packages, partners can offer their clients more robust protection, addressing a broader range of security needs from a single, trusted platform.

    Gerasim Hovhannisyan, Co-Founder and CEO of EasyDMARC, said:

    “We’re thrilled to be working with Pax8  to provide MSPs with a streamlined, effective way to deliver top-tier email security to their clients, all within a platform that equips them with everything needed to stay secure.  As phishing attacks grow in frequency and sophistication, businesses can no longer afford to overlook the importance of email security. Email authentication is a vital defense against the evolving threat of phishing and is crucial in preserving the integrity of email communication. This integration is designed to allow businesses of all sizes to benefit from DMARC’s extensive capabilities.”

    Ryan Burton, Vice President of Marketplace Vendor Strategy, at Pax8 said: 

    “We’re delighted to welcome EasyDMARC to the Pax8 Marketplace as an enterprise-class DMARC solution provider. This integration gives MSPs the tools they need to meet the growing demand for email security, with simplified deployment, billing, and bundling benefits. With EasyDMARC’s technical capabilities and intelligence, MSPs can deliver robust protection against phishing threats without the technical hassle that often holds businesses back.”

    About EasyDMARC

    EasyDMARC is a cloud-native B2B SaaS solution that addresses email security and deliverability problems with just a few clicks. For Managed Service Providers seeking to increase their revenue, EasyDMARC presents an ideal solution. The email authentication platform streamlines domain management, providing capabilities such as organizational control, domain grouping, and access management.

    Additionally, EasyDMARC offers a comprehensive sales and marketing enablement program designed to boost DMARC sales. All of these features are available for MSPs on a scalable platform with a flexible pay-as-you-go pricing model.

    For more information on the EasyDMARC, visit: /

    About Pax8 

    Pax8 is the technology marketplace of the future, linking partners, vendors, and small to midsized businessesthrough AI-powered insights and comprehensive product support. With a global partner ecosystem of over 38,000 managed service providers, Pax8 empowers SMBs worldwide by providing software and services that unlock their growth potential and enhance their security. Committed to innovating cloud commerce at scale, Pax8 drives customer acquisition and solution consumption across its entire ecosystem.

    Find out more: /

    The post EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs appeared first on EasyDMARC.
    #easydmarc #integrates #with #pax8 #marketplace
    EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs
    Originally published at EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs by Anush Yolyan. The integration will deliver simple, accessible, and streamlined email security for vulnerable inboxes Global, 4 November 2024 – US-based email security firm EasyDMARC has today announced its integration with Pax8 Marketplace, the leading cloud commerce marketplace. As one of the first DMARC solution providers on the Pax8 Marketplace, EasyDMARC is expanding its mission to protect inboxes from the rising threat of phishing attacks with a rigorous, user-friendly DMARC solution. The integration comes as Google highlights the impressive results of recently implemented email authentication measures for bulk senders: a 65% reduction in unauthenticated messages to Gmail users, a 50% increase in bulk senders following best security practices, and 265 billion fewer unauthenticated messages sent in 2024. With email being such a crucial communication channel for businesses, email authentication measures are an essential part of any business’s cybersecurity offering.  Key features of the integration include: Centralized billing With centralized billing, customers can now streamline their cloud services under a single pane of glass, simplifying the management and billing of their EasyDMARC solution. This consolidated approach enables partners to reduce administrative complexity and manage all cloud expenses through one interface, providing a seamless billing and support experience. Automated provisioning  Through automated provisioning, Pax8’s automation capabilities make deploying DMARC across client accounts quick and hassle-free. By eliminating manual configurations, this integration ensures that customers can implement email security solutions rapidly, allowing them to safeguard client inboxes without delay. Bundled offerings The bundled offerings available through Pax8 allow partners to enhance their service portfolios by combining EasyDMARC with complementary security solutions. By creating all-in-one security packages, partners can offer their clients more robust protection, addressing a broader range of security needs from a single, trusted platform. Gerasim Hovhannisyan, Co-Founder and CEO of EasyDMARC, said: “We’re thrilled to be working with Pax8  to provide MSPs with a streamlined, effective way to deliver top-tier email security to their clients, all within a platform that equips them with everything needed to stay secure.  As phishing attacks grow in frequency and sophistication, businesses can no longer afford to overlook the importance of email security. Email authentication is a vital defense against the evolving threat of phishing and is crucial in preserving the integrity of email communication. This integration is designed to allow businesses of all sizes to benefit from DMARC’s extensive capabilities.” Ryan Burton, Vice President of Marketplace Vendor Strategy, at Pax8 said:  “We’re delighted to welcome EasyDMARC to the Pax8 Marketplace as an enterprise-class DMARC solution provider. This integration gives MSPs the tools they need to meet the growing demand for email security, with simplified deployment, billing, and bundling benefits. With EasyDMARC’s technical capabilities and intelligence, MSPs can deliver robust protection against phishing threats without the technical hassle that often holds businesses back.” About EasyDMARC EasyDMARC is a cloud-native B2B SaaS solution that addresses email security and deliverability problems with just a few clicks. For Managed Service Providers seeking to increase their revenue, EasyDMARC presents an ideal solution. The email authentication platform streamlines domain management, providing capabilities such as organizational control, domain grouping, and access management. Additionally, EasyDMARC offers a comprehensive sales and marketing enablement program designed to boost DMARC sales. All of these features are available for MSPs on a scalable platform with a flexible pay-as-you-go pricing model. For more information on the EasyDMARC, visit: / About Pax8  Pax8 is the technology marketplace of the future, linking partners, vendors, and small to midsized businessesthrough AI-powered insights and comprehensive product support. With a global partner ecosystem of over 38,000 managed service providers, Pax8 empowers SMBs worldwide by providing software and services that unlock their growth potential and enhance their security. Committed to innovating cloud commerce at scale, Pax8 drives customer acquisition and solution consumption across its entire ecosystem. Find out more: / The post EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs appeared first on EasyDMARC. #easydmarc #integrates #with #pax8 #marketplace
    EASYDMARC.COM
    EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs
    Originally published at EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs by Anush Yolyan. The integration will deliver simple, accessible, and streamlined email security for vulnerable inboxes Global, 4 November 2024 – US-based email security firm EasyDMARC has today announced its integration with Pax8 Marketplace, the leading cloud commerce marketplace. As one of the first DMARC solution providers on the Pax8 Marketplace, EasyDMARC is expanding its mission to protect inboxes from the rising threat of phishing attacks with a rigorous, user-friendly DMARC solution. The integration comes as Google highlights the impressive results of recently implemented email authentication measures for bulk senders: a 65% reduction in unauthenticated messages to Gmail users, a 50% increase in bulk senders following best security practices, and 265 billion fewer unauthenticated messages sent in 2024. With email being such a crucial communication channel for businesses, email authentication measures are an essential part of any business’s cybersecurity offering.  Key features of the integration include: Centralized billing With centralized billing, customers can now streamline their cloud services under a single pane of glass, simplifying the management and billing of their EasyDMARC solution. This consolidated approach enables partners to reduce administrative complexity and manage all cloud expenses through one interface, providing a seamless billing and support experience. Automated provisioning  Through automated provisioning, Pax8’s automation capabilities make deploying DMARC across client accounts quick and hassle-free. By eliminating manual configurations, this integration ensures that customers can implement email security solutions rapidly, allowing them to safeguard client inboxes without delay. Bundled offerings The bundled offerings available through Pax8 allow partners to enhance their service portfolios by combining EasyDMARC with complementary security solutions. By creating all-in-one security packages, partners can offer their clients more robust protection, addressing a broader range of security needs from a single, trusted platform. Gerasim Hovhannisyan, Co-Founder and CEO of EasyDMARC, said: “We’re thrilled to be working with Pax8  to provide MSPs with a streamlined, effective way to deliver top-tier email security to their clients, all within a platform that equips them with everything needed to stay secure.  As phishing attacks grow in frequency and sophistication, businesses can no longer afford to overlook the importance of email security. Email authentication is a vital defense against the evolving threat of phishing and is crucial in preserving the integrity of email communication. This integration is designed to allow businesses of all sizes to benefit from DMARC’s extensive capabilities.” Ryan Burton, Vice President of Marketplace Vendor Strategy, at Pax8 said:  “We’re delighted to welcome EasyDMARC to the Pax8 Marketplace as an enterprise-class DMARC solution provider. This integration gives MSPs the tools they need to meet the growing demand for email security, with simplified deployment, billing, and bundling benefits. With EasyDMARC’s technical capabilities and intelligence, MSPs can deliver robust protection against phishing threats without the technical hassle that often holds businesses back.” About EasyDMARC EasyDMARC is a cloud-native B2B SaaS solution that addresses email security and deliverability problems with just a few clicks. For Managed Service Providers seeking to increase their revenue, EasyDMARC presents an ideal solution. The email authentication platform streamlines domain management, providing capabilities such as organizational control, domain grouping, and access management. Additionally, EasyDMARC offers a comprehensive sales and marketing enablement program designed to boost DMARC sales. All of these features are available for MSPs on a scalable platform with a flexible pay-as-you-go pricing model. For more information on the EasyDMARC, visit: https://easydmarc.com/ About Pax8  Pax8 is the technology marketplace of the future, linking partners, vendors, and small to midsized businesses (SMBs) through AI-powered insights and comprehensive product support. With a global partner ecosystem of over 38,000 managed service providers, Pax8 empowers SMBs worldwide by providing software and services that unlock their growth potential and enhance their security. Committed to innovating cloud commerce at scale, Pax8 drives customer acquisition and solution consumption across its entire ecosystem. Find out more: https://www.pax8.com/en-us/ The post EasyDMARC Integrates With Pax8 Marketplace To Simplify Email Security For MSPs appeared first on EasyDMARC.
    0 Commentarii 0 Distribuiri 0 previzualizare
  • Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 

    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks.
    To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms.
    Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsicsand assembly language. It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA. 
    Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior.
    Proving Rust program properties with Aeneas
    Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”.
    For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references.
    As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneasbecause it helps provide a clean separation between code and proofs.
    Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean, allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community.
    Compiling Rust to C supports backward compatibility  
    We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs.
    Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice, a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydicecompiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code.
    As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries, or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed.

    Microsoft research podcast

    Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness
    As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India.

    Listen now

    Opens in a new tab
    Timing analysis with Revizor 
    Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct. 
    To address this, we’re extending Revizor, a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.  
    Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel. 
    By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code.
    Verified Rust implementations begin with ML-KEM
    This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling.
    A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcryptobranch of the SymCrypt repository. We encourage users to try the Rust build and share feedback. Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings. 
    Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations. 
    As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems.
    Looking forward 
    This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library.
    Opens in a new tab
    #rewriting #symcrypt #rust #modernize #microsofts
    Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 
    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks. To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms. Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsicsand assembly language. It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA.  Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior. Proving Rust program properties with Aeneas Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”. For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references. As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneasbecause it helps provide a clean separation between code and proofs. Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean, allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community. Compiling Rust to C supports backward compatibility   We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs. Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice, a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydicecompiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code. As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries, or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed. Microsoft research podcast Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India. Listen now Opens in a new tab Timing analysis with Revizor  Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct.  To address this, we’re extending Revizor, a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.   Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel.  By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code. Verified Rust implementations begin with ML-KEM This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling. A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcryptobranch of the SymCrypt repository. We encourage users to try the Rust build and share feedback. Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings.  Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations.  As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems. Looking forward  This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library. Opens in a new tab #rewriting #symcrypt #rust #modernize #microsofts
    WWW.MICROSOFT.COM
    Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 
    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks. To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt (opens in new tab)—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms. Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsics (compiler-provided low-level functions) and assembly language (direct processor instructions). It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA.  Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior. Proving Rust program properties with Aeneas Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”. For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references. As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneas (opens in new tab) because it helps provide a clean separation between code and proofs. Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean (opens in new tab), allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community. Compiling Rust to C supports backward compatibility   We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs. Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice (opens in new tab), a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydice (opens in new tab) compiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code. As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries (via C or Rust APIs), or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed. Microsoft research podcast Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India. Listen now Opens in a new tab Timing analysis with Revizor  Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct.  To address this, we’re extending Revizor (opens in new tab), a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.   Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel.  By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code. Verified Rust implementations begin with ML-KEM This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling. A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcrypto (opens in new tab) branch of the SymCrypt repository. We encourage users to try the Rust build and share feedback (opens in new tab). Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings.  Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations.  As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems. Looking forward  This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library. Opens in a new tab
    0 Commentarii 0 Distribuiri 0 previzualizare
  • Fox News AI Newsletter: Hollywood studios sue 'bottomless pit of plagiarism'

    The Minions pose during the world premiere of the film "Despicable Me 4" in New York City, June 9, 2024. NEWYou can now listen to Fox News articles!
    Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.IN TODAY’S NEWSLETTER:- Major Hollywood studios sue AI company over copyright infringement in landmark move- Meta's Zuckerberg aiming to dominate AI race with recruiting push for new ‘superintelligence’ team: report- OpenAI says this state will play central role in artificial intelligence development The website of Midjourney, an artificial intelligencecapable of creating AI art, is seen on a smartphone on April 3, 2023, in Berlin, Germany.'PIRACY IS PIRACY': Two major Hollywood studios are suing Midjourney, a popular AI image generator, over its use and distribution of intellectual property.AI RACE: Meta CEO Mark Zuckerberg is reportedly building a team of experts to develop artificial general intelligencethat can meet or exceed human capabilities.TECH HUB: New York is poised to play a central role in the development of artificial intelligence, OpenAI executives told key business and civic leaders on Tuesday. Attendees watch a presentation during an event on the Apple campus in Cupertino, Calif., Monday, June 9, 2025. APPLE FALLING BEHIND: Apple’s annual Worldwide Developers Conferencekicked off on Monday and runs through Friday. But the Cupertino-based company is not making us wait until the end. The major announcements have already been made, and there are quite a few. The headliners are new software versions for Macs, iPhones, iPads and Vision. FROM COAL TO CODE: This week, Amazon announced a billion investment in artificial intelligence infrastructure in the form of new data centers, the largest in the commonwealth's history, according to the eCommerce giant.DIGITAL DEFENSE: A growing number of fire departments across the country are turning to artificial intelligence to help detect and respond to wildfires more quickly. Rep. Darin LaHood, R-Ill., leaves the House Republican Conference meeting at the Capitol Hill Club in Washington on Tuesday, May 17, 2022. SHIELD FROM BEIJING: Rep. Darin LaHood, R-Ill., is introducing a new bill Thursday imploring the National Security Administrationto develop an "AI security playbook" to stay ahead of threats from China and other foreign adversaries. ROBOT RALLY PARTNER: Finding a reliable tennis partner who matches your energy and skill level can be a challenge. Now, with Tenniix, an artificial intelligence-powered tennis robot from T-Apex, players of all abilities have a new way to practice and improve. DIGITAL DANGER ZONE: Scam ads on Facebook have evolved beyond the days of misspelled headlines and sketchy product photos. Today, many are powered by artificial intelligence, fueled by deepfake technology and distributed at scale through Facebook’s own ad system.  Fairfield, Ohio, USA - February 25, 2011 : Chipotle Mexican Grill Logo on brick building. Chipotle is a chain of fast casual restaurants in the United States and Canada that specialize in burritos and tacos.'EXPONENTIAL RATE': Artificial intelligence is helping Chipotle rapidly grow its footprint, according to CEO Scott Boatwright. AI TAKEOVER THREAT: The hottest topic nowadays revolves around Artificial Intelligenceand its potential to rapidly and imminently transform the world we live in — economically, socially, politically and even defensively. Regardless of whether you believe that the technology will be able to develop superintelligence and lead a metamorphosis of everything, the possibility that may come to fruition is a catalyst for more far-leftist control.FOLLOW FOX NEWS ON SOCIAL MEDIASIGN UP FOR OUR OTHER NEWSLETTERSDOWNLOAD OUR APPSWATCH FOX NEWS ONLINEFox News GoSTREAM FOX NATIONFox NationStay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here. This article was written by Fox News staff.
    #fox #news #newsletter #hollywood #studios
    Fox News AI Newsletter: Hollywood studios sue 'bottomless pit of plagiarism'
    The Minions pose during the world premiere of the film "Despicable Me 4" in New York City, June 9, 2024. NEWYou can now listen to Fox News articles! Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.IN TODAY’S NEWSLETTER:- Major Hollywood studios sue AI company over copyright infringement in landmark move- Meta's Zuckerberg aiming to dominate AI race with recruiting push for new ‘superintelligence’ team: report- OpenAI says this state will play central role in artificial intelligence development The website of Midjourney, an artificial intelligencecapable of creating AI art, is seen on a smartphone on April 3, 2023, in Berlin, Germany.'PIRACY IS PIRACY': Two major Hollywood studios are suing Midjourney, a popular AI image generator, over its use and distribution of intellectual property.AI RACE: Meta CEO Mark Zuckerberg is reportedly building a team of experts to develop artificial general intelligencethat can meet or exceed human capabilities.TECH HUB: New York is poised to play a central role in the development of artificial intelligence, OpenAI executives told key business and civic leaders on Tuesday. Attendees watch a presentation during an event on the Apple campus in Cupertino, Calif., Monday, June 9, 2025. APPLE FALLING BEHIND: Apple’s annual Worldwide Developers Conferencekicked off on Monday and runs through Friday. But the Cupertino-based company is not making us wait until the end. The major announcements have already been made, and there are quite a few. The headliners are new software versions for Macs, iPhones, iPads and Vision. FROM COAL TO CODE: This week, Amazon announced a billion investment in artificial intelligence infrastructure in the form of new data centers, the largest in the commonwealth's history, according to the eCommerce giant.DIGITAL DEFENSE: A growing number of fire departments across the country are turning to artificial intelligence to help detect and respond to wildfires more quickly. Rep. Darin LaHood, R-Ill., leaves the House Republican Conference meeting at the Capitol Hill Club in Washington on Tuesday, May 17, 2022. SHIELD FROM BEIJING: Rep. Darin LaHood, R-Ill., is introducing a new bill Thursday imploring the National Security Administrationto develop an "AI security playbook" to stay ahead of threats from China and other foreign adversaries. ROBOT RALLY PARTNER: Finding a reliable tennis partner who matches your energy and skill level can be a challenge. Now, with Tenniix, an artificial intelligence-powered tennis robot from T-Apex, players of all abilities have a new way to practice and improve. DIGITAL DANGER ZONE: Scam ads on Facebook have evolved beyond the days of misspelled headlines and sketchy product photos. Today, many are powered by artificial intelligence, fueled by deepfake technology and distributed at scale through Facebook’s own ad system.  Fairfield, Ohio, USA - February 25, 2011 : Chipotle Mexican Grill Logo on brick building. Chipotle is a chain of fast casual restaurants in the United States and Canada that specialize in burritos and tacos.'EXPONENTIAL RATE': Artificial intelligence is helping Chipotle rapidly grow its footprint, according to CEO Scott Boatwright. AI TAKEOVER THREAT: The hottest topic nowadays revolves around Artificial Intelligenceand its potential to rapidly and imminently transform the world we live in — economically, socially, politically and even defensively. Regardless of whether you believe that the technology will be able to develop superintelligence and lead a metamorphosis of everything, the possibility that may come to fruition is a catalyst for more far-leftist control.FOLLOW FOX NEWS ON SOCIAL MEDIASIGN UP FOR OUR OTHER NEWSLETTERSDOWNLOAD OUR APPSWATCH FOX NEWS ONLINEFox News GoSTREAM FOX NATIONFox NationStay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here. This article was written by Fox News staff. #fox #news #newsletter #hollywood #studios
    WWW.FOXNEWS.COM
    Fox News AI Newsletter: Hollywood studios sue 'bottomless pit of plagiarism'
    The Minions pose during the world premiere of the film "Despicable Me 4" in New York City, June 9, 2024.  (REUTERS/Kena Betancur) NEWYou can now listen to Fox News articles! Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.IN TODAY’S NEWSLETTER:- Major Hollywood studios sue AI company over copyright infringement in landmark move- Meta's Zuckerberg aiming to dominate AI race with recruiting push for new ‘superintelligence’ team: report- OpenAI says this state will play central role in artificial intelligence development The website of Midjourney, an artificial intelligence (AI) capable of creating AI art, is seen on a smartphone on April 3, 2023, in Berlin, Germany. (Thomas Trutschel/Photothek via Getty Images)'PIRACY IS PIRACY': Two major Hollywood studios are suing Midjourney, a popular AI image generator, over its use and distribution of intellectual property.AI RACE: Meta CEO Mark Zuckerberg is reportedly building a team of experts to develop artificial general intelligence (AGI) that can meet or exceed human capabilities.TECH HUB: New York is poised to play a central role in the development of artificial intelligence (AI), OpenAI executives told key business and civic leaders on Tuesday. Attendees watch a presentation during an event on the Apple campus in Cupertino, Calif., Monday, June 9, 2025.  (AP Photo/Jeff Chiu)APPLE FALLING BEHIND: Apple’s annual Worldwide Developers Conference (WWDC) kicked off on Monday and runs through Friday. But the Cupertino-based company is not making us wait until the end. The major announcements have already been made, and there are quite a few. The headliners are new software versions for Macs, iPhones, iPads and Vision. FROM COAL TO CODE: This week, Amazon announced a $20 billion investment in artificial intelligence infrastructure in the form of new data centers, the largest in the commonwealth's history, according to the eCommerce giant.DIGITAL DEFENSE: A growing number of fire departments across the country are turning to artificial intelligence to help detect and respond to wildfires more quickly. Rep. Darin LaHood, R-Ill., leaves the House Republican Conference meeting at the Capitol Hill Club in Washington on Tuesday, May 17, 2022.  (Bill Clark/CQ-Roll Call, Inc via Getty Images)SHIELD FROM BEIJING: Rep. Darin LaHood, R-Ill., is introducing a new bill Thursday imploring the National Security Administration (NSA) to develop an "AI security playbook" to stay ahead of threats from China and other foreign adversaries. ROBOT RALLY PARTNER: Finding a reliable tennis partner who matches your energy and skill level can be a challenge. Now, with Tenniix, an artificial intelligence-powered tennis robot from T-Apex, players of all abilities have a new way to practice and improve. DIGITAL DANGER ZONE: Scam ads on Facebook have evolved beyond the days of misspelled headlines and sketchy product photos. Today, many are powered by artificial intelligence, fueled by deepfake technology and distributed at scale through Facebook’s own ad system.  Fairfield, Ohio, USA - February 25, 2011 : Chipotle Mexican Grill Logo on brick building. Chipotle is a chain of fast casual restaurants in the United States and Canada that specialize in burritos and tacos. (iStock)'EXPONENTIAL RATE': Artificial intelligence is helping Chipotle rapidly grow its footprint, according to CEO Scott Boatwright. AI TAKEOVER THREAT: The hottest topic nowadays revolves around Artificial Intelligence (AI) and its potential to rapidly and imminently transform the world we live in — economically, socially, politically and even defensively. Regardless of whether you believe that the technology will be able to develop superintelligence and lead a metamorphosis of everything, the possibility that may come to fruition is a catalyst for more far-leftist control.FOLLOW FOX NEWS ON SOCIAL MEDIASIGN UP FOR OUR OTHER NEWSLETTERSDOWNLOAD OUR APPSWATCH FOX NEWS ONLINEFox News GoSTREAM FOX NATIONFox NationStay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here. This article was written by Fox News staff.
    0 Commentarii 0 Distribuiri 0 previzualizare
Sponsorizeaza Paginile
CGShares https://cgshares.com