How emerging tech makes it easier to defraud schools out of millions  University Business

Hundreds of millions of users could be exposed in "largest breach ever" against Chinese victims.

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.” The other speakers mostly talked about how cool AI was—and som

Cloud security teams are caught in an endless cycle. Every day, they sift through alerts, investigate misconfigurations, and analyze theoretical risks. Stymied by information-processing, their nemesis – hackers – don’t wait. Cy

Cellebrite said the deal will help with the "accelerated identification of mobile vulnerabilities and exploits."

Ahead of the TechEx North America event on June 4-5, we’ve been lucky enough to speak to Kieran Norton, Deloitte’s US Cyber AI & Automation leader, who will be one of the speakers at the conference on June 4th. Kieran’s 25+ years in the sector mean that as well as speaking authoritatively on all matters cybersecurity, his most recent roles include advising Deloitte clients on many issues around cybersecurity when using AI in business applications.The majority of organisations have in place at least the bare minimum of cybersecurity, and thankfully, in most cases, operate a decently comprehensive raft of cybersecurity measures that cover off communications, data storage, and perimeter defences.However, in the last couple of years, AI has changed the picture, both in terms of how companies can leverage the technology internally, and in how AI is used in cybersecurity – in advanced detection, and in the new ways the tech is used by bad actors.As a Considered a relatively new area, AI, smart automation, data governance and security all inhabit a niche at present. But given the growing presence of AI in the enterprise, those niches are set to become mainstream issues: problems, solutions, and advice that will need to be observed in every organisation, sooner rather than later.Governance and riskIntegrating AI into business processes isn’t solely about the technology and methods for its deployment. Internal processes will need to change to make best use of AI, and to better protect the business that’s using AI daily. Kieran draws a parallel to earlier changes made necessary by new technologies: “I would correlate [AI] with cloud adoption where it was a fairly significant shift. People understood the advantages of it and were moving in that direction, although sometimes it took them more time than others to get there.”Those changes mean casting the net wide, to encompass the update of governance frameworks, establishing secure architectures, even leveraging a new generation of specialists to ensure AI and the data associated with it are used safely and responsibly. Companies actively using AI have to detect and correct bias, test for hallucinations, impose guardrails, manage where, and by whom AI is used, and more. As Kieran puts it: “You probably weren’t doing a lot of testing for hallucination, bias, toxicity, data poisoning, model vulnerabilities, etc. That now has to be part of your process.”These are big subjects, and for the fuller picture, we advocate that readers attend the two talks at TechEx North America that Kieran’s to give. He’ll be exploring both sides of the AI coin – issues around AI deployment for the business, and the methods that companies can implement to deter and detect the new breed of AI-powered malware and attack vectors.The right use-casesKieran advocates that companies start with smaller, lower-risk AI implementations. While some of the first sightings of AI ‘in the wild’ have been chatbots, he was quick to differentiate between a chatbot that can intelligently answer questions from customers, and agents, which can take action by means of triggering interactions with the apps and services the business operates. “So there’s a delineation […] chatbots have been one of the primary starting places […] As we get into agents and agentic, that changes the picture. It also changes the complexity and risk profile.”Customer-facing agentic AI instances are indubitably higher risk, as a misstep can have  significant effects on a brand. “That’s a higher risk scenario. Particularly if the agent is executing financial transactions or making determinations based on healthcare coverage […] that’s not the first use case you want to try.”“If you plug 5, 6, 10, 50, a hundred agents together, you’re getting into a network of agency […] the interactions become quite complex and present different issues,” he said.In some ways, the issues around automation and system-to-system interfaces have been around for close on a decade. Data silos and RPA (robotic process automation) challenges are the hurdles enterprises have been trying to jump for several years. “You still have to know where your data is, know what data you have, have access to it […] The fundamentals are still true.”In the AI era, fundamental questions about infrastructure, data visibility, security, and sovereignty are arguably more relevant. Any discussions about AI tend to circle around the same issues, which throws into relief Kieran’s statements that a conversation about AI in the enterprise has to be wide-reaching and concern many of the operational and infrastructural underpinnings of the enterprise.Kieran therefore emphasises the importance of practicality, and a grounded assessment of need and ability as needing careful examination before AI can gain a foothold. “If you understand the use case […] you should have a pretty good idea of the ROI […] and therefore whether or not it’s worth the pain and suffering to go through building it.”At Deloitte, AI is being put to use where there is a clear use case with a measurable return: in the initial triage-ing of SOC tickets. Here the AI acts as a Level I incident analysis engine. “We know how many tickets get generated a day […] if we can take 60 to 80% of the time out of the triage process, then that has a significant impact.” Given the technology’s nascence, demarcating a specific area of operations where AI can be used acts as both prototype and proof of effectiveness. The AI is not customer-facing, and there are highly-qualified experts in their fields who can check and oversee the AI’s deliberations.ConclusionKieran’s message for business professionals investigating AI uses for their organisations was not to build an AI risk assessment and management programme from scratch. Instead, companies should evolve existing systems, have a clear understanding of each use-case, and avoid the trap of building for theoretical value.“You shouldn’t create another programme just for AI security on top of what you’re already doing […] you should be modernising your programme to address the nuances associated with AI workloads.” Success in AI starts with clear, realistic goals built on solid foundations.You can read more about TechEx North America here and sign up to attend. Visit the Deloitte team at booth #153 and drop in on its sessions on June 4: ‘Securing the AI Stack’ on the AI & Big Data stage from 9:20am-9:50am, and ‘Leveraging AI in Cybersecurity for business transformation’ on the Cybersecurity stage, 10:20am – 10:50am.Learn more about Deloitte’s solutions and service offerings for AI in business and cybersecurity or email the team at uscyberai@deloitte.com.(Image source: “Symposium Cisco Ecole Polytechnique 9-10 April 2018 Artificial Intelligence & Cybersecurity” by Ecole polytechnique / Paris / France is licensed under CC BY-SA 2.0.)

Key Takeaways New EU rules take effect June 20, 2025, requiring mobile phones and tablets to be easier and cheaper to repair, including mandatory access to spare parts for up to seven years. Devices must meet durability standards, such as resistance to drops, water, and dust, and batteries must retain 80% capacity after 800 cycles. Manufacturers must offer 5 years of software updates and grant repair professionals access to firmware and repair tools to ensure long-term device usability. Energy consumption is expected to drop, with households projected to save €98 over five years due to longer-lasting, more repairable devices. In a win for the right to repair, the European Union (EU) has released its new energy labeling and ecodesign requirements for mobile phones, tablets, and even cordless phones.  Once implemented, this would help extend the product lifetime of these devices by making them cheaper and easier to repair. Up Ahead: Long-Lasting and Easy-to-Repair Devices The new ecodesign and energy labeling regulations will apply to devices sold in the EU effective June 20, 2025. One key area is the availability of spare parts. Once the regulations take effect, critical spare parts for a device must remain available for seven years from the last day the producer stops selling it. These parts must also be available to repairers within 5–10 working days. Mobile phones, cordless phones, and tablets under the ecodesign regulations must also be resistant to scratches and accidental drops, and be protected from dust and water.  The EU also specified that batteries must withstand at least 800 charge and discharge cycles while holding 80% of their initial capacity. These measures could help ensure devices last longer, thus reducing the need to replace them and lowering their cost of ownership. The requirements go beyond just the hardware. On the software side, manufacturers must also provide at least 5 years of operating system upgrades and give professional repairers access to software or firmware.  These would allow devices to continue to run smoothly and protect them from security vulnerabilities. On top of the ecodesign requirements, the EU also specified energy labeling requirements on the applicable devices. The labels would provide information about the device’s repairability score, energy efficiency, battery longevity, dust and water protection, and resistance to accidental drops. Having clear and easy-to-understand labels can help consumers in the EU make better choices when buying phones and tablets. They’ll know at a glance whether a device can withstand drops or if the batteries will remain reliable for as long as possible. The Projected Impact of the Ecodesign and Energy Labeling Requirements With the new requirements, the EU expects a significant reduction in the energy consumption of the applicable devices. Regarding charging time, this should go down from 2.5 to 1.75 hours per day.  Also, the annual electrical consumption of high-end smartphones is projected to decrease by 25%, while it’s 23% for tablets by 2030. Making devices easier to repair is also seen to reduce the acquisition costs of devices by € 98 per household in five years. A Win for the Right to Repair, But Obstacles Lie Ahead While the EU has already made significant progress in the area of the right to repair, many countries remain well behind. In the US, for instance, only a handful of states like California and Colorado have already enacted right-to-repair laws, while most of the country has yet to catch up. Without laws like these, most manufacturers won’t have the incentive to make their devices easier to repair.  A quick look at iFixit’s smartphone repairability scores shows that only Fairphone, which scored a perfect 10, HMD (9), and Nokia (8) had high scores among current phones. At the same time, Apple’s iPhone 16 line received a respectable 7. The Fairphone 5, launched in 2023, is especially notable for its repairability. According to iFixit, it’s easy to disassemble with common tools, the battery can be replaced quickly, and manuals and replacement parts are available to DIYers. As for the others, Ifixit gave Google’s Pixel 9 series a 5 for making it difficult to remove the battery and the USB-C port and requiring a replacement adhesive to secure the screen or back glass instead of using clips or fasteners. Meanwhile, the Samsung Galaxy S23 Ultra received a 4 because the battery is attached with a strong adhesive, and repairing the screen needs a lot of disassembly. All in all, we remain hopeful that with the EU’s lead, manufacturers can finally be encouraged to make repairing their devices easier than ever before. As technology continues to evolve—from the return of 'dumbphones' to faster and sleeker computers—seasoned tech journalist, Cedric Solidon, continues to dedicate himself to writing stories that inform, empower, and connect with readers across all levels of digital literacy. With 20 years of professional writing experience, this University of the Philippines Journalism graduate has carved out a niche as a trusted voice in tech media. Whether he's breaking down the latest advancements in cybersecurity or explaining how silicon-carbon batteries can extend your phone’s battery life, his writing remains rooted in clarity, curiosity, and utility. Long before he was writing for Techreport, HP, Citrix, SAP, Globe Telecom, CyberGhost VPN, and ExpressVPN, Cedric's love for technology began at home courtesy of a Nintendo Family Computer and a stack of tech magazines. Growing up, his days were often filled with sessions of Contra, Bomberman, Red Alert 2, and the criminally underrated Crusader: No Regret. But gaming wasn't his only gateway to tech.  He devoured every T3, PCMag, and PC Gamer issue he could get his hands on, often reading them cover to cover. It wasn’t long before he explored the early web in IRC chatrooms, online forums, and fledgling tech blogs, soaking in every byte of knowledge from the late '90s and early 2000s internet boom. That fascination with tech didn’t just stick. It evolved into a full-blown calling. After graduating with a degree in Journalism, he began his writing career at the dawn of Web 2.0. What started with small editorial roles and freelance gigs soon grew into a full-fledged career. He has since collaborated with global tech leaders, lending his voice to content that bridges technical expertise with everyday usability. He’s also written annual reports for Globe Telecom and consumer-friendly guides for VPN companies like CyberGhost and ExpressVPN, empowering readers to understand the importance of digital privacy. His versatility spans not just tech journalism but also technical writing. He once worked with a local tech company developing web and mobile apps for logistics firms, crafting documentation and communication materials that brought together user-friendliness with deep technical understanding. That experience sharpened his ability to break down dense, often jargon-heavy material into content that speaks clearly to both developers and decision-makers. At the heart of his work lies a simple belief: technology should feel empowering, not intimidating. Even if the likes of smartphones and AI are now commonplace, he understands that there's still a knowledge gap, especially when it comes to hardware or the real-world benefits of new tools. His writing hopes to help close that gap. Cedric’s writing style reflects that mission. It’s friendly without being fluffy and informative without being overwhelming. Whether writing for seasoned IT professionals or casual readers curious about the latest gadgets, he focuses on how a piece of technology can improve our lives, boost our productivity, or make our work more efficient. That human-first approach makes his content feel more like a conversation than a technical manual. As his writing career progresses, his passion for tech journalism remains as strong as ever. With the growing need for accessible, responsible tech communication, he sees his role not just as a journalist but as a guide who helps readers navigate a digital world that’s often as confusing as it is exciting. From reviewing the latest devices to unpacking global tech trends, Cedric isn’t just reporting on the future; he’s helping to write it. View all articles by Cedric Solidon Our editorial process The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

IT Pros ‘Extremely Worried’ About Shadow AI: Report By John P. Mello Jr. June 4, 2025 5:00 AM PT ADVERTISEMENT Enterprise IT Lead Generation Services Fuel Your Pipeline. Close More Deals. Our full-service marketing programs deliver sales-ready leads. 100% Satisfaction Guarantee! Learn more. Shadow AI — the use of AI tools under the radar of IT departments — has information technology directors and executives worried, according to a report released Tuesday. The report, based on a survey of 200 IT directors and executives at U.S. enterprise organizations of 1,000 employees or more, found nearly half the IT pros (46%) were “extremely worried” about shadow AI, and almost all of them (90%) were concerned about it from a privacy and security viewpoint. “As our survey found, shadow AI is resulting in palpable, concerning outcomes, with nearly 80% of IT leaders saying it has resulted in negative incidents such as sensitive data leakage to Gen AI tools, false or inaccurate results, and legal risks of using copyrighted information,” said Krishna Subramanian, co-founder of Campbell, Calif.-based Komprise, the unstructured data management company that produced the report. “Alarmingly, 13% say that shadow AI has caused financial or reputational harm to their organizations,” she told TechNewsWorld. Subramanian added that shadow AI poses a much greater problem than shadow IT, which primarily focuses on departmental power users purchasing cloud instances or SaaS tools without obtaining IT approval. “Now we’ve got an unlimited number of employees using tools like ChatGPT or Claude AI to get work done, but not understanding the potential risk they are putting their organizations at by inadvertently submitting company secrets or customer data into the chat prompt,” she explained. “The data risk is large and growing in still unforeseen ways because of the pace of AI development and adoption and the fact that there is a lot we don’t know about how AI works,” she continued. “It is becoming more humanistic all the time and capable of making decisions independently.” Shadow AI Introduces Security Blind Spots Shadow AI is the next step after shadow IT and is a growing risk, noted James McQuiggan, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla. “Users use AI tools for content, images, or applications and to process sensitive data or company information without proper security checks,” he told TechNewsWorld. “Most organizations will have privacy, compliance, and data protection policies, and shadow AI introduces blind spots in the organization’s data loss prevention.” “The biggest risk with shadow AI is that the AI application has not passed through a security analysis as approved AI tools may have been,” explained Melissa Ruzzi, director of AI at AppOmni, a SaaS security management software company, in San Mateo, Calif. “Some AI applications may be training models using your data, may not adhere to relevant regulations that your company is required to follow, and may not even have the data storage security level you deem necessary to keep your data from being exposed,” she told TechNewsWorld. “Those risks are blind spots of potential security vulnerabilities in shadow AI.” Krishna Vishnubhotla, vice president of product strategy at Zimperium, a mobile security company based in Dallas, noted that shadow AI extends beyond unapproved applications and involves embedded AI components that can process and disseminate sensitive data in unpredictable ways. “Unlike traditional shadow IT, which may be limited to unauthorized software or hardware, shadow AI can run on employee mobile devices outside the organization’s perimeter and control,” he told TechNewsWorld. “This creates new security and compliance risks that are harder to track and mitigate.” Vishnubhotla added that the financial impact of shadow AI varies, but unauthorized AI tools can lead to significant regulatory fines, data breaches, and loss of intellectual property. “Depending on the scale of the agency and the sensitivity of the data exposed, the costs could range from millions to potentially billions in damages due to compliance violations, remediation efforts, and reputational harm,” he said. “Federal agencies handling vast amounts of sensitive or classified information, financial institutions, and health care organizations are particularly vulnerable,” he said. “These sectors collect and analyze vast amounts of high-value data, making AI tools attractive. But without proper vetting, these tools could be easily exploited.” Shadow AI Everywhere and Easy To Use Nicole Carignan, SVP for security and AI strategy at Darktrace, a global cybersecurity AI company, predicts an explosion of tools that utilize AI and generative AI within enterprises and on devices used by employees. “In addition to managing AI tools that are built in-house, security teams will see a surge in the volume of existing tools that have new AI features and capabilities embedded, as well as a rise in shadow AI,” she told TechNewsWorld. “If the surge remains unchecked, this raises serious questions and concerns about data loss prevention, as well as compliance concerns as new regulations start to take effect.” “That will drive an increasing need for AI asset discovery — the ability for companies to identify and track the use of AI systems throughout the enterprise,” she said. “It is imperative that CIOs and CISOs dig deep into new AI security solutions, asking comprehensive questions about data access and visibility.” Shadow AI has become so rampant because it is everywhere and easy to access through free tools, maintained Komprise’s Subramanian. “All you need is a web browser,” she said. “Enterprise users can inadvertently share company code snippets or corporate data when using these Gen AI tools, which could create data leakage.” “These tools are growing and changing exponentially,” she continued. “It’s really hard to keep up. As the IT leader, how do you track this and determine the risk? Managers might be looking the other way because their teams are getting more done. You may need fewer contractors and full-time employees. But I think the risk of the tools is not well understood.” “The low, or in some cases non-existent, learning curve associated with using Gen AI services has led to rapid adoption, regardless of prior experience with these services,” added Satyam Sinha, CEO and co-founder of Acuvity, a provider of runtime Gen AI security and governance solutions, in Sunnyvale, Calif. “Whereas shadow IT focused on addressing a specific challenge for particular employees or departments, shadow AI addresses multiple challenges for multiple employees and departments. Hence, the greater appeal,” he said. “The abundance and rapid development of Gen AI services also means employees can find the right solution [instantly]. Of course, all these traits have direct security implications.” Banning AI Tools Backfires To support innovation while minimizing the threat of shadow AI, enterprises must take a three-pronged approach, asserted Kris Bondi, CEO and co-founder of Mimoto, a threat detection and response company in San Francisco. They must educate employees on the dangers of unsupported, unmonitored AI tools, create company protocols for what is not acceptable use of unauthorized AI tools, and, most importantly, provide AI tools that are sanctioned. “Explaining why one tool is sanctioned and another isn’t greatly increases compliance,” she told TechNewsWorld. “It does not work for a company to have a zero-use mandate. In fact, this results in an increase in stealth use of shadow AI.” In the very near future, more and more applications will be leveraging AI in different forms, so the reality of shadow AI will be present more than ever, added AppOmni’s Ruzzi. “The best strategy here is employee training and AI usage monitoring,” she said. “It will become crucial to have in place a powerful SaaS security tool that can go beyond detecting direct AI usage of chatbots to detect AI usage connected to other applications,” she continued, “allowing for early discovery, proper risk assessment, and containment to minimize possible negative consequences.” “Shadow AI is just the beginning,” KnowBe4’s McQuiggan added. “As more teams use AI, the risks grow.” He recommended that companies start small, identify what’s being used, and build from there. They should also get legal, HR, and compliance involved. “Make AI governance part of your broader security program,” he said. “The sooner you start, the better you can manage what comes next.” John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John. Leave a Comment Click here to cancel reply. Please sign in to post or reply to a comment. New users create a free account. Related Stories More by John P. Mello Jr. view all More in IT Leadership

A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz Threat Research revealed. Dubb

Qualcomm warns OEMs now need to apply the fix in their devices.