An anonymous reader quotes a report from the Associated Press: Agrochemical maker Bayer and attorneys for cancer patients announced a proposed $7.25 billion settlement Tuesday to resolve thousands of U.S. lawsuits alleging the company failed to warn people that its popular weedkiller Roundup could cause cancer. The proposed settlement comes as the U.S. Supreme Court is preparing to hear arguments in April on Bayer's assertion that the U.S. Environmental Protection Agency's approval of Roundup without a cancer warning should invalidate claims filed in state courts. That case would not be affected by the proposed settlement. But the settlement would eliminate some of the risk from an eventual Supreme Court ruling. Patients would be assured of receiving settlement money even if the Supreme Court rules in Bayer's favor. And Bayer would be protected from potentially larger costs if the high court rules against it. Germany-based Bayer, which acquired Roundup maker Monsanto in 2018, disputes the assertion that Roundup's key ingredient, glyphosate, can cause non-Hodgkin lymphoma. But the company has warned that mounting legal costs are threatening its ability to continue selling the product in U.S. agricultural markets. "Litigation uncertainly has plagued the company for years, and this settlement gives the company a road to closure," Bayer CEO Bill Anderson said Tuesday. The proposed settlement could total up to $7.25 billion over 21 years and resolve most of the remaining U.S. lawsuits surrounding the cancer-related harms of Roundup. The report notes that more than 125,000 claims have been filed since 2015, and while many have already been settled, this deal aims to cover most outstanding and future claims tied to past exposure. Individual payouts would vary widely based on exposure type, age at diagnosis, and cancer severity. Bayer can also cancel the deal if too many plaintiffs opt out.

Read more of this story at Slashdot.

Anthropic has released Claude Sonnet 4.6, the first upgrade to its mid-tier AI model since version 4.5 arrived in September 2025. The new model features a "1M token context window" and delivers a "full upgrade of the model's skills across coding, computer use, long-context reasoning, agent planning, knowledge work, and design." From Anthropic: Sonnet 4.6 brings much-improved coding skills to more of our users. Improvements in consistency, instruction following, and more have made developers with early access prefer Sonnet 4.6 to its predecessor by a wide margin. They often even prefer it to our smartest model from November 2025, Claude Opus 4.5. Performance that would have previously required reaching for an Opus-class model -- including on real-world, economically valuable office tasks -- is now available with Sonnet 4.6. The model also shows a major improvement in computer use skills compared to prior Sonnet models. The free tier now uses Sonnet 4.6 by default and with "file creation, connectors, skills, and compaction" included.

Read more of this story at Slashdot.

According to Bloomberg's Mark Gurman (paywalled), Apple is reportedly developing AI-powered smart glasses, a wearable pendant, and camera-equipped AirPods that connect to the iPhone and use "visual context" to let Siri perform real-world actions. The Verge reports: Apple is reportedly aiming to start production of its smart glasses in December, ahead of a 2027 launch. The new device will compete directly with Meta's lineup of smart glasses and is rumored to feature speakers, microphones, and a high-resolution camera for taking photos and videos, in addition to another lens designed to enable AI-powered features. The glasses won't have a built-in display, but they will allow users to make phone calls, interact with Siri, play music, and "take actions based on surroundings," such as asking about the ingredients in a meal, according to Bloomberg. Apple's smart glasses could also help users identify what they're seeing, reference landmarks when offering directions, and remind wearers to complete a task in specific situations, Bloomberg reports. The company is reportedly planning to develop the frames for the smart glasses in-house, instead of partnering with a third-party company like Meta does with Ray-Ban and Oakley. Prototypes of the glasses use a cable to connect to a battery pack and an iPhone, but Bloomberg reports that "newer versions have the components embedded in the frame." Apple reportedly wants to make its smart glasses stand out by offering a high-quality build and advanced camera technology. The company is still working on AI-powered smart glasses with a display, though their launch "remains many years away," Bloomberg says. Apple's plans for AI hardware don't end there, as the company is expected to build upon its Google Gemini-powered Siri upgrade with an AirTag-sized AI pendant that people can either wear as a necklace or a pin. This device would "essentially serve as an always-on camera" for the iPhone and has a microphone for prompting Siri, Bloomberg reports. The pendant, which The Information first reported on last month, is rumored to come with a built-in chip, but will mainly rely on the iPhone's processing power. The device could arrive as early as next year, according to Bloomberg.

Read more of this story at Slashdot.

Following backlash over Discord's global rollout of strict age-verification checks, users are flocking to rival platform TeamSpeak and overwhelming its servers. According to PC Gamer, the Discord alternative said its hosting capacity has been maxed out in a number of regions including the U.S. From the report: [A]s I saw for myself while testing out free Discord alternatives, it's hard to deny the appeal of TeamSpeak. It's quick and easy to make an account, join or start a group chat, or join a massive, game-based community voice server, and at no point does TeamSpeak cheekily ask if it can scan your wizened visage. During my testing, I was able to dive into 18+ group chats without tripping over an age gate. However, there's no guarantee TeamSpeak won't have to deploy its own age verification mechanism in the future. In the UK at least, the Online Safety Act makes those sorts of checks a legal obligation, with Prime Minister Keir Starmer recently stating "No social media platform should get a free pass when it comes to protecting our kids." Besides all of that, if you'd rather not chat to randoms who also happen to have an unhealthy obsession with Arc Raiders, you'll likely need to pay an admittedly small subscription fee to rent your own ten-person community voice server. By that point, you're handing over card details and essentially fulfilling an age assurance check anyway. If you'd rather limit how much info your chat platform of choice has about you, there are arguably better options out there.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: David Greene had never heard of NotebookLM, Google's buzzy artificial intelligence tool that spins up podcasts on demand, until a former colleague emailed him to ask if he'd lent it his voice. "So... I'm probably the 148th person to ask this, but did you license your voice to Google?" the former co-worker asked in a fall 2024 email. "It sounds very much like you!" Greene, a public radio veteran who has hosted NPR's "Morning Edition" and KCRW's political podcast "Left, Right & Center," looked up the tool, listening to the two virtual co-hosts -- one male and one female -- engage in light banter. "I was, like, completely freaked out," Greene said. "It's this eerie moment where you feel like you're listening to yourself." Greene felt the male voice sounded just like him -- from the cadence and intonation to the occasional "uhhs" and "likes" that Greene had worked over the years to minimize but never eliminated. He said he played it for his wife and her eyes popped. As emails and texts rolled in from friends, family members and co-workers, asking if the AI podcast voice was his, Greene became convinced he'd been ripped off. Now he's suing Google, alleging that it violated his rights by building a product that replicated his voice without payment or permission, giving users the power to make it say things Greene would never say. Google told The Washington Post in a statement on Thursday that NotebookLM's male podcast voice has nothing to do with Greene. Now a Santa Clara County, California, court may be asked to determine whether the resemblance is uncanny enough that ordinary people hearing the voice would assume it's his -- and if so, what to do about it. Greene's lawsuit cites an unnamed AI forensic firm that used its software to compare the artificial voice to Greene's. It gave a confidence rating of 53-60% that Greene's voice was used to train the model, which it considers "relatively high" confidence. "If I was David Greene I would be upset, not just because they stole my voice," but because they used it to make the podcasting equivalent of AI "slop," said Mike Pesca, host of "The Gist" podcast and a former colleague of Greene's at NPR. "They have banter, but it's very surface-level, un-insightful banter, and they're always saying, 'Yeah, that's so interesting.' It's really bad, because what do we as show hosts have except our taste in commentary and pointing our audience to that which is interesting?"

Read more of this story at Slashdot.

A proposal within the Fedora Linux community suggests improving the kernel's DRM Panic screen to a more user-friendly, BSOD-style experience. Phoronix reports: Open-source developer Jose Exposito proposed today a nicer experience for DRM Panic integration on Fedora. Rather than using DRM Panic with just the kernel log contents being encoded in the QR code displayed when a kernel panic occurs, the proposal is to have a customized Fedora web-page with the encoded QR contents to be shown on that web page. Besides having a more pleasant UI/UX, from this web page the intent would also be to make it easier to report this error to the Fedora BugZilla. Being able to easily pass the kernel log to the Fedora bug tracker could help in making upstream aware of the problem(s) and seeing if other users are also encountering similar panics. Right now this idea was just raised earlier today as a "request for comments" on the Fedora mailing list. While a prototype at this point, Exposito already developed a basic web interface for demoing the solution.

Read more of this story at Slashdot.

Longtime Slashdot reader jrepin writes: KDE Plasma is a popular desktop (and mobile too) environment for GNU/Linux and other UNIX-like operating systems. Among other things, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.6. In this new major release, Spectacle can recognize texts from screenshots, a new on-screen keyboard and new login manager are available for testing, and a first-time wizard Plasma Setup was added. Your current theme can be saved as a new global theme, which can also be used for the day and night theme-switching feature. Emoji selector got a new easier way to select skin tone. If your computer has a camera available, you can now connect to a Wi-Fi network by scanning a QR code. Application sound volume can now be changed by scrolling over an application taskbar button via mouse wheel. When screencasting and sharing your desktop, you can now filter windows so they are not shared. A setting was added to enable having virtual desktops only on the primary screen. If your device has an ambient light sensor, you can enable automatic screen brightness adjustment. Game controllers can now be used as regular input devices. For complete list of new features and changes, check out the KDE Plasma 6.6 release announcement and the complete changelog.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: More than two years after Broadcom took over VMware, the virtualization company's customers are still grappling with higher prices, uncertainty, and the challenges of reducing vendor lock-in. Today, CloudBolt Software released a report, "The Mass Exodus That Never Was: The Squeeze Is Just Beginning," that provides insight into those struggles. CloudBolt is a hybrid cloud management platform provider that aims to identify VMware customers' pain points so it can sell them relevant solutions. In the report, CloudBolt said it surveyed 302 IT decision-makers (director-level or higher) at North American companies with at least 1,000 employees in January. The survey is far from comprehensive, but it offers a look at the obstacles these users face. Broadcom closed its VMware acquisition in November 2023, and last month, 88 percent of survey respondents still described the change as "disruptive." Per the survey, the most cited drivers of disruption were price increases (named by 89 percent of respondents), followed by uncertainty about Broadcom's plans (85 percent), support quality concerns (78 percent), Broadcom shifting VMware from perpetual licenses to subscriptions (72 percent), changes to VMware's partner program (68 percent), and the forced bundling of products (65 percent). When Broadcom bought VMware, some customers shared horror stories about receiving quotes that showed prices increasing by as much as 1,000 percent. CloudBolt's survey paints a more modest picture. Fourteen percent of respondents said their VMware costs have at least doubled, while 12 percent reported increases of 50-99 percent, 33 percent reported increases of 24-49 percent, and 31 percent reported increases of less than 25 percent. Despite survey participants suggesting smaller price hikes than originally anticipated under Broadcom, companies are still struggling with the pricing changes. Eighty-five percent are concerned that VMware will become even more expensive, according to CloudBolt's survey. [...] CloudBolt's survey also examined how respondents are migrating workloads off of VMware. Currently, 36 percent of participants said they migrated 1-24 percent of their environment off of VMware. Another 32 percent said that they have migrated 25-49 percent; 10 percent said that they've migrated 50-74 percent of workloads; and 2 percent have migrated 75 percent or more of workloads. Five percent of respondents said that they have not migrated from VMware at all. Among migrated workloads, 72 percent moved to public cloud infrastructure as a service, followed by Microsoft's Hyper-V/Azure stack (43 percent of respondents). Overall, 86 percent of respondents "are actively reducing their VMware footprint," CloudBolt's report said.

Read more of this story at Slashdot.

A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China. From a report: The case filed by Almeida Law Group on behalf of San Francisco-based "Spencer Christy, individually and on behalf of all others similarly situated" centers on the Data Security Program regulations implemented by the DOJ last year. According to the suit, these were "implemented to prevent adversarial countries from acquiring large quantities of behavioral data which could be used to surveil, analyze, or exploit American citizens' behavior." The complaint states the DOJ rule "makes clear that sending American consumers' information to Chinese entities through automated advertising systems and associated databases with the requisite controls is prohibited." The case states the threshold for "covered personal identifiers" is 100,000 US persons or more and lists a range of potential identifiers, from government and financial account numbers to IMEIs, MAC, and SIM numbers, demographic data, and advertising IDs.

Read more of this story at Slashdot.

Residents of Potters Bar, a small town just north of London, are trying to block what would be one of Europe's largest data centers from being built on 85 acres of rolling farmland that separates their community from the neighboring village of South Mimms. Multinational operator Equinix acquired the land last October after the local council granted planning permission in January 2025, and the company intends to break ground this year on a development it estimates will cost more than $5 billion. The UK government's decision to classify data centers as "critical national infrastructure" and a new "gray belt" land designation that loosens building restrictions on underperforming greenbelt parcels helped clear the path for approval -- even though objections from locals outweighed signatures of support by nearly two-to-one during the public consultation. A protest group of more than 1,000 residents has since appealed to a third-party ombudsman and the UK's Office of Environmental Protection, but has so far failed to overturn the decision.

Read more of this story at Slashdot.

OpenAI has renamed its feature in Sora from "Cameo" to "Characters."

The decision comes a month after Tesla discontinued Autopilot, its basic driver-assistance system.

Amnesty International says it found evidence that a government customer of Intellexa, a sanctioned surveillance vendor, used its Predator spyware against a prominent journalist in Angola.

Jack Altman and Benchmark announced today that he would be joining the firm as a general partner.

A combination of 3D-printed Lego-like parts, Formula 1 thinking, and a bounty program will help the company hit that target. The team, led by Tesla veteran Alan Clarke, is obsessed with efficiency.

An internal research study at Meta found that parental supervision may not help teens regulate their social media, and teens with trauma are more inclined to overuse social media.

As the AI hardware space heats up, the iPhone maker has multiple smart products in development.

Thrive Capital just raised $10 billion for its new fund -- nearly double the size of its last fund.

The new project, called Material Scale, will initially focus on climate tech startups in the apparel industry.

Anthropic has released a new version of its midsized Sonnet model, keeping pace with the company's four-month update cycle.

YouTube is experiencing an outage across the United States, with users in other countries like Canada, India, the Philippines, Australia and Russia also having problems with accessing the website. The issue seems to have started at around 8 PM Eastern time and reached 338,000 reports on Downdetector before starting to taper down. More users reported having issues accessing the app, but I personally lost access to the web homepage first.

As of 9:22 PM, users are still reporting being unable to access YouTube on Reddit. As of 9:33 PM, users are complaining that they still can’t access the service, though others say it’s back up for them. Some people are reporting partial restoration of service, with the homepage now being accessible but not seeing any recommended videos.

Downdetector also got thousands of reports of Google being down at around 8 PM Eastern time. As of 9:53 PM, Engadget Managing Editor Cherlynn Low reports that both YouTube and Google Home Assistant are still inaccessible for her. As of 10:12PM Eastern, Team YouTube posted on X that the issue has been completely fixed. While it didn’t say why YouTube went down, the team acknowledged the problem before 9PM and posted an update 20 minutes later that its recommendation system was having issues, even though its homepage was back.

Update, February 17, 2026, 10:27 PM ET: YouTube says the issue has been completely fixed.

Update, February 17, 2026, 10:08 PM ET: Updated with reports that certain Google services are also down for some users.

Update, February 17, 2026, 9:34 PM ET: Updated with reports from users.

Update, February 17, 2026, 9:26 PM ET: Updated to correct time of outage, added new countries where it’s out and added new reports of YouTube still being inaccessible.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/youtube-was-down-for-thousands-of-users-in-the-us-020718788.html?src=rss

Anyone who's been paying even a little bit of attention to tech news lately could have made a reasonable guess that AI will be a big topic at Samsung's Unpacked next week. Ahead of the event, Samsung teased some of what's to come for AI in terms of the Galaxy S26 smartphone lineup's photography tools.

The S26 phones will feature a new camera system using Galaxy AI that combines capturing, editing and sharing of photos and videos. "Users will be able to turn a photo from day to night in seconds, restore missing parts of objects in images, capture detailed photos in low light, and seamlessly merge multiple photos into a single, cohesive result," a company rep said. The video clips Samsung shared demonstrated the before and after results of using its AI tools, which will all be housed in a single app rather than needing to switch between multiple image editing programs.

Updated cameras are just part of what will be on the schedule for Samsung's big mobile showcase. The expected Galaxy S26, Galaxy S26+ and Galaxy S26 Ultra will likely have a lot of AI-centric features.

This article originally appeared on Engadget at https://www.engadget.com/mobile/smartphones/samsung-teases-mobile-ai-photography-tools-ahead-of-unpacked-233000358.html?src=rss

Texas is suing Wi-Fi router maker TP-Link for deceptively marketing the security of its products and allowing Chinese hacking groups to access Americans' devices, Attorney General Ken Paxton has announced. Paxton originally started looking into TP-Link in October 2025. Texas Governor Greg Abbott later prohibited state employees from using TP-Link products in January of this year.

TP-Link is no longer owned by a Chinese company and its products are assembled in Vietnam, but Paxton's lawsuit claims that because the company's "ownership and supply-chain are tied to China" it's subject to the country's data laws, which require companies to comply with requests from Chinese intelligence agencies. The lawsuit also says that firmware vulnerabilities in TP-Link's hardware have already "exposed millions of consumers to severe cybersecurity risks."

TP-Link provided the following statement to Engadget in response to the lawsuit:

The claims made by the Texas Attorney General’s office are without merit and will be proven false. TP-Link Systems Inc. is an independent American company. Neither the Chinese government nor the CCP exercises any form of ownership or control over TP-Link, its products, or its user data. TP-Link’s founder and CEO, Jeffrey Chao, resides in Irvine, CA, and is not and never has been a member of the CCP. To ensure the highest level of security, our core operations and infrastructure are located entirely within the United States, and all U.S. users' networking data is stored securely on Amazon Web Services servers. We will continue to vigorously defend our reputation as a trusted provider of secure connectivity for American families.

TP-Link was reportedly being investigated at the federal level in 2024 after its devices were connected to the massive "Salt Typhoon" hack that accessed data from multiple US telecom companies. Despite all signs pointing to the federal government getting ready to ban TP-Link in 2025, Reuters reports that the Trump administration paused plans to ban the company’s routers in early February, ahead of a meeting between President Donald Trump and President Xi Jinping.

Update, February 17, 3:38PM ET: Added statement from TP-Link.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/texas-ag-sues-tp-link-over-purported-connection-to-china-193802258.html?src=rss

We’ll soon get a closer look at a bunch of features and updates Google has planned for Android and its other services. The company has confirmed that Google I/O 2026 will take place on May 19 and 20. As always, Google will stream some of the keynotes and sessions for free, including the opening keynote (during which the company makes the bulk of its major I/O announcements).

Although I/O is primarily a conference for developers, it’s typically where we first learn about major upcoming Android changes, which of course affect tens of millions of people. Expect a lot of news about Google’s AI efforts as well, such as what’s next for Gemini.

See you all at Google I/O starting May 19th! https://t.co/KgNKbb3nMu pic.twitter.com/OD6x3IYtTi

— Sundar Pichai (@sundarpichai) February 17, 2026

As has been the case for several years, Google revealed the conference’s dates for 2026 after enough folks completed a puzzle on the I/O website. This year’s puzzle has multiple “builds” to play through, all of which use Gemini.

They start with a mini-golf game in which a virtual caddy that’s powered by Gemini offers some of the most anodyne advice imaginable. The second build is a nonogram. If you’ve ever played a Picross game, you’ll know what to do here. It’s about using logic to place tiles on a grid in order to create an image. Here, Google is using Gemini to generate “endless game boards.”

The other three minigames are Word Wheel (which “leverages Gemini 3 to automate level design”), Super Sonicbot (which “uses Gemini to introduce microphone mechanics where noise controls the Android Bot’s altitude”) and Stretchy Cat. The latter “uses Gemini 3 as a stage designer balancing game mechanics and difficulty to create endless play.”

This article originally appeared on Engadget at https://www.engadget.com/general/google-io-2026-is-set-for-may-19-and-20-200805024.html?src=rss

Netflix has been in the game adaptation business for a while now, but until recently most of its attention had been on adapting video games. That’s still very much happening, but the streaming giant is also now buying up rights for board game IP too, with the latest being Asmodee’s Ticket to Ride.

Netflix will look to greenlight a number of projects spanning TV, film and "additional formats," it wrote in a press release. The first of these will be a feature film written by Ben Mekler and Chris Amick. Ticket to Ride creator Alan R. Moon will serve as an executive producer on the project, which will be the game’s first on-screen adaptation. Exactly what it will look like is not yet clear, but the internet already has plenty of theories.

Ticket to Ride is a train-themed turn-based strategy and route-building game first released over 20 years ago. Since then it has gone on to ship more than 20 million copies and has been translated into over 30 languages. It’s also been given the video game adaptation treatment before.

This is actually the second of Asmodee’s IP that Netflix has acquired the rights to, after announcing last year that Catan will also be making its way to screens in various forms. And it isn’t just interested in scripted TV and movie opportunities. In early 2025, the company also signed a deal with Hasbro to adapt Monopoly into a TV game show.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/netflix-is-adapting-the-board-game-ticket-to-ride-180505164.html?src=rss

ExpressVPN is back on sale again, and its two-year plans are up to 81 percent off right now. You can get the Advanced tier for $88 for 28 months. This is marked down from the $392 that this time frame normally costs. On a per-month basis, it works out to roughly $3.14 for the promo period.

We’ve consistently liked ExpressVPN because it’s fast, easy to use and widely available across a large global server network. In fact, it's our current pick for best premium VPN. One of the biggest drawbacks has always been its high cost, and this deal temporarily solves that issue.

In our review we were able to get fast download and upload speeds, losing only 7 percent in the former and 2 percent in the latter worldwide. We found that it could unblock Netflix anywhere, and its mobile and desktop apps were simple to operate. We gave ExpressVPN an overall score of 85 out of 100.

The virtual private network service now has three tiers. Basic is cheaper with fewer features, while Pro costs more and adds extra perks like support for 14 simultaneous devices and a password manager. Advanced sits in the middle and includes the password manager but only supports 12 devices.

This article originally appeared on Engadget at https://www.engadget.com/deals/save-up-to-81-percent-on-expressvpn-two-year-plans-right-now-180602273.html?src=rss

Web designers of the world: The Automattic-owned WordPress.com is further embracing AI on its platform. On Tuesday, it expanded its one-off AI site builder into a persistent AI assistant for editing and media creation.

In the site editor, the AI assistant can help with site-wide structure and design choices. For example, you can ask the chatbot to "give me more font options that feel clean and professional or “change my site colors to be brighter and bolder." It also includes image generation and writing assistance, such as "rewrite this to sound more confident." (Who needs learning when you have automation!)

The assistant can also now be integrated into your site's media library. It can generate new images or make prompted edits to your existing ones. Examples include "update this image to be black and white" or "replace this stack of pancakes with waffles." (Just don't fake that if your business sells breakfast food, okay?) WordPress says the assistant understands your website's look and brand and can tailor the media accordingly.

WordPress also added the AI assistant to the platform's team chat, Block Notes. You can summon the chatbot from within your team chat threads.

The tool is available for WordPress.com's Business or Commerce plans. (Or, if you made your site using the AI builder, it's enabled by default, no matter which plan you use.) The feature works best with the platform's block themes; it's much more limited with classic ones. You'll find the toggle to activate the AI assistant in your site settings under the "AI tools" section.

This article originally appeared on Engadget at https://www.engadget.com/ai/wordpress-adds-an-ai-assistant-174719676.html?src=rss

Netflix is streaming its very first live MMA fight on May 16. The combatants are one-time phenom Ronda Rousey and one-time actor Gina Carano. Both women have retired from the sport. Rousey left in 2016 and Carano left all the way back in 2009. In any event, they are both back for one night only.

The featherweight bout will take place inside a hexagon cage and will stream globally. It's likely Netflix had to choose two retired fighters because current stars are under contracts with various promotional entities. This fight is co-hosted by Most Valuable Productions, a promotional company started by Jake Paul.

A LEGACY SHOWDOWN 🔥 #RouseyCarano
RONDA ROUSEY vs. GINA CARANO
Saturday May 16
LIVE only on Netflix pic.twitter.com/cybtQHNyPT

— Netflix Sports (@netflixsports) February 17, 2026

Netflix has already been streaming boxing matches, so MMA seems like a natural next step. The platform has also aired live talk shows, golf events and awards ceremonies.

If you're unfamiliar with the aforementioned fighters, Rousey is a UFC champion and Olympic medalist who has a fantastic 12-2 record in MMA. Carano is a pioneer in the sport, starting her career all the way back in 2006.

She also played Cara Dune in The Mandalorian before getting into hot water after social media posts that mocked mask wearing during the pandemic, alleged voter fraud during the 2020 election and denigrated transgender people. However, it really came to a head when she doubled down on her comments, likening the social media blowback conservatives receive to what Jewish people experienced during the holocaust. That's when she was fired from the hit Star Wars show.

Carano has since teamed up with Elon Musk to sue Disney over the firing. In related news, there's a fresh trailer for The Mandalorian and Grogu movie and it's pretty darned fun.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/streaming/netflix-is-streaming-its-first-mma-fight-on-may-16-165702479.html?src=rss

Fans of The Mandalorian and his tiny green apprentice Grogu are getting their best look yet at the duo's upcoming theatrical adventure, set for release this spring. It’s hard to believe that it's been just over six years since the last Star Wars movie was released in theaters, followed by wall-to-wall coverage of so-called Star Wars Fatigue.

The newest trailer, released today, clocks in at just over two minutes long and offers some new footage and details to sink our teeth into. Picking up after the events of the Disney+ series The Mandalorian, the Empire has collapsed and Din Djarin (Pedro Pascal) and Grogu are tasked with taking out a bevy of baddies from gangsters to war criminals for the New Republic. Colonel Ward, new to the Star Wars universe and played by Sigourney Weaver, tells Djarin, "This isn't about revenge, it's about preventing another war."

Jeremy Allen White will also star in the film, as Rotta the Hutt, Jabba's son, who we briefly see battling Din Djarin in a colosseum of sorts. Notably, at one point we see Djarin on his knees before Jabba sans helmet, so we'll definitely be getting some moments of Pedro Pascal unfiltered by Beskar. Like any Star Wars adventure, we see flashes of some new creatures that our heroes will face. Most importantly, we see Grogu being downright adorable, playing with buttons on the ship, commandeering a flying bassinet, and snacking on a cookie.

The Mandalorian and Grogu hits theaters on May 22 and, according to the trailer, was shot at least in part for IMAX.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/the-first-full-trailer-for-the-mandalorian-and-grogu-is-here-164244117.html?src=rss

Xbox has revealed the second batch of Game Pass additions for February. There are quite a few heavyweights in the mix this time, including Kingdom Come: Deliverance II and The Witcher 3: Wild Hunt. Let’s start with what’s available today, though. Xbox previously said Avatar: Frontiers of Pandora (Game Pass Ultimate and PC Game Pass on Cloud, Xbox Series X/S, handheld and PC) would arrive today, while Avowed joins the Game Pass Premium library on Cloud, Xbox Series X/S and PC on the same day it hits PS5.

There’s another Game Pass addition today in the form of Aerial_Knight’s DropShot (Game Pass Ultimate and PC Game Pass on Cloud, Xbox Series X/S, handheld and PC). I’ve been looking forward to this after digging solo developer Aerial_Knight’s previous games as well as the demo.

This is a single-player skydiving FPS in which you’ll have to fend off enemies to grab the only parachute. You’ll use finger guns to take out the competition. Oh, and there are dragons to deal with.

Another trio of games joins the lineup on Friday, including The Witcher 3: Wild Hunt – Complete Edition (Game Pass Ultimate and Premium on Cloud and consoles). This version of the classic action RPG includes all the DLC, so it could keep you busy for quite some time. EA Sports College Football 26 (Game Pass Ultimate on Cloud and Xbox Series X/S) arrives on the same day along with the eye-catching Soulslike deckbuilder Death Howl (Game Pass Ultimate and Premium on Cloud, Xbox Series X/S, handheld and PC). That was already on PC Game Pass.

On February 24 TCG Card Shop Simulator hits Cloud, Xbox Series X/S, handheld and PC in Game Preview on Game Pass Ultimate, Premium and PC Game Pass. As the title suggests, here you'll be managing a trading card game store. Dice A Million — a day-one addition to Game Pass Ultimate and PC Game Pass on PC on February 25 — is an intriguing numbers-go-up game. It's a roguelike deckbuilder in which you'll combine dice with different abilities as well as rings with passive effects as you attempt to roll a million points.

February 26 sees the full release of Towerborne, which had been in game preview (and in early access on Steam). Xbox Game Studios is publishing this co-op action RPG from Stoic. Offline play and online co-op will be added along with more story, areas, enemies, progression features and difficulty settings. The full version of Towerborne will be available on Game Pass Ultimate, Premium and PC Game Pass across consoles, handheld and PC.

Looking a bit further ahead, two high-profile titles are coming to Game Pass Ultimate, Premium and PC Game Pass on Cloud, Xbox Series X/S and PC on March 3: Final Fantasy III and Kingdom Come: Deliverance II. The latter received several nominations at The Game Awards, including Game of the Year, and it was one of our favorite games of 2025. It follows Kingdom Come Deliverance hitting Game Pass just last week.

This article originally appeared on Engadget at https://www.engadget.com/gaming/xbox/kingdom-come-deliverance-2-and-the-witcher-3-are-coming-to-game-pass-163624685.html?src=rss

Consumer group Which? brought the case and now plans to bail after court indicated it would lose

The UK’s Competition Appeal Tribunal has indicated that it will find Qualcomm did not abuse its market power, leading consumer advocacy group Which? to withdraw a case it hoped would see Brits compensated for increased smartphone prices....

Sees little enterprise AI adoption other than coding assistants, buys Koi for what comes next

If enterprises are implementing AI, they’re not showing it to Palo Alto Networks CEO Nikesh Arora, who on Tuesday said business adoption of the tech lags consumer take-up by at least a couple of years – except for coding assistants....

PM Modi tells citizens AI will lift them up, not take their jobs

Giant Indian industrial conglomerate Adani has said it will spend up to $100 billion on AI datacenters to equip the nation with sovereign infrastructure, but will do so at slower pace than Big Tech tech companies plan to bring their own bit barns to Bharat....

Version 4.6 can also be 'warm, honest, prosocial, and at times funny'

Anthropic has updated its Sonnet model to version 4.6 and claims the upgrade is better at coding and using computers, and also possesses improved reasoning and planning capabilities....

Full scale of infections remains 'unknown'

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Google's Mandiant incident response team....

Though commonly reported, Google doesn't consider it a security problem when models make things up

Imagine using an AI to sort through your prescriptions and medical information, asking it if it saved that data for future conversations, and then watching it claim it had even if it couldn't. Joe D., a retired software quality assurance (SQA) engineer, says that Google Gemini lied to him and later admitted it was doing so to try and placate him....

It isn't insane, and Amazon will be fine when the music stops. Other players, maybe not so much

In their recent earnings call, Amazon kinda blew the doors off of industry analyst (motto: "we'll be wrong, then take it out on your stock") projections for their capex spend....

After a selloff fueled by fears AI could upend the outsourcing model

Indian IT professionals worried about 72-hour workweeks might soon face the opposite concern, as Bengaluru-based outsourcing giant Infosys has partnered with Anthropic to bring agentic AI to telecommunications companies and other regulated industries....

Plus 3 new goon squads targeted critical infrastructure last year

Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday....

CPU adoption is part of deeper partnership between the Social Network and Nvidia which will see millions of GPUs deployed over next few years

Move over Intel and AMD — Meta is among the first hyperscalers to deploy Nvidia's standalone CPUs, the two companies revealed on Tuesday. Meta has already deployed Nvidia's Grace processors in CPU-only systems at scale and is working with the GPU slinger to field its upcoming Vera CPUs beginning next year....

While last year's Pixel 9A went on sale in April, the latest in Google's cheaper A series will launch on Wednesday.

More than a million people around the world reported the popular video site had gone dark. Just in time for Olympics coverage!

I tested every smartwatch that Apple sells, and here are the best ones to buy based on health features, battery life and your budget.

We asked registered dietitians for their top healthy air fryer recipes. Their picks are perfect for easy meals.

Apple has glasses, AirPods and an AI pin in the works, according to the latest report from Bloomberg. And they'll all likely work with Apple's next wave of Google-infused AI.

Two amazing games will be available soon for Xbox Game Pass subscribers.

Here's what we know about Unpacked's official date, where the Galaxy S26 series will be unveiled and what else could be coming.

While some Hollywood icons are feeling doom and gloom over the AI-generated clip, labor unions are fighting back with legal threats.

The company's latest Android application packages, spotted by a leaker online, include references to animations for the rumored phone.

If you're looking for an elevated sound experience, these are CNET's current picks, including a few budget options, for earbuds that deliver the best sound quality.

GameHub's existing Windows emulator on Android has its fair share of issues.

Contrary to what password managers say, a server compromise can mean game over.

Colbert: "I want to assure you this decision is for purely financial reasons."

Broadcom's "strategy was never to keep every customer," CloudBolt report says.

Connected car servers won't be online indefinitely, and startups often go bust.

Forget launching new stuff—Valve is even having problems with existing hardware.

WB board officially recommends Netflix deal but asks Paramount to increase price.

As alliances fray, these are the nations investing in sovereign access to space.

"Gangsters. War criminals. We'll take out every bad guy in your deck of cards."

A smaller battery means a cheaper truck, but customers still expect plenty of range.

Save on Lovehoney, including bestselling toys, lingerie, and popular gift sets for date nights, self-care, and couples’ play.

Find the latest Lowe’s promo codes and offers, including up to 40% off select major appliances and $5 off $50 with sign-up, here at WIRED.

Paying US federal and state taxes online can be confusing, and one wrong move can result in penalties or extra money owed. We break it down so you can have the most worry-free tax filing possible.

With excellent noise canceling, the QuietComfort Ultra 2 would love to join you on your next long-haul flight.

Security experts have urged people to be cautious with the viral agentic AI tool, known for being highly capable but also wildly unpredictable.

After Swedish curler Oskar Eriksson accused Canadian vice-skip Marc Kennedy of cheating last week, everyone has become an expert in curling rules. They’re missing the point.

Forum members have discussed their discomfort with mass deportation efforts, debate how federal agents have interacted with civilians, and complain about their working conditions.

Most scanning apps try to get you to buy a cloud storage subscription or pay for extras. Not FairScan, which is free and open-source, and has some powerful features.

As patients and employers look for alternatives to pricey GLP-1 drugs, Silicon Valley startup Twin Health is using AI and wearable sensors to help people make healthier choices.

The residents of Potters Bar are working to protect the “greenbelt” of farms, forests, and meadows that surround London from the endless demand for AI infrastructure.

The 11-inch Blackview Tab 90 (2025) makes for a surprisingly good media device.

The Edifier QR65 desktop speakers have some surprisingly immersive audio - made better by their approachable price point.

With 'infinite' battery life and booming audio, the Lodge Solar Speaker 4 Series 2 is my new favorite party guest.

The Satechi Thunderbolt 5 Pro cable is a fantastic cable at a palatable price.

If you're tired of the default Android browser, here are five top picks I always recommend.

With Auto Browse, Google is turning Chrome into an AI-agentic browser. I tested it to see how well it works.

A senior Google engineer reminds us that AI models should help us learn how to think, not what to think.

The Soundcore Space One headphones are great if you want premium features without spending a lot. Right now, they're on sale for $80.

OpenAI will now also display an Elevated Risk label when you access certain features that could be risky.

If you're thinking about distro-hopping, and you're wanting to retain your data, here's how you can do it.

Anthropic rolls out Claude Sonnet 4.6 as its new default model, bringing stronger reasoning and coding power to free and paid users alike.

The post Anthropic Launches Claude Sonnet 4.6 as Default Model for Free and Paid Users appeared first on TechRepublic.

Huawei introduces a diabetes risk assessment feature on the Watch GT 6 Pro, offering needle-free early detection of risk through advanced wearable sensors.

The post Huawei’s Smartwatch Adds Needle-Free Diabetes Risk Monitoring appeared first on TechRepublic.

Lifetime cloud storage with enterprise security, global servers, and team collaboration starts at $59.99.

The post Save On Secure Cloud Storage Built For Business Teams appeared first on TechRepublic.

This secure storage platform uses open source code, zero-knowledge file systems, and end-to-end encryption to keep your online data truly private.

The post Get Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $90 appeared first on TechRepublic.

Apple confirms its March 4 launch event, with rumors of a $599 MacBook, iPhone 17e, refreshed iPads, and a possible touchscreen MacBook Pro.

The post Apple’s March 4 Surprise: A $599 MacBook, iPhone 17e Reportedly Lead the Lineup appeared first on TechRepublic.

Apple Podcasts is adding native video support and dynamic ad tools, letting creators deliver audio and video in one feed as competition intensifies.

The post Apple Podcasts Gets Major Video Overhaul to Take on YouTube, Spotify appeared first on TechRepublic.

Singapore enterprises are investing heavily in AI, but returns remain uneven. Here’s why governance, cost control and capacity matter more than headcount cuts.

The post Singapore’s AI ROI Reality: High Spend, Hard Returns appeared first on TechRepublic.

India’s cybersecurity budgets are rising, but SOC capacity isn’t keeping pace. Here’s how enterprises are measuring ROI and operational efficiency.

The post India’s Cybersecurity Cost Equation appeared first on TechRepublic.

Learn how to choose a business-ready password manager by evaluating security, admin controls, scalability, and integration with identity systems.

The post How to Choose a Password Manager for Your Business appeared first on TechRepublic.

Credential stuffing attacks use stolen passwords to log in at scale. Learn how they work, why they’re rising, and how to defend with stronger authentication.

The post The Rise of Credential Stuffing Attacks appeared first on TechRepublic.

Google’s midrange phone detailed online Pixel 10a specs surface via carrier listing ahead of February 17 launch.

The real struggle is eating without YouTube

Apple expands AI hardware vision Apple is testing smart glasses, AI AirPods, and a wearable pendant as part of its next AI hardware push.

Users across the globe reported problems with the video platform on Tuesday.

YouTube suffered a global outage on Tuesday, with thousands of people reporting issues with the platform from around 8:00 p.m. ET. Now, we know what caused it.

In a statement posted to the official TeamYouTube X account, the company revealed that the outage was caused by a ...

Users across the globe reported problems with the platform on Tuesday.

YouTube suffered a global outage on Tuesday, with thousands of people reporting issues with the platform from around 8:00 p.m. ET / 5:00 p.m. PT. Now we know what caused it.

In a statement shared to the official TeamYouTube X account, the company revealed that the outage ...

The video service has gone dark in the U.S. on Tuesday night.

Updated on Tuesday, Feb. 17 at 9:15 p.m. ET — As of this writing, YouTube appears to be working again. So far, Google and YouTube have not announced the cause of the outage, or confirmed that the problems are resolved.

Updated on Tuesday, Feb. 17 at 9.26 p.m. ET — YouTube ...

For all your photo editing needs.

Samsung is adding some more AI image editing tools to its next batch of Galaxy smartphones.

A series of short video teasers released today shows how users will be able to quickly and creatively edit photos with AI.

The Korean tech giant announced in a quick ...

Mark your calendars for later this year.

Google has officially set the date for its next big developer showcase.

In a blog post published Tuesday, the company announced that Google I/O 2026 will take place May 19–20 at the Shoreline Amphitheatre in Mountain View, California, with a simultaneous online stream at

The company says its just a concept, and doesn't plan to advance the idea.

Meta has patented a hypothetical LLM that would continue posting for (and as) you, long after you're dead.

Granted in late December, the patent outlines an AI that would "simulate" a person's social media activity when they've been away from the platform for an extended period ...

New iPhone, iPad and multiple Macs are on the cards.

Apple’s cryptic March 4 "special experience" event may not be so mysterious after all.

According to Bloomberg’s Mark Gurman, Apple is gearing up for a busy early-2026 hardware cycle, with a product launch potentially slated for the week of March 2. As Mashable reported, ...

One program will support defense applications, the other will boost scientific research in fields ranging from biotech to quantum computing. Read More

In the shadow of the Aurora Bridge overlooking a marina full of boats, members of the Binti team rang a gong on an office balcony last week to officially open the 900-square-foot space. Read More

The idea for Legata grew out of frustration with Washington’s estate tax and how little many families understand about the risk to their assets if they don’t plan. Read More

GeekWire caught up with Nguyen to discuss his new role with the chamber; the state of Seattle's economy; and competition in the age of AI. Read More

The latest round, led by Andreessen Horowitz, doubles the company's valuation from October and reflects surging demand for infrastructure that keeps AI running reliably in production as agentic systems move from pilot projects to mission-critical deployments. Read More

GeekWire announces the first wave of speakers for its Agents of Transformation summit on March 24 in Seattle, including leaders from AWS, Microsoft, Outreach, and AI startup Vercept. Read More

Certivo, which spun out of PSL in 2024, positions itself as an “AI-native compliance automation” company. Read More

A new microsite, “Zillow for Warcraft,” allows users to explore an assortment of designs for in-game housing. Read More

The so-called "millionaires tax," which would create a 9.9% tax on income that exceeds $1 million, has drawn opposition from some tech leaders and entrepreneurs. Read More

Expedia is responding to the AI era by making sure it's testing new ways to reach travelers — and also using it aggressively inside its own business. Read More

The Samsung Galaxy Tab S10 Ultra has a screen to rival many laptops, while also providing excellent power for drawing, productivity, media consumption and more – all for 50% off the asking price.

The Stranger Things animated spin-off arrives on our screens in April.

Unfamiliar is the new Netflix show fans are ‘obsessed’ with — but there’s a good reason why you’ve probably never heard of it.

Thanks to latency, Bluetooth headphones just don't cut it on Switch 2 - these wired headsets are a much better fit, and offer higher sound quality to boot.

YouTube and YouTube TV experienced a rare global outage today that's now mostly fixed – here's what happened.

Is generative AI a helper for musicians, or an existential threat?

Asus quietly ships ExpertBook B5 G2 with an unadvertised Windows 11 Pure OS option that appears tailored for enterprise customers.

Samsung just teased a huge camera system upgrade that could be an AI game-changer for the Galaxy S26.

There's horror, comedy and a western available on the best free streaming services this week.

Apple should forget about adding new features to watchOS 27 and just focus on improving the Apple Watch’s battery life.

Antivirusbedrijf Kaspersky heeft in de firmware van verschillende Androidtablets een backdoor gevonden die aanvallers volledige ...

Er moeten effectieve waarborgen komen om te voorkomen dat aanbieders van chatdiensten en andere communicatieplatforms ...

De Britse overheid is een nieuwe bewustzijnscampagne voor het mkb gestart genaamd "lock the door" om ervoor te zorgen dat ...

In de Tweede Kamer zijn vragen aan demissionair ministers Karremans van Economische Zaken gesteld over het grote datalek bij ...

Onderzoek dat de AP deed naar logging, monitoring en autorisatiebeheer binnen de Belastingdienst wordt niet openbaar gemaakt. ...

Ouderenbond ANBO-PCOB hekelt de opkomst van winkels waar klanten alleen door middel van pin kunnen betalen. "Voor een groep ...

Telecombedrijf Odido bewaart gegevens van overgestapte klanten langer dan afgesproken, zo meldt het Financieele Dagblad ...

Het gebruik van experimentele AI-assistenten zoals OpenClaw brengt grote risico’s met zich mee, zoals datalekken en gekaapte ...

De persoonlijke gegevens van Interrail-klanten die criminelen wisten te stelen worden op internet te koop aangeboden, zo laat ...

118 mensen hebben aangifte gedaan bij het Openbaar Ministerie (OM) wegens het gevoelige datalek bij het medische laboratorium ...

An anonymous reader quotes a report from the Associated Press: Agrochemical maker Bayer and attorneys for cancer patients announced a proposed $7.25 billion settlement Tuesday to resolve thousands of U.S. lawsuits alleging the company failed to warn people that its popular weedkiller Roundup could cause cancer. The proposed settlement comes as the U.S. Supreme Court is preparing to hear arguments in April on Bayer's assertion that the U.S. Environmental Protection Agency's approval of Roundup without a cancer warning should invalidate claims filed in state courts. That case would not be affected by the proposed settlement. But the settlement would eliminate some of the risk from an eventual Supreme Court ruling. Patients would be assured of receiving settlement money even if the Supreme Court rules in Bayer's favor. And Bayer would be protected from potentially larger costs if the high court rules against it. Germany-based Bayer, which acquired Roundup maker Monsanto in 2018, disputes the assertion that Roundup's key ingredient, glyphosate, can cause non-Hodgkin lymphoma. But the company has warned that mounting legal costs are threatening its ability to continue selling the product in U.S. agricultural markets. "Litigation uncertainly has plagued the company for years, and this settlement gives the company a road to closure," Bayer CEO Bill Anderson said Tuesday. The proposed settlement could total up to $7.25 billion over 21 years and resolve most of the remaining U.S. lawsuits surrounding the cancer-related harms of Roundup. The report notes that more than 125,000 claims have been filed since 2015, and while many have already been settled, this deal aims to cover most outstanding and future claims tied to past exposure. Individual payouts would vary widely based on exposure type, age at diagnosis, and cancer severity. Bayer can also cancel the deal if too many plaintiffs opt out.

Read more of this story at Slashdot.

Anthropic has released Claude Sonnet 4.6, the first upgrade to its mid-tier AI model since version 4.5 arrived in September 2025. The new model features a "1M token context window" and delivers a "full upgrade of the model's skills across coding, computer use, long-context reasoning, agent planning, knowledge work, and design." From Anthropic: Sonnet 4.6 brings much-improved coding skills to more of our users. Improvements in consistency, instruction following, and more have made developers with early access prefer Sonnet 4.6 to its predecessor by a wide margin. They often even prefer it to our smartest model from November 2025, Claude Opus 4.5. Performance that would have previously required reaching for an Opus-class model -- including on real-world, economically valuable office tasks -- is now available with Sonnet 4.6. The model also shows a major improvement in computer use skills compared to prior Sonnet models. The free tier now uses Sonnet 4.6 by default and with "file creation, connectors, skills, and compaction" included.

Read more of this story at Slashdot.

According to Bloomberg's Mark Gurman (paywalled), Apple is reportedly developing AI-powered smart glasses, a wearable pendant, and camera-equipped AirPods that connect to the iPhone and use "visual context" to let Siri perform real-world actions. The Verge reports: Apple is reportedly aiming to start production of its smart glasses in December, ahead of a 2027 launch. The new device will compete directly with Meta's lineup of smart glasses and is rumored to feature speakers, microphones, and a high-resolution camera for taking photos and videos, in addition to another lens designed to enable AI-powered features. The glasses won't have a built-in display, but they will allow users to make phone calls, interact with Siri, play music, and "take actions based on surroundings," such as asking about the ingredients in a meal, according to Bloomberg. Apple's smart glasses could also help users identify what they're seeing, reference landmarks when offering directions, and remind wearers to complete a task in specific situations, Bloomberg reports. The company is reportedly planning to develop the frames for the smart glasses in-house, instead of partnering with a third-party company like Meta does with Ray-Ban and Oakley. Prototypes of the glasses use a cable to connect to a battery pack and an iPhone, but Bloomberg reports that "newer versions have the components embedded in the frame." Apple reportedly wants to make its smart glasses stand out by offering a high-quality build and advanced camera technology. The company is still working on AI-powered smart glasses with a display, though their launch "remains many years away," Bloomberg says. Apple's plans for AI hardware don't end there, as the company is expected to build upon its Google Gemini-powered Siri upgrade with an AirTag-sized AI pendant that people can either wear as a necklace or a pin. This device would "essentially serve as an always-on camera" for the iPhone and has a microphone for prompting Siri, Bloomberg reports. The pendant, which The Information first reported on last month, is rumored to come with a built-in chip, but will mainly rely on the iPhone's processing power. The device could arrive as early as next year, according to Bloomberg.

Read more of this story at Slashdot.

Following backlash over Discord's global rollout of strict age-verification checks, users are flocking to rival platform TeamSpeak and overwhelming its servers. According to PC Gamer, the Discord alternative said its hosting capacity has been maxed out in a number of regions including the U.S. From the report: [A]s I saw for myself while testing out free Discord alternatives, it's hard to deny the appeal of TeamSpeak. It's quick and easy to make an account, join or start a group chat, or join a massive, game-based community voice server, and at no point does TeamSpeak cheekily ask if it can scan your wizened visage. During my testing, I was able to dive into 18+ group chats without tripping over an age gate. However, there's no guarantee TeamSpeak won't have to deploy its own age verification mechanism in the future. In the UK at least, the Online Safety Act makes those sorts of checks a legal obligation, with Prime Minister Keir Starmer recently stating "No social media platform should get a free pass when it comes to protecting our kids." Besides all of that, if you'd rather not chat to randoms who also happen to have an unhealthy obsession with Arc Raiders, you'll likely need to pay an admittedly small subscription fee to rent your own ten-person community voice server. By that point, you're handing over card details and essentially fulfilling an age assurance check anyway. If you'd rather limit how much info your chat platform of choice has about you, there are arguably better options out there.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: David Greene had never heard of NotebookLM, Google's buzzy artificial intelligence tool that spins up podcasts on demand, until a former colleague emailed him to ask if he'd lent it his voice. "So... I'm probably the 148th person to ask this, but did you license your voice to Google?" the former co-worker asked in a fall 2024 email. "It sounds very much like you!" Greene, a public radio veteran who has hosted NPR's "Morning Edition" and KCRW's political podcast "Left, Right & Center," looked up the tool, listening to the two virtual co-hosts -- one male and one female -- engage in light banter. "I was, like, completely freaked out," Greene said. "It's this eerie moment where you feel like you're listening to yourself." Greene felt the male voice sounded just like him -- from the cadence and intonation to the occasional "uhhs" and "likes" that Greene had worked over the years to minimize but never eliminated. He said he played it for his wife and her eyes popped. As emails and texts rolled in from friends, family members and co-workers, asking if the AI podcast voice was his, Greene became convinced he'd been ripped off. Now he's suing Google, alleging that it violated his rights by building a product that replicated his voice without payment or permission, giving users the power to make it say things Greene would never say. Google told The Washington Post in a statement on Thursday that NotebookLM's male podcast voice has nothing to do with Greene. Now a Santa Clara County, California, court may be asked to determine whether the resemblance is uncanny enough that ordinary people hearing the voice would assume it's his -- and if so, what to do about it. Greene's lawsuit cites an unnamed AI forensic firm that used its software to compare the artificial voice to Greene's. It gave a confidence rating of 53-60% that Greene's voice was used to train the model, which it considers "relatively high" confidence. "If I was David Greene I would be upset, not just because they stole my voice," but because they used it to make the podcasting equivalent of AI "slop," said Mike Pesca, host of "The Gist" podcast and a former colleague of Greene's at NPR. "They have banter, but it's very surface-level, un-insightful banter, and they're always saying, 'Yeah, that's so interesting.' It's really bad, because what do we as show hosts have except our taste in commentary and pointing our audience to that which is interesting?"

Read more of this story at Slashdot.

A proposal within the Fedora Linux community suggests improving the kernel's DRM Panic screen to a more user-friendly, BSOD-style experience. Phoronix reports: Open-source developer Jose Exposito proposed today a nicer experience for DRM Panic integration on Fedora. Rather than using DRM Panic with just the kernel log contents being encoded in the QR code displayed when a kernel panic occurs, the proposal is to have a customized Fedora web-page with the encoded QR contents to be shown on that web page. Besides having a more pleasant UI/UX, from this web page the intent would also be to make it easier to report this error to the Fedora BugZilla. Being able to easily pass the kernel log to the Fedora bug tracker could help in making upstream aware of the problem(s) and seeing if other users are also encountering similar panics. Right now this idea was just raised earlier today as a "request for comments" on the Fedora mailing list. While a prototype at this point, Exposito already developed a basic web interface for demoing the solution.

Read more of this story at Slashdot.

Longtime Slashdot reader jrepin writes: KDE Plasma is a popular desktop (and mobile too) environment for GNU/Linux and other UNIX-like operating systems. Among other things, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.6. In this new major release, Spectacle can recognize texts from screenshots, a new on-screen keyboard and new login manager are available for testing, and a first-time wizard Plasma Setup was added. Your current theme can be saved as a new global theme, which can also be used for the day and night theme-switching feature. Emoji selector got a new easier way to select skin tone. If your computer has a camera available, you can now connect to a Wi-Fi network by scanning a QR code. Application sound volume can now be changed by scrolling over an application taskbar button via mouse wheel. When screencasting and sharing your desktop, you can now filter windows so they are not shared. A setting was added to enable having virtual desktops only on the primary screen. If your device has an ambient light sensor, you can enable automatic screen brightness adjustment. Game controllers can now be used as regular input devices. For complete list of new features and changes, check out the KDE Plasma 6.6 release announcement and the complete changelog.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: More than two years after Broadcom took over VMware, the virtualization company's customers are still grappling with higher prices, uncertainty, and the challenges of reducing vendor lock-in. Today, CloudBolt Software released a report, "The Mass Exodus That Never Was: The Squeeze Is Just Beginning," that provides insight into those struggles. CloudBolt is a hybrid cloud management platform provider that aims to identify VMware customers' pain points so it can sell them relevant solutions. In the report, CloudBolt said it surveyed 302 IT decision-makers (director-level or higher) at North American companies with at least 1,000 employees in January. The survey is far from comprehensive, but it offers a look at the obstacles these users face. Broadcom closed its VMware acquisition in November 2023, and last month, 88 percent of survey respondents still described the change as "disruptive." Per the survey, the most cited drivers of disruption were price increases (named by 89 percent of respondents), followed by uncertainty about Broadcom's plans (85 percent), support quality concerns (78 percent), Broadcom shifting VMware from perpetual licenses to subscriptions (72 percent), changes to VMware's partner program (68 percent), and the forced bundling of products (65 percent). When Broadcom bought VMware, some customers shared horror stories about receiving quotes that showed prices increasing by as much as 1,000 percent. CloudBolt's survey paints a more modest picture. Fourteen percent of respondents said their VMware costs have at least doubled, while 12 percent reported increases of 50-99 percent, 33 percent reported increases of 24-49 percent, and 31 percent reported increases of less than 25 percent. Despite survey participants suggesting smaller price hikes than originally anticipated under Broadcom, companies are still struggling with the pricing changes. Eighty-five percent are concerned that VMware will become even more expensive, according to CloudBolt's survey. [...] CloudBolt's survey also examined how respondents are migrating workloads off of VMware. Currently, 36 percent of participants said they migrated 1-24 percent of their environment off of VMware. Another 32 percent said that they have migrated 25-49 percent; 10 percent said that they've migrated 50-74 percent of workloads; and 2 percent have migrated 75 percent or more of workloads. Five percent of respondents said that they have not migrated from VMware at all. Among migrated workloads, 72 percent moved to public cloud infrastructure as a service, followed by Microsoft's Hyper-V/Azure stack (43 percent of respondents). Overall, 86 percent of respondents "are actively reducing their VMware footprint," CloudBolt's report said.

Read more of this story at Slashdot.

A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China. From a report: The case filed by Almeida Law Group on behalf of San Francisco-based "Spencer Christy, individually and on behalf of all others similarly situated" centers on the Data Security Program regulations implemented by the DOJ last year. According to the suit, these were "implemented to prevent adversarial countries from acquiring large quantities of behavioral data which could be used to surveil, analyze, or exploit American citizens' behavior." The complaint states the DOJ rule "makes clear that sending American consumers' information to Chinese entities through automated advertising systems and associated databases with the requisite controls is prohibited." The case states the threshold for "covered personal identifiers" is 100,000 US persons or more and lists a range of potential identifiers, from government and financial account numbers to IMEIs, MAC, and SIM numbers, demographic data, and advertising IDs.

Read more of this story at Slashdot.

Residents of Potters Bar, a small town just north of London, are trying to block what would be one of Europe's largest data centers from being built on 85 acres of rolling farmland that separates their community from the neighboring village of South Mimms. Multinational operator Equinix acquired the land last October after the local council granted planning permission in January 2025, and the company intends to break ground this year on a development it estimates will cost more than $5 billion. The UK government's decision to classify data centers as "critical national infrastructure" and a new "gray belt" land designation that loosens building restrictions on underperforming greenbelt parcels helped clear the path for approval -- even though objections from locals outweighed signatures of support by nearly two-to-one during the public consultation. A protest group of more than 1,000 residents has since appealed to a third-party ombudsman and the UK's Office of Environmental Protection, but has so far failed to overturn the decision.

Read more of this story at Slashdot.

Sees little enterprise AI adoption other than coding assistants, buys Koi for what comes next

If enterprises are implementing AI, they’re not showing it to Palo Alto Networks CEO Nikesh Arora, who on Tuesday said business adoption of the tech lags consumer take-up by at least a couple of years – except for coding assistants....

Full scale of infections remains 'unknown'

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Google's Mandiant incident response team....

Plus 3 new goon squads targeted critical infrastructure last year

Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday....

Keep behavioral tracking American? PC giant says the claim is 'false'

A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China....

Police say seized kit contained logins, passwords, and server IP addresses

Polish police have arrested and charged a man over ties to the Phobos ransomware group following a property raid....

Digital burglaries remain routine, and data shows most corps still don't stick to basic infosec standards

Britain is telling businesses to "lock the door" on cybercrims as new government data suggests most still haven't even found the latch....

Social media platform’s legal eagles prepare to fight ever-growing number of countries

The Irish Data Protection Commission (DPC) is the latest regulator to open an investigation into Elon Musk's X following repeated reports of harmful image generation by the platform's Grok AI chatbot....

Top brass splash cash on acoustic targeting, hypersonic missiles...and Red Hat

Keir Starmer could ramp up the UK's defense spending plans faster than planned as the MoD reeled off new purchases for Britain's armed forces....

Fashion brand latest to succumb to ShinyHunters' tricks

Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise....

Bungled link handed over sensitive docs, and when recipient didn't cooperate, police opted for cuffs

Dutch police have arrested a man for "computer hacking" after accidentally handing him their own sensitive files and then getting annoyed when he didn't hand them back....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 14

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 12

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool […]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s […]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 9

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Riaz Lakhani Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Original Post URL: https://www.darkreading.com/cyberattacks-data-breaches/without-federal-help-cyber-defense-cisa Category & Tags: – Views: 19

La entrada Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Gaurav Banga Here’s a scenario security teams increasingly face. A user—or an attacker pretending to be one—types something like: This is how many prompt injection attempts begin. The phrase looks harmless, but it’s a red flag: the user is telling the AI to forget its built‐in rules. What follows is often […]

La entrada Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Sofia Naer Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we explore whether Operation Eastwood had any real impact on […]

La entrada Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The post CISA Lays Out Roadmap for CVE Program’s ‘Quality […]

La entrada CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/randall-munroes-xkcd-dual-roomba/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-dual-roomba Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 8

La entrada Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

New York, USA, 17th February 2026, CyberNewswire

SINGAPORE, Singapore, 17th February 2026, CyberNewswire

Washington DC, USA, 17th February 2026, CyberNewswire

PDF security guide covering redaction, metadata risks, compliance standards, and safe editing of password-protected files to prevent data leaks.

Boston, Massachusetts, 17th February 2026, CyberNewswire

Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations.

Cybersecurity experts at Moonlock Lab have discovered a new ClickFix attack. Hackers are using hijacked Google Ads and fake Claude AI guides to trick Mac users into installing the data-stealing MacSync malware.

New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product.

Healthcare interoperability improves care but expands attack surfaces, increasing data exposure, compliance risk, and security challenges across connected systems.

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.

A vulnerability was found in isaacs node-tar up to 7.5.7 and classified as critical. This vulnerability affects unknown code of the component Extraction Handler. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-26960. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Ultimate Member Plugin up to 2.11.1 on WordPress and classified as problematic. This affects the function filter_first_name of the component Filter Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-1404. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Complianz Plugin up to 7.4.3 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-11185. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Community Events Plugin up to 1.5.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument ce_venue_name leads to cross site scripting. This vulnerability is referenced as CVE-2026-1649. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in Video Share VOD Plugin up to 2.7.11 on WordPress. Affected is an unknown function of the component Setting Handler. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-13727. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Event Aggregator Plugin up to 1.8.7 on WordPress. This impacts the function wp_events of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-1941. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in Booking Calendar Plugin up to 10.14.14 on WordPress. This affects the function handle_ajax_save of the component Setting Handler. Such manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2026-2230. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Bookster Plugin up to 2.1.1 on WordPress. The impacted element is an unknown function. This manipulation of the argument raw causes sql injection. This vulnerability is handled as CVE-2025-8781. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in RegistrationMagic Plugin up to 6.0.6.9 on WordPress. The affected element is the function process_paypal_sdk_payment of the component Payment Handler. The manipulation results in improper authentication. This vulnerability is known as CVE-2025-14444. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in Blog2Social Plugin up to 8.7.4 on WordPress. Impacted is the function curationDraft. The manipulation of the argument ID leads to missing authorization. This vulnerability is traded as CVE-2026-1942. It is possible to initiate the attack remotely. There is no exploit available.

https://security-tracker.debian.org/tracker/DSA-6138-1

https://security-tracker.debian.org/tracker/DSA-6137-1

https://security-tracker.debian.org/tracker/DSA-6136-1

https://security-tracker.debian.org/tracker/DSA-6135-1

https://security-tracker.debian.org/tracker/DSA-6134-1

https://security-tracker.debian.org/tracker/DSA-6133-1

https://security-tracker.debian.org/tracker/DSA-6132-1

https://security-tracker.debian.org/tracker/DSA-6131-1

https://security-tracker.debian.org/tracker/DSA-6130-1

https://security-tracker.debian.org/tracker/DSA-6129-1

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Updated information to include CVSS scores. This is an informational change only.

Download links fixed

Apple heeft kwetsbaarheden verholpen in iOS en iPadOS. De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen. Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.

Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4. De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.

BeyondTrust heeft een kwetsbaarheid verholpen in BeyondTrust Remote Support en enkele oudere versies van Privileged Remote Access. De kwetsbaarheid bevindt zich in de pre-authenticatie van de software, waardoor niet-geauthenticeerde aanvallers in staat zijn om besturingssysteemcommando's uit te voeren door speciaal vervaardigde verzoeken naar de getroffen systemen te sturen. **Update 13 02 2026:** Voor de kwetsbaarheid CVE-2026-1731 is recentelijk publieke proof-of-concept code verschenen en ook actief misbruik waargenomen. Deze factoren verhogen aanzienlijk het risico op misbruik.

GitLab heeft kwetsbaarheden verholpen in GitLab CE/EE (Specifiek voor versies vóór 18.6.6, 18.7.4, en 18.8.4). De kwetsbaarheden omvatten server-side request forgery, ongeautoriseerde toegang tot interne netwerkservices, injectie van kwaadaardige inhoud, ongeautoriseerde acties via de GLQL API, ongeautoriseerde informatie openbaarmaking via de API, en denial of service door overmatige GraphQL-queries. Authenticated gebruikers konden misbruik maken van deze kwetsbaarheden, wat leidde tot risico's zoals ongeautoriseerde toegang, manipulatie van gebruikersacties, en verstoring van de beschikbaarheid van systemen. Daarnaast konden ongeauthenticeerde gebruikers ook denial of service veroorzaken door het uploaden van schadelijke bestanden. De kwetsbaarheden zijn opgelost in de laatste updates, waardoor gebruikers van de getroffen versies niet langer risico lopen op deze specifieke exploits.

Fortinet heeft kwetsbaarheden verholpen in FortiOS (Versies 7.0 tot 7.6.4, 7.4.0 tot 7.4.9, en 7.2.0 tot 7.2.11). De kwetsbaarheden omvatten een Authentication Bypass die ongeauthenticeerde aanvallers in staat stelt om LDAP-authenticatie te omzeilen voor Agentless VPN of FSSO-beleid, afhankelijk van specifieke configuraties van de LDAP-server. Daarnaast kunnen ongeauthenticeerde aanvallers gevoelige informatie blootleggen door patches te omzeilen via speciaal gemaakte HTTP-verzoeken. Er is ook een kwetsbaarheid die geauthenticeerde beheerders in staat stelt om ongeautoriseerde code uit te voeren via speciaal gemaakte configuraties, en een andere die geauthenticeerde gebruikers in staat stelt om FSSO-beleid configuraties te exploiteren voor ongeautoriseerde toegang tot beschermde netwerkbronnen. Beide kwetsbaarheden kunnen worden misbruikt via speciaal gemaakte verzoeken.

Fortinet heeft kwetsbaarheden verholpen in FortiSandbox (versies 4.4.8 en 5.0.5), FortiAuthenticator (versies 6.3 tot 6.6.6) en FortiClient (versies 7.0, 7.2 en 7.4). De kwetsbaarheid in FortiSandbox betreft Cross-site Scripting, waardoor niet-geauthenticeerde aanvallers willekeurige commando's kunnen uitvoeren via speciaal gemaakte verzoeken. De kwetsbaarheid in FortiAuthenticator betreft een ontbrekende autorisatie die het mogelijk maakt voor alleen-lezen gebruikers om lokale gebruikersaccounts te wijzigen via een onbeveiligd bestand upload endpoint. De kwetsbaarheid in FortiClient stelt lokale aanvallers met lage privileges in staat om willekeurige bestandswijzigingen uit te voeren met verhoogde rechten door middel van speciaal gemaakte named pipe berichten, wat ongeautoriseerde toegang tot systeem bestanden mogelijk maakt.

Ivanti heeft kwetsbaarheden verholpen in Ivanti Endpoint Manager (Specifiek voor versies vóór 2024 SU5). De kwetsbaarheid met kenmerk CVE-2026-1603 betreft een authenticatie-bypass die het mogelijk maakt voor externe, niet-geauthenticeerde aanvallers om toegang te krijgen tot bepaalde opgeslagen inloggegevens, wat kan leiden tot compromittering van gevoelige data. De kwetsbaarheid met kenmerk CVE-2026-1602 betreft een SQL-injectie die het mogelijk maakt voor externe, geauthenticeerde aanvallers om willekeurige SQL-query's uit te voeren, wat kan leiden tot ongeautoriseerde toegang tot gevoelige database-informatie. Beide kwetsbaarheden kunnen de integriteit en vertrouwelijkheid van de gegevens in het systeem in gevaar brengen.

Microsoft heeft kwetsbaarheden verholpen in Office componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen. Van de kwetsbaarheid met kenmerk CVE-2026-21511 meldt Microsoft informatie te hebben dat deze besproken wordt op fora. De kwetsbaarheid stelt een kwaadwillende in staat om middels een malafide bericht een NTLM-authenticatie te initiëren naar een server onder controle van de kwaadwillende, waarmee de kwaadwillende authenticatiegegevens kan bemachtigen. Er is (nog) geen publieke Proof-of-Concept-code beschikbaar en misbruik vereist een speciaal ingerichte server. Grootschalig misbruik is hiermee niet waarschijnlijk. ``` Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21514 | 7.80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21259 | 7.30 | Verkrijgen van verhoogde rechten | | CVE-2026-21258 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2026-21261 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Microsoft Office Outlook: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21260 | 7.50 | Voordoen als andere gebruiker | | CVE-2026-21511 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| ```

Microsoft heeft kwetsbaarheden verholpen in diverse Azure componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, zich mogelijk verhoogde rechten toe te kennen en zo willekeurige code uit te voeren of toegang te krijgen tot gevoelige gegevens. Van de kwetsbaarheden met kenmerk CVE-2026-21532, CVE-2026-24300 en CVE-2026-24302 meldt Microsoft dat deze in hun centrale Azure-infrastructuur zijn verholpen en dat deze kwetsbaarheden geen actie van gebruikers vereist. Deze kwetsbaarheden zijn ter informatie opgenomen. ``` Azure Front Door (AFD): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-24300 | 9.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Function: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21532 | 8.20 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure HDInsights: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21529 | 5.70 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Azure Compute Gallery: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23655 | 6.50 | Toegang tot gevoelige gegevens | | CVE-2026-21522 | 6.70 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure Local: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21228 | 8.10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Azure Arc: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-24302 | 8.60 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Azure IoT SDK: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21528 | 6.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Azure DevOps Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21512 | 6.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Azure SDK: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21531 | 9.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Microsoft heeft kwetsbaarheden verholpen in diverse componenten van Visual Studio en .NET. Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zich verhoogde rechten toe te kennen en mogelijk willekeurige code uit te voeren met rechten van het slachtoffer. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om malafide code te downloaden en uit te voeren. Omdat ontwikkelaars in ontwikkelomgevingen vaak met verhoogde rechten werken, is niet uit te sluiten dat de uitvoer van code ook plaatsvindt onder verhoogde rechten. ``` GitHub Copilot and Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21523 | 8.00 | Uitvoeren van willekeurige code | | CVE-2026-21257 | 8.00 | Verkrijgen van verhoogde rechten | | CVE-2026-21256 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| GitHub Copilot and Visual Studio Code: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21518 | 6.50 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| .NET and Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21218 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Github Copilot: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-21516 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------|

Het Centraal Bureau voor de Statistiek (CBS) onderzoekt elk jaar in welke mate het mkb bepaalde ICT-veiligheidsmaatregelen treft. Een paar cijfers: slechts 29% van de mkb-bedrijven maakt een risico-analyse en maar 9% doet aan verplichte trainingen voor medewerkers. Er valt dus nog veel te winnen op het gebied van digitale weerbaarheid. Hoe effectief is de inzet van samenwerkingsverbanden om het mkb hierin te stimuleren?

Nederlandse bedrijven zijn Europese koploper wat betreft het gebruik van clouddiensten en het benutten van data. We regelen vrijwel alles online en graag zo centraal mogelijk. Dat maakt bepaalde dataknooppunten extra gevoelig voor cybercriminelen. Dat ervaarde ook een aanbieder van een landelijke dienst, waar iets kleins als een cookie-instelling, tot grote problemen leidde.

Het Nationaal Cyber Security Centrum (NCSC) vervult al jarenlang een centrale rol als meldpunt voor kwetsbaarheden binnen de digitale infrastructuur van de Rijksoverheid en vitale organisaties. Securityonderzoekers van buiten het NCSC leveren daarbij een onmisbare bijdrage. Met hun expertise fungeren zij als verlengstuk van ons Fusion Centre en helpen zij actief mee om digitale risico’s tijdig te signaleren. Hun CVD-meldingen dragen aantoonbaar bij aan het versterken van de digitale weerbaarheid van Nederland.

Er zijn ernstige kwetsbaarheden in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager gevonden medio december 2025. Onderzoekers meldden toen actief misbruik van de kwetsbaarheden met kenmerk CVE-2025-59718 en CVE-2025-59719. Update: de beveiligingsupdates bieden onvoldoende bescherming.

Stel je voor: het is maandagochtend. Terwijl de meeste teams nog opstarten, komt er in jouw sector een melding binnen over een nieuwe ransomware-campagne. Een paar uur later volgen de eerste bevestigingen: meerdere organisaties zijn al geraakt en de impact loopt snel op. De indicators of compromise (IOC’s), zoals IP-adressen, domeinnamen en file-hashes worden gedeeld, maar nog via losse spreadsheets, pdf'jes, CSV’s of e-mails. Tegen de tijd dat jouw Security Operations Center (SOC) deze informatie handmatig heeft overgenomen en in de beveiligingstools heeft geladen, is de aanval alweer een stap verder in de aanvalsketen.

Op donderdag 29 januari van 11:00 tot 12:00 uur organiseren we samen met de NCTV een tweede webinar over de Cyberbeveiligingswet. Dit keer zoomen we in op de zorgplicht - één van de kernverplichtingen uit de Cyberbeveiligingswet - en bespreken we de bestuurlijke verantwoordelijkheid & opleidingsplicht.

Business Email Compromise (BEC) is op dit moment een van de snelst groeiende vormen van digitale oplichting. Bij BEC doen criminelen zich voor als een persoon die binnen een organisatie wordt vertrouwd - vaak een directeur of leidinggevende (CEO-fraude). In dit artikel lees je meer over hoe BEC-aanvallen typisch verlopen, hoe je ze kunt herkennen en op welke manieren je jouw organisatie hiertegen kunt wapenen.

Ein Angreifer kann eine Schwachstelle in Google Chrome und Microsoft Edge ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, möglicherweise beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder Daten zu manipulieren.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Roundcube ausnutzen, um Sicherheitsvorkehrungen zu umgehen und um die Darstellung von E-Mails zu verfälschen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um einen Denial of Service Angriff durchzuführen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um Informationen offenzulegen.

Ein lokaler Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um beliebigen Programmcode auszuführen.

Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und vertrauliche Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL und LibreSSL ausnutzen, um potentiell beliebigen Code auszuführen, einen Denial of Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Pega Platform ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Ein Angreifer kann eine Schwachstelle in Apache Nifi ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Ein lokaler Angreifer kann eine Schwachstelle in iba AG ibaAnalyzer ausnutzen, um seine Privilegien zu erhöhen.

De multiples vulnérabilités ont été découvertes dans Mitel Micollab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits Axis. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans MongoDB. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Synology Storage Manager. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une falsification de requêtes côté serveur (SSRF).

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally

Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok

A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive

My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

The post Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware appeared first on TechRepublic.

A fake Android antivirus app called TrustBastion is spreading malware and stealing banking credentials. Here’s how it works and how to stay protected.

The post Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials appeared first on TechRepublic.

A viral AI caricature trend may be exposing sensitive enterprise data, fueling shadow AI risks, social engineering attacks, and LLM account compromise.

The post Viral AI Caricatures Highlight Shadow AI Dangers appeared first on TechRepublic.

Ransomware attacks surged 52% in 2025, with supply chain breaches nearly doubling as groups like Qilin drive record monthly incidents worldwide.

The post Ransomware Groups Claimed 2,000 Attacks in Just Three Months appeared first on TechRepublic.

Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices.

The post Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching appeared first on TechRepublic.

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.

The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic.

Microsoft patches CVE-2026-21525, an actively exploited RasMan flaw that can crash Windows VPN services and disrupt remote access.

The post Microsoft Patches Windows Flaw Causing VPN Disruptions appeared first on TechRepublic.

The Conduent ransomware attack has grown to impact 25 million Americans, exposing Social Security numbers and medical data in one of 2025’s largest breaches.

The post From 10M to 25M: Conduent Breach Balloons Into One of 2025’s Largest appeared first on TechRepublic.

Google expands its “Results about you” tool to remove sensitive IDs and explicit images from Search, strengthening privacy protections amid rising identity theft.

The post Google Expands ‘Results About You’ to Shield IDs, Fight Deepfake Abuse appeared first on TechRepublic.

Hawaii plans to use "first responder" drones in Waikiki to reach crime scenes and emergencies faster, and privacy advocates are sounding the alarm.

The post Waikiki Drone Plan Sparks Privacy Pushback appeared first on TechRepublic.

A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches. [...]

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. [...]

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. [...]

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. [...]

​Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. [...]

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned. [...]

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. [...]

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. [...]

Ireland's Data Protection Commission (DPC), the country's data protection authority, has opened a formal investigation into X over the use of the platform's Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. [...]

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. [...]

An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning of a dangerous chain of events.

The post Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident appeared first on Security Boulevard.

California regulators have issued their largest penalty yet under the California Consumer Privacy Act, announcing a $2.75 million settlement with The Walt Disney Company after investigators found that consumer opt-out requests were not consistently honored across devices and streaming platforms. The case centers on a straightforward expectation that is becoming harder for companies to meet: [...]

The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Centraleyes.

The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Security Boulevard.

Learn how to protect your AI infrastructure from quantum-enabled side-channel attacks using post-quantum cryptography and ai-driven threat detection for MCP.

The post AI-Driven Threat Detection for Quantum-Enabled Side-Channel Attacks appeared first on Security Boulevard.

What Are Non-Human Identities in Cybersecurity? Have you ever wondered what really goes on behind the scenes when machines communicate securely with one another? The answer resides in a concept known as Non-Human Identities (NHIs), which are critical for modern cybersecurity. These machine identities are not unlike human passports, paired with encrypted credentials or “secrets” [...]

The post Are the investments in Agentic AI security systems justified? appeared first on Entro.

The post Are the investments in Agentic AI security systems justified? appeared first on Security Boulevard.

What Are Non-Human Identities, and Why Are They Critical for Secure Cloud Environments? Ensuring the security of non-human identities (NHIs) is paramount for organizations operating in cloud environments. NHIs often refer to machine identities crucial for protecting sensitive data and maintaining the integrity of IT systems. With an increasing reliance on cloud computing, managing these [...]

The post How secure are Agentic AI-driven compliance audits? appeared first on Entro.

The post How secure are Agentic AI-driven compliance audits? appeared first on Security Boulevard.

How Can Automated Secrets Rotation Empower DevOps Teams? What happens when the seamless flow of DevOps is disrupted by security incidents? With DevOps teams continue to embrace the rapid deployment of applications and services across the cloud, the need for comprehensive secrets management becomes crucial. One modern solution is automated secrets rotation, a powerful tool [...]

The post How are DevOps teams empowered by automated secrets rotation? appeared first on Entro.

The post How are DevOps teams empowered by automated secrets rotation? appeared first on Security Boulevard.

How Do Non-Human Identities Impact Security in a Cloud Environment? Have you ever pondered how non-human identities (NHIs) play a role? Where organizations migrate to cloud-based systems, security is dramatically shifting. NHIs, essentially machine identities, are rapidly becoming crucial to maintaining robust security protocols. Understanding the Role of Non-Human Identities At the heart of this [...]

The post Can Agentic AI operate independently of continuous human oversight? appeared first on Entro.

The post Can Agentic AI operate independently of continuous human oversight? appeared first on Security Boulevard.

Explore User Managed Access (UMA) 2.0. Learn how this protocol enables granular sharing, party-to-party delegation, and secure AI agent authorization.

The post Understanding User Managed Access appeared first on Security Boulevard.

Announcing the launch of AI Agent Configuration Scanning.

The post Securing the New Control Plane: Introducing Static Scanning for AI Agent Configurations appeared first on Security Boulevard.

Session 12D: ML Backdoors

Authors, Creators & Presenters: Dazhuang Liu (Delft University of Technology), Yanqi Qiao (Delft University of Technology), Rui Wang (Delft University of Technology), Kaitai Liang (Delft University of Technology), Georgios Smaragdakis (Delft University of Technology)

PAPER
LADDER: Multi-Objective Backdoor Attack via Evolutionary Algorithm
Current black-box backdoor attacks in convolutional neural networks formulate attack objective(s) as single-objective optimization problems in single domain. Designing triggers in single domain harms semantics and trigger robustness as well as introduces visual and spectral anomaly. This work proposes a multi-objective black-box backdoor attack in dual domains via evolutionary algorithm (LADDER), the first instance of achieving multiple attack objectives simultaneously by optimizing triggers without requiring prior knowledge about victim model. In particular, we formulate LADDER as a multi-objective optimization problem (MOP) and solve it via multi-objective evolutionary algorithm (MOEA). MOEA maintains a population of triggers with trade-offs among attack objectives and uses non-dominated sort to drive triggers toward optimal solutions. We further apply preference-based selection to MOEA to exclude impractical triggers. LADDER investigates a new dual-domain perspective for trigger stealthiness by minimizing the anomaly between clean and poisoned samples in the spectral domain. Lastly, the robustness against preprocessing operations is achieved by pushing triggers to low-frequency regions. Extensive experiments comprehensively showcase that LADDER achieves attack effectiveness of at least 99%, attack robustness with 90.23% (50.09% higher than state-of-the-art attacks on average), superior natural stealthiness (1.12 times to 196.74 times improvement) and excellent spectral stealthiness (8.45 times enhancement) as compared to current stealthy attacks by the average l_2 - norm across 5 public datasets.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – LADDER: Multi-Objective Backdoor Attack Via Evolutionary Algorithm appeared first on Security Boulevard.

Topic: WordPress Plugin Ajax Upload for Gravity Forms - Arbitrary File Upload Risk: Low Text: ## # Exploit Title: WordPress Plugin Ajax Upload for Gravity Forms - Arbitrary File Upload (ZIP) # ...

Topic: Roundcube Webmail DOM-based XSS Exploit via SVG href Attribute Risk: Low Text:#!/usr/bin/env python3 # Exploit Title: Roundcube Webmail DOM-based XSS Exploit via SVG href Attribute # Author: Mohammed Idr...

Topic: WordPress Commentator Plugin - Arbitrary File Upload Risk: Medium Text: ## # Exploit Title: WordPress Commentator Plugin - Arbitrary File Upload # Date: 2026-02-05 # Exp...

Topic: motionEye 0.43.1b4 RCE Risk: High Text:# Exploit Title: motionEye 0.43.1b4 - RCE # Exploit PoC: motionEye RCE via client-side validation bypass (safe PoC) # Filena...

Topic: Siklu EtherHaul Series EH-8010 Remote Command Execution Risk: High Text:# Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution # Shodan Dork: "EH-8010" or "EH-1200" # Date: 2025-...

Topic: ClipBucket 5.5.0 Arbitrary File Upload Risk: High Text:# Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload # Google Dork: N/A # Date: 2025-09-11 # Exploit Author: Muku...

Topic: Windows 11 25H2 Hyper-V CVE-2026-21248 Heap Overflow + Ghost Patch Exploit Framework Risk: High Text:Title: Windows 11 25H2 Hyper-V CVE-2026-21248 Heap Overflow + Ghost Patch Exploit Framework Author: nu11secur1ty Date: 2026-0...

Topic: ProgressBar 2 4.5.0 - Unbounded Resource Consumption DoS Risk: Medium Text:#!/usr/bin/env python3 """ Exploit Title: ProgressBar 2 4.5.0 - Unbounded Resource Consumption Denial of Service (DoS) The...

Topic: BoidCMS v1.0.1-authenticated-file-upload-RCE Risk: High Text:# Title: BoidCMS v1.0.1-authenticated-file-upload-RCE # Author: nu11secur1ty # Date: 02/05/2026 # Vendor: BoidCMS # Softwar...

Topic: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Risk: High Text:# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE # Date: 2025-10-07 # Exploit Author: Beat...

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators... Read More »

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Well, the ESP32 Bluetooth bridge experiment was a complete failure. Not the radios themselves, they're actually pretty cool, but there's just no way I could get the Yale locks to be reliably operated by them. At a guess, BLE is a bit too passive to detect

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

A big "thank you" to everyone who helped me troubleshoot the problem with my "Print Screen" button on the new PC. Try as we all might, none of us could figure out why it refused to bind to SnagIt and instead insisted on dumping the entire

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

It's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most noteably was the hand-waving around "the gov is just trying to siphon up all our IDs" and "this means

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I thought Scott would cop it first when he posted about what his solar system really cost him last year. "You're so gonna get that stupid AI-slop response from some people", I joked. But no, he got other stupid responses instead! And I got the AI-slop

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally. It’s special here, like a second home that just feels…

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

15 mins and 40 seconds. That's how long it took to troubleshoot the first tech problem of 2026, and that's how far you'll need to skip through this video to hear the audio at normal volume. The problem Scott and I had is analogous

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I think the start of this week's video really nailed it for the techies amongst us: shit doesn't work, you change something random and now shit works and yu have no idea why 🤷‍♂️ Such was my audio this week and apoligise to

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Building out an IoT environment is a little like the old Maslow's Hierarchy of Needs. All the stuff on the top is only any good if all the stuff on the bottom is good, starting with power. This week, I couldn't even get that right, but

Here are three papers describing different side-channel attacks against LLMs.

“Remote Timing Attacks on Efficient Language Model Inference“:

Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...

Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term “promptware.” In a ...

This is a current list of where and when I am scheduled to speak:

• I’m speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, 2026.
• I’m speaking at the Personal AI Summit in Los Angeles, California, USA, on Thursday, March 5, 2026.
• I’m speaking at Tech Live: Cybersecurity in New York City, USA, on Wednesday, March 11, 2026.
• I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026.
• I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026...

An exploration of the interesting question.

New York is contemplating a bill that adds surveillance to 3D printers:

New York’s 2026­2027 executive budget bill (S.9005 / A.10005) includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or delivered in New York to include “blocking technology.” This is defined as software or firmware that scans every print file through a “firearms blueprint detection algorithm” and refuses to print anything it flags as a potential firearm or firearm component...

I just noticed that the ebook version of Rewiring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US. I have no idea how long this will last.

Also, Amazon has a coupon that brings the hardcover price down to $20. You’ll see the discount at checkout.

Interesting research: “CHAI: Command Hijacking Against Embodied AI.”

Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also create new security risks. In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based attacks that exploit the multimodal language interpretation abilities of Large Visual-Language Models (LVLMs). CHAI embeds deceptive natural language instructions, such as misleading signs, in visual input, systematically searches the token space, builds a dictionary of prompts, and guides an attacker model to generate Visual Attack Prompts. We evaluate CHAI on four LVLM agents; drone emergency landing, autonomous driving, and aerial object tracking, and on a real robotic vehicle. Our experiments show that CHAI consistently outperforms state-of-the-art attacks. By exploiting the semantic and multimodal reasoning strengths of next-generation embodied AI systems, CHAI underscores the urgent need for defenses that extend beyond traditional adversarial robustness...

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they weren’t alone. Other fiction magazines have also reported a high number of AI-generated submissions.

This is only one example of a ubiquitous trend. A legacy system relied on the difficulty of writing and cognition to limit volume. Generative AI overwhelms the system because the humans on the receiving end can’t keep up...

This is amazing:

Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bugs at scale. But what stood out in early testing is how quickly Opus 4.6 found vulnerabilities out of the box without task-specific tooling, custom scaffolding, or specialized prompting. Even more interesting is how it found them. Fuzzers work by throwing massive amounts of random inputs at code to see what breaks. Opus 4.6 reads and reasons about code the way a human researcher would­—looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems, or understanding a piece of logic well enough to know exactly what input would break it. When we pointed Opus 4.6 at some of the most well-tested codebases (projects that have had fuzzers running against them for years, ...

This is a video of advice for squid fishing in Puget Sound.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks […]

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central […]

Attackers used a fake PDF incident report hosted on AWS to scare victims into enabling 2FA, though a poorly crafted phishing campaign. Freelance security consultant Xavier Mertens reported a phishing campaign using a fake PDF security incident report hosted on AWS to scare victims into enabling 2FA. The researchers pointed out that the campaign appears poorly […]

South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data. South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered […]

Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS 26.4 developer beta. Apple has added end-to-end encrypted RCS messaging to the iOS and iPadOS 26.4 developer beta. The feature, still in testing, will roll out in a future update across iOS, iPadOS, macOS, and watchOS. Apple notes that E2EE is not […]

Researchers found an infostealer stole a victim’s OpenClaw configuration, marking a shift toward targeting personal AI agents. Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond […]

Eurail B.V. revealed that traveler data were stolen in a recent security breach, and are now being sold on the dark web. Eurail B.V. confirmed that the traveler data stolen in a breach earlier this year is now being offered for sale on the dark web. The company disclosed the development as part of its […]

A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs […]

ShinyHunters leaked 600,000+ Canada Goose customer records, though the company insists its systems were not breached. Data extortion group ShinyHunters has published over 600,000 Canada Goose customer records on its data leak site. Canada Goose is a Canadian luxury outerwear company best known for high‐end, cold‐weather jackets and parkas. Founded in 1957 and headquartered in […]

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages […]