Kategorie

A team that included researchers at a US bank says it has created a protocol that can generate certified truly random numbers, opening the possibility that current generation quantum computers can be used for secure applications in finance, cryptography, cybersecurity, and privacy.

However, an industry analyst is cautious.

“The JPMorgan team’s findings are interesting, but won’t be applicable in the near term for most CSOs, unless they are responsible for high security environments,” said Sandy Carielli, a principal analyst at Forrester Research.

“Quantum random number generation has been around for a while,” she pointed out, “and some CSOs may already be using products in that area. The certification could be a nice extra for highly regulated environments.”

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]

Apple’s Safari browser has a really useful password management feature, which is now also available as a standalone app called Passwords. If you’ve ever taken a look at it, you may have seen a section called Security Recommendations where you’ll find a collection of all the accounts and passwords that might have been compromised. 

If you haven’t already, it’s time to take those collections seriously, because generative AI (genAI) adoption means the scale and nature of the threats posed by purloined passwords and broken IDs is about to grow far greater. That’s because, armed with stolen emails and passwords, criminals will find it relatively easy to throw those credentials at the most popular online services. 

If they know you, they know, you

They do this already, of course. If you have a known email address and password you still use that is now being sold on the dark web (for about $10 a collection), it’s a no brainer for attackers to try it out on a range of different services. Sometimes they may get lucky.

Augmented efficiency just means that using genAI, those same attackers can plough through more of these credentials even more swiftly, enabling them to trundle through huge collections of stolen accounts and passwords fast. Stolen credentials were the big attack vector last year, according to Verizon, and were used in around 80% of exploits. 

There are around 15 billion compromised credentials available online. 

The vast majority of these are useless, which means credential stuffing attacks might not generate much of a success rate. When they do succeed, most victim learn from the experience and secure everything pretty quickly, meaning a very small number of that 15 billion are truly vulnerable. All the same, from time to time they get lucky. And getting lucky now and then is what makes that part of the account login exploitation industry tick. 

Money in the middle

These attacks generate millions of dollars of losses every year. With billions on the planet, there’s probably another fool coming in a minute or two, and you don’t want it to be you. That’s why you should spend a little time and audit Apple’s Security Recommendations regularly, as you don’t want a service you use that happens to have its hooks on your personal, payment, health, or other valuable data to be abused.

That’s true for everyone, but for enterprise users there’s a dual challenge. We all know that employees (including business owners) are and will always be the biggest security weakness in the system. The phishing industry has evolved to exploit this. 

But that tendency is equally threatening when it comes to account IDs, and together poses a double-whammy threat once empowered by AI. How many company-related accounts have slipped and to what extent do these two vulnerabilities work together?

If someone at Iworkatthisbusiness.com foolishly used their work email and complex work password to secure their access to trivialbuthackedwebsite.com, how long might it be until someone figures that out and sees if they can use this data to crack your corporate systems? 

Phisherman’s blues

These attacks don’t even need to be that smart; they can simply be used to analyze personal patterns to help craft super-effective phishing attacks against specific targets. Really sophisticated attackers could turn to a little agentic AI to gather any available social media data on entities they designate as ripe for attack, helping them create really effective phishing emails — Spear AI, as it may one day be recognized.

Artificial intelligence will help with all of this. It’s really good at identifying patterns in disparate data sets, and analyzing the data that’s already been exfiltrated into the world will be a relatively trivial task — it all just comes down to the questions the machines are asked to answer. They can even use identified patterns in passwords to predict likely password patterns based on user data for brute force attacks. I could go on.

Passwords are not the only fruit, of course. 

If you are wise you’ll be using 2FA security and/or Passkeys on all your most important websites, and certainly to protect any with access to your financial details or payment information.

Along with different forms of biometric ID, the industry is shifting to adopt more resilient access control systems — though, of course, subverting those systems is just a new challenge in the cat-and-mouse security game. Only recently, we learned of a new AI attack designed to compromise Google Chrome’s Password Manager, and there will be more attacks of this kind. That’s even before you consider the significance of attacks made against enterprise AI in their own right.

Death to security complacency

The main takeaway is this: You should act on the warnings given to you by Apple’s Security Recommendations tool. You should avoid re-using passwords, no matter where it is. You should use a Password Manager and other forms of security, such as 2FA, and you should very much beware if you receive an email from a trusted source that contains a link to something that sounds like it was made for you; chances are, it was.

Most of all, I want you to check the credentials that have been leaked, change them, close accounts, and delete payment information from any service you don’t intend to use again. As a person or enterprise, you certainly need to build a response plan for what to do if an account is compromised, or suspected to be compromised; security training even for your most experienced employees is almost certainly going to be of value. Most of all, never, ever use one of these passwords. 

Alternatively, ignore Safari’s friendly warning and leave yourself open to having your genuine account credentials being sold online for up to $45 a time.

Why not take the time to secure your accounts? The tools are right there in your browser. What are you waiting for?

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Posted by Chrome Root Program, Chrome Security Team

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”

At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It’s focused on themes that we feel are essential to further improving the Web PKI ecosystem going forward, complementing Chrome’s core principles of speed, security, stability, and simplicity. These themes include:

• Encouraging modern infrastructures and agility
• Focusing on simplicity
• Promoting automation
• Reducing mis-issuance
• Increasing accountability and ecosystem integrity
• Streamlining and improving domain validation practices
• Preparing for a "post-quantum" world

Earlier this month, two “Moving Forward, Together” initiatives became required practices in the CA/Browser Forum Baseline Requirements (BRs). The CA/Browser Forum is a cross-industry group that works together to develop minimum requirements for TLS certificates. Ultimately, these new initiatives represent an improvement to the security and agility of every TLS connection relied upon by Chrome users.

If you’re unfamiliar with HTTPS and certificates, see the “Introduction” of this blog post for a high-level overview.

Multi-Perspective Issuance Corroboration

Before issuing a certificate to a website, a Certification Authority (CA) must verify the requestor legitimately controls the domain whose name will be represented in the certificate. This process is referred to as "domain control validation" and there are several well-defined methods that can be used. For example, a CA can specify a random value to be placed on a website, and then perform a check to verify the value’s presence has been published by the certificate requestor.

Despite the existing domain control validation requirements defined by the CA/Browser Forum, peer-reviewed research authored by the Center for Information Technology Policy (CITP) of Princeton University and others highlighted the risk of Border Gateway Protocol (BGP) attacks and prefix-hijacking resulting in fraudulently issued certificates. This risk was not merely theoretical, as it was demonstrated that attackers successfully exploited this vulnerability on numerous occasions, with just one of these attacks resulting in approximately $2 million dollars of direct losses.

Multi-Perspective Issuance Corroboration (referred to as "MPIC") enhances existing domain control validation methods by reducing the likelihood that routing attacks can result in fraudulently issued certificates. Rather than performing domain control validation and authorization from a single geographic or routing vantage point, which an adversary could influence as demonstrated by security researchers, MPIC implementations perform the same validation from multiple geographic locations and/or Internet Service Providers. This has been observed as an effective countermeasure against ethically conducted, real-world BGP hijacks.

The Chrome Root Program led a work team of ecosystem participants, which culminated in a CA/Browser Forum Ballot to require adoption of MPIC via Ballot SC-067. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on MPIC as part of their certificate issuance process. Some of these CAs are relying on the Open MPIC Project to ensure their implementations are robust and consistent with ecosystem expectations.

We’d especially like to thank Henry Birge-Lee, Grace Cimaszewski, Liang Wang, Cyrill Krähenbühl, Mihir Kshirsagar, Prateek Mittal, Jennifer Rexford, and others from Princeton University for their sustained efforts in promoting meaningful web security improvements and ongoing partnership.

Linting

Linting refers to the automated process of analyzing X.509 certificates to detect and prevent errors, inconsistencies, and non-compliance with requirements and industry standards. Linting ensures certificates are well-formatted and include the necessary data for their intended use, such as website authentication.

Linting can expose the use of weak or obsolete cryptographic algorithms and other known insecure practices, improving overall security. Linting improves interoperability and helps CAs reduce the risk of non-compliance with industry standards (e.g., CA/Browser Forum TLS Baseline Requirements). Non-compliance can result in certificates being "mis-issued". Detecting these issues before a certificate is in use by a site operator reduces the negative impact associated with having to correct a mis-issued certificate.

There are numerous open-source linting projects in existence (e.g., certlint, pkilint, x509lint, and zlint), in addition to numerous custom linting projects maintained by members of the Web PKI ecosystem. “Meta” linters, like pkimetal, combine multiple linting tools into a single solution, offering simplicity and significant performance improvements to implementers compared to implementing multiple standalone linting solutions.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance. We later participated in drafting CA/Browser Forum Ballot SC-075 to require adoption of certificate linting. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on linting as part of their certificate issuance process.

What’s next?

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI. This commitment was recently realized in practice through our proposal to sunset demonstrated weak domain control validation methods permitted by the CA/Browser Forum TLS Baseline Requirements. The weak validation methods in question are now prohibited beginning July 15, 2025.

It’s essential we all work together to continually improve the Web PKI, and reduce the opportunities for risk and abuse before measurable harm can be realized. We continue to value collaboration with web security professionals and the members of the CA/Browser Forum to realize a safer Internet. Looking forward, we’re excited to explore a reimagined Web PKI and Chrome Root Program with even stronger security assurances for the web as we navigate the transition to post-quantum cryptography. We’ll have more to say about quantum-resistant PKI later this year.

The UK government’s grand plan for AI in the public sector is struggling in the face of growing technological challenges, a report by the Parliamentary Public Accounts Committee (PAC), a bipartisan group of elected members of parliament, has found.

Many of these problems will be familiar to anyone who has tried to make AI work inside an organization: the dead hand of obsolete systems, poor quality data, and a chronic lack of skilled people to implement the technology.

But beyond these issues lies another problem that could prove just as difficult: the monopolistic power of tech vendors that control the AI technology the government so badly desires.

Coming only weeks after the Government Digital Service (GDS) was created to drive AI, the committee’s initial assessment in the AI in Government report is a sobering reality check.

For the birds

The committee’s report identifies several areas of concern, starting with poor-quality data “locked away in out-of-date legacy IT systems.” Of the 72 systems previously identified as being legacy barriers, 21 hadn’t even yet received remediation funding to overcome these problems, it found.

It also noted a lack of transparency in government data use in AI, which risked creating public mistrust and a future withdrawal by citizens of their consent for its use. Other problems included the perennial shortage of AI and digital skills, an issue mentioned by 70% of government bodies responding to a 2024 National Audit Office (NAO) survey.

Additionally, government departments were running AI test pilots in a siloed way, making it difficult to learn wider lessons, said the committee.

“The government has said it wants to mainline AI into the veins of the nation, but our report raises questions over whether the public sector is ready for such a procedure,” said committee chair, Sir Geoffrey Clifton-Brown.

“Unfortunately, those familiar with our committee’s past scrutiny of the government’s frankly sclerotic digital architecture will know that any promises of sudden transformation are for the birds,” he added.

AI oligopoly

There’s a lot at stake here. AI is often talked up by the ministers as the key to overhauling the state, getting it to work more efficiently and cheaply. It’s a story that has become hugely important in many countries. If progress slows, that promise will be questioned.

In its report, the committee drew attention to the market power of a small band of AI companies. The tech industry has a tendency towards monopolies over time, it said, but with AI it was starting from this position, which might lead to technological lock-in and higher costs, hindering development in the long term.

According to the Open Cloud Coalition (OCC), a recently formed lobby group of smaller cloud providers backed by Google, the UK government’s struggles with AI mirror what happened with cloud deployment from the 2010s onwards, which included the lack of competition.

“This report shows that the dominance of a few large technology suppliers in the public procurement of AI risks stifling competition and innovation, while also hampering growth, exactly the same problems we’ve seen with cloud contracts,” commented Nicky Stewart, senior advisor to the OCC.

Cloud and AI are symbiotic, she noted, and the domination of one or both by a small group of mostly US tech companies risks building monopolies it might be difficult to escape from.

“Without reform, the government will remain over-reliant on a handful of major providers, limiting flexibility and access to innovative, leading edge technology, whilst locking taxpayers into expensive, restrictive agreements,” she said.

Sylvester Kaczmarek, CTO at OrbiSky Systems, a UK company specializing in integrating AI into aerospace applications, agreed that supplier dominance could stifle innovation, but remained just as skeptical of AI’s projected cost savings. Implementation was always where technologies proved themselves, he pointed out.

“Are savings over-sold? Most likely, in the short run,” said Kaczmarek. “There is a lot of groundwork to be laid before large-scale, reliable AI deployment can safely deliver meaningful savings. [governments need to] prioritize realistic roadmaps and more comprehensive value.”

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]

A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]

​​Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. [...]

The “Group of 7” (G7) nations are falling behind in key tech economic indicators such as high-tech exports, the number of software developers, and AI-related patent filings, endangering their future competitiveness, according to new study by London-based workforce consultancy SThree and the Center for Economics and Business Research (Cebr).

In fact, not one G7 nation made it into the top 10 — a “clear warning sign” for the future, the study warned. (The G7 consists of the US, UK, Canada, France, Germany, Italy, Japan, and the European Union as a non-enumerated member.)

“Once the global epicenter for innovation, these countries are now facing stiff competition from emerging tech hubs,” said SThree CEO Timo Lehne. “The challenge is no longer simply about maintaining their position; it’s about ensuring they lead the charge in fostering innovation and nurturing the businesses that will drive the future of global technology.”

Without focusing on innovation and future industries, tech leadership by the G7 is no longer guaranteed, Lehne said.

Tech advances are reshaping the global economy, with industries such as AI, automation, and clean energy relying on a STEM-skilled workforce. As a result, countries investing in science, technology, engineering and math (STEM) education and training will drive growth; those that don’t may fall behind, according to the report.

The G7 has already seen the effects of reduced competitiveness this year, with the US’s “Magnificent Seven” (Apple, Microsoft, Amazon, Nvidia, Alphabet, Meta, and Tesla) losing $1.5 trillion in market value since the start of 2025. The companies saw similar losses in just a few days last year as well.

According to SThree, the US has slipped several spots and is now behind the UK and Canada in tech competitiveness, while Singapore, Ireland, and Australia all secured top-10 spots based on STEM skills and training.

Asian countries occupied the top spots in the “Foundational Education Pillar,” with Singapore on top, followed by Japan and South Korea. Estonia was the top-scoring European nation at No. 4.

SThree and the Centre for Economics and Business Research

Singapore’s success can be attributed to its focus on services, R&D, and innovation, according to industry observers. The nation’s government has an Economic Development Board (EDB), which works to attract and grow industries, and it has shifted its focus from low-cost manufacturing to high-value sectors such as aerospace and semiconductors. It has also become a hub for digital technologies, with many companies relocating their headquarters from Hong Kong due to China’s influence over that territory, which it reclaimed in 1997.

Education and research institutes in Singapore focus on developing a skilled workforce in tech fields like AI, while companies benefit from funded research partnerships. Singapore has also nurtured a number of tech unicorns including Lazada, Grab, and Ninja Van, promotes fintech through annual events, and has easy work visa access.

The study didn’t include some large economies such as China, India or any African nation because of “a lack of data availability within those countries.” Yet, researchers noted that not including China “is arguably the biggest omission in this year’s index. From what we know, China’s STEM ecosystem is developing very quickly. It boasts 63 of the top 500 research institutions, it is increasingly seen as a research superpower that is competing with the likes of the United States and Europe, and is investing heavily in R&D3.”

Switzerland and Sweden got top marks for STEM skills, while Denmark passed Sweden for second place for Life Sciences, according to the study. Finland and the Republic of Korea saw improved scores on engineering skills, coming in first and second, respectively.

Although the UK and US refused to sign last month’s European Union AI agreement regulating the technology, each ranks 11th and 16th, respectively, for AI patents, with Korea, Japan, and Singapore at the top.

“The lack of competitiveness in the G7 was felt when US tech giants lost $1.13 trillion in market value, affecting companies like Germany’s Infineon and Japan’s SoftBank,” the study said, pointing to losses in 2024. “In overall tech rankings, Singapore, Ireland, and Australia lead in fostering tech innovation, surpassing all G7 nations.”

The importance of investing in STEM

Singapore has skyrocketed in tech innovation and exports for a myriad of reasons, not the least of which is because STEM skills can boost critical thinking and problem-solving across any role.

Cebr and SThree used 26 indicators in areas like education, workforce integration, industry opportunities, and innovation to develop their index ranking 35 countries based on STEM skills. Success depends on collaboration between governments, businesses, and education to build a skilled STEM workforce.

A growing number of organizations are dropping traditional college degree requirements in favor of skills gained through alternative methods. Large companies, including Boeing, Walmart, and IBM, have signed on to varying skills-based employment projects, such as the Rework America Alliance, the Business Roundtable’s Multiple Pathways program, and the campaign to Tear the Paper Ceiling, pledging to implement skills-based practices, according to McKinsey & Co.

“So far, they’ve removed degree requirements from certain job postings and have worked with other organizations to help workers progress from lower- to higher-wage jobs,” McKinsey said in a November report.

Skills-based hiring helps companies find and attract a broader pool of candidates better suited to fill positions long term, and it opens up opportunities to non-traditional candidates, including women and minorities, according to McKinsey.

​In May, Microsoft plans to roll out a new Windows scheduled task that launches automatically to help Microsoft Office apps load faster. [...]

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. [...]

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. [...]

You can't escape Meta AI in WhatsApp even if you are based in one of the 41 European countries, with the feature now rolling out to more devices. [...]

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

​Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday. [...]

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free. [...]

Qualcomm has launched a global antitrust offensive against Arm Holdings, accusing its longtime partner of anti-competitive practices in regulatory complaints filed across three continents. This escalating legal battle marks a significant shift in the relationship between two of the most influential players in the semiconductor industry.

The unprecedented legal offensive spans three continents, with Qualcomm filing complaints with the European Commission, US Federal Trade Commission, and Korea Fair Trade Commission, reported Bloomberg.

The dispute threatens to upend the global technology supply chain, potentially impacting billions of devices — from smartphones and laptops to AI-driven systems and data center infrastructure. At stake is the future of semiconductor intellectual property licensing, with potential ripple effects including increased costs for manufacturers and consumers, as well as heightened uncertainty across an industry that relies heavily on Arm’s processor designs.

A shifting semiconductor landscape

The dispute centers on Arm’s shift from an open licensing model — under which chipmakers like Qualcomm could develop custom processors based on Arm’s designs — to a more restrictive approach favoring its own chip products. Qualcomm argues that this move threatens competition in the semiconductor industry, which has relied on Arm’s technology for over two decades.

The chipmaker argues that Arm is undermining the competitive ecosystem it previously cultivated by pursuing its own chipmaking ambitions.

Arm has received the EU complaint and preparing to respond, the report added.

The report also said that Qualcomm met with US Federal Trade Commission officials in Washington earlier this year to discuss its concerns. The company has accused Arm of withholding critical technology that should be provided under existing license agreements.

Additionally, Qualcomm has raised similar concerns with South Korea’s antitrust regulator, the report added citing people familiar with the development.

The dispute emerges against the backdrop of Arm’s recent strategic pivot, including its controversial decision to design and sell server chips directly to Meta — a move that has already disrupted traditional industry dynamics.

As Arm continues to push forward with its strategic vision — including its direct chip design efforts — the stakes have never been higher in this high-stakes technological chess match.

“Arm remains focused on enhancing innovation, promoting competition, and respecting contractual rights and obligations. Any allegation of anti-competitive conduct is nothing more than a desperate attempt by Qualcomm to detract from the merits and expand the parties’ ongoing commercial dispute for its own competitive benefit. Arm is confident that it will ultimately prevail in this dispute,” an Arm spokesperson said.

Qualcomm did not comment on the development.

Market dynamics and technological shifts

At the heart of the conflict lies Arm’s instruction set architecture — the fundamental code enabling software communication with processors. Qualcomm’s challenge extends beyond immediate commercial interests, potentially questioning the very mechanisms of technological licensing and intellectual property management in the semiconductor sector.

The complaints come as regulators worldwide scrutinize the evolving dynamics of the semiconductor market. Arm, which is majority-owned by Japan’s SoftBank, licenses its processor architecture to a vast ecosystem of chipmakers, including Apple and MediaTek.

However, under CEO Rene Haas, the company has moved toward offering more complete chip designs, competing directly with some of its own customers. That move signaled a dramatic shift from Arm’s traditional role as a neutral technology licensing company to a direct competitor in the semiconductor market.

This strategic repositioning has fundamentally altered the company’s relationship with long-standing partners like Qualcomm, Nvidia, and Apple.

However, both companies are maneuvering to capitalize on the expanding computing market, particularly in AI and high-performance computing. The smartphone chip market — previously a primary revenue source — has become increasingly saturated, pushing companies to seek new growth opportunities.

Arm’s response to the allegations has been robust and devoid of any wrongdoing. The company stated it remains “focused on enhancing innovation, promoting competition, and respecting contractual rights and obligations,” characterizing Qualcomm’s complaints as “a desperate attempt to detract from the merits” of their ongoing commercial dispute, the report added.

Potential industry ramifications

The ongoing legal and regulatory battles between Qualcomm and Arm highlight broader tensions in the semiconductor industry, particularly as companies position themselves to capitalize on growing demand for computing chips beyond smartphones. AI, data centers, and enterprise computing are emerging as key battlegrounds, with chipmakers vying for market dominance.

Both companies have a history of regulatory challenges. Qualcomm, which previously faced scrutiny over its own licensing practices, has largely prevailed in antitrust cases, including a high-profile appeal against the FTC. Meanwhile, Arm is under pressure to sustain growth following its failed acquisition by Nvidia in 2022 and its subsequent public listing.

With court-ordered mediation talks scheduled and multiple regulatory investigations underway, the technology industry will be watching closely. The outcome could significantly reshape the semiconductor landscape, influencing how chip design companies interact with their customers and compete in an increasingly complex market.

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform. [...]