Kategorie

North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices. [...]

Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. [...]

A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials. [...]

Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  TheRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...]

A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. [...]

A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. [...]

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]

Later this month, Microsoft plans to enhance its M365 productivity suite with “Agentic Users,” autonomous AI agents with their own identities and access to enterprise IT systems that can collaborate with one another and with humans.

“These agents can attend meetings, edit documents, communicate via email and chat, and perform tasks autonomously,” Microsoft said in an addition to its product roadmap entitled “Microsoft Teams: Discovery and Creation of Agentic Users from Teams and M365 Agent Store.” The update will be rolled out to desktop systems worldwide beginning later in November, according to the roadmap entry.

Microsoft provided further details about its plans for Agentic Users in a message posted to the Microsoft Admin Center, according to various reports from around the web.

Microsoft MVP João Ferreira posted what he said was a copy of it a copy of LC1183300 to his personal blog.

“Agentic Users are a new class of AI-powered digital entities designed to function as autonomous, enterprise-grade virtual colleagues. Unlike traditional bots, Agentic Users are provisioned as full-fledged user objects with their own identity in the organization’s directory (via Entra ID or Azure AD), email addresses, Teams accounts, and presence in the org chart,” the purported Microsoft announcement began.

All users in enterprises with access to Microsoft teams and the Microsoft 365 Copilot store will be able to view agent templates, although only approved users will be able to create agents from those templates, it continued.

Microsoft did not respond to an email seeking confirmation of the authenticity of the message.

The post also contains images that hints at the use cases these new Agentic Users might be used for, including procurement, HR initiatives such as employee wellness, tracking team tasks, and developing workflows. There was no mention, though, of how Agentic Users compare to the many agents that M365 already offers, including its Facilitator and Project Manager agents, its Office Agent, and different flavors of Copilots for sales, service, and finance operations.

Confusion over licensing, increasing costs, and Microsoft’s revenue play

Before they can create any of the new agents, admins will need to approve a template for use and “assign the required A365 license,” the posting said. No further information was included about the nature or pricing of these licenses.

Analysts speculated how the new A365 licenses might relate to existing M365 licenses, which are typically sold on a per-user, per-month basis with an annual commitment.

“Previously released agents like Facilitator or Project Manager were bundled under M365 Copilot entitlements, with advanced actions billed via Copilot credits. A365 introduces explicit per-agent licensing and admin-controlled approval through the Agent Store and separates agent costs from human seats,” said Forrester vice president and principal analyst Charlie Dai.

Alexander Golev, partner at SAM Expert, a specialist in managing Microsoft licensing and cloud costs, suggested instead that A365 will replace M365 user licenses.

“Our expectation is that it will provide a combination of user-like access to Microsoft 365 services on a monthly/annual/3-annual fee basis plus the core functionality of M365 Copilot. Additional AI use will be charged in the same manner as with users — prepaid capacities and pay-as-you-go items. We don’t expect them to be all-inclusive,” he said.

Microsoft has been changing its licensing practices to increase its revenue significantly, Golev said. “In the recent years, they moved from server- or device-based licensing to CPU-based and then core-based.”

In its reporting of M365 revenue, Microsoft focuses on average revenue per user (ARPU), “which is now hitting its ceiling,” he said. “You can only scale so far. Earth’s population grows slower than Microsoft’s revenue targets. What we have been predicting is the move to ARPA — Average Revenue per Agent, which can scale exponentially,” Golev said.

Another licensing expert, Rich Gibbons, blogged about the new A365 licenses, saying that he expected Microsoft to use them as an opportunity to generate additional consumption-based revenue.

Risk of agent sprawl?

Analyst Pareekh Jain of Jain Consulting said he expects Microsoft to update its previously introduced agents as part of the rollout of Agentic Users, giving the existing agents their own email addresses and Microsoft Entra IDs too.

“Too many autonomous agents for overlapping or redundant tasks mirror the challenges most enterprises have faced with bot and app sprawl in prior M365 deployments. Without tight governance, enterprises could face duplication, higher spend, data security exposure, and oversight challenges,” Jain said.

But, said Dai, Entra IDs could play a pivotal role in avoiding that sprawl. “These IDs can be used to treat agents as directory-backed identities enabling lifecycle control, access reviews, and compliance policies….helping enterprises gain visibility and accountability,” he said.

Even before we learn all the details of these new Agentic Users, it’s clear that there are some aspects of them to which enterprises will have to pay particular attention.

Dai pointed out to the need for effective collaboration between IT asset management and FinOps teams, while Everest analyst Tanvi Rai said enterprises will need strong change management to train employees to supervise, validate and govern agent behavior effectively.

Despite all the uncertainty, what is evident is that Microsoft’s move will further intensify the race among rivals, such as Salesforce and ServiceNow, who are also accelerating their efforts to introduce autonomous AI-driven agents aimed at boosting productivity across enterprises.

It’s been an uncomfortable few days for  AI vendors. On Friday, the big tech companies saw $1.2 trillion wiped off their market valuations, reflecting the concerns of many analysts that AI valuations are too high and the market is heading for a serious crash.

Just a few days earlier, OpenAI CFO Sarah Friar suggested that the US government could help the industry by providing a “backstop” to guarantee commercial loans financing AI chips in data centers — although hours later she took back those words in a LinkedIn post. The same day, OpenAI CEO Sam Altman also denied the company wanted government loan guarantees in a mammoth 6,000-character post on X (formerly Twitter).

So how should CIOs view the future of their own AI investments? Financial analysts have a mixed view.

According to Shawn DuBravac of the Avrio Institute, big tech customers need to be more pragmatic, but don’t need to panic. “Companies don’t need to rewrite their strategy, but market volatility is a stress test of AI investment. The large tech companies recognize that the long-term demand for AI infrastructure is very strong.

Ilya Rybchin, principal at financial advisory firm BDO USA, said that CIOs shouldn’t be worried  about the technology becoming obsolete or vendors disappearing. “Customers should be worried about the anemic return on their own AI investments, irrespective of how their vendors are performing or what the media is saying about their vendors.”

Freeze AI procurement

He had some stark advice. “Companies should freeze new AI procurement. They should stop buying tools until they can prove they’re getting value from the ones they have.” He added that many companies are buying multiple AI platforms without using any effectively. “It’s like buying three chainsaws when you haven’t learned to use the first one,” he said.

Global technology futurist Daniel Burrus of Burrus Research predicted that organizations may need to rethink staffing levels. “We’re seeing a lot of layoffs due to AI investments, particularly among coders. However, I think these companies are missing a trick. I prefer to think of AI as Augmented Intelligence as it’s about augmenting, rather than replacing.

He said that there is already a change in the air. “We are seeing companies who have laid off people hiring them back.”

Concerns that the AI market is a bubble that’s about to burst won’t entirely go away. Altman has said that OpenAI is projecting an annualized revenue run rate of $20 billion this year and is committed to spending $1.4 trillion over the next eight years. Just last week, the company signed a deal with AWS for $38 billion to host its services on Amazon’s cloud service. That’s heavy investment and there will certainly be doubts whether it can grow revenue to match that expenditure.

Burrus draws parallels with Amazon.. “It took a very long time for them to make a profit but they’re racing for the intelligence to be better than a human being, and that is going to take some time.” However, Amazon didn’t make the dizzying levels of investment that OpenAI is committing itself to.

Not an extinction-level event

There is agreement, however, that the AI industry as a whole can survive without government support for one failing company.

DuBravac said, “If OpenAI stumbles, customers would feel turbulence and disruption but nothing that they couldn’t overcome.”

And Rybchin said that it could aid the progress of AI. “OpenAI failing would not be an extinction-level event for AI. On the contrary, it could be a healthy catalyst, forcing a necessary diversification of the AI landscape, encouraging competition and innovation from a wider range of players.

Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across apps and channels as users load malicious pages. [...]

As the company introduced the new M5 MacBook Pro, I got a chance to speak with Jeremy Butcher, who handles business product marketing at Apple, and his colleague Colleen Novielli, who focuses on MacBook product marketing, to talk about Apple’s place in the business world. It’s no surprise that these new Macs offer the advanced performance businesses need — both today and tomorrow — and the company’s growing place in enterprise IT reflects this. 

Apple’s approach to business

So, how does Apple approach enterprise and business customers? Butcher explained that, at its core, the company’s strategy is built around three primary pillars:

• Providing features that people want, things that employees from the C-suite to the shop floor need and enjoy.
• Ensuring IT and security teams have the tools they need to support employee demand for Apple products.
• Investing in the platform so developers have what they need — not just for consumer-facing app development, but for custom software for use across specific enterprises. All these different solutions are powered by the same SDK and supported by the company’s developer relations teams.

“To be very explicit about it, we’re super-committed to the enterprise,” he told me.

That commitment extends to edge cases. “There are some things we’ve done specifically for business customers,” Butcher said, noting the MacBook Pro’s ability to power two displays as a case in point.

“This is not a common consumer task,” he said. “It was introduced as a direct result of business customer feedback.”

MacBook Pro – tomorrow’s computing today

With its M5 chip, Apple is at the top of the pack when it comes to mobile computers capable of delivering the processor punch users will need for future AI applications. It’s an advantage the company gained with its move to Apple silicon.

“We’re seeing tremendous momentum around Mac in the enterprise,” said Colleen. “We’re seeing this amazing spectrum of adoption across the Mac range.”

Omdia recently told us that the MacBook Air has become the world’s most popular laptop for business. This is because it has “all the performance that many employees need to get their work done and be their most productive all day and every day,” said Novielli.

But computing isn’t just about what you can do today, it’s what you’ll need your systems to be able to handle in three, four, five years’ time, and beyond. With this in mind, Apple is very aware of the ongoing inflection point that is artificial intelligence. “Whether you’re working with AI or building it, the MacBook Pro is an amazing system for many of the things employees need from a performance perspective,” said Novielli. 

Apple has optimized its silicon for AI since the M1. “When it comes to AI at this moment, the AI landscape, there is no one size fits all — particularly with enterprises, right?” she said. Every enterprise is different, has different needs and varied specialized apps and processes; that’s driving business users to look for systems capable of running specialized AI services. 

The sheer performance power, along with employee choice, ease of use, and integration across Apple’s entire ecosystem makes it a tempting choice for switchers. “We’re seeing more and more enterprises look at where our products, particularly some of the performance and AI capabilities, can boost efficiency,” she told me.

Apple is in business

The two Apple product managers shared some interesting deployment stories.

• Capital One recently expanded its employee choice program for Macs, introducing MacBook Airs for thousands of its employees. The bank had been using MacBook Pros among key personnel, such as developers, designers, and engineers. The success of that scheme saw the bank choose to open it up, offering MacBook Air models across its workforce. For most workers, the performance the Air delivers is “more than they need on a regular basis,” Novielli said.
• Hello Incorporated, a Chinese mobility company with over 8 million registered users, deployed MacBook Pros across the company for research, product development, AI and beyond. It’s a sprawling business, with biking, carpooling, and taxi businesses and makes heavy use of AI, driven on Macs.
• Haodilao is an international hot pot restaurant chain, with 1,300 stores serving 45 million customers each year. “They’ve figured out a way to use Macs to implement intelligent guest servicing,” Novielli explained. Their AI-driven approach includes analyzing restaurants, studying guest requirements, supporting the ordering process, looking at safety measures and other factors across the business. “They’ve shared with us that this has led to 78% energy savings from improving the efficiency of the building, and 52% cost savings over that,” she said. 

It should be clear that Macs in business are just as capable for the edge case challenges as they are for more mundane tasks. A recent MacStadium survey showed that among organizations using Macs, 73% rely on them for AI processing, surpassing traditional workloads like iOS/macOS development (68%) and build/test/deploy workflows (61%).

How Apple supports enterprise users

You don’t get deployment without IT, and Apple continues to focus on those needs, as evidenced by the new management and security APIs it introduced this year.  “That’s how we look at each release. What are we doing across each of those pieces of the operating system to ensure we’re driving those forward?” said Butcher.

When it comes to improving what Apple offers enterprise users, Butcher explained that its business teams can also call his company’s engineering teams to focus on specific challenges as they are identified. The company has vast resources to help solve enterprise needs as they are identified. And while it can’t fix all of the problems all of the time, it can iteratively fix problems as you go — as Apple has done with this year’s crop of APIs.

Apple has also nurtured its relationships with a wider field of IT support companies, including Jamf, Iru, Moysle, Hexnode, or Fleet. “From a developer relations perspective, we’ve worked with MDM developers for over a decade now,” said Butcher. These days, the company also works with security companies, identity providers, networking software companies and more. “Some of that is because we have more and more technologies that we’ve built that those developers can take advantage of,” he said. 

Apple’s rapidly growing market share also helps, creating a momentum for Mac demand in the enterprise. Butcher cited the recent MacStadium survey that showed 96% of US CIOs expect their Mac investments to increase in the next couple of years. “It’s so great to see that momentum,” he said. “As you know, it’s very intentional.”

(The survey also showed Apple accounts for an average of 65% of enterprise endpoints.)

As one Windows closes, an Apple opens

What about Windows 11? Is it prompting even more acceleration in Mac deployment? While data we’re seeing shows that it has, Microsoft’s decision to change the deadlines for the cessation of Windows 10 support several times gave Apple a great opportunity to remind people that Macs are a real alternative.

With hundreds of millions of Windows 10 PCs needing to be replaced because they can’t run Windows 11, that conversation matters. “If you have to buy a new computer, it starts a conversation about looking at all the different options that are on the table,” he said.

With Apple Silicon and advanced AI support, Macs have become a highly credible alternative. “It’s definitely going well for us,” he said. New Macs give Apple the “opportunity to convince users, including business users, to make the switch [to Mac],” he said. “All these things coming together make this a super interesting time for us.”

One more thing: If US-based Mac users may already be using Apple’s Business Essentials, a package that combines services and support for SMBs on its platform. Although this isn’t yet available outside the US, Butcher said to “stay tuned.”

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Linux just cleared 5% of the U.S. desktop market, based on recent Linux adoption statistics. That's small in absolute terms but meaningful if you've watched the curve over the years. Linux used to sit in racks and lab machines '' out of sight, mostly stable, rarely targeted. Now it's on more workstations, inside environments that weren't built with it in mind.

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fastRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

The European Commission is preparing sweeping revisions to the General Data Protection Regulation (GDPR) that could redefine how enterprises handle personal data — from cookie tracking to AI model training — in what privacy advocates warn could weaken the EU’s privacy framework.

According to a leaked draft reported by German advocacy group Netzpolitik.org, the Commission’s upcoming “Digital Omnibus” package would end the requirement for websites to seek explicit consent before setting tracking cookies and explicitly permit AI training on personal data when justified by companies’ “legitimate interests.”

The proposal is expected to be formally unveiled on November 19.

Cookies move under GDPR

The draft would introduce Article 88a into the GDPR to cover the “processing of personal data on and from terminal equipment,” effectively moving cookie regulation from the ePrivacy Directive to the GDPR itself.

Currently, Article 5(3) of the ePrivacy Directive requires websites to obtain explicit consent before storing or accessing non-essential cookies on users’ devices. The Commission argued this has led to legal uncertainty and “higher compliance costs” due to overlapping oversight by national authorities.

Under the proposed change, websites could process data collected through cookies based on a “closed list of low-risk purposes” or on any legal basis under GDPR, including legitimate interest. That would mark a major shift from opt-in to opt-out tracking.

Instead of asking users for permission upfront, companies could track them by default — leaving individuals to object afterward.

“While consent is required to ensure data subjects’ control, it is not always the most appropriate legal basis for subsequent processing,” the draft said. “Moreover, the dual regime of ePrivacy and General Data Protection Regulation led to different national authorities being competent to supervise the rules of the two legal frameworks.”

Privacy groups said the Commission is using “cookie fatigue” as a pretext to dilute privacy standards.

“The GDPR, the ePrivacy framework and the AI Act are not obstacles to innovation — they are the foundation of Europe’s human-centric digital model,” European Digital Rights (EDRi) wrote in an October blog. “Yet, under the pretext of coherence, the Commission seems prepared to weaken ePrivacy protections.”

The draft also outlined Article 88b, which would require browsers or operating systems to transmit user consent preferences automatically once technical standards are defined, potentially phasing out the current wave of cookie banners.

There’s a carve-out for media companies, though. News organizations could continue requiring explicit consent, which the Commission justified as protecting journalism’s “economic basis.”

AI training gets green light

The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.

The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization, transparency, and an unconditional right to object.

“Processing of personal data for AI training may therefore be carried out for purposes of a legitimate interest,” the draft said, adding that developers must ensure the training is “beneficial for the data subject and society at large.”

The Commission cited the need to detect bias and ensure accurate model outputs as examples of “beneficial” purposes.

However, privacy lawyers said invoking legitimate interest for AI processing could open the door to large-scale data mining without individual consent, something GDPR was originally designed to prevent.

The draft would also introduce a limited exemption for special category (sensitive) data that inadvertently appears in AI datasets. If removing such data would require “disproportionate effort,” companies could retain it under protective measures preventing its use or disclosure.

Sensitive data protections narrowed

In another controversial shift, the proposal would narrow the definition of sensitive data under Article 9 of the GDPR. Stronger protections would apply only when information directly reveals characteristics like race, religion, or health, excluding data that only implies those traits through analysis or inference.

“For most types of personal data listed in Article 9(1), there are no such significant risks where the data are not inherently sensitive,” the draft said.

Critics warn this could allow companies to infer protected characteristics—such as sexual orientation or political opinions—from seemingly neutral data without triggering higher legal protections.

The European Law Institute acknowledged in its October 14 feedback that limited GDPR updates may be necessary, but cautioned that “improvements must not come at the expense of fundamental rights protection.”

The proposed changes could significantly alter corporate data governance across Europe. Companies would no longer need consent management systems for most tracking cookies, but would have to maintain detailed documentation to justify processing under “legitimate interest.”

The European Digital Rights network criticized the consultation as “exclusion by design” with “extraordinarily short” timelines and reality checks focused “almost exclusively on industry voices.”

The Commission did not immediately respond to a request for comment.

According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI [email protected]

Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. "The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057 Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Attacks have gotten out of hand

No amount of emphasis can truly demonstrate how dangerous the current threat landscape is. According to the latest ransomware report by Sophos, the average ransomware demand has now reached $1 million, while average recovery costs stand at $1.5 million.

However, that’s not all. Some organizations are paying even higher than the average ransom to recover their data. The costs of service disruption, financial losses, and regulatory penalties add further to a CISO’s misery. When you peel back the layers, the report reveals two key takeaways for businesses:

1. The top root cause of ransomware attacks is vulnerability(ies).
2. Most organizations fall victim due to a lack of people or skills.

One of the largest data breaches ever

Imagine not having the right threat detection tool and facing a full-blown cyber attack, that’s a recipe for disaster. Unfortunately, that’s exactly what happened to Change Healthcare, a U.S.-based global healthcare technology provider.

In 2024, Change Healthcare faced one of the world’s most devastating data breaches, orchestrated by the BlackCat hacker group. The attackers stole ~6 TB of data, impacting millions of patients, providers, and payers. The company, a key infrastructure provider for claims, authorizations, and eligibility verification, had to shut down critical systems to contain the threat. The breach disrupted care workflows, billing operations, and reimbursements nationwide.

According to reports, the company coughed up $22 million in ransom payments, while total losses from downtime, recovery, and rebuilding exceeded $1 billion. The breach is said to have impacted nearly 190 million Americans in some way.

Dire need for protection, detection, and response

Investigations revealed that attackers exploited compromised credentials and accessed systems that lacked multi-factor authentication (MFA). Once inside, they moved laterally through the network, wreaking havoc along the way.

This incident and many others highlight a stark reality: organizations often lack the capability to prevent, detect, and respond effectively. They either don’t have the right tools or lack the skilled experts to operate them, especially when AI is changing how threats are being dealt with.

For instance, the ‘ransomware rollback’ feature in advanced endpoint detection and response (EDR) solutions can instantly restore encrypted data. In Change Healthcare’s case, such a capability could have dramatically reduced downtime and damage.

A resilient cyber defense demands the trifecta of protection, detection, and response. Protection ensures robust controls like MFA, Zero Trust access, and encryption are always active. Detection identifies anomalies before they escalate, while rapid response isolates and remediates threats, nipping attacks in the bud.

AI-powered threat detection, for instance, continuously learns from millions of data points to recognize new attack patterns and respond autonomously – capabilities that few organizations can sustain internally.

Finding the right security partner

However, building this trifecta in-house is challenging. CISOs face global shortages of skilled security professionals (over 4.7 million jobs remain unfilled), ever-evolving threats, and escalating technology costs. Outsourcing to a seasoned security provider (or MSSP) offers instant access to top talent, advanced tools, and proven frameworks.

T-Systems, as a trusted global security partner securing IT & OT infrastructures, combines human intelligence with automation through its advanced Security Operations Centers (SOCs) and Managed Detection and Response (MDR) services. By integrating AI analytics, threat intelligence, and 24×7 monitoring, T-Systems empowers CISOs to stay one step ahead of adversaries, ensure compliance, and achieve measurable ROI; turning cyber defense from a cost center into a strategic advantage.

Doubling down on AI but worried about security? Read this e-book today — get your copy here.